Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows 7 - Black screen at restart [Solved]


  • This topic is locked This topic is locked

#31
girlintrouble

girlintrouble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Will do, thank you!

 

AdwCleaner log

 

# AdwCleaner v4.002 - Report created 28/10/2014 at 18:00:01
# DB v2014-10-26.6
# Updated 27/10/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Aretha - ARETHA-PC
# Running from : C:\Users\Aretha\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\Users\Aretha\AppData\Roaming\Strongvault

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Reimage
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : [x64] HKLM\SOFTWARE\Reimage
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v32.0.3 (x86 en-US)


*************************

AdwCleaner[R0].txt - [2932 octets] - [28/10/2014 17:55:29]
AdwCleaner[S0].txt - [2744 octets] - [28/10/2014 18:00:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2804 octets] ##########
 


  • 0

Advertisements


#32
girlintrouble

girlintrouble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Brian,

 

I see Media Player Codec is still installed on the computer. I installed that during the whole bittorrent/torrent nightmare. If I don't want it any more can I go ahead and uninstall it too?

 

Malwarebytes log

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/28/2014
Scan Time: 6:14:22 PM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.28.06
Rootkit Database: v2014.10.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Aretha

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 338682
Time Elapsed: 17 min, 16 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


  • 0

#33
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Yes you may and thanks for asking.


  • 0

#34
girlintrouble

girlintrouble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

You're welcome.

 

It said an error occurred. Media Player Codec may have already been uninstalled. It asked me if I wanted to remove it from the programs list. I clicked yes.

 

frst64

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014 01
Ran by Aretha (administrator) on ARETHA-PC on 28-10-2014 18:48:31
Running from C:\Users\Aretha\Desktop
Loaded Profile: Aretha (Available profiles: Aretha)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Dell) C:\Users\Aretha\AppData\Local\Apps\2.0\GHPGKHG1.7EG\3TMCORJN.80Q\dell..tion_0f612f649c4a10af_0005.000a_17ece8424e43daec\DellSystemDetect.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Logitech, Inc.) C:\Windows\LockStatusTray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(PC-Doctor, Inc.) C:\Program Files\Dell Support Center\pcdrcui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8321568 2009-11-09] (Realtek Semiconductor)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [1802472 2011-01-25] ()
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2184520 2009-03-23] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-17] (CANON INC.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-01-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-13] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [LockStatusTray] => C:\Windows\LockStatusTray.exe [192512 2008-02-19] (Logitech, Inc.)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [163040 2010-08-11] (Softthinks)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKU\S-1-5-21-61294800-1490620342-1000117644-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-61294800-1490620342-1000117644-1000\...\Run: [DellSystemDetect] => C:\Users\Aretha\AppData\Local\Apps\2.0\GHPGKHG1.7EG\3TMCORJN.80Q\dell..tion_0f612f649c4a10af_0005.000a_17ece8424e43daec\DellSystemDetect.exe [265280 2014-08-23] (Dell)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Aretha\AppData\Roaming\Mozilla\Firefox\Profiles\sd1xs76a.default-1406342557107
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-09-24]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-07-31]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-08-09]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-13]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-05-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2011-01-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-13] (AVAST Software)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-13] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-13] ()
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-02-21] (Anchorfree Inc.)
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-28 18:48 - 2014-10-28 18:48 - 00012225 _____ () C:\Users\Aretha\Desktop\FRST.txt
2014-10-28 18:43 - 2014-10-28 18:43 - 02113024 _____ (Farbar) C:\Users\Aretha\Desktop\FRST64.exe
2014-10-28 18:12 - 2014-10-28 18:14 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-28 18:11 - 2014-10-28 18:11 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-28 18:11 - 2014-10-28 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-28 18:11 - 2014-10-28 18:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-28 18:11 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-28 18:11 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-28 18:11 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-28 18:09 - 2014-10-28 18:09 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Aretha\Desktop\mbam-setup-2.0.3.1025.exe
2014-10-28 18:01 - 2014-10-28 18:01 - 00000314 _____ () C:\Windows\PFRO.log
2014-10-28 17:54 - 2014-10-28 18:00 - 00000000 ____D () C:\AdwCleaner
2014-10-28 17:52 - 2014-10-28 17:53 - 01998336 _____ () C:\Users\Aretha\Desktop\AdwCleaner.exe
2014-10-26 17:16 - 2014-10-28 18:48 - 00000000 ____D () C:\FRST
2014-10-26 15:00 - 2014-10-26 15:00 - 00000000 ____D () C:\Users\Aretha\Downloads\Dracula Untold 2014
2014-10-26 14:55 - 2014-10-26 15:34 - 00000000 ____D () C:\Users\Aretha\AppData\Roaming\BitTorrent
2014-10-26 14:55 - 2014-10-26 14:55 - 01691736 _____ (BitTorrent Inc.) C:\Users\Aretha\Downloads\BitTorrent.exe
2014-10-26 14:51 - 2014-10-26 14:52 - 00033041 _____ () C:\Users\Aretha\Downloads\Dracula Untold 2014.torrent
2014-10-24 21:20 - 2014-10-28 18:01 - 00001410 _____ () C:\Windows\setupact.log
2014-10-24 21:20 - 2014-10-24 21:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-24 21:13 - 2014-10-24 21:13 - 04974864 _____ (Piriform Ltd) C:\Users\Aretha\Downloads\ccsetup419.exe
2014-10-17 17:48 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-17 17:48 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-17 17:48 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-17 17:48 - 2014-05-08 04:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-10-16 18:17 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-10-16 18:17 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-10-16 18:17 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-10-16 18:17 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-10-16 18:17 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-10-16 18:17 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-16 18:17 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-10-16 18:17 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-10-16 18:17 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-10-16 18:17 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-10-16 18:17 - 2013-10-01 19:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-10-16 18:17 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-10-16 18:17 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-10-16 18:17 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 18:17 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-10-16 18:17 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-16 18:17 - 2012-08-23 09:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-10-16 18:17 - 2012-08-23 09:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-10-16 18:17 - 2012-08-23 06:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-10-16 18:17 - 2012-08-23 05:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-10-16 17:32 - 2014-10-18 20:25 - 00000000 ____D () C:\Users\Aretha\AppData\Local\Adobe
2014-10-15 20:52 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 20:52 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 20:52 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 20:52 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 20:52 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 20:52 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 20:52 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 20:52 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 20:52 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 20:52 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 20:52 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 20:52 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 20:52 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 20:52 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 20:52 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 20:52 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 20:52 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 20:52 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 20:52 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 20:52 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 20:52 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 20:52 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 20:52 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 20:52 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 20:52 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 20:52 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 20:52 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 20:52 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 20:52 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 20:52 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 20:52 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 20:52 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 20:52 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 20:52 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 20:52 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 20:52 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 20:52 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 20:52 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 20:52 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 20:52 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 20:52 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 20:52 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 20:52 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 20:52 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 20:52 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 20:52 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 20:52 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 20:52 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 20:52 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 20:52 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 20:52 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 20:52 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 20:52 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 20:52 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 20:52 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 20:52 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 20:52 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 20:52 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 20:52 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 20:52 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 20:52 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 20:52 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 20:52 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 20:51 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 20:51 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 20:51 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 20:51 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 20:51 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 20:51 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 20:51 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 18:03 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 18:03 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 18:03 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 18:03 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 18:03 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 18:03 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 18:03 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 18:03 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 18:03 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 18:03 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 18:03 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 18:02 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 18:02 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-02 17:35 - 2014-10-02 17:36 - 04965896 _____ (Piriform Ltd) C:\Users\Aretha\Downloads\ccsetup418.exe
2014-09-30 17:39 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 17:39 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-28 18:40 - 2011-05-20 19:55 - 00000564 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-10-28 18:40 - 2011-05-20 19:55 - 00000422 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-10-28 18:09 - 2009-07-14 00:10 - 01888410 _____ () C:\Windows\WindowsUpdate.log
2014-10-28 18:08 - 2009-07-14 00:13 - 00816318 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-28 18:08 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-28 18:08 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-28 18:01 - 2011-05-20 19:52 - 00000000 ____D () C:\Users\Aretha\AppData\Local\SoftThinks
2014-10-28 18:01 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-28 17:57 - 2012-04-02 20:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-28 17:35 - 2012-08-09 20:16 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-10-26 15:21 - 2013-07-15 20:35 - 00001068 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-10-26 14:50 - 2011-05-28 04:01 - 00003488 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-10-26 14:50 - 2011-05-20 19:55 - 00003448 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-10-26 14:37 - 2011-05-20 22:30 - 00000000 ____D () C:\Users\Aretha\Documents\My Received Files
2014-10-25 23:34 - 2011-05-21 14:49 - 00000000 ____D () C:\Users\Aretha\Documents\Aretha's Dreams
2014-10-25 15:53 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-24 21:14 - 2014-09-16 17:39 - 00000784 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-24 21:13 - 2014-09-16 17:38 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-21 17:31 - 2011-05-17 09:44 - 00000000 ____D () C:\ProgramData\Sonic
2014-10-19 18:42 - 2011-10-02 20:15 - 00000000 ___SD () C:\Users\Aretha\Documents\Movies
2014-10-16 18:31 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-16 18:28 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-16 18:07 - 2013-08-14 00:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 17:58 - 2011-05-21 21:55 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-16 17:33 - 2012-04-02 20:18 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-16 17:33 - 2012-04-02 20:18 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-16 17:33 - 2011-06-05 13:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-16 17:27 - 2009-07-13 23:45 - 03788888 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 17:26 - 2014-05-06 21:15 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-15 22:23 - 2011-05-28 18:22 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-14 19:29 - 2011-05-20 23:44 - 00000000 ____D () C:\Users\Aretha\Documents\My PSP Files
2014-10-06 23:01 - 2014-06-22 15:41 - 00000073 _____ () C:\Users\Aretha\Desktop\FV2.txt
2014-10-02 17:37 - 2012-10-13 17:22 - 00000000 ____D () C:\Windows\Minidump
2014-10-02 15:53 - 2011-05-20 20:41 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Aretha\AppData\Local\Temp\Quarantine.exe
C:\Users\Aretha\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-17 19:05

==================== End Of Log ============================

 

Addition

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-10-2014 01
Ran by Aretha at 2014-10-28 18:49:02
Running from C:\Users\Aretha\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Alien Skin Xenofex 2.0 (HKLM-x32\...\Xenofex2) (Version:  - )
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{6E3D4FFE-9614-4E58-9DE2-F9A036EAD491}) (Version: 3.0.808.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version:  - )
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version:  - )
Canon MP250 series User Registration (HKLM-x32\...\Canon MP250 series User Registration) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
ccc-core-static (x32 Version: 2009.0714.2132.36830 - ATI) Hidden
ccc-core-static (x32 Version: 2011.0104.2155.39304 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Corel Paint Shop Pro X (HKLM-x32\...\{1A15507A-8551-4626-915D-3D5FA095CC1B}) (Version: 10.0 - Corel Inc)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version:  - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.47 - Dell)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Marketplace Webslice IE8 (HKLM-x32\...\{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}) (Version: 8.0 - Nextjump Inc)
Dell MusicStage (HKLM-x32\...\{F336F89D-8C5A-432C-8EA9-DA19377AD591}) (Version: 1.4.162.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.30 - ArcSoft)
Dell Stage (HKLM-x32\...\{D770F4B4-C422-45D9-8CEE-1B4C66E68CA8}) (Version: 1.4.173.0 - Fingertapps)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.0.5621.01 - Dell Inc.)
Dell Support Center (Version: 3.0.5621.01 - PC-Doctor, Inc.) Hidden
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.10.0.8 - Dell)
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.1.1.1408 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.1.1.1408 - CyberLink Corp.) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Eye Candy 4000 (HKLM-x32\...\Eye Candy 4000) (Version:  - )
Gamers Unite! Snag Bar (HKCU\...\Gamers Unite! Snag Bar) (Version:  - )
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
Harry's Filters (HKLM-x32\...\Harry's Filters) (Version:  - )
Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden
Ipswitch WS_FTP Pro (HKLM-x32\...\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}) (Version: 9.01 - )
iTunes (HKLM\...\{A535111D-95C8-487F-869E-CE4C239972D2}) (Version: 11.1.1.11 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Keyboard Lock Status (HKLM-x32\...\{144A1586-E16C-448D-910D-E12ACD65DD98}) (Version: 1.00.0000 - Logitech)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5977 - Realtek Semiconductor Corp.)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Skins (x32 Version: 2009.0714.2132.36830 - ATI) Hidden
Softener (HKLM-x32\...\Softener_5QM) (Version:  - namesuppressed)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Splat! 1.0 Demo (HKLM-x32\...\Splat) (Version:  - )
Trillian (HKLM-x32\...\Trillian) (Version:  - Cerulean Studios, LLC)
Uninstall DreamSuite Bonus (HKLM-x32\...\DreamSuite Bonus) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.0.71 - WildTangent)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1D13ACF5-344E-4264-A3E7-900BA0828447} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\pcdrcui.exe [2010-08-05] (PC-Doctor, Inc.)
Task: {2063BDBE-94E0-4378-851B-171CD2437353} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {2704809D-FD38-4777-83EA-604605C17426} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2010-08-05] (PC-Doctor, Inc.)
Task: {2EDF1FE2-7DB6-4A91-A987-101EAAB20F16} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-61294800-1490620342-1000117644-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {7796C3E3-F7F7-488F-B592-0162B758D57B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd)
Task: {88D99594-9AA9-4F33-AFA3-5933392B071A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {95DCD680-AA8F-4933-992B-F0ACF460A5B9} - System32\Tasks\{3D7133FF-B7E2-40C6-8369-9D2D9B93B10C} => C:\Program Files (x86)\Ipswitch\WS_FTP Pro\wsftpgui.exe [2004-08-18] (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
Task: {B1E54CCC-9D1E-41FF-B943-097BD6F076D6} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-61294800-1490620342-1000117644-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {D26001D1-BBEE-4CCA-BD47-D905F6139766} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-13] (AVAST Software)
Task: {F688A084-C1B2-44F0-A1E7-D1C988F8E9A5} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2010-08-05] ()
Task: {FF622E6D-BAC3-44B3-9773-4E22AC2B0649} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-16] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\pcdrcui.exe

==================== Loaded Modules (whitelisted) =============

2011-01-04 22:06 - 2011-01-04 22:06 - 00079872 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Services.dll
2011-05-17 09:21 - 2010-08-11 18:19 - 00781536 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
2010-11-17 10:35 - 2010-11-17 10:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2011-03-21 13:56 - 2011-03-21 13:56 - 01230704 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2008-11-18 12:00 - 2008-11-18 12:00 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-05-17 09:12 - 2011-05-17 09:12 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-07-30 18:36 - 2010-07-30 18:36 - 00477776 ____N () C:\Program Files\Dell Support Center\libAsapiCSharp.dll
2010-07-30 18:36 - 2010-07-30 18:36 - 00096848 ____N () C:\Program Files\Dell Support Center\libCSharpCommonCS.dll
2010-07-30 18:36 - 2010-07-30 18:36 - 01969232 ____N () C:\Program Files\Dell Support Center\asapicsharp.DLL
2010-07-30 18:36 - 2010-07-30 18:36 - 03109456 ____N () C:\Program Files\Dell Support Center\Common.dll
2010-07-30 18:36 - 2010-07-30 18:36 - 02094672 ____N () C:\Program Files\Dell Support Center\Matrix.dll
2010-07-30 18:36 - 2010-07-30 18:36 - 00405072 ____N () C:\Program Files\Dell Support Center\DataStore.dll
2010-07-30 18:36 - 2010-07-30 18:36 - 00142928 ____N () C:\Program Files\Dell Support Center\Regex.dll
2010-07-30 18:36 - 2010-07-30 18:36 - 00039504 ____N () C:\Program Files\Dell Support Center\libDataStoreCSharp.dll
2010-07-30 18:36 - 2010-07-30 18:36 - 00150608 ____N () C:\Program Files\Dell Support Center\CSharpcommon.DLL
2010-07-30 18:36 - 2010-07-30 18:36 - 00055888 ____N () C:\Program Files\Dell Support Center\datastorecsharp.DLL
2010-07-30 18:36 - 2010-07-30 18:36 - 02051152 ____N () C:\Program Files\Dell Support Center\Asapi.dll
2010-07-30 18:36 - 2010-07-30 18:36 - 00110672 ____N () C:\Program Files\Dell Support Center\Enumerator.dll
2010-07-30 18:36 - 2010-07-30 18:36 - 00110672 ____N () C:\Program Files\Dell Support Center\KernelMode.dll
2010-07-30 18:36 - 2010-07-30 18:36 - 00119376 ____N () C:\Program Files\Dell Support Center\Smbios2.dll
2014-08-13 07:46 - 2014-08-13 07:46 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-28 17:27 - 2014-10-28 17:27 - 02898432 _____ () C:\Program Files\AVAST Software\Avast\defs\14102801\algo.dll
2012-02-20 21:29 - 2012-02-20 21:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 21:28 - 2012-02-20 21:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-05-17 09:21 - 2010-08-11 18:19 - 00056544 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STCoreXml.dll
2011-05-17 09:21 - 2010-08-11 18:19 - 00113888 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2011-05-17 09:21 - 2010-08-11 18:19 - 00126176 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2011-05-17 09:21 - 2010-08-11 18:19 - 01121504 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
2011-05-17 09:21 - 2010-08-11 18:19 - 00077024 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
2011-05-17 09:21 - 2010-08-11 18:19 - 00232672 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
2011-05-17 09:21 - 2010-08-11 18:19 - 00072928 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
2011-05-17 09:21 - 2010-08-11 18:19 - 00109792 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
2011-05-17 09:21 - 2010-08-11 18:19 - 00119008 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
2010-11-24 22:44 - 2010-11-24 22:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2011-03-21 13:57 - 2011-03-21 13:57 - 00096112 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-08-13 07:46 - 2014-08-13 07:46 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-61294800-1490620342-1000117644-500 - Administrator - Disabled)
Aretha (S-1-5-21-61294800-1490620342-1000117644-1000 - Administrator - Enabled) => C:\Users\Aretha
Guest (S-1-5-21-61294800-1490620342-1000117644-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-61294800-1490620342-1000117644-1148 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/28/2014 06:40:06 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (5008) Asapi: (18:40:06:4850)(5008) Asapi.State - Error -- 123 Plugin S3LogPusher.dll failed to load.

Error: (10/28/2014 06:40:06 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (5008) Asapi: (18:40:06:3910)(5008) libAsapi.DynamicLoadedPlugin - Error -- 64 Unable to load library 'S3LogPusher.dll'

Error: (10/28/2014 06:30:09 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (4716) Asapi: (18:30:09:7360)(4716) Asapi.State - Error -- 123 Plugin S3LogPusher.dll failed to load.

Error: (10/28/2014 06:30:09 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (4716) Asapi: (18:30:09:1270)(4716) libAsapi.DynamicLoadedPlugin - Error -- 64 Unable to load library 'S3LogPusher.dll'

Error: (10/28/2014 06:20:06 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (4472) Asapi: (18:20:06:3760)(4472) Asapi.State - Error -- 123 Plugin S3LogPusher.dll failed to load.

Error: (10/28/2014 06:20:06 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (4472) Asapi: (18:20:06:1420)(4472) libAsapi.DynamicLoadedPlugin - Error -- 64 Unable to load library 'S3LogPusher.dll'

Error: (10/28/2014 06:10:13 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (3568) Asapi: (18:10:13:9030)(3568) Asapi.State - Error -- 123 Plugin S3LogPusher.dll failed to load.

Error: (10/28/2014 06:10:13 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (3568) Asapi: (18:10:13:5530)(3568) libAsapi.DynamicLoadedPlugin - Error -- 64 Unable to load library 'S3LogPusher.dll'

Error: (10/28/2014 06:00:04 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (2740) Asapi: (18:00:04:5530)(2740) Asapi.State - Error -- 123 Plugin S3LogPusher.dll failed to load.

Error: (10/28/2014 06:00:04 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (2740) Asapi: (18:00:04:4440)(2740) libAsapi.DynamicLoadedPlugin - Error -- 64 Unable to load library 'S3LogPusher.dll'


System errors:
=============
Error: (10/28/2014 06:01:36 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: [email protected]

Error: (10/28/2014 06:01:36 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: [email protected]

Error: (10/28/2014 06:00:29 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (10/28/2014 05:45:09 PM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.

Error: (10/28/2014 05:35:11 PM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.

Error: (10/28/2014 05:24:42 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: [email protected]

Error: (10/28/2014 05:24:42 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: [email protected]

Error: (10/28/2014 05:21:07 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (10/28/2014 05:16:55 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
aswRdr
aswRvrt
aswSnx
aswSP
aswVmm
DfsC
discache
NetBIOS
NetBT
nsiproxy
Psched
rdbss
spldr
tdx
Wanarpv6
WfpLwf

Error: (10/28/2014 05:16:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (10/01/2014 06:00:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 369 seconds with 180 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor: AMD Sempron™ 140 Processor
Percentage of memory in use: 52%
Total physical RAM: 1790.98 MB
Available physical RAM: 853.75 MB
Total Pagefile: 3581.95 MB
Available Pagefile: 2230.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.91 GB) (Free:401.84 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: D926C2F9)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================


Edited by girlintrouble, 28 October 2014 - 05:52 PM.

  • 0

#35
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

It said an error occurred. Media Player Codec may have already been uninstalled. It asked me if I wanted to remove it from the programs list. I clicked yes.

 

 

Perfect. That's what I would expect since much of the program was already removed.

 

Thanks again for following along. There's a few more things we need to do before I declare you clean but this is far as I'm approved to go at the moment. I'll put together next steps and get them approved from my instructor and be in touch tomorrow. I'm happy we made some progress tonight!!


  • 0

#36
girlintrouble

girlintrouble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

You have been terrific, Brian! I appreciate all the help and patience.

 

Have a wonderful evening and I will check back tomorrow for more instructions.

 

-Happy dancing over here too-


  • 0

#37
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

OK, things look real good. Almost done.

 

Step#1 - CCleaner Warning
I see that you have CCleaner installed. This is indeed a good product but I wanted to caution you on running the registry cleaning functionality of the tool. Please avoid this as it can do more harm than good.

 

 

Step#2 - Disable Windows Defender
Let's disable Windows Defender to avoid any conflicts with your current Avast Antivirus. Instructions for doing this are here. It's never a good idea to have more than one active Antivirus running.

 

 

Step#3 - Uninstall/Update Java
 
Please uninstall the following program as it's outdated and may be vulnerable to exploits. Instructions for doing so are here.

Java 7 Update 51

 

WARNING: Java is one of the most exploited programs at this time. The Department of Homeland Security recommends that computer users disable Java. You can read more about this here.
I would recommend that you completely uninstall Java unless you need it to run an important software. If you need it or are unsure or uncomfortable with removing it then I would recommend that you disable Java in your browsers until you need it and then enable it at that time. (See How to diasble Java in your web browser and How to unplug Java from the browser). If you don't uninstall it, it's also important that you follow the directions below to update to the latest version of Java.
 
1. Go to this page to download the latest version of Java SE Runtime Environment JRE 8 Update 25.
2. When you click this link you will need to click the "Accept License Agreement" radio button and then click on the "Windows x86 Offline" installer link. You will notice that there is also a Windows x64 link option, however even if you are using a 64-bit operating system, it's very likely you aren't running a 64-bit browser and should only download the "Windows x86 Offline" installer. To determine if you are using a 64-bit browser you can follow these
instructions. If you find that you ARE using a 64-bit browser then you can download the "Windows x64" one.

8u25.JPG

3. Once you click on the appropriate link, please download this to your Desktop like we have with all of our tools.
4. Close any programs you may have running - especially your web browser.
5. Then from your desktop, right click on the file that was downloaded (jre-8u25-windows-i586.exe or jre-8u25-windows-x64.exe) and select Run as an Administrator to install the latest version. Accept all the defaults and you're good to go.

Note: Java has been notorious for installing foistware (software downloaded without the users knowledge). If you follow the instructions I provided no foistware will be installed but that doesn't mean it won't in the future. While performing the install of this software or any software for that matter, pay attention to each screen and ensure you uncheck any extra software that you don't want installed (i.e. Ask Toolbar, Chrome Browser, etc.).
 

Step#4 - Update Adobe Flash

There's a very nasty piece of malware going around right now called CryptoWall. I'll provide more info on this later in my closing comments. For now I'll just say it's very destructive and most recently the newest variant is exploiting unpatched versions of Adobe Flash. Let's make sure you get current.

1. Determine if you have the most current version by going to this website. If your version represented by the top box matches the version in the bottom box you are current.
VerifyVersion.JPG
 
2. If your version is older than the current then click on the Player Download Center link (shown in the screen shot above).
3. You will be brought to the install/update page. Ensure you uncheck any optional offers (unless you want them of course) and then click on Install Now.
Install.JPG
 
4. You may be prompted to run the installer. Go ahead and do this.
5. When it's complete, click Finish. You now have the latest version. You can verify by going back to this website if you feel the need.

 

 

Step#5 - FRST Fix
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   213bytes   53 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator. You may need to re-download this and put on your desktop.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

 

Step#6 - Security Check
 
1. Download Security Check from here or here.
2. Save it to your Desktop.
3. Right-click SecurityCheck.exe and select Run as administrator. Follow the onscreen instructions inside of the black box.
4. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: Don't be alarmed if the process runs for 10 to 15 minutes before completing. If it runs for over 30 minutes, just close the program and try running it again.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

 

  

 

Items for your Next Post

1. FRST Fix log

2. Security Check log


  • 0

#38
girlintrouble

girlintrouble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Windows Defender was turned off and Java was uninstalled. My Adobe Flash is up-to-date.

 

FRST Fix log

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-10-2014 01
Ran by Aretha at 2014-10-29 17:06:46 Run:2
Running from C:\Users\Aretha\Desktop
Loaded Profile: Aretha (Available profiles: Aretha)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
2014-10-26 14:55 - 2014-10-26 15:34 - 00000000 ____D () C:\Users\Aretha\AppData\Roaming\BitTorrent
2014-10-26 14:55 - 2014-10-26 14:55 - 01691736 _____ (BitTorrent Inc.) C:\Users\Aretha\Downloads\BitTorrent.exe

*****************

C:\Users\Aretha\AppData\Roaming\BitTorrent => Moved successfully.
C:\Users\Aretha\Downloads\BitTorrent.exe => Moved successfully.

==== End of Fixlog ====

 

Securiy Check log

 

 Results of screen317's Security Check version 0.99.89  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 15.0.0.189  
 Adobe Reader XI  
 Mozilla Firefox 32.0.3 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 


Edited by girlintrouble, 29 October 2014 - 04:15 PM.

  • 0

#39
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Excellent job. You did fantastic. Are you satisfied?


  • 0

#40
girlintrouble

girlintrouble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

I am completely satisfied! You have been wonderful and I am completely grateful and appreciative of your time, patience and help.

 

Do I need to do anything else?


  • 0

Advertisements


#41
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

I prepared my last post which includes instructions to clean up the tools we use and some important information/suggestions on staying safe. I just need it approved before I can post it so likely tomorrow and that should be it unless my instructor sees something I don't. Have a great evening. This was really fun. I know weird....but I do enjoy it.


  • 0

#42
girlintrouble

girlintrouble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

I will check back tomorrow!

 

And I don't think it is weird at all. If it weren't for people like you, interested in fixing computer issues, a lot of us would be out of luck.

 

Thank you again and have a wonderful evening. :)


  • 0

#43
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

OK! Well done, your computer is clean again!  It's been a pleasure working with you. You may want to update Firefox to the newest version as it shows as needing updated. Following is information to clean up and also to provide you with some information/recommendations on staying secure and safe.
 
1. Clean Up!
We need to remove all the tools that we used so that should you ever be re-infected, you will download updated versions which may have updated detection logic.

1. Download Delfix from here.
2. Ensure everything is checked.

3. Click Run.

Note: The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
 
2. Windows Updates
Another essential task is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats. Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically. Follow the instructions below to ensure your settings are optimal.
1. Click the Start Orb in the lower left corner of the screen.
2. Type Windows Update in the search box that appears
3. Click on the Windows Update program that appears in the search results.
Windows%20Update.JPG

4. Click on Change Settings.
CheckForUpdates.JPG

5. Select "Install updates automatically (recommended)" from the Important updates drop-down.
WUChangeSettings.JPG

6. Choose a day and a time when you know the computer will be on and connected to the internet. The default is 3:00AM every day.
7. Ensure that all of the other check boxes are checked.
8. Click OK.

 
3. Keeping Programs Updated
You need to ensure that any programs installed on your machine are kept current. The bad guys exploit vulnerabilities that are found in older versions of software. A very good piece of software that keeps your programs up-to-date is Secunia Personal Software Inspector (PSI). You can download and install it from here. You can read more information about this free software as well as a video walkthrough from here.
 
Another alternative and popular software program for keeping your programs current is FileHippo Update Checker. Some people prefer this one.
 
1. Please download FileHippo update checker from here and save to your desktop.
2. Double-click the FHSetup.exe file that was downloaded and accept all the defaults to install the program.
3. The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases. Once updates are found you will see information from your task bar as follows. If you click on this informational message you will be take to a website showing the programs that you have that are outdated and links will be provided to the updates.
Capture.JPG

 

 
 
4. Keep Adobe Reader Updated
Check to see what the latest major version of Adobe Reader is here. The full version is something like 11.0.06 for example but the major version is just the first number before the period so 11 in this case or XI.
Verify what version you have by doing the following.
1. Open Adobe Reader
2. Click Help on the menu at the top
3. Select About Adobe Reader

If your major version matches the major version from Adobe then perform the following steps.
1. Open Adobe Reader
2. Click Help on the menu at the top
3. Click Check for Updates
4. Allow any Updates to be downloaded and installed
5. If asked to reboot, please do.
6. Repeat these steps until you are told that no updates are available.

If your major version is lower than the major version from Adobe then perform the following steps.
1. Uninstall Adobe Reader. Click here for instructions on how to uninstall a program.
2. Install the newest version from this website.
Note: Make sure to uncheck the Optional Offer (i.e. Google Chrome, Google Toolbar) unless you really want it.

NOTE: You should disable JavaScript in the program as this is a highly exploitable method for the bad guys to get in your machine. Follow these instructions to disable it in Adobe Reader.
1. Open Adobe Reader
2. Select Edit from the menu and select Preferences
3. Click on JavaScript in the left column and uncheck Enable Acrobat JavaScript.
4. Click OK and close the program.

NOTE: Many installers, including Adobe Reader, offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

 

5. Antivirus - Preventative
It's very important to have an Antivirus program installed which you do so that's great. It's equally important to keep these programs updated and current. I believe you have version 9 of Avast and version 10 is out I believe. So you may want to consider getting this updated.

 
Note: Let's keep Malwarebytes installed as it's a fantastic piece of software. Malwarebytes is not actively monitoring your machine so it won't conflict with the Antivirus that you decide to install. I would recommend that you open up this program, allow it to update and scan your machine at least quarterly...monthly if you can.

 
6. Crypto Warning!!!! - Complete Data Loss can occur!

There are particularly nasty infections out there at the moment that encrypt your data and hold it for ransom. You may read more about this here.

  • Download CryptoPrevent free for home use here following the instructions below.
  • Save the file to your desktop from the link above and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
  • Accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This is good and will launch the program once you click Finish.
  • You will get a prompt asking if you purchased a Product Key for Automatic Updates. You can answer No.
  • You will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to.
  • You will then be prompted to apply all default protections. Answer Yes.
  • You may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.
  • That's it. The protection is in place.

Note: The free version doesn't provide automatic updates. Periodically, you should open up the program (there is a shortcut on your desktop now) and select the Updates! menu....and select Check for Updates to see if there are any as this infection has serious consequences.
 
Updates.JPG

 

 

 

OK, all the best, and stay safe!
 
Items for your next post.
1. Contents of the Delfix log.


  • 0

#44
girlintrouble

girlintrouble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

# DelFix v10.8 - Logfile created 30/10/2014 at 17:59:50
# Updated 29/07/2014 by Xplode
# Username : Aretha - ARETHA-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Aretha\Desktop\FRST-OlderVersion
Deleted : C:\log.txt
Deleted : C:\Users\Aretha\Desktop\Addition.txt
Deleted : C:\Users\Aretha\Desktop\AdwCleaner.exe
Deleted : C:\Users\Aretha\Desktop\Fixlog.txt
Deleted : C:\Users\Aretha\Desktop\FRST.txt
Deleted : C:\Users\Aretha\Desktop\FRST64.exe
Deleted : C:\Users\Aretha\Desktop\SecurityCheck.exe
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...


New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

 


  • 0

#45
girlintrouble

girlintrouble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

I am still in the process of updating a few programs but I wanted to get that posted for you.

 

Thank you again, Brian. You have been a life saver.

 

:)

 

Without your help I probably would have given up and taken it to Geek Squad.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP