Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can't scan with Avast, used Avastclear and installed a current ver


  • This topic is locked This topic is locked

#1
Lepthesr

Lepthesr

    New Member

  • Member
  • Pip
  • 3 posts

I have done all this from safe mode. I ran malware bytes and detected a handful of things, fixing the issues immediately after. What should I do from here? Still can't scan with avast and I suspect a virus.

 

Thanks.

 

Edit: I should mention that the error message is "Unable to start scan. There are no more endpoints available from the endpoint mapper"


Edited by Lepthesr, 26 January 2015 - 09:38 PM.

  • 0

Advertisements


#2
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,068 posts

Hello Lepthesr, welcome to Geeks to Go Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. smile.png
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please ensure you read through my instructions thoroughly, and carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.  
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
  • Ensure you are following this topic. Click etYzdbu.png at the top of the page. 
     

======================================================
 
Please run the following diagnostic scans in Normal Mode so I can ascertain the state of your computer.
 
STEP 1

xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Right-Click FRST.exe / FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

STEP 2
YARWD1t.png.pagespeed.ce.nvhmVeYDe3.png TDSSKiller Scan

  • Please download TDSSKiller and save the file to your Desktop.
  • Right-Click TDSSKiller.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Change parameters. Place a checkmark next to Detect TDLFS file system and Verify file digital signatures.
  • ​Click Start Scan. Do not use the computer during the scan.
  • If objects are found, change the action to skip.
  • Click Continue and close the window.
  • A log will be created and saved to the root directory (usually C:\). Attach the file in your next reply.
     

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • FRST.txt
  • Addition.txt
  • TDSSKiller log (attached)

  • 0

#3
Lepthesr

Lepthesr

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by John (administrator) on WATCHO on 27-01-2015 16:20:34
Running from C:\Users\John\Downloads
Loaded Profiles: John (Available profiles: John & LSI & Guest)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\Anti-virus\Avast\AvastSvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Unified Intents AB) C:\Program Files (x86)\Unified Remote\RemoteServer.exe
(Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\Anti-virus\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-20] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-11] (Intel Corporation)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Anti-virus\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)
HKU\S-1-5-21-733893338-2711519781-2900090141-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1942720 2015-01-27] (Valve Corporation)
HKU\S-1-5-21-733893338-2711519781-2900090141-1000\...\Run: [Unified Remote v2] => C:\Program Files (x86)\Unified Remote\RemoteServer.exe [333008 2014-06-03] (Unified Intents AB)
HKU\S-1-5-21-733893338-2711519781-2900090141-1000\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1553688 2014-02-20] (Comfort Software Group)
HKU\S-1-5-21-733893338-2711519781-2900090141-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-733893338-2711519781-2900090141-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk
ShortcutTarget: Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Anti-virus\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-733893338-2711519781-2900090141-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-733893338-2711519781-2900090141-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> DefaultScope {62442DBE-9523-4236-9434-B1A302A2DFCB} URL =
SearchScopes: HKU\S-1-5-21-733893338-2711519781-2900090141-1000 -> {62442DBE-9523-4236-9434-B1A302A2DFCB} URL = http://search.condui...1001907788&UM=2
SearchScopes: HKU\S-1-5-21-733893338-2711519781-2900090141-1000 -> {6B3195FA-1ADB-4346-B128-72B0AF4191FF} URL = http://search.yahoo....p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Anti-virus\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Anti-virus\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\wys18ezv.default
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchUrl: https://www.google.c...?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: https://www.google.com/?trackid=sp-006
FF Keyword.URL: https://www.google.c...?trackid=sp-006
FF NetworkProxy: "http", "200.43.56.253"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\wys18ezv.default\searchplugins\google-avast.xml
FF Extension: Elite Proxy Switcher - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\wys18ezv.default\Extensions\[email protected] [2013-12-29]
FF Extension: Self-Destructing Cookies - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\wys18ezv.default\Extensions\[email protected] [2013-11-30]
FF Extension: Reddit Enhancement Suite - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\wys18ezv.default\Extensions\[email protected] [2013-11-30]
FF Extension: Remove Cookies for Site - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\wys18ezv.default\Extensions\{06997db0-c027-4d5f-bd37-b0d9230226ea}.xpi [2013-12-29]
FF Extension: Clean Links - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\wys18ezv.default\Extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi [2013-11-30]
FF Extension: Vyprázdnit vyrovnávací paměť - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\wys18ezv.default\Extensions\{563e4790-7e70-11da-a72b-0800200c9a66}.xpi [2013-12-29]
FF Extension: Adblock Plus - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\wys18ezv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-30]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Anti-virus\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Anti-virus\Avast\WebRep\FF [2015-01-26]
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla\firefox.exe

Chrome:
=======
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-16]
CHR Extension: (avast! Online Security) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-19]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-23]
CHR HKU\S-1-5-21-733893338-2711519781-2900090141-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\John\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-03-18]
CHR HKU\S-1-5-21-733893338-2711519781-2900090141-1000\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\John\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [2013-08-07]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Anti-virus\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-26]
CHR HKLM-x32\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\John\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [2013-08-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\Anti-virus\Avast\AvastSvc.exe [50344 2015-01-26] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [610688 2014-11-03] ()
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [182248 2013-03-14] ()
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-20] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-20] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-05] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49048 2012-07-18] (Asmedia Technology)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-01-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-26] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-26] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-26] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-21] (Disc Soft Ltd)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [496400 2013-02-26] (Intel Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21048 2013-03-14] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21048 2013-03-14] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-03-14] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-26] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 RTCore64; C:\Program Files (x86)\EVGA Precision X\RTCore64.sys [15176 2013-07-17] ()
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-01-27] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 16:20 - 2015-01-27 16:20 - 00018274 _____ () C:\Users\John\Downloads\FRST.txt
2015-01-27 16:20 - 2015-01-27 16:20 - 00000000 ____D () C:\FRST
2015-01-27 16:19 - 2015-01-27 16:19 - 02129920 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2015-01-27 16:11 - 2015-01-27 16:11 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2015-01-26 19:56 - 2015-01-27 16:16 - 00097116 _____ () C:\Windows\WindowsUpdate.log
2015-01-26 19:27 - 2015-01-26 19:27 - 00000000 ____D () C:\Users\John\AppData\Roaming\AVAST Software
2015-01-26 19:26 - 2015-01-26 19:26 - 00001888 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-26 19:26 - 2015-01-26 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-26 19:25 - 2015-01-26 19:26 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-26 19:25 - 2015-01-26 19:26 - 00087912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-01-26 19:25 - 2015-01-26 19:25 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-01-26 19:25 - 2015-01-26 19:25 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-26 19:25 - 2015-01-26 19:25 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-26 19:25 - 2015-01-26 19:25 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-01-26 19:25 - 2015-01-26 19:25 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-26 19:25 - 2015-01-26 19:25 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-26 19:25 - 2015-01-26 19:25 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-26 19:25 - 2015-01-26 19:25 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-26 19:25 - 2015-01-26 19:25 - 00000342 ____H () C:\Windows\Tasks\avast! Emergency Update.job
2015-01-26 19:24 - 2015-01-26 19:24 - 00000000 ____D () C:\Program Files\Anti-virus
2015-01-26 19:23 - 2015-01-26 19:24 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-26 19:19 - 2015-01-26 19:19 - 05040384 _____ (AVAST Software) C:\Users\John\Downloads\avastclear.exe
2015-01-26 18:54 - 2015-01-27 16:11 - 01076828 _____ () C:\Windows\PFRO.log
2015-01-26 18:52 - 2015-01-26 18:53 - 04864952 _____ (AVAST Software) C:\Users\John\Downloads\avast_free_antivirus_setup_online.exe
2015-01-26 18:51 - 2015-01-27 16:11 - 00001008 _____ () C:\Windows\setupact.log
2015-01-26 18:51 - 2015-01-26 18:51 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-26 18:45 - 2015-01-26 18:46 - 00004482 _____ () C:\Users\John\Desktop\Rkill.txt
2015-01-26 18:37 - 2015-01-26 18:37 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-26 18:37 - 2015-01-26 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-26 16:47 - 2015-01-26 16:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla
2015-01-25 17:41 - 2015-01-25 17:53 - 00000000 ____D () C:\Users\John\Downloads\Any Given Sunday DIRECTORS CUT (1999) [1080p]
2015-01-23 20:25 - 2015-01-23 20:48 - 00000000 ____D () C:\Users\John\Downloads\[ www.torrenting.com ] - MotoGP.2014.Australian.Grand.Prix.480p.HDTV.x264-mSD
2015-01-22 20:52 - 2015-01-22 20:52 - 00000000 ____D () C:\Users\John\Downloads\Interstellar.2014.DVDScr.XVID.AC3.HQ.Hive-CM8
2015-01-22 20:50 - 2015-01-22 20:54 - 00000000 ____D () C:\Users\John\Downloads\The Drop (2014) [1080p]
2015-01-15 20:04 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-15 20:04 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-15 20:04 - 2014-12-11 21:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-15 20:04 - 2014-12-11 21:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-15 20:04 - 2014-12-11 21:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-15 20:04 - 2014-12-11 21:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-15 20:04 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-15 20:04 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-15 20:04 - 2014-12-11 21:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-15 20:04 - 2014-12-11 09:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-15 20:04 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-15 20:04 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-15 20:04 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-12 00:28 - 2015-01-12 00:28 - 00000046 _____ () C:\Users\John\Documents\sup josh.txt
2015-01-11 10:43 - 2015-01-11 10:43 - 00000000 ____D () C:\Users\John\Documents\BioWare
2015-01-05 17:18 - 2015-01-05 17:19 - 00000000 ____D () C:\Users\John\Downloads\Nightcrawler.2014.DVDScr.x264.AAC-RARBG
2014-12-31 17:55 - 2014-12-31 17:55 - 00000122 _____ () C:\Users\John\Documents\michael milligan.txt
2014-12-31 17:53 - 2014-12-31 17:53 - 00000000 __SHD () C:\Users\John\AppData\Local\EmieUserList
2014-12-31 17:53 - 2014-12-31 17:53 - 00000000 __SHD () C:\Users\John\AppData\Local\EmieSiteList
2014-12-31 17:53 - 2014-12-31 17:53 - 00000000 __SHD () C:\Users\John\AppData\Local\EmieBrowserModeList
2014-12-29 21:51 - 2014-12-29 22:09 - 00000000 ____D () C:\Users\John\Downloads\O Brother, Where Art Thou (2000) [1080p]

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 16:18 - 2009-07-13 20:45 - 00017360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-27 16:18 - 2009-07-13 20:45 - 00017360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-27 16:14 - 2014-10-05 14:03 - 00000000 ____D () C:\Users\John\Documents\Outlook Files
2015-01-27 16:14 - 2013-08-09 17:53 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-27 16:14 - 2013-08-07 09:22 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-27 16:11 - 2013-08-07 09:26 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2015-01-27 16:11 - 2013-08-06 10:55 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-27 16:11 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-27 07:30 - 2014-03-18 15:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-27 07:30 - 2013-08-09 17:53 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-26 23:50 - 2013-08-14 20:06 - 00000000 ____D () C:\Users\John\AppData\Roaming\vlc
2015-01-26 19:52 - 2014-06-04 13:25 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-26 19:29 - 2013-11-30 21:17 - 00001077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-26 19:28 - 2013-11-30 21:17 - 00001077 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-26 18:51 - 2013-11-30 21:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-26 18:37 - 2014-06-04 13:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-26 18:29 - 2013-08-14 19:42 - 00000000 ____D () C:\Users\John\AppData\Roaming\BitTorrent
2015-01-26 18:28 - 2013-08-07 09:29 - 00000000 ____D () C:\Users\John\AppData\Local\CrashDumps
2015-01-23 19:29 - 2013-08-09 17:53 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-16 03:04 - 2014-10-06 04:52 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-16 03:00 - 2014-10-06 04:52 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-12 13:50 - 2014-04-13 15:42 - 00001373 _____ () C:\Users\LSI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-12 13:49 - 2014-04-13 15:42 - 00000884 __RSH () C:\Users\LSI\ntuser.pol
2015-01-12 13:49 - 2014-04-13 15:42 - 00000000 ____D () C:\Users\LSI
2015-01-12 00:15 - 2013-10-05 22:36 - 00000000 ____D () C:\Users\John\AppData\Local\Microsoft Games
2015-01-12 00:14 - 2013-09-15 17:23 - 00000000 ____D () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-08 18:10 - 2014-03-11 15:01 - 00000000 ____D () C:\Users\John\AppData\Roaming\Skype
2015-01-08 09:55 - 2013-08-06 10:50 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2013-11-09 19:12 - 2013-11-09 19:12 - 1065984 _____ () C:\Users\John\AppData\Local\file__0.localstorage

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 00:49

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by John at 2015-01-27 16:21:00
Running from C:\Users\John\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Dreamweaver CS4 (HKLM-x32\...\Adobe_acce07fd2c8fe7f9e3f26243e626578) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Age of Empires II HD © Microsoft Studios version 1 (HKLM-x32\...\QWdlIG9mIEVtcGlyZXMgSUkgSEQgKGMpIE1pY3Jvc29mdCBTdHVkaW9z_is1) (Version: 1 - )
Arma 2 (HKLM-x32\...\Steam App 33900) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.8.000 - Asmedia Technology)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.4.0.0 - Auslogics Labs Pty Ltd)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Awesomenauts (HKLM-x32\...\Steam App 204300) (Version:  - Ronimo Games)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.1.0.1 - Electronic Arts)
Battlefield: Bad Company 2 (HKLM-x32\...\Steam App 24960) (Version:  - DICE)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BitTorrent (HKU\S-1-5-21-733893338-2711519781-2900090141-1000\...\BitTorrent) (Version: 7.8.2.30265 - BitTorrent Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Company of Heroes (HKLM-x32\...\Steam App 4560) (Version:  - Relic Entertainment)
Company of Heroes: Opposing Fronts (HKLM-x32\...\Steam App 9340) (Version:  - Relic Entertainment)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Crysis® 2 (HKLM-x32\...\{6033673D-2530-4587-8AD0-EB059FC263F9}) (Version: 1.9.0.0 - Electronic Arts)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Day of Defeat: Source (HKLM-x32\...\Steam App 300) (Version:  - Valve)
Dead Space™ 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Empire: Total War (HKLM-x32\...\Steam App 10500) (Version:  - The Creative Assembly)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
EVGA Precision X 4.2.1 (HKLM-x32\...\PrecisionX) (Version: 4.2.1 - EVGA Corporation)
F.E.A.R. 2: Project Origin (HKLM-x32\...\Steam App 16450) (Version:  - Monolith)
Fallout 3 (HKLM-x32\...\Steam App 22300) (Version:  - Bethesda Game Studios)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free Alarm Clock 3.1.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.1 - Comfort Software Group)
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version:  - Valve)
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version:  - Reto-Moto)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel® Network Connections 18.2.63.0 (HKLM\...\PROSetDX) (Version: 18.2.63.0 - Intel)
Intel® Smart Connect Technology 4.1 x64 (HKLM\...\{405EF630-AF8C-4A69-9CAF-6D5B8C1C005B}) (Version: 4.1.40.2143 - Intel)
Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.102 - Intel Corporation)
Just Cause (HKLM-x32\...\Steam App 6880) (Version:  - Avalanche)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)
KeePass Password Safe 1.27 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.27 - Dominik Reichl)
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
LIMBO (HKLM-x32\...\Steam App 48000) (Version:  - Playdead)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mass Effect 2 (HKLM-x32\...\Steam App 24980) (Version:  - BioWare)
Medieval II: Total War (HKLM-x32\...\Steam App 4700) (Version:  - The Creative Assembly)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
Natural Selection 2 (HKLM-x32\...\Steam App 4920) (Version:  - Unknown Worlds Entertainment)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.49.7 - Black Tree Gaming)
NVIDIA 3D Vision Controller Driver 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.82 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.82 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.82 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
Osmos (HKLM-x32\...\Steam App 29180) (Version:  - Hemisphere Games)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
PixelJunk Eden (HKLM-x32\...\Steam App 105800) (Version:  - Q-Games, Ltd.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Rise of Nations: Extended Edition (HKLM-x32\...\Steam App 287450) (Version:  - SkyBox Labs)
RivaTuner Statistics Server 5.2.0 (HKLM-x32\...\RTSS) (Version: 5.2.0 - Unwinder)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden
Sid Meier's Civilization IV: Beyond the Sword (HKLM-x32\...\Steam App 8800) (Version:  - Firaxis Games)
Sid Meier's Civilization IV: Colonization (HKLM-x32\...\Steam App 16810) (Version:  - Firaxis Games)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Sid Meier's Pirates! (HKLM-x32\...\Steam App 3920) (Version:  - Firaxis Games)
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
Star Wars - Battlefront II (HKLM-x32\...\Steam App 6060) (Version:  - Pandemic Studios)
Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
Star Wars Empire at War Forces of Corruption (HKLM-x32\...\{6592FDEC-2C1A-413A-9985-25FEC2F0848D}) (Version: 1.0 - LucasArts)
Star Wars®: Knights of the Old Republic ™ (HKLM-x32\...\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
StreamTorrent 1.0 (HKLM-x32\...\StreamTorrent 1.0) (Version:  - )
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
TL-WN851ND Driver (HKLM-x32\...\{4BAE4C76-44C3-418F-B715-6BBF5A65323E}) (Version: 1.00.0000 - TP-LINK)
Total War: ROME II (HKLM-x32\...\Steam App 214950) (Version:  - Creative Assembly)
Total War: Rome II Additional Depots (HKLM-x32\...\Steam App 243660) (Version:  - )
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 2.01.0012 - TP-LINK)
Tribes Ascend (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}) (Version: 1.0.1268.1 - Hi-Rez Studios)
Unified Remote (HKLM-x32\...\{BD96B1DF-2A2E-4ED1-B255-F8050DEB1B3D}) (Version: 2.14.2.0 - Unified Remote)
Uplay (HKLM-x32\...\Uplay) (Version: 4.0 - Ubisoft)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.00 beta 8 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.8 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

23-01-2015 19:35:14 Windows Update
27-01-2015 07:36:07 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {4413FBEA-9FDF-4F8D-A758-F19668F3BC6D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {630C93EA-3723-4FB3-984F-CE0FF56E1B22} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-09] (Google Inc.)
Task: {705AA3D5-F7DC-4FCB-82B0-DEC2082082AE} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {8980B9D0-015F-4DF7-9242-8BAF48174CFB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-09] (Google Inc.)
Task: {95FB4882-83E7-4DDC-912C-354C1849F62D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {A26D185B-E80C-4078-94F8-A5815680B5CD} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {C631CA06-643C-41F3-8E0E-155C89EBC2FD} - \TidyNetwork Update No Task File <==== ATTENTION
Task: {DA3DB196-6D9A-4AF2-9757-727AEDD37346} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {E5F93441-5D4B-46E8-A9B2-5CB74636E945} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\avast! Emergency Update.job => C:\Program Files\Anti-virus\Avast\AvastEmUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-08-06 10:54 - 2013-11-11 07:02 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-03-14 13:42 - 2013-03-14 13:42 - 00182248 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2013-03-14 13:42 - 2013-03-14 13:42 - 00059880 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2013-08-11 18:11 - 2013-11-05 19:17 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-01-27 03:55 - 2015-01-27 03:55 - 02913280 _____ () C:\Program Files\Anti-virus\Avast\defs\15012700\algo.dll
2015-01-27 16:11 - 2015-01-27 16:11 - 02913280 _____ () C:\Program Files\Anti-virus\Avast\defs\15012701\algo.dll
2013-08-07 09:16 - 2013-03-12 12:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-09-18 14:08 - 2014-12-01 13:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-09-18 14:08 - 2014-12-01 13:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-09-18 14:08 - 2014-12-01 13:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-09-18 14:08 - 2014-12-01 13:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2013-07-01 07:20 - 2014-11-11 10:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-12-02 11:18 - 2014-12-01 16:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
2014-12-02 11:18 - 2014-12-01 16:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2014-12-02 11:18 - 2014-12-01 16:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-05-06 11:37 - 2015-01-27 10:59 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll
2014-09-18 14:08 - 2014-12-01 13:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-07-26 13:46 - 2015-01-27 10:59 - 00696512 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-01-26 19:25 - 2015-01-26 19:25 - 38562088 _____ () C:\Program Files\Anti-virus\Avast\libcef.dll
2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 14:46 - 2013-02-14 14:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2013-07-15 13:32 - 2015-01-15 15:42 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-01-26 16:47 - 2015-01-26 16:47 - 03925104 _____ () C:\Program Files (x86)\Mozilla\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE

========================= Accounts: ==========================

Administrator (S-1-5-21-733893338-2711519781-2900090141-500 - Administrator - Disabled)
Guest (S-1-5-21-733893338-2711519781-2900090141-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-733893338-2711519781-2900090141-1136 - Limited - Enabled)
John (S-1-5-21-733893338-2711519781-2900090141-1000 - Administrator - Enabled) => C:\Users\John
LSI (S-1-5-21-733893338-2711519781-2900090141-1132 - Administrator - Enabled) => C:\Users\LSI

==================== Faulty Device Manager Devices =============

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/27/2015 01:47:04 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (01/27/2015 01:46:32 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (01/26/2015 07:24:44 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\John\AppData\Local\Temp\_av_iup.tm~a00660\New\instup.exe /cookie:testcontent /edition:1 /prod:ais /sfx /sfxstorage:C:\Users\John\AppData\Local\Temp\_av_iup.tm~a00660 ""; Description = avast! antivirus system restore point; Error = 0x8007043c).

Error: (01/26/2015 07:09:20 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\AVAST\Avast\Setup\Instup.exe Files\AVAST\Avast\Setup\Instup.exe" /control_panel /instop:uninstall; Description = avast! antivirus system restore point; Error = 0x8007043c).

Error: (01/26/2015 07:02:24 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\John\AppData\Local\Temp\_av_iup.tm~a01012\New\instup.exe /cookie:testcontent /edition:1 /prod:ais /sfx /sfxstorage:C:\Users\John\AppData\Local\Temp\_av_iup.tm~a01012 ""; Description = avast! antivirus system restore point; Error = 0x8007043c).

Error: (01/26/2015 06:57:18 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\AVAST Software\Avast\Setup\Instup.exe Files\AVAST Software\Avast\Setup\Instup.exe" /control_panel /instop:uninstall; Description = avast! antivirus system restore point; Error = 0x8007043c).

Error: (01/26/2015 06:52:28 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/26/2015 06:52:28 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/26/2015 06:52:28 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/26/2015 06:52:28 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (01/27/2015 00:51:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/27/2015 00:51:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (01/27/2015 00:51:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (01/26/2015 07:56:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/26/2015 07:53:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/26/2015 07:53:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/26/2015 07:53:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/26/2015 07:51:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/26/2015 07:51:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/26/2015 07:51:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (01/27/2015 01:47:04 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (01/27/2015 01:46:32 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files\CCleaner\CCleaner.exe

Error: (01/26/2015 07:24:44 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Users\John\AppData\Local\Temp\_av_iup.tm~a00660\New\instup.exe /cookie:testcontent /edition:1 /prod:ais /sfx /sfxstorage:C:\Users\John\AppData\Local\Temp\_av_iup.tm~a00660 ""avast! antivirus system restore point0x8007043c

Error: (01/26/2015 07:09:20 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files\AVAST\Avast\Setup\Instup.exe Files\AVAST\Avast\Setup\Instup.exe" /control_panel /instop:uninstallavast! antivirus system restore point0x8007043c

Error: (01/26/2015 07:02:24 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Users\John\AppData\Local\Temp\_av_iup.tm~a01012\New\instup.exe /cookie:testcontent /edition:1 /prod:ais /sfx /sfxstorage:C:\Users\John\AppData\Local\Temp\_av_iup.tm~a01012 ""avast! antivirus system restore point0x8007043c

Error: (01/26/2015 06:57:18 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files\AVAST Software\Avast\Setup\Instup.exe Files\AVAST Software\Avast\Setup\Instup.exe" /control_panel /instop:uninstallavast! antivirus system restore point0x8007043c

Error: (01/26/2015 06:52:28 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (01/26/2015 06:52:28 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/26/2015 06:52:28 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/26/2015 06:52:28 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)


CodeIntegrity Errors:
===================================
  Date: 2014-06-04 14:23:19.138
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-06-04 14:23:19.138
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4770K CPU @ 3.50GHz
Percentage of memory in use: 27%
Total physical RAM: 8123.25 MB
Available physical RAM: 5864.27 MB
Total Pagefile: 16244.68 MB
Available Pagefile: 13758.15 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:166.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2D876AED)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Thanks Adam!

 

Apologies for the late reply, asked last night before bed and then work. Appreciate the help.

 

Btw my name is Josh.

Attached Files


Edited by Lepthesr, 27 January 2015 - 06:30 PM.

  • 0

#4
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,068 posts

Hi Josh, 
 

Apologies for the late reply, asked last night before bed and then work. Appreciate the help.

That's quite alright. 
 
Before we begin -
Did you set these proxy settings?

FF NetworkProxy: "http", "200.43.56.253"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "type", 0

  • 0

#5
Lepthesr

Lepthesr

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

I believe I did at one point. I can't remember for sure though. There was only one time that I can remember I did and that was a year ago.


  • 0

#6
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,068 posts

Hi Josh, 
 
Apologies for the delay. 
 

I believe I did at one point. I can't remember for sure though. There was only one time that I can remember I did and that was a year ago.

OK. We'll leave the settings in place for now, and re-access the situation later. 
 
Please consider the following warning, and proceed with the instructions below.
 

goGMWSt.gifP2P Warning

------------------------------

I see you have peer-to-peer (P2P) file sharing software installed on your computer (BitTorrent & StreamTorrent 1.0). I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infected and infested with malware - wormsbackdoor TrojansIRCBots, and rootkits propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. The best way to reduce the risk of infection is to avoid these types of web sites and not use P2P applications. Please read the following articles for more information.

Your P2P software can be removed by following the instructions below.
  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the aforementioned programme(s), right-click and click Uninstall.
If you choose not to, please refrain from using the programme(s) during this process.

 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    CreateRestorePoint:
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-733893338-2711519781-2900090141-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\S-1-5-21-733893338-2711519781-2900090141-1000 -> {62442DBE-9523-4236-9434-B1A302A2DFCB} URL = http://search.condui...1001907788&UM=2
    SearchScopes: HKU\S-1-5-21-733893338-2711519781-2900090141-1000 -> {6B3195FA-1ADB-4346-B128-72B0AF4191FF} URL = http://search.yahoo....p={searchTerms}
    Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
    CHR HKU\S-1-5-21-733893338-2711519781-2900090141-1000\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\John\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [2013-08-07]
    CHR HKLM-x32\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\John\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [2013-08-07]
    Task: {C631CA06-643C-41F3-8E0E-155C89EBC2FD} - \TidyNetwork Update No Task File <==== ATTENTION
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    CMD: ipconfig /flushdns
    EmptyTemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Create a System Restore Point. For instructions, please refer to the following link (W7).
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

STEP 3
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this tool. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 
 
======================================================

STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • JRT.txt
  • AdwCleaner[S0].txt

  • 0

#7
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,068 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP