Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I'm pretty certain I have a virus, but a lot of anti-virus program

malwarebytes anti-malware avast dllhost.exe malicious website blocked

  • This topic is locked This topic is locked

#1
wilkman2491

wilkman2491

    New Member

  • Member
  • Pip
  • 6 posts

A few days ago the computer started running really slow.  It stopped recognizing my external HDD, applications like Microsoft Excel started crashing, Internet Explorer prevents me from downloading software, and Mozilla was removed from the computer.  Ran Avast, it picked up a few issues, but nothing to resolve the underlying problem. Installed RougeKiller which didn't find anything. Finally I moved to Malwarebytes Anti-Malware and keep getting a popup in the corner stating>

 

Malicious Website Blocked

Domain

IP: 95.215.1.57

Port: 52559

Outbound

C:\Windows\System32\dllhost.exe

Please advise, as I have read many other post, but it seems like I should not attempt using the recommended tools without guidance from an expert.

 

Thank you in advance. 


  • 0

Advertisements


#2
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
Hi wilkman2491, :)

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):
  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction, stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.
 
  • Step #1 Scan with Farbar Recovery Scan Tool
    • Please download Farbar Recovery Scan Tool by Farbar to your Desktop from the link below.
      Download link for 32 bit system
      Download link for 64 bit system
    • Right-click on the program and choose Run as administrator;
    • Put tick-mark on all boxes under Whitelist and Optional Scan;
    • Click on Scan;
    • After the scan two notepad files will be opened --
      • FRST.txt;
      • Addition.txt
    • Copy and Paste the contents of the logs in your next reply.
 
  • Required Log(s):
    • Farbar Tool Log(s)--
      • FRST.txt
      • Addition.txt
Regards,
Valinorum
  • 0

#3
wilkman2491

wilkman2491

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

I acknowledge the above statements.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-12-2014 01
Ran by DrWilk (administrator) on DRWILK-PC on 23-12-2014 08:09:36
Running from C:\Users\DrWilk\Downloads
Loaded Profile: DrWilk (Available profiles: DrWilk & UpdatusUser)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Cisco WebEx LLC) C:\Windows\System32\atashost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Oki Data Corporation) C:\Program Files\Okidata\ActKey\Network Configuration.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Dropbox, Inc.) C:\Users\DrWilk\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\DrWilk\Downloads\FRST (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [5708432 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [Network Configuration] => c:\Program Files\Okidata\ActKey\Network Configuration.exe [725280 2012-08-27] (Oki Data Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [1795872 2014-08-19] (NVIDIA Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-12-19] (AVAST Software)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKU\S-1-5-21-3280206500-3101898392-1201890526-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-3280206500-3101898392-1201890526-1000\...\MountPoints2: E - E:\LaunchU3.exe
HKU\S-1-5-21-3280206500-3101898392-1201890526-1000\...\MountPoints2: {dd99fa49-9e8c-11e2-8f15-08606e759261} - E:\LaunchU3.exe
HKU\S-1-5-21-3280206500-3101898392-1201890526-1000\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (No File)
Startup: C:\Users\DrWilk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\DrWilk\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\DrWilk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3280206500-3101898392-1201890526-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ex/ieatgpc1.cab
DPF: {F88F142A-96AE-40CC-B562-4C91B5E5A5CD} https://edm.chnola.o...lDownloader.cab
Tcpip\..\Interfaces\{EA23DD77-12EA-421C-99F2-12536E18AE5D}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
 
FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-11-05]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-19]
 
Chrome: 
=======
CHR Profile: C:\Users\DrWilk\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\DrWilk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-22]
CHR Extension: (Google Docs) - C:\Users\DrWilk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-22]
CHR Extension: (Google Drive) - C:\Users\DrWilk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\DrWilk\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-22]
CHR Extension: (YouTube) - C:\Users\DrWilk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-22]
CHR Extension: (Google Search) - C:\Users\DrWilk\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-22]
CHR Extension: (Google Sheets) - C:\Users\DrWilk\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-22]
CHR Extension: (Avast Online Security) - C:\Users\DrWilk\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-22]
CHR Extension: (Google Wallet) - C:\Users\DrWilk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-22]
CHR Extension: (Gmail) - C:\Users\DrWilk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-22]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-19]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 atashost; C:\Windows\system32\atashost.exe [120848 2014-08-04] (Cisco WebEx LLC)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-19] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2014-12-19] (Avast Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1674928 2014-10-29] (Microsoft Corporation)
S2 CLKMSVC10_B91CB6D3; C:\Program Files\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-12-19] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-12-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-12-19] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-12-19] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-12-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-12-19] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-12-19] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-12-19] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-12-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R1 MpKsl16d59bad; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{40AED53E-0453-4B66-9C8D-8020A894755F}\MpKsl16d59bad.sys [39464 2014-12-22] (Microsoft Corporation)
R1 MpKsl56bdf39e; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{40AED53E-0453-4B66-9C8D-8020A894755F}\MpKsl56bdf39e.sys [39464 2014-12-22] (Microsoft Corporation)
R1 MpKslaac2a4ce; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{40AED53E-0453-4B66-9C8D-8020A894755F}\MpKslaac2a4ce.sys [39464 2014-12-22] (Microsoft Corporation)
U4 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2014-12-19] (Avast Software)
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 9876CB32F95AB3E7B56A86B8465399BE
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
C:\Windows\system32\drivers\appid.sys CC1CF6C81E445B063FBD20EC9A1F7165
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\system32\drivers\aswHwid.sys 9D23DE88C3B18BA87CD4587177CA6CEA
C:\Windows\system32\drivers\aswMonFlt.sys 73A9014A9C4B19AA093DA05ED4246E27
C:\Windows\system32\drivers\aswRdr2.sys DE8D7912469E4BC5FAED78D9D1076888
C:\Windows\system32\Drivers\aswRvrt.sys 6544697080421E62E97AAFBD0A8AA391
C:\Windows\system32\drivers\aswSnx.sys E73CBE3420ECFA8FF7D0467E170E335D
C:\Windows\system32\drivers\aswSP.sys 1624D5AD126B8AFE2B2E85E5B8364EB6
C:\Windows\system32\drivers\aswStm.sys 401E663D9CBAFB580FF37A1A44AC84D9
C:\Windows\system32\Drivers\aswVmm.sys 0EFBC2962B156E8AC267F96D4D93EF06
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys FF1F3273DE17F630FCABF165BD7064CB
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys 81ADE39958542823B4A1809ED8BEEB23
C:\Windows\System32\DRIVERS\dc3d.sys 7CAAF4AF453EF3582FEF65DD72CAA0AA
C:\Windows\System32\Drivers\dfsc.sys B44B9746261B23087690BF18821BA187
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\dmvsc.sys 2A958EF85DB1B61FFCA65044FA4BCE9E
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 3583A5A8CC2E682BFFBD4630D0FEC08B
C:\Windows\system32\drivers\evbdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\system32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\system32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHDA.sys 4B6986C616B4A391F0B1CDBEF27DF11A
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys EB34CE31FABD4DC4343FD2AD16D2CAF9
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys EADF7B02E9D1419984EA4127EDB22D69
C:\Windows\System32\Drivers\ksecpkg.sys 7B7B6B779F08A2C36A978F409054C1A9
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys A3F4391DFDF2F9E9FE4EAD193265A5AD
C:\Windows\system32\drivers\MBAMSwissArmy.sys 8E2E9CCD873ABF180F48BCAEEEBE347D
C:\Windows\system32\drivers\mwac.sys 312CD3307F600E7CD340B79B3DCB3A01
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys C6A81F138F297CC7E653EFC059CCA033
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys 6460D4A5C981567E74A7AC1349DE10F5
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{40AED53E-0453-4B66-9C8D-8020A894755F}\MpKsl16d59bad.sys 65C34426C83EFA32D48380A97717997B
c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{40AED53E-0453-4B66-9C8D-8020A894755F}\MpKsl56bdf39e.sys 65C34426C83EFA32D48380A97717997B
c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{40AED53E-0453-4B66-9C8D-8020A894755F}\MpKslaac2a4ce.sys 65C34426C83EFA32D48380A97717997B
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 42705B8BCE824C8A6F4A12D706A9CEDE
C:\Windows\System32\DRIVERS\mrxsmb.sys CE706AA66B6D94DB8892C5FC114E0F85
C:\Windows\System32\DRIVERS\mrxsmb10.sys 876F0811A1FB5BADB63EC54DE0AE0F2E
C:\Windows\System32\DRIVERS\mrxsmb20.sys F450602C329F3E7A828931E7EBBF2F27
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\system32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys 520B68DD11C0749D5B9A7F736CB6DE5E
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\system32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys 6A83B8AF342E61DEE353BAA81F67B7DA
C:\Windows\system32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Ntfs.sys 90EE3C4BD199287D2630C5232F459367
C:\Windows\system32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\drivers\nvhda32v.sys 9F8EE4948B7ADD9D12F778F61A2758A4
C:\Windows\System32\DRIVERS\nvlddmkm.sys 1E3D32DDBE6BBDC0843432BAD599069F
C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\System32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys 344D1FA0438A967F1A2BAA42C86D6E19
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys B53320316C5819D711A9ED0DAE379CE8
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 65375DF758CA1872AB7EBBBA457FD5E6
C:\Windows\system32\Drivers\RDPWD.sys CD9214A6AE17D188D17C3CF8CB9CC693
C:\Windows\System32\drivers\rdyboost.sys 12DB635221AF40AD8ED316F07AC7844B
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt86win7.sys 48E68E7BB2B1E8A294490FA3249A2A7D
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\system32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 18F3BEE76568CDB5EFC82E8A3FD33E7E
C:\Windows\System32\DRIVERS\srv2.sys AE3C2D8A41FAC898CEC1C368C0495F98
C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys EA47AB18E289333AB94397D77CA6E3A1
C:\Windows\System32\DRIVERS\tcpip.sys EA47AB18E289333AB94397D77CA6E3A1
C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys 7FE680A3DFA421C4A8E4879AE4C5AAB0
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys E10601CF12F9E619BC16A40E962954E9
C:\Windows\System32\drivers\tsusbflt.sys C6A5FBD4977305E1FA23E02C042DB463
C:\Windows\system32\drivers\TsUsbGD.sys 01246F0BAAD7B68EC0F472AA41E33282
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 0803FBA9FE829D61AE26EC0BCC910C46
C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041
C:\Windows\System32\DRIVERS\usbehci.sys D40855F89B69305140BBD7E9A3BA2DA6
C:\Windows\System32\DRIVERS\usbhub.sys EDF2DF71C4F1E13A6AC75F5224DE655A
C:\Windows\System32\DRIVERS\usbohci.sys 9828C8D14CC2676421778F0DE638CF97
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS 353FBF4AE9EF467BE8A2FDA7935F63CB
C:\Windows\system32\drivers\usbuhci.sys 800AABFD625EEFF899F7E5496BDE37AB
C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys 534C6B89EAC808A6C0B98591D37CDF67
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys 4EDEF8AB59B089925CF9A6CFC74A4109
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys CF68C54937BACCC0DA9A056FFA2A3988
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WSDPrint.sys 553F6CCD7C58EB98D4A8FBDAF283D7A9
C:\Windows\System32\DRIVERS\WSDScan.sys 7DC0270CFD4A05B4112E3EBBF083B595
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-23 08:09 - 2014-12-23 08:10 - 00031091 _____ () C:\Users\DrWilk\Downloads\FRST.txt
2014-12-23 08:08 - 2014-12-23 08:08 - 01114112 _____ (Farbar) C:\Users\DrWilk\Downloads\FRST (1).exe
2014-12-22 18:34 - 2014-12-22 18:34 - 00347816 _____ (Microsoft Corporation) C:\Users\DrWilk\Downloads\MicrosoftFixit.IEPerformance.RNP.1342722054580391.1.1.Run.exe
2014-12-22 18:21 - 2014-12-22 18:21 - 00883616 _____ (Bleeping Computer, LLC) C:\Users\DrWilk\Downloads\FixExec.exe
2014-12-22 18:20 - 2014-12-22 18:21 - 00001238 _____ () C:\Users\DrWilk\Desktop\FixExec.txt
2014-12-22 18:20 - 2014-12-22 18:20 - 00883616 _____ (Bleeping Computer, LLC) C:\Users\DrWilk\Downloads\FixExec.com
2014-12-22 18:16 - 2014-12-22 18:16 - 29720784 _____ (Microsoft Corporation) C:\Users\DrWilk\Downloads\IE11-Windows6.1-x86-en-us (1).exe
2014-12-22 17:58 - 2014-12-23 08:09 - 00000000 ____D () C:\FRST
2014-12-22 17:57 - 2014-12-22 17:57 - 01114112 _____ (Farbar) C:\Users\DrWilk\Downloads\FRST.exe
2014-12-22 17:41 - 2014-12-22 17:41 - 00145100 _____ () C:\Users\DrWilk\Desktop\(SOLVED) - Malicious Website Blocked  C  Windows SysWOW64 dllhost.exe   MalwareTips.com.html
2014-12-22 17:41 - 2014-12-22 17:41 - 00000000 ____D () C:\Users\DrWilk\Desktop\(SOLVED) - Malicious Website Blocked  C  Windows SysWOW64 dllhost.exe   MalwareTips.com_files
2014-12-22 17:40 - 2014-12-22 17:40 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-12-22 17:39 - 2014-12-22 17:39 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-12-22 17:39 - 2014-12-22 17:39 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-12-22 17:37 - 2014-12-22 17:37 - 11447608 _____ (Microsoft Corporation) C:\Users\DrWilk\Downloads\mseinstall.exe
2014-12-22 17:33 - 2014-12-22 18:18 - 00002690 _____ () C:\Windows\IE11_main.log
2014-12-22 17:30 - 2014-12-22 17:31 - 29720784 _____ (Microsoft Corporation) C:\Users\DrWilk\Downloads\IE11-Windows6.1-x86-en-us.exe
2014-12-22 17:10 - 2014-12-23 08:07 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-22 17:10 - 2014-12-22 17:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-22 17:10 - 2014-12-22 17:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-22 17:10 - 2014-12-22 17:10 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-22 17:10 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-22 17:10 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-22 17:10 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-22 17:09 - 2014-12-22 17:09 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\DrWilk\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-22 17:08 - 2014-12-22 17:08 - 00000247 _____ () C:\Windows\system32\2014-12-22-23-08-15.067-aswFe.exe-4444.log
2014-12-22 17:08 - 2014-12-22 17:08 - 00000197 _____ () C:\Windows\system32\2014-12-22-23-08-12.089-AvastVBoxSVC.exe-4084.log
2014-12-22 17:04 - 2014-12-22 17:04 - 00000197 _____ () C:\Windows\system32\2014-12-22-23-04-47.081-AvastVBoxSVC.exe-2896.log
2014-12-22 10:08 - 2014-12-22 10:09 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\DrWilk\Downloads\sh-remover.exe
2014-12-22 08:55 - 2014-12-22 12:33 - 00000000 ____D () C:\Users\DrWilk\AppData\Local\CrashDumps
2014-12-22 08:40 - 2014-12-22 08:40 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-22 08:36 - 2014-12-23 08:04 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-22 08:36 - 2014-12-23 07:41 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-22 08:36 - 2014-12-22 08:42 - 00000000 ____D () C:\Users\DrWilk\AppData\Local\Google
2014-12-22 08:36 - 2014-12-22 08:38 - 00000000 ____D () C:\Program Files\Google
2014-12-22 08:32 - 2014-12-22 08:32 - 00026624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-12-22 08:32 - 2014-12-22 08:32 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-22 07:35 - 2014-12-22 07:35 - 00000247 _____ () C:\Windows\system32\2014-12-22-13-35-43.030-aswFe.exe-22228.log
2014-12-22 07:32 - 2014-12-22 07:35 - 00000247 _____ () C:\Windows\system32\2014-12-22-13-32-09.053-aswFe.exe-8824.log
2014-12-22 07:32 - 2014-12-22 07:32 - 00000197 _____ () C:\Windows\system32\2014-12-22-13-32-06.053-AvastVBoxSVC.exe-4496.log
2014-12-21 15:06 - 2014-12-21 15:07 - 00000197 _____ () C:\Windows\system32\2014-12-21-21-06-58.091-AvastVBoxSVC.exe-2632.log
2014-12-20 14:16 - 2014-12-20 14:16 - 00000197 _____ () C:\Windows\system32\2014-12-20-20-16-02.032-AvastVBoxSVC.exe-3872.log
2014-12-20 13:16 - 2014-12-20 07:17 - 00000000 __SHD () C:\Jumpshot
2014-12-20 13:13 - 2014-12-20 13:48 - 00000000 ____D () C:\Windows\jumpshot.com
2014-12-20 13:08 - 2014-12-20 13:09 - 00000247 _____ () C:\Windows\system32\2014-12-20-19-08-59.078-aswFe.exe-3084.log
2014-12-20 12:50 - 2014-12-20 13:08 - 00000247 _____ () C:\Windows\system32\2014-12-20-18-50-15.023-aswFe.exe-2528.log
2014-12-20 12:50 - 2014-12-20 12:50 - 00000197 _____ () C:\Windows\system32\2014-12-20-18-50-08.040-AvastVBoxSVC.exe-3796.log
2014-12-19 15:36 - 2014-12-19 15:36 - 00000000 ____D () C:\Users\DrWilk\AppData\Roaming\AVAST Software
2014-12-19 15:34 - 2014-12-19 15:34 - 00002121 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-19 15:34 - 2014-12-19 15:34 - 00000000 ____D () C:\Windows\system32\vbox
2014-12-19 15:34 - 2014-12-19 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-19 15:33 - 2014-12-19 15:33 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-19 15:33 - 2014-12-19 15:33 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-12-19 15:33 - 2014-12-19 15:33 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-19 15:33 - 2014-12-19 15:33 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-19 15:33 - 2014-12-19 15:33 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-12-19 15:33 - 2014-12-19 15:33 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-19 15:33 - 2014-12-19 15:33 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-12-19 15:33 - 2014-12-19 15:33 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-19 15:33 - 2014-12-19 15:33 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-19 15:33 - 2014-12-19 15:33 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-19 15:32 - 2014-12-19 15:32 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-19 15:30 - 2014-12-19 15:32 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-19 15:02 - 2014-12-22 18:09 - 00001602 _____ () C:\Windows\PFRO.log
2014-12-18 12:24 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-11 09:54 - 2014-12-11 09:54 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 17:04 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 08:55 - 2014-12-03 22:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 08:55 - 2014-12-03 22:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 08:55 - 2014-12-03 22:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 08:55 - 2014-12-03 22:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 08:55 - 2014-12-03 22:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 08:55 - 2014-12-03 22:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 08:55 - 2014-12-03 22:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 08:55 - 2014-12-01 17:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 08:55 - 2014-11-26 19:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 08:55 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 08:55 - 2014-11-21 20:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 08:55 - 2014-11-21 20:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 08:55 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 08:55 - 2014-11-21 20:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 08:55 - 2014-11-21 20:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 08:55 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 08:55 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 08:55 - 2014-11-21 19:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 08:55 - 2014-11-21 19:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 08:55 - 2014-11-21 19:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 08:55 - 2014-11-21 19:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 08:55 - 2014-11-21 19:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 08:55 - 2014-11-21 19:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 08:55 - 2014-11-21 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 08:55 - 2014-11-21 19:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 08:55 - 2014-11-21 19:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 08:55 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 08:55 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 08:55 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 08:55 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 08:55 - 2014-11-21 19:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 08:55 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 08:55 - 2014-11-21 19:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 08:55 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 08:55 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 08:55 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 08:55 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 08:55 - 2014-11-10 20:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 08:55 - 2014-11-10 19:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 08:55 - 2014-11-06 21:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 08:55 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 08:55 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 08:55 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 08:55 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 08:55 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 08:55 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-23 08:04 - 2014-01-08 11:10 - 00000000 ___RD () C:\Users\DrWilk\Dropbox
2014-12-23 08:04 - 2014-01-08 11:08 - 00000000 ____D () C:\Users\DrWilk\AppData\Roaming\Dropbox
2014-12-23 07:13 - 2013-04-06 02:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-23 03:00 - 2013-04-06 01:08 - 01584075 _____ () C:\Windows\WindowsUpdate.log
2014-12-22 20:20 - 2009-07-13 22:34 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-22 20:20 - 2009-07-13 22:34 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-22 20:13 - 2014-11-21 08:46 - 00002296 _____ () C:\Windows\setupact.log
2014-12-22 20:13 - 2014-08-25 15:39 - 00000000 ____D () C:\Windows\Minidump
2014-12-22 20:13 - 2013-04-06 03:01 - 00170541 ____N () C:\Windows\Minidump\122214-16239-01.dmp
2014-12-22 20:13 - 2013-04-06 01:27 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-22 20:13 - 2009-07-13 22:53 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-22 20:13 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-22 18:08 - 2013-04-06 01:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-22 17:02 - 2013-04-06 03:01 - 00170541 ____N () C:\Windows\Minidump\122214-14242-01.dmp
2014-12-22 15:04 - 2013-04-06 03:01 - 00171117 ____N () C:\Windows\Minidump\122214-25162-01.dmp
2014-12-22 08:36 - 2014-09-27 09:33 - 00000000 ____D () C:\Users\DrWilk\AppData\Local\Deployment
2014-12-22 07:53 - 2013-04-08 11:56 - 00000000 ____D () C:\Sidexis
2014-12-21 15:21 - 2013-04-06 01:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-12-20 13:49 - 2013-04-06 01:09 - 00000000 ____D () C:\Users\DrWilk
2014-12-20 13:17 - 2009-07-13 20:03 - 66322432 _____ () C:\Windows\system32\config\.ghost-ntfs-3g-00000000000000000001
2014-12-20 13:17 - 2009-07-13 20:03 - 20447232 _____ () C:\Windows\system32\config\.ghost-ntfs-3g-00000000000000000003
2014-12-20 13:16 - 2013-04-06 01:09 - 06291456 ___SH () C:\Users\DrWilk\.ghost-ntfs-3g-00000000000000000009
2014-12-20 13:10 - 2013-04-06 02:04 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-20 13:10 - 2013-04-06 02:04 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-19 16:44 - 2013-04-15 17:12 - 00000000 ____D () C:\Windows\AutoKMS
2014-12-19 15:44 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-12-19 15:25 - 2013-04-15 17:12 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2014-12-19 14:54 - 2013-04-06 01:57 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-12-19 14:47 - 2013-04-06 01:55 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-12-19 14:47 - 2009-07-13 20:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-12-19 08:31 - 2014-09-27 09:26 - 00000000 ____D () C:\Program Files\DXONE
2014-12-19 07:43 - 2014-01-08 11:10 - 00000982 _____ () C:\Users\DrWilk\Desktop\Dropbox.lnk
2014-12-19 07:43 - 2014-01-08 11:09 - 00000000 ____D () C:\Users\DrWilk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-12 09:52 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\rescache
2014-12-11 11:01 - 2010-11-20 15:01 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-11 10:33 - 2013-04-06 02:06 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-11 10:33 - 2013-04-06 02:02 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-11 10:03 - 2014-11-05 10:26 - 00002507 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Standard.lnk
2014-12-11 10:03 - 2014-11-05 10:26 - 00002019 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2014-12-11 09:54 - 2014-05-07 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 09:54 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 17:03 - 2013-08-15 02:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 17:01 - 2013-04-06 02:06 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-05 09:23 - 2013-04-08 16:28 - 00000000 ____D () C:\Dentexec
2014-12-04 16:11 - 2014-11-07 09:51 - 00042862 _____ () C:\Users\DrWilk\Desktop\Temp 2014 AR.xlsx
 
Some content of TEMP:
====================
C:\Users\DrWilk\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqse0r1.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {d7f40a8f-9ea0-11e2-82f9-900defb69906}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {d7f40a91-9ea0-11e2-82f9-900defb69906}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {d7f40a8f-9ea0-11e2-82f9-900defb69906}
nx                      OptIn
 
Windows Boot Loader
-------------------
identifier              {d7f40a91-9ea0-11e2-82f9-900defb69906}
device                  ramdisk=[C:]\Recovery\d7f40a91-9ea0-11e2-82f9-900defb69906\Winre.wim,{d7f40a92-9ea0-11e2-82f9-900defb69906}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\d7f40a91-9ea0-11e2-82f9-900defb69906\Winre.wim,{d7f40a92-9ea0-11e2-82f9-900defb69906}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {d7f40a8f-9ea0-11e2-82f9-900defb69906}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
Real-mode Boot Sector
---------------------
identifier              {d7f40a93-9ea0-11e2-82f9-900defb69906}
device                  partition=C:
path                    \Jumpshot\stage0
description             Run GrimeFighter
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {d7f40a92-9ea0-11e2-82f9-900defb69906}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\d7f40a91-9ea0-11e2-82f9-900defb69906\boot.sdi
 
 
 
LastRegBack: 2014-12-15 09:28
 
==================== End Of Log ============================

Edited by wilkman2491, 23 December 2014 - 08:12 AM.

  • 0

#4
wilkman2491

wilkman2491

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-12-2014 01
Ran by DrWilk at 2014-12-23 08:10:55
Running from C:\Users\DrWilk\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ActKey (Version: 1.5.1.0 - Oki Data Corporation) Hidden
Adobe Acrobat XI Standard (HKLM\...\{AC76BA86-1033-FFFF-BA7E-000000000006}) (Version: 11.0.10 - Adobe Systems)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{FECC555E-1660-AE12-750F-7184C3908828}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 3.28 - Piriform)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Dropbox (HKU\S-1-5-21-3280206500-3101898392-1201890526-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
DSN Practice Management Software (HKLM\...\{0000A425-74D8-11E0-ACA7-0003FF044B84}) (Version:  - )
DTX_LMAddIn (HKU\S-1-5-21-3280206500-3101898392-1201890526-1000\...\7CE2685137213C3BB705F3AB6187EAB1AE2B9BC2) (Version: 1.0.2.28 - DTX_LMAddIn)
EDIdEv Framework EDI (HKLM\...\EDIdEv (32-bit)) (Version:  - Edidev)
GALAXIS 1.9 (HKLM\...\{82A42B65-F22B-4191-9615-6537662D0E6E}) (Version: 1.9.4497.23802 - Sirona Dental Systems GmbH)
GALILEOS Implant 1.9 with SP1 (HKLM\...\{FFE899D9-A87E-4DF7-B5BF-7A1EB1F216DD}) (Version: 1.9.4447.23484 - SICAT GmbH & Co. KG)
GALILEOS Implant Database (HKLM\...\{8DAFD3BA-0857-4CBB-84F7-3A8B206CA200}) (Version: 1.9.4367.23281 - SICAT GmbH & Co. KG)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.710 - Oracle)
LG Burning Tool (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.2.6009 - CyberLink Corp.)
LG Burning Tool (Version: 6.2.6009 - CyberLink Corp.) Hidden
LG CyberLink BD Advisor (HKLM\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version: 2.0.4606 - CyberLink Corp.)
LG CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
LG CyberLink LabelPrint (Version: 2.5.3624 - CyberLink Corp.) Hidden
LG CyberLink Media Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2820 - CyberLink Corp.)
LG CyberLink Media Suite (Version: 8.0.2820 - CyberLink Corp.) Hidden
LG CyberLink MediaEspresso (HKLM\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1622_37397b - CyberLink Corp.)
LG CyberLink MediaEspresso (Version: 6.5.1622_37397b - CyberLink Corp.) Hidden
LG CyberLink MediaShow (HKLM\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3402 - CyberLink Corp.)
LG CyberLink MediaShow (Version: 4.1.3402 - CyberLink Corp.) Hidden
LG CyberLink PowerDVD (HKLM\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3424.52 - CyberLink Corp.)
LG CyberLink PowerDVD (Version: 10.0.3424.52 - CyberLink Corp.) Hidden
LG CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2820a - CyberLink Corp.)
LG CyberLink PowerProducer (Version: 5.0.2.2820a - CyberLink Corp.) Hidden
LG CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3718 - CyberLink Corp.)
LG CyberLink YouCam (Version: 2.0.3718 - CyberLink Corp.) Hidden
LG Tool Kit (HKLM\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
LightScribe System Software (HKLM\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3280206500-3101898392-1201890526-1000\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Windows Journal Viewer (HKLM\...\{43DCF766-6838-4F9A-8C91-D92DA586DFA7}) (Version: 1.5.2315.3 - Microsoft)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 306.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 306.23 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
OKI ActKey (HKLM\...\InstallShield_{681B82EF-A457-4849-AABC-5B6099380FA5}) (Version: 1.5.1.0 - Oki Data Corporation)
OKI Color Swatch Utility (HKLM\...\{A344F95E-E51A-450C-8F84-C940BF61903E}) (Version: 2.1.12 - Okidata)
OKI MC5(3)x2/ES5(3)4x2 Scanner (HKLM\...\InstallShield_{14915907-DB64-49DC-BB9D-1935D38CD250}) (Version: 1.0.2.0 - Oki Data Corporation)
OKI Network Extension (HKLM\...\{38ADB9A6-798C-11D6-A855-00105A80791C}) (Version: 1.00.000 - Okidata)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit) (HKLM\...\{AAD476D7-FC64-40BC-85EA-0C1FD98D8375}) (Version: 13.0.3.612 - SAP)
ScannerDriver (Version: 1.0.2.0 - Oki Data Corporation) Hidden
Send to Dentrix Document Center (novaPDF OEM 7.4 printer) (HKLM\...\Send to Dentrix Document Center_is1) (Version:  - Softland)
Setup (HKLM\...\{D9B0C016-9383-4BF8-89D6-ACDB72C2B25D}) (Version: 1.0.0 - PMTS)
Sirona ConfigExplorer 1.4 (HKLM\...\{94068653-C0AE-482D-81B5-1ADD26C15384}) (Version: 1.4.0.24 - Sirona Dental Systems GmbH)
Sirona Control Admin 2.5 (HKLM\...\{0EBFCDD7-28CA-4F48-A4A8-2DBD564B3B65}) (Version: 2.5.0.98 - Sirona Dental Systems GmbH)
Sirona Export Library (HKLM\...\{D22F9C3B-EEFE-4F4F-8EDF-56F4363B07E0}) (Version: 2.4.3153.0 - Sirona Dental Systems GmbH)
Sirona GALILEOS Plugin 2.1 (HKLM\...\{EC25B4D0-3D85-4DEE-8D65-B6C5D5631F24}) (Version: 2.1.0.37 - Sirona Dental Systems GmbH)
Sirona SIDEXIS XG (HKLM\...\{D1962349-06E7-46FD-A3A9-43AB34C50A39}) (Version: 2.6.1.0 - Sirona Dental Systems GmbH)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
tpcman17 (Version: 1.7.2602.2180 - Tablet Platform Group, Microsoft Corp.) Hidden
Visual FoxPro ODBC Driver (HKLM\...\{31821EFE-1B31-4744-9FB0-208F92BD7168}) (Version: 1.0.0 - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3280206500-3101898392-1201890526-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\DrWilk\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3280206500-3101898392-1201890526-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\DrWilk\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3280206500-3101898392-1201890526-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\DrWilk\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3280206500-3101898392-1201890526-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\DrWilk\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3280206500-3101898392-1201890526-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\DrWilk\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3280206500-3101898392-1201890526-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\DrWilk\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3280206500-3101898392-1201890526-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\DrWilk\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3280206500-3101898392-1201890526-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\DrWilk\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3280206500-3101898392-1201890526-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DrWilk\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3280206500-3101898392-1201890526-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DrWilk\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3280206500-3101898392-1201890526-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DrWilk\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3280206500-3101898392-1201890526-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DrWilk\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3280206500-3101898392-1201890526-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DrWilk\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3280206500-3101898392-1201890526-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DrWilk\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3280206500-3101898392-1201890526-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DrWilk\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3280206500-3101898392-1201890526-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DrWilk\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
23-12-2014 00:00:01 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:04 - 2009-06-10 15:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {07278351-B3B9-477C-A599-C002EBBEAD99} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe
Task: {1AF5179A-2B5D-4FF7-9EF5-84FCB4D3670D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {20DB7A5F-9D81-48F7-BE84-CD6927B9A37A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-20] (Adobe Systems Incorporated)
Task: {67F4FF62-3B22-46E2-8B86-22C59A82D16E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
Task: {6F4F8370-40D8-46A4-BA02-3D695A8B34AC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-25] (Piriform Ltd)
Task: {79F26C09-0D2A-409F-A7D9-763AC8FC50D2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-22] (Google Inc.)
Task: {8C426507-C1A5-4865-B36E-F0311C81FDC5} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DrWilk-PC-DrWilk DrWilk-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
Task: {C2004306-CAB6-4515-9933-5E14465E1B24} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-22] (Google Inc.)
Task: {C592C4F7-B94A-4EBB-BFB2-89BC2F1C4888} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-19] (AVAST Software)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-04-06 01:27 - 2014-07-02 13:42 - 00107992 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-12-22 12:18 - 2014-12-22 12:18 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14122201\algo.dll
2014-12-19 15:33 - 2014-12-19 15:33 - 02151544 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxVMM.dll
2014-12-19 15:33 - 2014-12-19 15:33 - 00021488 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxREM.dll
2014-12-19 15:33 - 2014-12-19 15:33 - 04474224 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-12-23 04:14 - 2014-12-23 04:14 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14122300\algo.dll
2014-07-31 08:47 - 2014-05-20 03:11 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
2013-04-06 01:43 - 2009-07-02 08:02 - 00244904 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2014-12-19 15:33 - 2014-12-19 15:33 - 00317632 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2010-01-09 19:18 - 2010-01-09 19:18 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 00:34 - 2010-01-21 00:34 - 08793952 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-12-19 15:33 - 2014-12-19 15:33 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-21 18:22 - 2014-10-21 18:22 - 00750080 _____ () C:\Users\DrWilk\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2014-12-23 08:04 - 2014-12-23 08:04 - 00043008 _____ () c:\users\drwilk\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqse0r1.dll
2014-10-21 18:22 - 2014-10-21 18:22 - 00047616 _____ () C:\Users\DrWilk\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-21 18:22 - 2014-10-21 18:22 - 00863744 _____ () C:\Users\DrWilk\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-21 18:22 - 2014-10-21 18:22 - 00200704 _____ () C:\Users\DrWilk\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-12-22 08:39 - 2014-12-05 19:50 - 01077064 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-22 08:39 - 2014-12-05 19:50 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-22 08:39 - 2014-12-05 19:50 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-22 08:39 - 2014-12-05 19:50 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\DrWilk\Documents\2014-05-10 17.11.28.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\DrWilk\Documents\2014-05-10 17.13.33.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\DrWilk\Documents\2014-05-10 19.59.19.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\DrWilk\Documents\2014-05-10 19.59.28.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\DrWilk\Documents\2014-05-10 19.59.44.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\DrWilk\Documents\2014-05-16 21.41.34.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\DrWilk\Documents\2014-05-16 21.41.35.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\DrWilk\Documents\2014-05-17 09.14.32.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\DrWilk\Documents\2014-05-17 14.35.00.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\DrWilk\Documents\2014-05-17 14.35.07 (2).jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\DrWilk\Documents\2014-05-17 14.35.07.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\DrWilk\Documents\2014-05-17 14.35.20.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\DrWilk\Documents\2014-05-17 15.39.47.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\DrWilk\Documents\2014-05-17 15.39.54.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\DrWilk\Documents\2014-05-17 16.37.58.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\DrWilk\Documents\2014-05-17 16.38.02.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\DrWilk\Documents\2014-05-18 11.19.56.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\DrWilk\Documents\2014-05-18 11.22.04.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\DrWilk\Documents\2014-05-18 15.52.45.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\DrWilk\Documents\2014-05-18 16.01.24.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\DrWilk\Documents\2014-05-18 16.07.11.mp4:com.dropbox.attributes
AlternateDataStreams: C:\Users\DrWilk\Documents\2014-05-18 16.19.53.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\DrWilk\Documents\2014-05-18 16.19.58.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\DrWilk\Documents\2014-05-18 16.20.03.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\DrWilk\Documents\2014-05-18 16.20.35.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\DrWilk\Documents\2014-05-18 16.20.46.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\DrWilk\Documents\2014-05-18 16.59.43.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\DrWilk\Documents\2014-05-19 10.04.07.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\DrWilk\Documents\2014-05-19 10.04.23.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\DrWilk\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_0favicon-2079221766
AlternateDataStreams: C:\Users\DrWilk\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_1favicon1313128964
AlternateDataStreams: C:\Users\DrWilk\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_2favicon-2092717923
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BDRegion => C:\Program Files\Cyberlink\Shared files\brs.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: LGODDFU => "C:\Program Files\lg_fwupdate\lgfw.exe" blrun
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3280206500-3101898392-1201890526-500 - Administrator - Disabled)
DrWilk (S-1-5-21-3280206500-3101898392-1201890526-1000 - Administrator - Enabled) => C:\Users\DrWilk
Guest (S-1-5-21-3280206500-3101898392-1201890526-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-3280206500-3101898392-1201890526-1001 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/22/2014 08:13:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/22/2014 06:25:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/22/2014 06:14:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/22/2014 06:10:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/22/2014 05:32:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: ec4
 
Start Time: 01d01e3c2eeddd1f
 
Termination Time: 96
 
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
 
Report Id:
 
Error: (12/22/2014 05:02:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/22/2014 03:05:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/22/2014 00:33:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x4a5bc96f
Faulting module name: MSHTML.dll, version: 11.0.9600.17496, time stamp: 0x546ff2f9
Exception code: 0xc00000fd
Fault offset: 0x0011fb5c
Faulting process id: 0x13f4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (12/22/2014 11:10:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x50803ef5
Faulting module name: jscript9.dll, version: 11.0.9600.17496, time stamp: 0x546fe6d5
Exception code: 0xc0000005
Fault offset: 0x001083ba
Faulting process id: 0x4318
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (12/22/2014 09:12:48 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Sidexis.exe version 7.6.1.5 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 53a0
 
Start Time: 01d01deeb92f54b0
 
Termination Time: 1095
 
Application Path: C:\Sidexis\Sidexis.exe
 
Report Id:
 
 
System errors:
=============
Error: (12/22/2014 09:32:23 PM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.
 
Error: (12/22/2014 09:32:05 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (12/22/2014 09:32:05 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (12/22/2014 09:32:05 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (12/22/2014 08:15:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (12/22/2014 08:15:53 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1330
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (12/22/2014 08:13:54 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Type with the following error: 
%%5
 
Error: (12/22/2014 08:13:28 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000007a (0xc04b7e80, 0xc0000185, 0x2afe28c0, 0x96fd0474)C:\Windows\Minidump\122214-16239-01.dmp122214-16239-01
 
Error: (12/22/2014 08:13:28 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:11:29 PM on ‎12/‎22/‎2014 was unexpected.
 
Error: (12/22/2014 08:11:31 PM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.
 
 
Microsoft Office Sessions:
=========================
Error: (12/22/2014 08:13:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/22/2014 06:25:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/22/2014 06:14:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/22/2014 06:10:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/22/2014 05:32:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.17496ec401d01e3c2eeddd1f96C:\Program Files\Internet Explorer\iexplore.exe
 
Error: (12/22/2014 05:02:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/22/2014 03:05:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/22/2014 00:33:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.174964a5bc96fMSHTML.dll11.0.9600.17496546ff2f9c00000fd0011fb5c13f401d01e151a1e286aC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll02aede2d-8a09-11e4-b61e-08606e759261
 
Error: (12/22/2014 11:10:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1749650803ef5jscript9.dll11.0.9600.17496546fe6d5c0000005001083ba431801d01e09e656c6bcC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\System32\jscript9.dll7b7ab2d5-89fd-11e4-b61e-08606e759261
 
Error: (12/22/2014 09:12:48 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Sidexis.exe7.6.1.553a001d01deeb92f54b01095C:\Sidexis\Sidexis.exe
 
 
==================== Memory info =========================== 
 
Processor: AMD A8-5600K APU with Radeon™ HD Graphics 
Percentage of memory in use: 54%
Total physical RAM: 3044.11 MB
Available physical RAM: 1378.95 MB
Total Pagefile: 6086.52 MB
Available Pagefile: 4166.65 MB
Total Virtual: 2047.88 MB
Available Virtual: 1896.38 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:880.47 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6F3BABC0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#5
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
  • Step #2 Fix with FRST
    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --
      Start
      CreateRestorePoint:
      Closeprocesses:
      Emptytemp:
      HKLM\...\Run: [] => [X]
      HKU\S-1-5-21-3280206500-3101898392-1201890526-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
      HKU\S-1-5-21-3280206500-3101898392-1201890526-1000\...\MountPoints2: E - E:\LaunchU3.exe
      HKU\S-1-5-21-3280206500-3101898392-1201890526-1000\...\MountPoints2: {dd99fa49-9e8c-11e2-8f15-08606e759261} - E:\LaunchU3.exe
      HKU\S-1-5-21-3280206500-3101898392-1201890526-1000\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
      Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
      ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (No File)
      AlternateDataStreams: C:\Users\DrWilk\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_0favicon-2079221766
      AlternateDataStreams: C:\Users\DrWilk\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_1favicon1313128964
      AlternateDataStreams: C:\Users\DrWilk\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_2favicon-2092717923
      End
    • Click on File > Save as...
      • Inside the File Name box type fixlist.txt;
      • From the Save as type drop down list, choose All Files
    • Save the file to your Desktop;
    • Re-run FRST.exe and click Fix;
      • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
    • After the completion, a log will be produced;
    • Copy and Paste the contents of the log in your next reply.
 
  • Required Log(s):
    • FRST Fix Log
Regards,
Valinorum
  • 0

#6
wilkman2491

wilkman2491

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

I am running the FRST.exe and waiting on Fix. How long should Fix take?  Its been 15 minutes and still on 'Deleteing Temporary files: C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History'


  • 0

#7
wilkman2491

wilkman2491

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-12-2014 01
Ran by DrWilk at 2014-12-23 15:34:08 Run:1
Running from C:\Users\DrWilk\Desktop
Loaded Profile: DrWilk (Available profiles: DrWilk & UpdatusUser)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
Start
CreateRestorePoint:
Closeprocesses:
Emptytemp:
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-3280206500-3101898392-1201890526-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-3280206500-3101898392-1201890526-1000\...\MountPoints2: E - E:\LaunchU3.exe
HKU\S-1-5-21-3280206500-3101898392-1201890526-1000\...\MountPoints2: {dd99fa49-9e8c-11e2-8f15-08606e759261} - E:\LaunchU3.exe
HKU\S-1-5-21-3280206500-3101898392-1201890526-1000\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (No File)
AlternateDataStreams: C:\Users\DrWilk\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_0favicon-2079221766
AlternateDataStreams: C:\Users\DrWilk\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_1favicon1313128964
AlternateDataStreams: C:\Users\DrWilk\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_2favicon-2092717923
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-3280206500-3101898392-1201890526-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoInternetOpenWith => value deleted successfully.
HKU\S-1-5-21-3280206500-3101898392-1201890526-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-3280206500-3101898392-1201890526-1000 => Key not found. 
"HKU\S-1-5-21-3280206500-3101898392-1201890526-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd99fa49-9e8c-11e2-8f15-08606e759261}" => Key deleted successfully.
HKCR\CLSID\{dd99fa49-9e8c-11e2-8f15-08606e759261} => Key not found. 
HKU\S-1-5-21-3280206500-3101898392-1201890526-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 => Key not found. 
"HKU\S-1-5-21-3280206500-3101898392-1201890526-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk => Moved successfully.
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe not found.
C:\Users\DrWilk\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website => ":TASKICON_0favicon-2079221766" ADS removed successfully.
C:\Users\DrWilk\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website => ":TASKICON_1favicon1313128964" ADS removed successfully.
C:\Users\DrWilk\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website => ":TASKICON_2favicon-2092717923" ADS removed successfully.
EmptyTemp: => Removed 11 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 17:26:01 ====

  • 0

#8
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts

EmptyTemp: => Removed 11 GB temporary data.

It was the reason behind the long time. How is your computer performing?
  • 0

#9
wilkman2491

wilkman2491

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

It's performing much faster. 


  • 0

#10
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
  • Step #3 Scan with Malwarebytes' Anti-Malware
    • Download Malwarebytes' Anti-Malware from the suitable link below --
    • Double-click mbam-setup.exe to install the application.
    • Before clicking Finish perform the following actions --
      • Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
      • Check the box beside Launch Malwarebytes Anti-Malware
    • Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
    • Click on Setting--
      • Navigate to the tab Detection and Protection and check all the boxes under Detection Options
    • From the Dashboard click on Scan Now;
    • If threats are detected click on Apply actions. If the program asks to reboot your PC, let it do so;
    • On completion of the scan click on View Detailed Log after that click on Export Button, select Text File and save the log to your Desktop;
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #4 ESET Online Scanner
    Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.
    • Download esetsmartinstaller_enu.exe by clicking here.
    • Right-click on the program and choose Run as administrator.
    • Accept their terms and condition and proceed.
    • Install Add-On/Active X if prompted.
    • From the Computer Scan Setting check the following box --
      • Enable detection for potentially unwanted programs
    • Click on Advanced Setting --
      • Check the box beside Remove Found Threats;
      • Check the box beside Scan archives
      • Check the box beside Scan for potentially unsafe applications
      • Check the box beside Enable Anti-Stealth Technology
    • Click on Start and wait for the virus signature database to update.
    • The online scan will begin automatically and can take several hours.
      • Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
    • After the Scan finishes --
      • If no threats were found:
        • Put a checkmark in Uninstall application on close.
        • Close the program and report that nothing was found
      • If threats were found:
        • Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
        • Copy and Paste contents of the log file in your next reply.
    Note: Enable your security programs afterwards.
 
  • Required Log(s):
    • Malwarebytes' Anti-Malware Log
    • ESET Scan Log
Regards,
Valinorum
  • 0

#11
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics


Also tagged with one or more of these keywords: malwarebytes anti-malware, avast, dllhost.exe, malicious website blocked

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP