Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Desktop Icons & Taskbar disapear after sleep

Started by sem40 , Dec 29 2014 02:09 PM

  • Please log in to reply

#1
sem40
Posted 29 December 2014 - 02:09 PM

sem40

    Member

  • Member
  • PipPip
  • 57 posts

Computer has to be hard rebooted.  The problem had started when hard drive crashed and had to be replaced.  I had tried to cleen comp with mbam, cccleaner, superantispyware and avast antivirus.  all free editions.  also, i had reset ie11 to no avail. i think there is something wrong with ie.

 

this is dell 6gb ram ati radeon hd4200, with win7 ultimate.

 

this comp is my daughters and she uses heavily for school.  please help!

 

OTL logfile created on: 12/29/2014 2:40:10 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Simis\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.75 Gb Total Physical Memory | 4.30 Gb Available Physical Memory | 74.77% Memory free
11.50 Gb Paging File | 9.93 Gb Available in Paging File | 86.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 219.85 Gb Free Space | 73.78% Space Free | Partition Type: NTFS
Drive J: | 931.29 Gb Total Space | 569.92 Gb Free Space | 61.20% Space Free | Partition Type: FAT32
 
Computer Name: SIMIS-PC | User Name: Simis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/12/29 14:39:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Simis\Desktop\OTL.exe
PRC - [2014/12/12 12:50:56 | 005,227,112 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/11/23 12:50:49 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/09/11 16:30:12 | 000,309,704 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/11/23 12:50:51 | 038,562,088 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/23 12:50:49 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/11/23 12:50:47 | 004,012,248 | ---- | M] (Avast Software) [On_Demand | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc)
SRV:64bit: - [2014/11/21 21:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/07/22 18:31:23 | 000,172,344 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2014/01/21 12:40:56 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/04/29 22:52:38 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/04/29 22:25:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/12/29 10:39:12 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/12 18:14:56 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/11/19 16:23:42 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/12/22 12:11:51 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/11/23 12:50:57 | 001,050,432 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/11/23 12:50:53 | 000,267,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/11/23 12:50:53 | 000,116,728 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/11/23 12:50:52 | 000,436,624 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/11/23 12:50:52 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/11/23 12:50:52 | 000,083,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/11/23 12:50:52 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/11/23 12:50:52 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/11/23 12:50:48 | 000,271,752 | ---- | M] (Avast Software) [Kernel | Auto | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv)
DRV:64bit: - [2014/01/21 13:15:02 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2014/01/21 13:15:02 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2014/01/21 13:15:02 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014/01/21 12:43:16 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2014/01/21 12:43:16 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2014/01/21 12:42:54 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/11/23 21:09:40 | 000,040,664 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/04/29 23:16:04 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2013/04/29 23:16:04 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/04/29 21:48:14 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/03/31 17:32:04 | 000,082,600 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2013/03/31 17:32:04 | 000,042,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012/11/26 22:46:02 | 000,569,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012/08/20 03:38:12 | 000,416,072 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2012/08/20 03:38:12 | 000,138,568 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2012/05/20 18:25:32 | 000,789,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/05/20 18:25:32 | 000,357,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/05/14 01:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/03/05 15:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/11/20 22:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 22:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/08/27 19:53:32 | 000,023,080 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)
DRV:64bit: - [2010/08/27 19:53:22 | 000,297,000 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/08/06 03:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (VST64_DPV)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2009/06/10 16:01:11 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTBS26.SYS -- (VST64HWBS2)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 09:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://astromenda.co...r=634454106&ir=
IE:64bit: - HKLM\..\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\..\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\..\SearchScopes\{378E7510-12CC-4A06-9BFD-B292AE80C59D}: "URL" = https://www.google.c...q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7GGLS_enUS606
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.highlightCount: 1
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..extensions.enabledAddons: plugin%40okta.com:3.16.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0.5
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2014/09/08 18:13:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simis\AppData\Roaming\Mozilla\Extensions
[2014/12/15 15:16:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simis\AppData\Roaming\Mozilla\Firefox\Profiles\2xezuqkg.default\extensions
[2014/09/28 08:35:03 | 000,139,378 | ---- | M] () (No name found) -- C:\Users\Simis\AppData\Roaming\Mozilla\Firefox\Profiles\2xezuqkg.default\extensions\[email protected]
[2014/12/12 18:14:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/12/12 18:14:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E4EA8EF-DAB9-4ACB-B5C6-2E346E0355B7}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/09 03:13:30 | 000,000,049 | ---- | M] () - J:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/12/29 14:39:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Simis\Desktop\OTL.exe
[2014/12/24 10:11:26 | 000,000,000 | ---D | C] -- C:\Users\Simis\AppData\Local\ElevatedDiagnostics
[2014/12/24 09:44:52 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2014/12/12 18:14:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2014/12/29 14:39:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Simis\Desktop\OTL.exe
[2014/12/29 14:27:35 | 000,026,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/29 14:27:35 | 000,026,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/29 14:23:54 | 001,647,438 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/12/29 14:23:54 | 000,723,920 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat
[2014/12/29 14:23:54 | 000,661,656 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/12/29 14:23:54 | 000,150,222 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat
[2014/12/29 14:23:54 | 000,121,524 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/12/29 14:19:39 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/29 14:19:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/29 14:19:20 | 334,737,407 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/29 14:17:02 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/29 14:17:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/12/29 13:19:20 | 000,000,017 | ---- | M] () -- C:\Users\Simis\AppData\Local\resmon.resmoncfg
[2014/12/24 10:07:04 | 000,000,188 | ---- | M] () -- C:\Users\Simis\Desktop\FixIt.url
[2014/12/22 12:11:51 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/12/20 13:52:27 | 000,410,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/12/17 17:40:23 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/12/15 16:30:09 | 000,018,948 | ---- | M] () -- C:\Users\Simis\Documents\cc_20141215_162955.reg
[2014/12/15 08:11:51 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
 
========== Files Created - No Company Name ==========
 
[2014/12/29 13:19:20 | 000,000,017 | ---- | C] () -- C:\Users\Simis\AppData\Local\resmon.resmoncfg
[2014/12/24 10:07:04 | 000,000,188 | ---- | C] () -- C:\Users\Simis\Desktop\FixIt.url
[2014/12/20 13:51:43 | 000,410,704 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/12/15 16:30:04 | 000,018,948 | ---- | C] () -- C:\Users\Simis\Documents\cc_20141215_162955.reg
[2014/11/11 14:35:53 | 000,000,058 | ---- | C] () -- C:\Users\Simis\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2014/09/08 20:15:12 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\IPPCPUID.DLL
[2014/09/08 20:15:06 | 000,000,153 | ---- | C] () -- C:\Windows\SysWow64\PMDrvStr.ini
[2014/09/08 20:15:03 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2014/09/06 15:09:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2014/02/14 21:10:55 | 001,629,930 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/04/29 21:37:40 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/04/29 21:37:40 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/09/06 13:32:31 | 000,000,000 | ---D | M] -- C:\Users\Simis\AppData\Roaming\AVAST Software
[2014/09/17 14:28:11 | 000,000,000 | ---D | M] -- C:\Users\Simis\AppData\Roaming\Canon
[2014/11/11 14:35:53 | 000,000,000 | ---D | M] -- C:\Users\Simis\AppData\Roaming\DonationCoder
[2014/09/08 20:20:06 | 000,000,000 | ---D | M] -- C:\Users\Simis\AppData\Roaming\NewSoft
[2014/12/15 15:16:12 | 000,000,000 | ---D | M] -- C:\Users\Simis\AppData\Roaming\UpdaterEX
 
========== Purity Check ==========
 
 
 
< End of report >

Attached Files


  • 0

Advertisements

#2
RKinner
Posted 02 January 2015 - 02:17 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
    •  
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
    •  
     

    download ShellExView.
     
     
    Use this download:
     
    Once you get it installed, run it and look in the third or fourth column from the RIGHT. It should say MICROSOFT. Click once or twice on MICROSOFT so that items with NO are at the top.
    Select all of the NO items and then click on the red led looking icon in the upper left. This should disable all of the non-microsoft additions to Explorer. Reboot.  Do you still have the no desktop problem?
     

    Get Process Explorer
     
    Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
     
    View, Select Column, check Verified Signer, OK
    Options, Verify Image Signatures
     
     
    Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
     
    Wait a full minute then:
     
    File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
     
     

    • 0

    #3
    sem40
    Posted 07 January 2015 - 01:47 PM

    sem40

      Member

    • Topic Starter
    • Member
    • PipPip
    • 57 posts

    Thank you so much for responding pretty quickly. Sorry if it will take me longer to respond to you: I have access to this computer only whrn I visit my daughter.  I had followed your directions, but the problem is still there.

     

    I can't bring computer out of sleep and when it comes out of  sleep, all it brings an emty desktop without taskbar and icons. Than to start the computer I have to to hard restarted it.

     

    Here are the scans.

     

    # AdwCleaner v4.106 - Report created 05/01/2015 at 16:32:36
    # Updated 21/12/2014 by Xplode
    # Database : 2015-01-03.1 [Live]
    # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
    # Username : Simis - SIMIS-PC
    # Running from : C:\Users\Simis\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Users\Simis\AppData\Roaming\UpdaterEX
    File Deleted : C:\Users\Simis\AppData\Roaming\Mozilla\Firefox\Profiles\2xezuqkg.default\user.js

    ***** [ Scheduled Tasks ] *****

    Task Deleted : UpdaterEX

    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****

    Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKCU\Software\UpdaterEX
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17496

    -\\ Mozilla Firefox v34.0.5 (x86 en-US)

    [2xezuqkg.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_dnldstr_14_37_ff&cd=2XzuyEtN2Y1L1QzutDtDtByCtB0DtCzzyByE0A0CyEyCyDyEtN0D0Tzu0SzyzztBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzyt[...]
    [2xezuqkg.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_dnldstr_14_37_ff&cd=2XzuyEtN2Y1L1QzutDtDtByCtB0DtCzzyByE0A0CyEyCyDyEtN0D0Tzu0SzyzztBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBz[...]
    [2xezuqkg.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");
    [2xezuqkg.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");
    [2xezuqkg.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_dnldstr_14_37_ff&cd=2XzuyEtN2Y1L1QzutDtDtByCtB0DtCzzyByE0A0CyEyCyDyEtN0D0Tzu0SzyzztBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEt[...]
    [2xezuqkg.default\prefs.js] - Line Deleted : user_pref("okta.FORM_SITES_NO_PW", "{\"val\":[{\"id\":\"0uawg7ycjrPWGXKRHQCM\",\"displayName\":\"Student Health Portal\",\"urlRegex\":\"(?:^hxxps://shu\\\\.medicatconnect\\\\.com(?:$/))\",\"username\[...]

    *************************

    AdwCleaner[R0].txt - [2804 octets] - [05/01/2015 16:27:03]
    AdwCleaner[R1].txt - [2794 octets] - [05/01/2015 16:30:57]
    AdwCleaner[S0].txt - [2721 octets] - [05/01/2015 16:32:36]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2781 octets] ##########


    • 0

    #4
    sem40
    Posted 07 January 2015 - 01:49 PM

    sem40

      Member

    • Topic Starter
    • Member
    • PipPip
    • 57 posts

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.1 (12.28.2014:1)
    OS: Windows 7 Ultimate x64
    Ran by Simis on Mon 01/05/2015 at 16:40:15.80
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

    ~~~ Services

     

    ~~~ Registry Values

     

    ~~~ Registry Keys

     

    ~~~ Files

    Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARMANAGER_8CA8B414-8A88BD82.pf
    Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-7AE0A20E.pf
    Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARUSER_32.EXE-34B1B1C5.pf

     

    ~~~ Folders

     

    ~~~ FireFox

    Emptied folder: C:\Users\Simis\AppData\Roaming\mozilla\firefox\profiles\2xezuqkg.default\minidumps [6 files]

     

    ~~~ Event Viewer Logs were cleared

     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 01/05/2015 at 16:43:50.45
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    • 0

    #5
    sem40
    Posted 07 January 2015 - 01:56 PM

    sem40

      Member

    • Topic Starter
    • Member
    • PipPip
    • 57 posts

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.1 (12.28.2014:1)
    OS: Windows 7 Ultimate x64
    Ran by Simis on Mon 01/05/2015 at 16:40:15.80
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

    ~~~ Services

     

    ~~~ Registry Values

     

    ~~~ Registry Keys

     

    ~~~ Files

    Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARMANAGER_8CA8B414-8A88BD82.pf
    Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-7AE0A20E.pf
    Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARUSER_32.EXE-34B1B1C5.pf

     

    ~~~ Folders

     

    ~~~ FireFox

    Emptied folder: C:\Users\Simis\AppData\Roaming\mozilla\firefox\profiles\2xezuqkg.default\minidumps [6 files]

     

    ~~~ Event Viewer Logs were cleared

     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 01/05/2015 at 16:43:50.45
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2015
    Ran by Simis at 2015-01-05 16:54:01
    Running from C:\Users\Simis\Downloads
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
    AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
    Canon MF Toolbox 4.9.1.1.mf03 (HKLM-x32\...\{132CA5D9-C745-4B0B-A3B2-8C7A6EC3EE7E}) (Version: 2.2.0 - )
    Canon MF Toolbox 4.9.1.1.mf03 (HKLM-x32\...\{DD929BD3-5D41-4407-BE04-119B4A631869}) (Version: 2.2.0 - Canon)
    Canon MF4100 Series (HKLM\...\{239A8D60-270B-42e8-82D3-60D70A2942E0}) (Version:  - )
    CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.1 Hotfix Rollup (KB2908383) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.52013 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    Presto! PageManager 7.15.11 (HKLM-x32\...\{EA52A1AC-D35D-4D25-8686-9466FE2C5CE5}) (Version:  - )
    Screenshot Captor 4.9.1 (HKLM-x32\...\ScreenshotCaptor_is1) (Version:  - )
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1146 - SUPERAntiSpyware.com)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    ==================== Restore Points  =========================

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {4C387744-3E1C-4882-90D9-9C377709C605} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-23] (AVAST Software)
    Task: {503B3F40-A8E9-49F8-B61E-AEBE2B48CBCF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
    Task: {6BF454E2-9984-4DF6-8E41-CBFEBE568F6F} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {802D028E-747C-4513-85F1-4E2ADE2810C9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-29] (Adobe Systems Incorporated)
    Task: {F0D84FDE-BAE7-41B5-901F-B38E93B567E8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-11] (Google Inc.)
    Task: {F22C65CC-5BBA-4324-A64B-BD65AD9C0FD5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-11] (Google Inc.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-11-23 12:50 - 2014-11-23 12:50 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
    2014-11-23 12:50 - 2014-11-23 12:50 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
    2010-01-09 19:17 - 2010-01-09 19:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-01-21 00:40 - 2010-01-21 00:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2015-01-05 14:31 - 2015-01-05 14:31 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010501\algo.dll
    2014-11-23 12:50 - 2014-11-23 12:50 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
    2014-11-23 12:50 - 2014-11-23 12:50 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^Users^Simis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
    MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    MSCONFIG\startupreg: OpwareSE4 => "C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-3351614289-410613126-3444353104-500 - Administrator - Disabled)
    Guest (S-1-5-21-3351614289-410613126-3444353104-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3351614289-410613126-3444353104-1003 - Limited - Enabled)
    Simis (S-1-5-21-3351614289-410613126-3444353104-1000 - Administrator - Enabled) => C:\Users\Simis

    ==================== Faulty Device Manager Devices =============

    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Processor: AMD Athlon™ II X4 630 Processor
    Percentage of memory in use: 28%
    Total physical RAM: 5886.98 MB
    Available physical RAM: 4202.34 MB
    Total Pagefile: 11772.13 MB
    Available Pagefile: 9938.57 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.82 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:297.99 GB) (Free:219.59 GB) NTFS
    Drive j: () (Fixed) (Total:931.29 GB) (Free:569.92 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 1549F232)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 5 (Size: 931.5 GB) (Disk ID: 3908AEEE)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=0C)

    ==================== End Of Log ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2015
    Ran by Simis at 2015-01-05 16:54:01
    Running from C:\Users\Simis\Downloads
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
    AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
    Canon MF Toolbox 4.9.1.1.mf03 (HKLM-x32\...\{132CA5D9-C745-4B0B-A3B2-8C7A6EC3EE7E}) (Version: 2.2.0 - )
    Canon MF Toolbox 4.9.1.1.mf03 (HKLM-x32\...\{DD929BD3-5D41-4407-BE04-119B4A631869}) (Version: 2.2.0 - Canon)
    Canon MF4100 Series (HKLM\...\{239A8D60-270B-42e8-82D3-60D70A2942E0}) (Version:  - )
    CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.1 Hotfix Rollup (KB2908383) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.52013 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    Presto! PageManager 7.15.11 (HKLM-x32\...\{EA52A1AC-D35D-4D25-8686-9466FE2C5CE5}) (Version:  - )
    Screenshot Captor 4.9.1 (HKLM-x32\...\ScreenshotCaptor_is1) (Version:  - )
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1146 - SUPERAntiSpyware.com)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    ==================== Restore Points  =========================

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {4C387744-3E1C-4882-90D9-9C377709C605} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-23] (AVAST Software)
    Task: {503B3F40-A8E9-49F8-B61E-AEBE2B48CBCF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
    Task: {6BF454E2-9984-4DF6-8E41-CBFEBE568F6F} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {802D028E-747C-4513-85F1-4E2ADE2810C9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-29] (Adobe Systems Incorporated)
    Task: {F0D84FDE-BAE7-41B5-901F-B38E93B567E8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-11] (Google Inc.)
    Task: {F22C65CC-5BBA-4324-A64B-BD65AD9C0FD5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-11] (Google Inc.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-11-23 12:50 - 2014-11-23 12:50 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
    2014-11-23 12:50 - 2014-11-23 12:50 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
    2010-01-09 19:17 - 2010-01-09 19:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-01-21 00:40 - 2010-01-21 00:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2015-01-05 14:31 - 2015-01-05 14:31 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010501\algo.dll
    2014-11-23 12:50 - 2014-11-23 12:50 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
    2014-11-23 12:50 - 2014-11-23 12:50 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^Users^Simis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
    MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    MSCONFIG\startupreg: OpwareSE4 => "C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-3351614289-410613126-3444353104-500 - Administrator - Disabled)
    Guest (S-1-5-21-3351614289-410613126-3444353104-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3351614289-410613126-3444353104-1003 - Limited - Enabled)
    Simis (S-1-5-21-3351614289-410613126-3444353104-1000 - Administrator - Enabled) => C:\Users\Simis

    ==================== Faulty Device Manager Devices =============

    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Processor: AMD Athlon™ II X4 630 Processor
    Percentage of memory in use: 28%
    Total physical RAM: 5886.98 MB
    Available physical RAM: 4202.34 MB
    Total Pagefile: 11772.13 MB
    Available Pagefile: 9938.57 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.82 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:297.99 GB) (Free:219.59 GB) NTFS
    Drive j: () (Fixed) (Total:931.29 GB) (Free:569.92 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 1549F232)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 5 (Size: 931.5 GB) (Disk ID: 3908AEEE)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=0C)

    ==================== End Of Log ============================

     

    Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
    System Idle Process 86.10 0 K 24 K 0   
    AvastSvc.exe 10.08 62,460 K 49,516 K 1236 avast! Service AVAST Software (Verified) AVAST Software a.s.
    procexp64.exe 1.16 26,828 K 47,760 K 4788 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals
    svchost.exe 0.69 11,108 K 14,040 K 3760 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    System 0.44 464 K 17,504 K 4   
    svchost.exe 0.43 111,312 K 121,620 K 296 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    Interrupts 0.39 0 K 0 K n/a Hardware Interrupts and DPCs  
    dwm.exe 0.17 32,152 K 44,020 K 2140 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
    iexplore.exe 0.10 221,676 K 243,200 K 3864 Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
    explorer.exe 0.10 33,864 K 59,468 K 2168 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
    csrss.exe 0.09 11,480 K 31,780 K 592   
    svchost.exe 0.05 22,276 K 37,752 K 444 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 0.05 21,308 K 23,456 K 996 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 0.02 4,552 K 8,316 K 844 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    lsass.exe 0.02 5,124 K 12,252 K 636 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 0.02 7,664 K 13,924 K 3532 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    audiodg.exe 0.01 16,596 K 16,556 K 340   
    SearchIndexer.exe 0.01 28,820 K 12,860 K 1516 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 0.01 14,440 K 16,112 K 1172 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    lsm.exe 0.01 2,584 K 4,348 K 644   
    SASCore64.exe < 0.01 1,644 K 3,996 K 1732   
    CCleaner64.exe < 0.01 9,172 K 12,120 K 2900   
    wmpnetwk.exe < 0.01 11,220 K 4,892 K 3428 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe < 0.01 1,848 K 5,340 K 4100 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    avastui.exe < 0.01 14,512 K 20,556 K 2844 avast! Antivirus AVAST Software (Verified) AVAST Software a.s.
    VSSVC.exe < 0.01 2,180 K 6,804 K 4104 Microsoft® Volume Shadow Copy Service Microsoft Corporation (Verified) Microsoft Windows
    taskhost.exe < 0.01 20,340 K 19,576 K 1588 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe < 0.01 9,824 K 17,836 K 344 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    csrss.exe < 0.01 2,608 K 4,928 K 484   
    iexplore.exe < 0.01 22,188 K 48,244 K 3448 Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe < 0.01 7,780 K 7,836 K 1848 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    AvastVBoxSVC.exe < 0.01 8,116 K 15,716 K 2476 AvastVirtualBox Interface Avast Software (Verified) AVAST Software a.s.
    WUDFHost.exe  2,272 K 6,332 K 3232   
    wuauclt.exe  2,208 K 6,656 K 1248 Windows Update Microsoft Corporation (Verified) Microsoft Windows
    WmiPrvSE.exe  2,984 K 6,848 K 4068   
    winlogon.exe  3,832 K 8,116 K 952   
    wininit.exe  1,660 K 4,588 K 556   
    TrustedInstaller.exe  3,028 K 8,556 K 3340 Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows
    taskeng.exe  2,012 K 5,472 K 1508   
    svchost.exe  14,100 K 15,172 K 1604 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe  1,696 K 4,804 K 3284 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe  39,812 K 27,424 K 4368 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe  4,740 K 9,720 K 744 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe  2,512 K 5,648 K 1052 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    spoolsv.exe  6,952 K 12,460 K 1496 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
    smss.exe  536 K 1,184 K 408   
    services.exe  6,204 K 9,920 K 616   
    procexp.exe  2,328 K 7,348 K 4064 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
    ngservice.exe  1,344 K 3,592 K 3116   
    GoogleToolbarUser_32.exe  5,660 K 12,348 K 2120 Google Toolbar Broker Google Inc. (Verified) Google Inc
    Fuel.Service.exe  2,064 K 5,972 K 1772 AMD Fuel Service Advanced Micro Devices, Inc. (No signature was present in the subject) Advanced Micro Devices, Inc.
    atiesrxx.exe  1,708 K 4,548 K 892 AMD External Events Service Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
    atieclxx.exe  2,776 K 6,880 K 1276   

     

     

     


    • 0

    #6
    RKinner
    Posted 07 January 2015 - 10:14 PM

    RKinner

      Malware Expert

    • Expert
    • 24,624 posts
    • MVP

    You posted the addition log twice.  Can you post the FRST log?

     

    Suggest you install the free teamviewer 

     

    http://www.teamviewe...m/en/index.aspx

     

    Set up your daughters PC to allow remote access and note the Partner ID assigned and the personal password.  Then install it on your PC and you can control hers without going there.  I use it all the time and it works great.

     

     

    Doesn't appear to be malware anyway.  Let's check the system files:

     

     

     
    Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
     
    Allow it to go to sleep.  Try to wake it up and when you get the blank desktop,try Ctrl + Alt + Delete.  Do you get a new screen with 5 options and a cancel button?  If so select Start Task Manager then select File, New Task Run and type in explorer and hit Enter.  Does the desktop come back?
     
    In either case:
     
    Reboot. 
     
    Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
    sfc  /scannow
     
    (This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
     
    Copy the next two lines:
     
    findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
    notepad \windows\logs\cbs\junk.txt 
     
    Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
    Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
     
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.
     
    What  model number and service tag?  When you reloaded the hard drive did you use a Dell disk or a windows disk?
     
    Ron

    • 0

    #7
    sem40
    Posted 13 January 2015 - 01:26 PM

    sem40

      Member

    • Topic Starter
    • Member
    • PipPip
    • 57 posts

    I had finally installed teamviewer and would be able to do work from home.  Meanwhile i had followed your other instructions and rebooted comp.  I will also set the power to sleep and see the comps reaction.  thank you

     

     

     

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2015
    Ran by Simis (administrator) on SIMIS-PC on 05-01-2015 16:53:12
    Running from C:\Users\Simis\Downloads
    Loaded Profile: Simis (Available profiles: Simis)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-12] (AVAST Software)
    HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
    HKU\S-1-5-21-3351614289-410613126-3444353104-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-09-11] (Google Inc.)
    HKU\S-1-5-21-3351614289-410613126-3444353104-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-3351614289-410613126-3444353104-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
    HKU\S-1-5-21-3351614289-410613126-3444353104-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3351614289-410613126-3444353104-1000 -> {378E7510-12CC-4A06-9BFD-B292AE80C59D} URL = https://www.google.c...?q={searchTerms}
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKU\S-1-5-21-3351614289-410613126-3444353104-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Simis\AppData\Roaming\Mozilla\Firefox\Profiles\2xezuqkg.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Extension: Okta Secure Web Authentication Plug-in - C:\Users\Simis\AppData\Roaming\Mozilla\Firefox\Profiles\2xezuqkg.default\Extensions\[email protected] [2014-09-28]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF

    Chrome:
    =======

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.) [File not signed]
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-23] (AVAST Software)
    R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-23] (Avast Software)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-23] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-23] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-23] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-23] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-23] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-23] (AVAST Software)
    S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-23] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-23] ()
    S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-22] (Malwarebytes Corporation)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-23] (Avast Software)
    R3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [411136 2009-06-10] (Conexant Systems, Inc.)
    R3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.)
    S3 AIDA64Driver; \??\I:\AIDA64 Engineer Edition 4.50.3000\kerneld.x64 [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-05 16:53 - 2015-01-05 16:53 - 00009344 _____ () C:\Users\Simis\Downloads\FRST.txt
    2015-01-05 16:52 - 2015-01-05 16:53 - 00000000 ____D () C:\FRST
    2015-01-05 16:52 - 2015-01-05 16:52 - 02123776 _____ (Farbar) C:\Users\Simis\Downloads\FRST64.exe
    2015-01-05 16:43 - 2015-01-05 16:43 - 00001029 _____ () C:\Users\Simis\Desktop\JRT.txt
    2015-01-05 16:41 - 2015-01-05 16:41 - 00002873 _____ () C:\Users\Simis\Desktop\AdwCleaner[S0].txt
    2015-01-05 16:40 - 2015-01-05 16:40 - 00000000 ____D () C:\Windows\ERUNT
    2015-01-05 16:37 - 2015-01-05 16:37 - 01707939 _____ (Thisisu) C:\Users\Simis\Desktop\JRT.exe
    2015-01-05 16:37 - 2015-01-05 16:37 - 00000197 _____ () C:\Windows\system32\2015-01-05-21-37-15.087-AvastVBoxSVC.exe-2988.log
    2015-01-05 16:26 - 2015-01-05 16:32 - 00000000 ____D () C:\AdwCleaner
    2015-01-05 16:19 - 2015-01-05 16:19 - 02173952 _____ () C:\Users\Simis\Desktop\AdwCleaner.exe
    2014-12-29 15:11 - 2014-12-29 15:11 - 00000329 _____ () C:\Users\Simis\Desktop\Desktop Icons & Taskbar disapear after sleep - Virus, Spyware, Malware Removal.url
    2014-12-29 14:49 - 2014-12-29 14:49 - 00000319 _____ () C:\Users\Simis\Desktop\Malware and Spyware Cleaning Guide - Virus, Spyware, Malware Removal.url
    2014-12-29 14:48 - 2014-12-29 14:48 - 00058852 _____ () C:\Users\Simis\Desktop\OTL Scan 122914.txt
    2014-12-29 14:47 - 2014-12-29 14:47 - 00058852 _____ () C:\Users\Simis\Desktop\OTL.Txt
    2014-12-29 14:47 - 2014-12-29 14:47 - 00048164 _____ () C:\Users\Simis\Desktop\Extras.Txt
    2014-12-29 14:39 - 2014-12-29 14:39 - 00602112 _____ (OldTimer Tools) C:\Users\Simis\Desktop\OTL.exe
    2014-12-29 14:22 - 2014-12-29 14:22 - 00000197 _____ () C:\Windows\system32\2014-12-29-19-22-28.081-AvastVBoxSVC.exe-2692.log
    2014-12-29 13:31 - 2014-12-29 13:31 - 00347816 _____ (Microsoft Corporation) C:\Users\Simis\Downloads\MicrosoftFixit.Performance.FISC.1343304900203918.1.1.Run.exe
    2014-12-29 13:29 - 2014-12-29 13:29 - 00347816 _____ (Microsoft Corporation) C:\Users\Simis\Downloads\MicrosoftFixit.WinFileFolder.RNP.1343304900203918.2.2.Run.exe
    2014-12-29 13:28 - 2014-12-29 13:28 - 00347816 _____ (Microsoft Corporation) C:\Users\Simis\Downloads\MicrosoftFixit.WinFileFolder.RNP.1343304900203918.2.1.Run.exe
    2014-12-29 13:22 - 2014-12-29 13:23 - 00000197 _____ () C:\Windows\system32\2014-12-29-18-22-26.090-AvastVBoxSVC.exe-3076.log
    2014-12-29 13:19 - 2014-12-29 13:19 - 00000017 _____ () C:\Users\Simis\AppData\Local\resmon.resmoncfg
    2014-12-29 10:48 - 2014-12-29 10:48 - 00000197 _____ () C:\Windows\system32\2014-12-29-15-48-19.071-AvastVBoxSVC.exe-2944.log
    2014-12-29 08:27 - 2014-12-29 08:27 - 00000197 _____ () C:\Windows\system32\2014-12-29-13-27-15.033-AvastVBoxSVC.exe-1432.log
    2014-12-24 11:24 - 2014-12-24 11:24 - 00000197 _____ () C:\Windows\system32\2014-12-24-16-24-00.082-AvastVBoxSVC.exe-2188.log
    2014-12-24 10:15 - 2014-12-24 10:15 - 00000197 _____ () C:\Windows\system32\2014-12-24-15-15-48.017-AvastVBoxSVC.exe-2336.log
    2014-12-24 10:09 - 2014-12-24 10:10 - 00347816 _____ (Microsoft Corporation) C:\Users\Simis\Downloads\MicrosoftFixit.WinFileFolder.FISC.1342860965119576.1.1.Run.exe
    2014-12-24 10:08 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2014-12-24 10:08 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2014-12-24 10:08 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2014-12-24 10:08 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
    2014-12-24 10:08 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
    2014-12-24 10:08 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
    2014-12-24 10:08 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
    2014-12-24 10:08 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
    2014-12-24 10:08 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
    2014-12-24 10:08 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
    2014-12-24 10:07 - 2014-12-24 10:07 - 00000188 _____ () C:\Users\Simis\Desktop\FixIt.url
    2014-12-24 10:07 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-12-24 10:07 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-12-24 10:07 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-12-24 10:07 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-12-24 10:07 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-12-24 10:07 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-12-24 10:07 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-12-24 10:07 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-12-24 10:07 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-12-24 10:07 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-12-24 10:07 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-12-24 10:07 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-12-24 10:07 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-12-24 10:07 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-12-24 10:07 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-12-24 10:07 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-12-24 10:07 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-12-24 10:07 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-12-24 10:07 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-12-24 10:07 - 2014-11-21 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-12-24 10:07 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-12-24 10:07 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-12-24 10:07 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-12-24 10:07 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-12-24 10:07 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-12-24 10:07 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-12-24 10:07 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-12-24 10:07 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-12-24 10:07 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-12-24 10:07 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-12-24 10:07 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-12-24 10:07 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-12-24 10:07 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-12-24 10:07 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-12-24 10:07 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2014-12-24 10:07 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2014-12-24 10:07 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
    2014-12-24 10:06 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-12-24 10:06 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-12-24 10:06 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-12-24 10:06 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-12-24 10:06 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-12-24 10:06 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-12-24 10:06 - 2014-11-21 21:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-12-24 10:06 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-12-24 10:06 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-12-24 10:06 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-12-24 10:06 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-12-24 10:06 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-12-24 10:06 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-12-24 10:06 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-12-24 10:06 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-12-24 10:06 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-12-24 10:06 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-12-24 10:06 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-12-24 10:06 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-12-24 10:06 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-12-24 10:06 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-12-24 10:06 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-12-24 10:06 - 2014-11-10 22:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-12-24 10:06 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
    2014-12-24 10:06 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2014-12-24 10:06 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
    2014-12-24 10:06 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2014-12-24 10:06 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2014-12-24 10:06 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
    2014-12-24 10:06 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
    2014-12-24 10:06 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
    2014-12-24 10:06 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
    2014-12-24 10:06 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
    2014-12-24 10:06 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
    2014-12-24 10:06 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
    2014-12-24 10:06 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
    2014-12-24 10:06 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
    2014-12-24 10:06 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
    2014-12-24 10:06 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
    2014-12-24 10:06 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
    2014-12-24 09:50 - 2014-12-24 09:51 - 00000197 _____ () C:\Windows\system32\2014-12-24-14-50-49.075-AvastVBoxSVC.exe-1032.log
    2014-12-24 09:48 - 2015-01-05 16:34 - 00001950 _____ () C:\Windows\PFRO.log
    2014-12-24 09:44 - 2014-12-24 09:44 - 00000000 ____D () C:\Windows\pss
    2014-12-24 09:32 - 2014-12-24 09:32 - 00000197 _____ () C:\Windows\system32\2014-12-24-14-32-15.053-AvastVBoxSVC.exe-3136.log
    2014-12-23 18:04 - 2014-12-23 18:04 - 00000197 _____ () C:\Windows\system32\2014-12-23-23-04-05.044-AvastVBoxSVC.exe-3344.log
    2014-12-23 17:45 - 2014-12-23 17:45 - 00000197 _____ () C:\Windows\system32\2014-12-23-22-45-12.001-AvastVBoxSVC.exe-3372.log
    2014-12-23 13:21 - 2014-12-23 13:21 - 00000197 _____ () C:\Windows\system32\2014-12-23-18-21-29.058-AvastVBoxSVC.exe-3364.log
    2014-12-22 12:32 - 2014-12-22 12:32 - 00000197 _____ () C:\Windows\system32\2014-12-22-17-32-49.057-AvastVBoxSVC.exe-3232.log
    2014-12-21 17:40 - 2014-12-21 17:40 - 00000197 _____ () C:\Windows\system32\2014-12-21-22-40-13.023-AvastVBoxSVC.exe-2304.log
    2014-12-21 10:34 - 2014-12-21 10:34 - 00000197 _____ () C:\Windows\system32\2014-12-21-15-34-16.032-AvastVBoxSVC.exe-3112.log
    2014-12-20 13:54 - 2014-12-20 13:54 - 00000197 _____ () C:\Windows\system32\2014-12-20-18-54-28.023-AvastVBoxSVC.exe-2520.log
    2014-12-20 13:53 - 2014-12-20 13:53 - 00109296 _____ () C:\Users\Simis\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-12-20 13:51 - 2014-12-20 13:52 - 00410704 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-12-20 13:47 - 2015-01-05 16:34 - 00002184 _____ () C:\Windows\setupact.log
    2014-12-20 13:47 - 2014-12-20 13:47 - 00000000 _____ () C:\Windows\setuperr.log
    2014-12-19 17:01 - 2014-12-19 17:01 - 05317104 _____ (Piriform Ltd) C:\Users\Simis\Downloads\ccsetup501.exe
    2014-12-17 17:47 - 2014-12-17 17:47 - 00000197 _____ () C:\Windows\system32\2014-12-17-22-47-47.083-AvastVBoxSVC.exe-2056.log
    2014-12-17 17:39 - 2014-12-17 17:39 - 05162080 _____ (Piriform Ltd) C:\Users\Simis\Downloads\ccsetup500(2).exe
    2014-12-17 17:38 - 2014-12-17 17:38 - 05162080 _____ (Piriform Ltd) C:\Users\Simis\Downloads\ccsetup500(1).exe
    2014-12-15 16:30 - 2014-12-15 16:30 - 00018948 _____ () C:\Users\Simis\Documents\cc_20141215_162955.reg
    2014-12-15 15:20 - 2014-12-15 15:20 - 00000197 _____ () C:\Windows\system32\2014-12-15-20-20-42.040-AvastVBoxSVC.exe-2748.log
    2014-12-15 08:09 - 2014-12-15 08:09 - 05162080 _____ (Piriform Ltd) C:\Users\Simis\Downloads\ccsetup500.exe
    2014-12-13 12:55 - 2014-12-13 12:55 - 00000197 _____ () C:\Windows\system32\2014-12-13-17-55-16.000-AvastVBoxSVC.exe-1892.log
    2014-12-13 12:48 - 2014-12-13 12:49 - 00000197 _____ () C:\Windows\system32\2014-12-13-17-48-58.048-AvastVBoxSVC.exe-3708.log
    2014-12-12 18:14 - 2014-12-12 18:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-12-08 18:04 - 2014-12-08 18:04 - 00000197 _____ () C:\Windows\system32\2014-12-08-23-04-17.065-AvastVBoxSVC.exe-3512.log

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-05 16:47 - 2014-09-11 16:30 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-05 16:42 - 2009-07-13 23:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-05 16:42 - 2009-07-13 23:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-05 16:39 - 2014-09-11 13:24 - 00723920 _____ () C:\Windows\system32\perfh019.dat
    2015-01-05 16:39 - 2014-09-11 13:24 - 00150222 _____ () C:\Windows\system32\perfc019.dat
    2015-01-05 16:39 - 2009-07-14 00:13 - 01647438 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-01-05 16:38 - 2014-09-06 15:21 - 01653127 _____ () C:\Windows\WindowsUpdate.log
    2015-01-05 16:35 - 2014-09-06 13:32 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2015-01-05 16:34 - 2014-09-11 16:30 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-05 16:34 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-05 16:19 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
    2015-01-05 15:55 - 2014-09-08 20:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-12-29 10:39 - 2014-09-08 20:02 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-12-29 10:39 - 2014-09-08 20:02 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-12-29 10:39 - 2014-09-08 20:02 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-12-29 10:39 - 2014-09-08 20:01 - 00000000 ____D () C:\Users\Simis\AppData\Local\Adobe
    2014-12-24 11:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
    2014-12-24 10:12 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-12-24 10:11 - 2014-09-11 13:35 - 00000000 ____D () C:\Windows\system32\MRT
    2014-12-24 10:09 - 2014-09-06 12:32 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-12-24 10:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\sr-Latn-CS
    2014-12-24 10:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\hr-HR
    2014-12-24 10:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
    2014-12-24 10:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\hr-HR
    2014-12-24 09:47 - 2014-09-08 20:13 - 00000000 ____D () C:\ProgramData\ScanSoft
    2014-12-24 09:30 - 2014-09-15 15:14 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-12-22 12:11 - 2014-09-15 15:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-12-17 17:40 - 2014-09-15 14:13 - 00000782 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2014-12-17 17:40 - 2014-09-15 14:13 - 00000000 ____D () C:\Program Files\CCleaner
    2014-12-15 15:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Branding
    2014-12-15 08:11 - 2014-09-15 15:06 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-12-15 08:11 - 2014-09-15 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-12-15 08:11 - 2014-09-15 15:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-12-13 12:47 - 2014-09-08 18:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-12-08 18:04 - 2014-09-17 14:28 - 00001816 _____ () C:\Users\Simis\Sti_Trace.log

    Some content of TEMP:
    ====================
    C:\Users\Simis\AppData\Local\Temp\Quarantine.exe
    C:\Users\Simis\AppData\Local\Temp\sqlite3.dll

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2015-01-04 00:18

    ==================== End Of Log ============================

     


    • 0

    #8
    RKinner
    Posted 13 January 2015 - 05:15 PM

    RKinner

      Malware Expert

    • Expert
    • 24,624 posts
    • MVP
    Press Win+R to summon the Run dialog box.
     
    Type
     
    msconfig
     
    and press Enter.
     
    Click the Boot tab.
     
    Place a check mark by the item Boot Log.
     
    Click OK.
     
    Click the Restart button to restart now.
     
     
     
    After the reboot locate the log c:\windows\ntbtlog.txt and copy and paste it or attach it to your next post.
     
    If you have problems seeing files in C:\windows:
     
    Open the Control Panel menu and click Folder Options.
        After the new window appears select the View tab.
        Put a checkmark in the checkbox labeled Display the contents of system folders.
        Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
        Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
        Remove the checkmark from the checkbox labeled Hide protected operating system files.
        Press the Apply button and then the OK button

    • 0

    #9
    sem40
    Posted 13 January 2015 - 06:28 PM

    sem40

      Member

    • Topic Starter
    • Member
    • PipPip
    • 57 posts
    I'm sorry Ron, but I had not finished with your previous message. I've done scf/scannow without any problems. Should I go to Event Viewer Tool or should I skip this? As to your questions at the end of the previous message, I'm not sure because the replacement was done at the repair shop.
    • 0

    #10
    RKinner
    Posted 13 January 2015 - 09:55 PM

    RKinner

      Malware Expert

    • Expert
    • 24,624 posts
    • MVP

    Let's see what the event viewer shows then go on with the next log


    • 0

    Advertisements

    #11
    sem40
    Posted 14 January 2015 - 01:26 PM

    sem40

      Member

    • Topic Starter
    • Member
    • PipPip
    • 57 posts

    Hi, Ron,

     

    I had finished everything from #6 and logs are below, but i think there is something wrong with this comp., because I had set it up to go to sleep in 2 min. yesterday, but  i could not attend to it till today and had i hard time to wake it up.  1. I could not power shut it 2x - the power button didn't do anything  2. I had to remove power cord and this way I brought comp. up and running.  Is it possible that new drive is faulty? I'm a total baby in comps, but I can follow directions.  So, I'm starting with #8 later today.

     

     

    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 14/01/2015 2:01:28 PM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 13/01/2015 9:25:31 PM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 13/01/2015 9:25:44 PM
    Type: Error Category: 0
    Event: 6008 Source: EventLog
    The previous system shutdown at 4:24:17 PM on ?1/?13/?2015 was unexpected.

    Log: 'System' Date/Time: 13/01/2015 9:23:01 PM
    Type: Error Category: 0
    Event: 7034 Source: Service Control Manager
    The Windows Image Acquisition (WIA) service terminated unexpectedly.  It has done this 1 time(s).

    Log: 'System' Date/Time: 13/01/2015 8:30:26 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} did not register with DCOM within the required timeout.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 14/01/2015 6:43:23 PM
    Type: Warning Category: 212
    Event: 219 Source: Microsoft-Windows-Kernel-PnP
    The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.00#20060413092100000&0#.

    Log: 'System' Date/Time: 14/01/2015 6:37:43 PM
    Type: Warning Category: 212
    Event: 219 Source: Microsoft-Windows-Kernel-PnP
    The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.00#20060413092100000&0#.

    Log: 'System' Date/Time: 14/01/2015 6:35:26 PM
    Type: Warning Category: 212
    Event: 219 Source: Microsoft-Windows-Kernel-PnP
    The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.00#20060413092100000&0#.

    Log: 'System' Date/Time: 14/01/2015 6:31:35 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name isatap.home timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 14/01/2015 6:31:34 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name wpad.home timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 14/01/2015 6:28:38 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name www.geekstogo.com timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 14/01/2015 6:28:20 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name isatap.home timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 13/01/2015 9:26:09 PM
    Type: Warning Category: 212
    Event: 219 Source: Microsoft-Windows-Kernel-PnP
    The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.00#20060413092100000&0#.

    Log: 'System' Date/Time: 13/01/2015 9:22:52 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name isatap.home timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 13/01/2015 8:30:02 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name isatap.home timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 13/01/2015 7:15:56 PM
    Type: Warning Category: 212
    Event: 219 Source: Microsoft-Windows-Kernel-PnP
    The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.00#20060413092100000&0#.

     

     

     

     

    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 14/01/2015 2:04:20 PM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 14/01/2015 6:43:08 PM
    Type: Error Category: 0
    Event: 10 Source: Microsoft-Windows-WMI
    Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Log: 'Application' Date/Time: 14/01/2015 6:37:42 PM
    Type: Error Category: 0
    Event: 10 Source: Microsoft-Windows-WMI
    Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Log: 'Application' Date/Time: 14/01/2015 6:35:10 PM
    Type: Error Category: 0
    Event: 10 Source: Microsoft-Windows-WMI
    Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Log: 'Application' Date/Time: 13/01/2015 9:26:58 PM
    Type: Error Category: 0
    Event: 10 Source: Microsoft-Windows-WMI
    Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Log: 'Application' Date/Time: 13/01/2015 9:22:58 PM
    Type: Error Category: 100
    Event: 1000 Source: Application Error
    Faulting application name: svchost.exe_stisvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: CNCL4100.DLL, version: 11.3.0.0, time stamp: 0x4608e720 Exception code: 0xc0000005 Fault offset: 0x0000000000003670 Faulting process id: 0x7bc Faulting application start time: 0x01d02f654e691584 Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\system32\CNCL4100.DLL Report Id: 5819296e-9b6a-11e4-a6fe-00262d1874ac

    Log: 'Application' Date/Time: 13/01/2015 7:16:13 PM
    Type: Error Category: 0
    Event: 10 Source: Microsoft-Windows-WMI
    Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 14/01/2015 6:39:21 PM
    Type: Warning Category: 0
    Event: 1530 Source: Microsoft-Windows-User Profiles Service
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   2 user registry handles leaked from \Registry\User\S-1-5-21-3351614289-410613126-3444353104-1000_Classes:
    Process 3960 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000_CLASSES
    Process 3960 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000_CLASSES

    Log: 'Application' Date/Time: 14/01/2015 6:39:16 PM
    Type: Warning Category: 0
    Event: 1530 Source: Microsoft-Windows-User Profiles Service
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   22 user registry handles leaked from \Registry\User\S-1-5-21-3351614289-410613126-3444353104-1000:
    Process 3960 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000
    Process 3960 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000
    Process 3960 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000
    Process 3960 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000
    Process 3960 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000
    Process 3960 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
    Process 3960 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000\Software\Microsoft\SystemCertificates\CA
    Process 3960 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000\Software\Policies\Microsoft\SystemCertificates
    Process 3960 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000\Software\Microsoft\SystemCertificates\Disallowed
    Process 3960 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000\Software\Microsoft\SystemCertificates\Root
    Process 3960 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000\Software
    Process 3960 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000\Software\Microsoft\Windows\CurrentVersion\Explorer
    Process 3960 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000\Software\Microsoft\Windows NT\CurrentVersion
    Process 3960 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
    Process 3960 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl
    Process 3960 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000\Software\Policies
    Process 3960 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
    Process 3960 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    Process 3960 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000\Software\Microsoft\Internet Explorer\Main
    Process 3960 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000\Software\Microsoft\SystemCertificates\trust
    Process 3960 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000\Software\Microsoft\SystemCertificates\My
    Process 3960 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000\Software\Microsoft\SystemCertificates\TrustedPeople

    Log: 'Application' Date/Time: 14/01/2015 6:36:24 PM
    Type: Warning Category: 0
    Event: 1530 Source: Microsoft-Windows-User Profiles Service
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   2 user registry handles leaked from \Registry\User\S-1-5-21-3351614289-410613126-3444353104-1000_Classes:
    Process 2264 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000_CLASSES
    Process 2264 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000_CLASSES

    Log: 'Application' Date/Time: 14/01/2015 6:36:19 PM
    Type: Warning Category: 0
    Event: 1530 Source: Microsoft-Windows-User Profiles Service
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   11 user registry handles leaked from \Registry\User\S-1-5-21-3351614289-410613126-3444353104-1000:
    Process 2264 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000
    Process 2264 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
    Process 2264 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000\Software
    Process 2264 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000\Software\Microsoft\Windows\CurrentVersion\Explorer
    Process 2264 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000\Software\Microsoft\Windows NT\CurrentVersion
    Process 2264 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
    Process 2264 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl
    Process 2264 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000\Software\Policies
    Process 2264 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    Process 2264 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    Process 2264 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\avastui.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000\Software\Microsoft\Internet Explorer\Main

    Log: 'Application' Date/Time: 14/01/2015 6:28:26 PM
    Type: Warning Category: 3
    Event: 3036 Source: Microsoft-Windows-Search
    The content source <SharePointWorkspaceSearch://{S-1-5-21-3351614289-410613126-3444353104-1000}/> cannot be accessed.

    Context:  Application, SystemIndex Catalog

    Details:
     A server error occurred. Check that the server is available.  (HRESULT : 0x80041206) (0x80041206)

    Log: 'Application' Date/Time: 13/01/2015 7:13:37 PM
    Type: Warning Category: 0
    Event: 1530 Source: Microsoft-Windows-User Profiles Service
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   22 user registry handles leaked from \Registry\User\S-1-5-21-3351614289-410613126-3444353104-1000:
    Process 636 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000
    Process 636 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000
    Process 636 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000
    Process 636 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000
    Process 636 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000
    Process 364 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
    Process 636 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000\Software\Microsoft\SystemCertificates\CA
    Process 636 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000\Software\Policies\Microsoft\SystemCertificates
    Process 636 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000\Software\Policies\Microsoft\SystemCertificates
    Process 636 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000\Software\Policies\Microsoft\SystemCertificates
    Process 636 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000\Software\Policies\Microsoft\SystemCertificates
    Process 636 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000\Software\Microsoft\SystemCertificates\Disallowed
    Process 636 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000\Software\Microsoft\SystemCertificates\Root
    Process 364 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000\Software
    Process 364 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000\Software\Policies
    Process 636 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
    Process 364 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    Process 364 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    Process 364 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000\Software\Microsoft\Internet Explorer\Main
    Process 636 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000\Software\Microsoft\SystemCertificates\trust
    Process 636 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000\Software\Microsoft\SystemCertificates\My
    Process 636 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3351614289-410613126-3444353104-1000\Software\Microsoft\SystemCertificates\TrustedPeople

     


    • 0

    #12
    sem40
    Posted 14 January 2015 - 02:36 PM

    sem40

      Member

    • Topic Starter
    • Member
    • PipPip
    • 57 posts

    done next directions. Btw, it takes this comp too long to shut down, maybe like 3-4 minutes

    Service Pack 1 1 14 2015 14:31:29.109
    Loaded driver \SystemRoot\system32\ntoskrnl.exe
    Loaded driver \SystemRoot\system32\hal.dll
    Loaded driver \SystemRoot\system32\kdcom.dll
    Loaded driver \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    Loaded driver \SystemRoot\system32\PSHED.dll
    Loaded driver \SystemRoot\system32\CLFS.SYS
    Loaded driver \SystemRoot\system32\CI.dll
    Loaded driver \SystemRoot\system32\drivers\Wdf01000.sys
    Loaded driver \SystemRoot\system32\drivers\WDFLDR.SYS
    Loaded driver \SystemRoot\system32\drivers\ACPI.sys
    Loaded driver \SystemRoot\system32\drivers\WMILIB.SYS
    Loaded driver \SystemRoot\system32\drivers\msisadrv.sys
    Loaded driver \SystemRoot\system32\drivers\pci.sys
    Loaded driver \SystemRoot\system32\drivers\vdrvroot.sys
    Loaded driver \SystemRoot\System32\drivers\partmgr.sys
    Loaded driver \SystemRoot\system32\drivers\compbatt.sys
    Loaded driver \SystemRoot\system32\drivers\BATTC.SYS
    Loaded driver \SystemRoot\system32\drivers\volmgr.sys
    Loaded driver \SystemRoot\System32\drivers\volmgrx.sys
    Loaded driver \SystemRoot\System32\drivers\mountmgr.sys
    Loaded driver \SystemRoot\system32\drivers\atapi.sys
    Loaded driver \SystemRoot\system32\drivers\ataport.SYS
    Loaded driver \SystemRoot\system32\drivers\msahci.sys
    Loaded driver \SystemRoot\system32\drivers\PCIIDEX.SYS
    Loaded driver \SystemRoot\system32\DRIVERS\amd_sata.sys
    Loaded driver \SystemRoot\system32\DRIVERS\storport.sys
    Loaded driver \SystemRoot\system32\DRIVERS\amd_xata.sys
    Loaded driver \SystemRoot\system32\drivers\amdxata.sys
    Loaded driver \SystemRoot\system32\drivers\fltmgr.sys
    Loaded driver \SystemRoot\system32\drivers\fileinfo.sys
    Loaded driver \SystemRoot\System32\Drivers\Ntfs.sys
    Loaded driver \SystemRoot\System32\Drivers\msrpc.sys
    Loaded driver \SystemRoot\System32\Drivers\ksecdd.sys
    Loaded driver \SystemRoot\System32\Drivers\cng.sys
    Loaded driver \SystemRoot\System32\drivers\pcw.sys
    Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.sys
    Loaded driver \SystemRoot\system32\drivers\ndis.sys
    Loaded driver \SystemRoot\system32\drivers\NETIO.SYS
    Loaded driver \SystemRoot\System32\Drivers\ksecpkg.sys
    Loaded driver \SystemRoot\System32\drivers\tcpip.sys
    Loaded driver \SystemRoot\System32\drivers\fwpkclnt.sys
    Loaded driver \SystemRoot\system32\drivers\vmstorfl.sys
    Loaded driver \SystemRoot\system32\drivers\volsnap.sys
    Loaded driver \SystemRoot\System32\Drivers\spldr.sys
    Loaded driver \SystemRoot\System32\drivers\rdyboost.sys
    Loaded driver \SystemRoot\System32\Drivers\mup.sys
    Loaded driver \SystemRoot\System32\drivers\hwpolicy.sys
    Loaded driver \SystemRoot\System32\DRIVERS\fvevol.sys
    Loaded driver \SystemRoot\system32\drivers\disk.sys
    Loaded driver \SystemRoot\system32\drivers\CLASSPNP.SYS
    Loaded driver \SystemRoot\system32\DRIVERS\AtiPcie.sys
    Loaded driver \SystemRoot\System32\Drivers\aswVmm.sys
    Loaded driver \SystemRoot\System32\Drivers\aswRvrt.sys
    Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys
    Loaded driver \SystemRoot\system32\drivers\aswSnx.sys
    Loaded driver \SystemRoot\system32\drivers\aswSP.sys
    Loaded driver \SystemRoot\System32\Drivers\Null.SYS
    Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
    Loaded driver \SystemRoot\System32\drivers\vga.sys
    Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
    Loaded driver \SystemRoot\system32\drivers\rdpencdd.sys
    Loaded driver \SystemRoot\system32\drivers\rdprefmp.sys
    Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
    Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
    Loaded driver \SystemRoot\system32\DRIVERS\tdx.sys
    Loaded driver \SystemRoot\system32\drivers\afd.sys
    Loaded driver \SystemRoot\system32\drivers\aswRdr2.sys
    Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys
    Loaded driver \SystemRoot\system32\DRIVERS\wfplwf.sys
    Loaded driver \SystemRoot\system32\DRIVERS\pacer.sys
    Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys
    Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys
    Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys
    Loaded driver \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    Loaded driver \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys
    Loaded driver \SystemRoot\system32\drivers\nsiproxy.sys
    Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys
    Loaded driver \SystemRoot\System32\drivers\discache.sys
    Loaded driver \SystemRoot\system32\drivers\csc.sys
    Loaded driver \SystemRoot\System32\Drivers\dfsc.sys
    Loaded driver \SystemRoot\system32\DRIVERS\blbdrive.sys
    Loaded driver \SystemRoot\system32\DRIVERS\tunnel.sys
    Loaded driver \SystemRoot\system32\DRIVERS\amdppm.sys
    Loaded driver \SystemRoot\system32\DRIVERS\atikmdag.sys
    Loaded driver \SystemRoot\System32\drivers\dxgkrnl.sys
    Loaded driver \SystemRoot\system32\DRIVERS\atikmpag.sys
    Loaded driver \SystemRoot\system32\DRIVERS\HDAudBus.sys
    Loaded driver \SystemRoot\system32\DRIVERS\k57nd60a.sys
    Loaded driver \SystemRoot\system32\DRIVERS\usbohci.sys
    Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
    Loaded driver \SystemRoot\system32\DRIVERS\VSTBS26.SYS
    Loaded driver \SystemRoot\system32\DRIVERS\VSTDPV6.SYS
    Loaded driver \SystemRoot\system32\DRIVERS\VSTCNXT6.SYS
    Loaded driver \SystemRoot\system32\drivers\modem.sys
    Loaded driver \SystemRoot\system32\DRIVERS\CompositeBus.sys
    Loaded driver \SystemRoot\system32\DRIVERS\AgileVpn.sys
    Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys
    Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys
    Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys
    Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys
    Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys
    Loaded driver \SystemRoot\system32\DRIVERS\rassstp.sys
    Loaded driver \SystemRoot\system32\DRIVERS\rdpbus.sys
    Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys
    Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys
    Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys
    Loaded driver \SystemRoot\system32\DRIVERS\amdiox64.sys
    Loaded driver \SystemRoot\system32\DRIVERS\umbus.sys
    Did not load driver \SystemRoot\System32\drivers\vga.sys
    Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys
    Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
    Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
    Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
    Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
    Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
    Loaded driver \SystemRoot\system32\drivers\AtihdW76.sys
    Loaded driver \SystemRoot\system32\drivers\ksthunk.sys
    Loaded driver \SystemRoot\system32\drivers\HdAudio.sys
    Loaded driver \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys
    Loaded driver \SystemRoot\system32\DRIVERS\usbccgp.sys
    Loaded driver \SystemRoot\system32\DRIVERS\mouhid.sys
    Loaded driver \SystemRoot\system32\DRIVERS\usbscan.sys
    Loaded driver \SystemRoot\system32\DRIVERS\usbprint.sys
    Loaded driver \SystemRoot\system32\DRIVERS\kbdhid.sys
    Loaded driver \SystemRoot\system32\DRIVERS\monitor.sys
    Loaded driver \SystemRoot\System32\Drivers\fastfat.SYS
    Loaded driver \SystemRoot\system32\drivers\luafv.sys
    Loaded driver \SystemRoot\system32\drivers\aswMonFlt.sys
    Loaded driver \SystemRoot\system32\drivers\aswStm.sys
    Loaded driver \SystemRoot\system32\DRIVERS\lltdio.sys
    Loaded driver \SystemRoot\system32\DRIVERS\rspndr.sys
    Loaded driver \SystemRoot\system32\drivers\HTTP.sys
    Loaded driver \SystemRoot\system32\DRIVERS\bowser.sys
    Loaded driver \SystemRoot\System32\drivers\mpsdrv.sys
    Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
    Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    Loaded driver \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
    Loaded driver \SystemRoot\system32\drivers\aswHwid.sys
    Loaded driver \SystemRoot\system32\drivers\peauth.sys
    Loaded driver \SystemRoot\System32\Drivers\secdrv.SYS
    Loaded driver \SystemRoot\System32\DRIVERS\srvnet.sys
    Loaded driver \SystemRoot\System32\drivers\tcpipreg.sys
    Loaded driver \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
    Loaded driver \SystemRoot\System32\DRIVERS\srv2.sys
    Loaded driver \SystemRoot\System32\DRIVERS\srv.sys
    Did not load driver \SystemRoot\System32\DRIVERS\srv.sys
    Loaded driver \SystemRoot\system32\DRIVERS\cdfs.sys
    Loaded driver \SystemRoot\system32\drivers\WudfPf.sys
    Loaded driver \SystemRoot\system32\DRIVERS\WUDFRd.sys
    • 0

    #13
    RKinner
    Posted 14 January 2015 - 05:35 PM

    RKinner

      Malware Expert

    • Expert
    • 24,624 posts
    • MVP

    Go to http://support.micro...b/2545227/en-us

     

    with Internet Explorer and run the Fixit.

     

    Uninstall Superantispyware.  It may be conflicting with Avast.  

     

    Also uninstall the Canon programs:
     
    Canon MF Toolbox 4.9.1.1.mf03 (HKLM-x32\...\{132CA5D9-C745-4B0B-A3B2-8C7A6EC3EE7E}) (Version: 2.2.0 - )
    Canon MF Toolbox 4.9.1.1.mf03 (HKLM-x32\...\{DD929BD3-5D41-4407-BE04-119B4A631869}) (Version: 2.2.0 - Canon)
    Canon MF4100 Series (HKLM\...\{239A8D60-270B-42e8-82D3-60D70A2942E0}) (Version:  - )
     
    One of their drivers is causing problems so you need to download the Canon software again and reinstall it (if you still use it)
     
     
     
    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix

    A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.

     

     

     
    Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
     
    Reboot. 
     
     
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.

    • 0

    #14
    sem40
    Posted 14 January 2015 - 06:47 PM

    sem40

      Member

    • Topic Starter
    • Member
    • PipPip
    • 57 posts
    I've got fixit and ran it in ie11. then Microsoft fix it 50688 screen came up and it said that ms fixit has been processed, so I figure out that it fixed what it supposed to fix. am I correct? I also uninstalled superantyspyware. the rest, I have to ask my daughter's permission to delete and it will be tomorrow. thanks
    • 0

    #15
    sem40
    Posted 14 January 2015 - 07:19 PM

    sem40

      Member

    • Topic Starter
    • Member
    • PipPip
    • 57 posts
    please where can I find 2 entries for cannon?
    Canon MF Toolbox 4.9.1.1.mf03 (HKLM-x32\...\{132CA5D9-C745-4B0B-A3B2-8C7A6EC3EE7E}) (Version: 2.2.0 - )
    Canon MF Toolbox 4.9.1.1.mf03 (HKLM-x32\...\{DD929BD3-5D41-4407-BE04-119B4A631869}) (Version: 2.2.0 - Canon)

    I had found only 1 in programs and features. I really don't know how to find this, sorry.

    while looking for the above in devices and printers, I had found that she has 2 monitors listed even though she has only 1 monitor connected: one is marked as analog and another as hdmi. is it normal?
    • 0
    Back to Virus, Spyware, Malware Removal · Next Unread Topic →




    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    1. Geeks to Go Community
    2. Security
    3. Virus, Spyware, Malware Removal

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP