I have this screen that pops up on my web pages . I can't remove it uninstall or find it. I have done image restores,virus scans. still there.
can anybody help please.
-
This topic is locked
#2
Posted 06 February 2015 - 11:35 PM
Valinorum
-
- GeekU Moderator
-
- 3,330 posts
GeekU Guardian Bot
Hi dagresta, 
My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):
Valinorum
My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):
- Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
- Please do not install any new software while we are working on this system as it may hinder our process.
- Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
- Please do not try to fix anything without being ask.
- Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
- Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
- Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
- If you are confused about any instruction, stop and ask. Do not keep on going.
- Do not repeat the steps if you face any problems.
- I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
- Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
- The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.
- Step #1 Scan with Farbar Recovery Scan Tool
- Please download Farbar Recovery Scan Tool by Farbar to your Desktop from the link below.
Download link for 32 bit system
Download link for 64 bit system - Right-click on the program and choose Run as administrator;
- Put tick-mark on all boxes under Whitelist and Optional Scan;
- Click on Scan;
- After the scan two notepad files will be opened --
- FRST.txt;
- Addition.txt
- Copy and Paste the contents of the logs in your next reply.
- Please download Farbar Recovery Scan Tool by Farbar to your Desktop from the link below.
- Required Log(s):
- Farbar Tool Logs--
- FRST.txt
- Addition.txt
- Farbar Tool Logs--
Valinorum
#3
Posted 07 February 2015 - 08:16 AM
dagresta
- Topic Starter
-
- Member
-
- 7 posts
New Member
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015
Ran by Dan (administrator) on DAN-LAPTOP on 07-02-2015 09:04:57
Running from C:\Users\Dan\Desktop
Loaded Profiles: Dan (Available profiles: Dan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Wavget.com) C:\Program Files (x86)\TypeItIn\TypeItIn.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
() C:\a\internetport3.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2104104 2010-03-18] (Synaptics Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [autoauto] => 33210278.bat
HKU\S-1-5-21-2918248101-3388894934-2879875847-1000\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2281248 2014-08-22] (IObit)
HKU\S-1-5-21-2918248101-3388894934-2879875847-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TypeItIn.lnk
ShortcutTarget: TypeItIn.lnk -> C:\Program Files (x86)\TypeItIn\TypeItIn.exe (Wavget.com)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2918248101-3388894934-2879875847-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-2918248101-3388894934-2879875847-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2918248101-3388894934-2879875847-1000] => http=127.0.0.1:8877;https=127.0.0.1:8877
HKU\S-1-5-21-2918248101-3388894934-2879875847-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\.DEFAULT -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\s7icrnqg.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\s7icrnqg.default\user.js
FF Extension: Ebay Button - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\s7icrnqg.default\Extensions\[email protected] [2015-02-05]
FF Extension: AddThis - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\s7icrnqg.default\Extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2015-02-05]
FF Extension: Classic Theme Restorer - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\s7icrnqg.default\Extensions\[email protected] [2015-02-05]
FF Extension: Ebay Negs! - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\s7icrnqg.default\Extensions\{265b0520-499e-11d9-9669-0800200c9a66}.xpi [2015-02-05]
FF Extension: media enhance - C:\Program Files (x86)\Mozilla Firefox\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com [2015-02-06]
FF Extension: hdshop - C:\Program Files (x86)\Mozilla Firefox\extensions\3889d70a-3fde-4565-9f53-587ed12a797a@b90fd175-524e-46e6-a91f-624789f3369f.com [2015-02-06]
FF Extension: Advanced SystemCare Surfing Protection - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2015-02-06]
FF Extension: Software Assist - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2015-02-06]
FF Extension: Ebay Button - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2015-02-06]
FF Extension: SySaver - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2015-02-06]
FF Extension: Canadian English Dictionary - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2015-02-06]
FF Extension: United States English Spellchecker - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2015-02-06]
FF Extension: Conduit Engine - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2015-02-06]
FF Extension: IE Tab Plus - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2015-02-06]
FF Extension: SpellBound - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2015-02-06]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{00F2C0C6-2194-484E-9064-44E57787867B}-TRASH [2015-02-06]
FF Extension: ColorfulTabs - C:\Program Files (x86)\Mozilla Firefox\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2015-02-06]
FF Extension: Garmin Communicator - C:\Program Files (x86)\Mozilla Firefox\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2015-02-06]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{1C627C3E-126A-4021-AF67-FDBCFE2543FA}-TRASH [2015-02-06]
FF Extension: Microsoft .NET Framework Assistant - C:\Program Files (x86)\Mozilla Firefox\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2015-02-06]
FF Extension: WindowsUpdate - C:\Program Files (x86)\Mozilla Firefox\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2b} [2015-02-06]
FF Extension: PDF Download - C:\Program Files (x86)\Mozilla Firefox\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2015-02-06]
FF Extension: AddThis - C:\Program Files (x86)\Mozilla Firefox\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2015-02-06]
FF Extension: Gmail Manager - C:\Program Files (x86)\Mozilla Firefox\extensions\{582195F5-92E7-40a0-A127-DB71295901D7} [2015-02-06]
FF Extension: Show MyIP - C:\Program Files (x86)\Mozilla Firefox\extensions\{6D1D11DB-3C6C-4db8-96E4-20F4A1088AAC}(2) [2015-02-06]
FF Extension: Fast Search by Surf Canyon - C:\Program Files (x86)\Mozilla Firefox\extensions\{75623d5d-4683-402a-b610-ac4bab767c86} [2015-02-06]
FF Extension: Value Apps - C:\Program Files (x86)\Mozilla Firefox\extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd} [2015-02-06]
FF Extension: Snip It! Button for eBay - C:\Program Files (x86)\Mozilla Firefox\extensions\{aab35b56-0206-4472-9993-9cb5c09bb722} [2015-02-06]
FF Extension: ReminderFox - C:\Program Files (x86)\Mozilla Firefox\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2015-02-06]
FF Extension: Password Exporter - C:\Program Files (x86)\Mozilla Firefox\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} [2015-02-06]
FF Extension: Answers - C:\Program Files (x86)\Mozilla Firefox\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51} [2015-02-06]
FF Extension: <![CDATA[1-ClickWeather]]> - C:\Program Files (x86)\Mozilla Firefox\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03} [2015-02-06]
FF Extension: Clipmarks - C:\Program Files (x86)\Mozilla Firefox\extensions\{e1170235-2845-420c-acc3-42261a29dd46} [2015-02-06]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2015-02-06]
FF Extension: Autofill Forms - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2015-02-06]
FF Extension: Myibidder (Myibay) Bid Sniper for eBay - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2015-02-06]
FF Extension: Morning Coffee - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2015-02-06]
FF Extension: Vocabulary Highlighter - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2015-02-06]
FF Extension: Session Manager - C:\Program Files (x86)\Mozilla Firefox\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2015-02-06]
FF Extension: Image Zoom - C:\Program Files (x86)\Mozilla Firefox\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2015-02-06]
FF Extension: Ebay Negs! - C:\Program Files (x86)\Mozilla Firefox\extensions\{265b0520-499e-11d9-9669-0800200c9a66}.xpi [2015-02-06]
FF Extension: eBay Sidebar for Firefox - C:\Program Files (x86)\Mozilla Firefox\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}.xpi [2015-02-06]
FF Extension: IE View - C:\Program Files (x86)\Mozilla Firefox\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}.xpi [2015-02-06]
FF Extension: ImTranslator - C:\Program Files (x86)\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2015-02-06]
FF Extension: Calculator - C:\Program Files (x86)\Mozilla Firefox\extensions\{AA052FD6-366A-4771-A591-0D8DC551585D}.xpi [2015-02-06]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-02-06]
Chrome:
=======
CHR Profile: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [893216 2014-08-18] (IObit)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-02-06] (SurfRight B.V.)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11832 2014-10-11] (Advanced Micro Devices Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-10-20] (AVG Technologies CZ, s.r.o.)
R3 bcm44amd64; C:\Windows\System32\DRIVERS\b44amd64.sys [87552 2009-06-10] (Broadcom Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-05-09] ()
S3 ApfiltrService; system32\DRIVERS\Apfiltr.sys [X]
S3 cpuz138; \??\C:\Windows\TEMP\cpuz138\cpuz138_x64.sys [X]
========================== Drivers MD5 =======================
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdide64.sys 4249DA806451D394712B4D66C8652DBB
C:\Windows\System32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 428DDCB79F4377726501867EADA9C2D6
C:\Windows\System32\DRIVERS\avgdiska.sys CDE60914D4ED81291F0CCFDB2CA311B9
C:\Windows\System32\DRIVERS\avgidsdrivera.sys E7E1A0AB30587BF3734A2EC66BBCE743
C:\Windows\System32\DRIVERS\avgidsha.sys B0E4A1F342A3F8B75C4A4ADB044761C9
C:\Windows\System32\DRIVERS\avgldx64.sys 5980222218A0773E2994E524E5BA2464
C:\Windows\System32\DRIVERS\avgloga.sys 197F28711B4B71E6575E5298CCEDC737
C:\Windows\System32\DRIVERS\avgmfx64.sys 53C79A07776F930EADB92F2A8DE17D81
C:\Windows\System32\DRIVERS\avgrkx64.sys C4F9056928B26BCAF15872E46B29184F
C:\Windows\System32\DRIVERS\avgtdia.sys 367185B24132230843EF53B07305720D
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwl664.sys FB4FDA64F2E8552EAEB5986C3F34462C
C:\Windows\System32\DRIVERS\b44amd64.sys 2BC7C1697B633692A061A4A36ED9DFDD
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 41774FF331F609EF442B7398EE6202B1
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys AE3334958D8F631FF14A0AEB3D7EFB3A
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rimmpx64.sys 9C23519FC1FD331AAAEDC145AB947293
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\Drivers\SmartDefragDriver.sys E77CB3736A702D46A6FB15FB4A9894E3
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\VSTAZL6.SYS 0C4540311E11664B245A263E1154CEF8
C:\Windows\System32\DRIVERS\VSTDPV6.SYS 02071D207A9858FBE3A48CBFD59C4A04
C:\Windows\System32\DRIVERS\VSTCNXT6.SYS 18E40C245DBFAF36FD0134A7EF2DF396
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SWDUMon.sys 2E3ACFDA0B792707C59B307ABB6A6E95
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 05AC84ED54DD46092C045F6FBB8C5D3C
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WSDPrint.sys 8D918B1DB190A4D9B1753A66FA8C96E8
C:\Windows\System32\DRIVERS\WSDScan.sys 4A2A5C50DD1A63577D3ACA94269FBC7F
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-07 09:04 - 2015-02-07 09:06 - 00033599 _____ () C:\Users\Dan\Desktop\FRST.txt
2015-02-07 09:04 - 2015-02-07 09:05 - 00000000 ____D () C:\FRST
2015-02-07 09:01 - 2015-02-07 09:01 - 02131968 _____ (Farbar) C:\Users\Dan\Desktop\FRST64.exe
2015-02-06 19:12 - 2015-02-06 19:12 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dan\Desktop\HiJackThis.exe
2015-02-06 16:25 - 2015-02-06 16:25 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-02-06 16:02 - 2015-02-06 16:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-06 13:48 - 2015-02-06 13:52 - 00000000 ___RD () C:\Users\Dan\Desktop\Utililties
2015-02-06 13:09 - 2015-02-06 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-02-06 13:05 - 2015-02-06 13:12 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-02-06 13:05 - 2015-02-06 13:09 - 00000000 ____D () C:\Program Files\HitmanPro
2015-02-06 12:42 - 2015-02-06 16:36 - 00000000 ____D () C:\AdwCleaner
2015-02-05 14:11 - 2015-02-06 16:38 - 00000710 _____ () C:\Windows\setupact.log
2015-02-05 14:11 - 2015-02-05 14:11 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-05 14:10 - 2015-02-05 14:10 - 00005922 _____ () C:\Windows\PFRO.log
2015-02-05 14:09 - 2015-02-05 14:09 - 00000000 _____ () C:\asc_rdflag
2015-02-05 14:07 - 2015-02-05 14:07 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-02-05 14:07 - 2015-02-05 14:07 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-02-05 14:07 - 2015-02-05 14:07 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-02-05 14:07 - 2015-02-05 14:07 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-02-05 14:07 - 2015-02-05 14:07 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-02-05 14:06 - 2015-02-05 14:06 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-05 14:06 - 2015-02-05 14:06 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-05 14:06 - 2015-02-05 14:06 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-05 14:06 - 2015-02-05 14:06 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-05 14:06 - 2015-02-05 14:06 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-05 14:06 - 2015-02-05 14:06 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-02-05 14:06 - 2015-02-05 14:06 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-05 14:06 - 2015-02-05 14:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-05 13:41 - 2015-02-05 13:41 - 18129584 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-02-05 13:07 - 2015-02-05 13:07 - 02347384 _____ (ESET) C:\Users\Dan\Desktop\esetsmartinstaller_enu.exe
2015-02-04 15:41 - 2015-02-04 15:41 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-04 10:57 - 2015-02-04 10:57 - 00000000 ____D () C:\Users\Dan\Desktop\Old Firefox Data
2015-02-03 19:35 - 2015-02-03 19:35 - 00000000 __SHD () C:\Users\Dan\AppData\Local\EmieUserList
2015-02-03 19:35 - 2015-02-03 19:35 - 00000000 __SHD () C:\Users\Dan\AppData\Local\EmieSiteList
2015-02-03 19:35 - 2015-02-03 19:35 - 00000000 __SHD () C:\Users\Dan\AppData\Local\EmieBrowserModeList
2015-02-01 10:46 - 2015-02-01 10:46 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2015-01-26 14:53 - 2015-01-26 14:53 - 00000000 ____D () C:\Users\Dan\AppData\Local\Google
2015-01-22 21:53 - 2015-01-22 21:53 - 01815179 _____ () C:\Users\Dan\Desktop\Untitled_Message.zip
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-07 08:52 - 2014-05-08 21:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-06 19:36 - 2014-05-08 20:41 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-06 19:14 - 2014-05-08 19:53 - 00000000 ____D () C:\Users\Dan\AppData\Local\VirtualStore
2015-02-06 16:46 - 2009-07-13 23:45 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-06 16:46 - 2009-07-13 23:45 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-06 16:38 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-06 16:02 - 2014-05-08 19:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-06 12:15 - 2014-11-08 15:48 - 00000000 ___HD () C:\a
2015-02-06 10:01 - 2014-05-08 22:42 - 01525694 _____ () C:\Windows\WindowsUpdate.log
2015-02-06 09:13 - 2014-05-08 20:46 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2015-02-06 09:13 - 2014-05-08 20:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-02-05 14:27 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-05 14:09 - 2014-05-09 00:13 - 55869440 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2015-02-05 14:09 - 2014-05-09 00:13 - 00229376 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
2015-02-05 14:09 - 2014-05-09 00:13 - 00028672 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
2015-02-05 14:09 - 2014-05-09 00:13 - 00024576 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
2015-02-05 14:09 - 2014-05-08 19:53 - 00000000 ____D () C:\Users\Dan
2015-02-05 14:07 - 2014-05-08 21:21 - 00002209 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2015-02-05 13:58 - 2014-05-09 18:38 - 00000000 ____D () C:\ProgramData\InstallMate
2015-02-05 13:41 - 2014-05-08 21:00 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 13:41 - 2014-05-08 20:59 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 13:41 - 2014-05-08 20:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 13:39 - 2014-10-10 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster
2015-02-05 13:39 - 2014-05-08 21:16 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-02-05 13:07 - 2014-10-17 12:20 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-02-05 12:57 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-05 12:46 - 2014-10-10 14:25 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\ProductData
2015-02-05 12:46 - 2014-05-08 21:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
2015-02-05 12:46 - 2014-05-08 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3
2015-02-05 12:46 - 2014-05-08 21:16 - 00000000 ____D () C:\ProgramData\IObit
2015-02-05 12:46 - 2014-05-08 21:15 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\IObit
2015-02-05 12:46 - 2014-05-08 20:59 - 00000000 ____D () C:\Windows\system32\Macromed
2015-02-05 12:46 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\servicing
2015-02-05 12:46 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-05 12:46 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2015-02-05 12:46 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-05 12:45 - 2014-12-14 20:29 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2015-02-05 12:45 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-02-05 12:42 - 2014-10-17 12:19 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-05 12:42 - 2014-05-09 22:13 - 00000000 ____D () C:\ProgramData\Skype
2015-02-05 12:42 - 2014-05-09 21:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-05 12:42 - 2014-05-09 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-02-05 12:42 - 2014-05-09 09:50 - 00000000 ___HD () C:\ProgramData\CanonBJ
2015-02-05 12:42 - 2014-05-08 20:45 - 00000000 ____D () C:\ProgramData\AVG2014
2015-02-05 12:42 - 2014-05-08 19:53 - 00000000 ___RD () C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-05 12:42 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-05 12:30 - 2014-05-09 00:12 - 43958272 _____ () C:\Windows\system32\config\COMPONENTS.iodefrag.bak
2015-02-04 18:45 - 2014-12-14 20:29 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2015-01-25 14:03 - 2014-05-08 22:06 - 00000000 ____D () C:\Windows\system32\MRT
==================== Files in the root of some directories =======
2014-05-08 23:23 - 2014-05-16 08:23 - 0000035 _____ () C:\Users\Dan\AppData\Roaming\WB.CFG
2014-05-08 21:39 - 2014-05-08 21:39 - 0007605 _____ () C:\Users\Dan\AppData\Local\Resmon.ResmonCfg
Some content of TEMP:
====================
C:\Users\Dan\AppData\Local\Temp\Quarantine.exe
C:\Users\Dan\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
==================== BCD ================================
Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {bdea04c2-d733-11e3-99e3-d7e47db2a828}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {bdea04c4-d733-11e3-99e3-d7e47db2a828}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {bdea04c2-d733-11e3-99e3-d7e47db2a828}
nx OptIn
Windows Boot Loader
-------------------
identifier {bdea04c4-d733-11e3-99e3-d7e47db2a828}
device ramdisk=[C:]\Recovery\bdea04c4-d733-11e3-99e3-d7e47db2a828\Winre.wim,{bdea04c5-d733-11e3-99e3-d7e47db2a828}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\bdea04c4-d733-11e3-99e3-d7e47db2a828\Winre.wim,{bdea04c5-d733-11e3-99e3-d7e47db2a828}
systemroot \windows
nx OptIn
winpe Yes
Resume from Hibernate
---------------------
identifier {bdea04c2-d733-11e3-99e3-d7e47db2a828}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No
Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes
EMS Settings
------------
identifier {emssettings}
bootems Yes
Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
RAM Defects
-----------
identifier {badmemory}
Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}
Device options
--------------
identifier {bdea04c5-d733-11e3-99e3-d7e47db2a828}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\bdea04c4-d733-11e3-99e3-d7e47db2a828\boot.sdi
LastRegBack: 2014-05-08 22:39
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2015
Ran by Dan at 2015-02-07 09:06:56
Running from C:\Users\Dan\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.4.0 - IObit)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4800 - AVG Technologies)
AVG 2014 (Version: 14.0.4257 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4800 - AVG Technologies) Hidden
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG5400 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5400_series) (Version: 1.00 - Canon Inc.)
Canon MG5400 series On-screen Manual (HKLM-x32\...\Canon MG5400 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon MG5400 series User Registration (HKLM-x32\...\Canon MG5400 series User Registration) (Version: - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11299.0 - Cisco Consumer Products LLC)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DVDFab 9.1.4.2 (29/04/2014) (HKLM-x32\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.3.9.2622 - IObit)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2918248101-3388894934-2879875847-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.2 - IObit)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.13.0 - Synaptics Incorporated)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WinZip 12.1 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}) (Version: 12.1.8519 - WinZip Computing, S.L. )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2918248101-3388894934-2879875847-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Dan\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2918248101-3388894934-2879875847-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Dan\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2918248101-3388894934-2879875847-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Dan\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2918248101-3388894934-2879875847-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Dan\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2918248101-3388894934-2879875847-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Dan\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
05-02-2015 13:00:44 Windows Backup
05-02-2015 14:04:21 Windows Modules Installer
05-02-2015 14:34:49 Windows Backup
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {51FCBECD-8693-41F9-AE8B-67076D904659} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
Task: {9E8B22ED-66DE-41ED-865E-95E7A90CB07A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {D3D9FDBB-20DE-49BC-8EFB-E00C3636300E} - System32\Tasks\ASC7_SkipUac_Dan => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-08-22] (IObit)
Task: {D8C2A90A-321B-4B2D-A236-970E0D56F5B1} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-08-22] (IObit)
Task: {DE9531EF-20C0-4F2C-81CC-61E6C4A36D93} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe
Task: {E15EE83C-BE38-442D-B0D5-242B78E4F263} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-07-23] (IObit)
Task: {F66FE089-A9A2-4FEF-BBA4-DB552C168B1E} - System32\Tasks\{7A899063-791B-4ADC-B79B-E8A4CEC9F5CA} => C:\Users\Dan\Desktop\DOWNLOADS\Synaptics_v15_2_7_C_XP64_Vista64_Win7-64.exe
Task: {F99FACF5-C305-432C-AF69-73018946A221} - System32\Tasks\Driver Booster SkipUAC (Dan) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) ==============
2015-02-05 12:52 - 2014-11-03 16:37 - 00007168 _____ () C:\a\internetport3.exe
2014-05-08 21:21 - 2013-10-25 11:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\sqlite3.dll
2014-05-08 21:21 - 2013-01-15 17:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\webres.dll
2014-03-31 20:35 - 2014-03-31 20:35 - 00270016 _____ () C:\Program Files (x86)\Windows Live\Writer\en\WindowsLive.Writer.Localization.resources.dll
2015-02-06 16:04 - 2015-02-06 16:04 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-02-05 13:41 - 2015-02-05 13:41 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Registry Areas =====================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2918248101-3388894934-2879875847-1000\Control Panel\Desktop\\Wallpaper ->
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-2918248101-3388894934-2879875847-500 - Administrator - Disabled)
Dan (S-1-5-21-2918248101-3388894934-2879875847-1000 - Administrator - Enabled) => C:\Users\Dan
Guest (S-1-5-21-2918248101-3388894934-2879875847-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/06/2015 06:15:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: avgsysa.dll, version: 14.0.0.4800, time stamp: 0x536a4985
Exception code: 0xc0000005
Fault offset: 0x0000000000058b9b
Faulting process id: 0x7b0
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Error: (02/06/2015 04:39:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/06/2015 01:46:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/06/2015 01:01:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/06/2015 00:15:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/06/2015 00:15:24 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (02/06/2015 00:12:15 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.
Details:
Could not query the status of the EventSystem service.
System Error:
A system shutdown is in progress.
.
Error: (02/06/2015 00:11:37 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x8007043c
Error: (02/06/2015 10:49:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/06/2015 10:48:36 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
System errors:
=============
Error: (02/07/2015 01:31:52 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
Error: (02/06/2015 04:39:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (02/06/2015 01:46:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (02/06/2015 01:01:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (02/06/2015 00:16:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (02/06/2015 00:15:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Live ID Sign-in Assistant service failed to start due to the following error:
%%1053
Error: (02/06/2015 00:15:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
Error: (02/06/2015 11:24:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (02/06/2015 11:24:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (02/06/2015 11:24:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Microsoft Office Sessions:
=========================
Error: (02/06/2015 06:15:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4avgsysa.dll14.0.0.4800536a4985c00000050000000000058b9b7b001d0425540f188aeC:\Windows\Explorer.EXEC:\Program Files (x86)\AVG\AVG2014\avgsysa.dllf9d34c84-ae55-11e4-8c0f-0019b97ac856
Error: (02/06/2015 04:39:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/06/2015 01:46:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/06/2015 01:01:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/06/2015 00:15:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/06/2015 00:15:24 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Dan\Desktop\esetsmartinstaller_enu.exe
Error: (02/06/2015 00:12:15 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description:
Details:
Could not query the status of the EventSystem service.
System Error:
A system shutdown is in progress.
Error: (02/06/2015 00:11:37 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x8007043c
Error: (02/06/2015 10:49:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/06/2015 10:48:36 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Dan\Desktop\esetsmartinstaller_enu.exe
==================== Memory info ===========================
Processor: AMD Turion™ 64 X2 Mobile Technology TL-50
Percentage of memory in use: 50%
Total physical RAM: 3966.05 MB
Available physical RAM: 1976.73 MB
Total Pagefile: 7930.28 MB
Available Pagefile: 6141.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:74.52 GB) (Free:39.79 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: D0F4738C)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
#4
Posted 08 February 2015 - 04:08 AM
Valinorum
-
- GeekU Moderator
-
- 3,330 posts
GeekU Guardian Bot
- Step #2 Uninstall Programs
I want you to uninstall the following program(s) listed below due to poor reputation we receive about them. To uninstall a program, go to Start > Control Panel > Uninstall a program or Start > Control Panel > Programs and Features. Wait for the list to fill up and double-click on the items I have listed below and follow the on-screen instruction to remove/uninstall them.- Advanced SystemCare 7
- HitmanPro 3.7 (Unnecessary)
- IObit Uninstaller
- Smart Defrag 3
- Surfing Protection
- Step #3 Fix with FRST
Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.- Open Notepad.exe. Do not use any other text editor software;
- Copy and Paste the contents inside the code-box to your Notepad --
Start CreateRestorePoint: CloseProcesses: Emptytemp: Task: {51FCBECD-8693-41F9-AE8B-67076D904659} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe C:\Program Files (x86)\IObit Task: {D3D9FDBB-20DE-49BC-8EFB-E00C3636300E} - System32\Tasks\ASC7_SkipUac_Dan => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-08-22] (IObit) Task: {D8C2A90A-321B-4B2D-A236-970E0D56F5B1} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-08-22] (IObit) Task: {DE9531EF-20C0-4F2C-81CC-61E6C4A36D93} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe Task: {E15EE83C-BE38-442D-B0D5-242B78E4F263} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-07-23] (IObit) Task: {F99FACF5-C305-432C-AF69-73018946A221} - System32\Tasks\Driver Booster SkipUAC (Dan) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe 2015-02-05 12:52 - 2014-11-03 16:37 - 00007168 _____ () C:\a\internetport3.exe C:\a\ 2014-05-08 21:21 - 2013-10-25 11:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\sqlite3.dll 2014-05-08 21:21 - 2013-01-15 17:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\webres.dll FF Extension: Conduit Engine - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2015-02-06] SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = HKU\S-1-5-21-2918248101-3388894934-2879875847-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyEnable: [S-1-5-21-2918248101-3388894934-2879875847-1000] => Internet Explorer proxy is enabled. ProxyServer: [S-1-5-21-2918248101-3388894934-2879875847-1000] => http=127.0.0.1:8877;https=127.0.0.1:8877 End - Click on File > Save as...
- Inside the File Name box type fixlist.txt;
- From the Save as type drop down list, choose All Files
- Save the file to your Desktop;
- Re-run FRST.exe and click Fix;
- Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
- After the completion, a log will be produced;
- Copy and Paste the contents of the log in your next reply.
- Step #4 Fix with AdwCleaner
- Download AdwCleaner by Xplode to your Desktop from the following link.
- Right-click on AdwCleaner.exe and choose Run as administrator;
- Click on Scan and let the program run unhindered;
- When done, click on Clean and allow the system to reboot after it is done;
- A log will be opened automatically after the restart;
- Copy and Paste the contents of this log in your reply.
- Required Log(s):
- FRST Fix Log
- AdwCleaner Log
Valinorum
#5
Posted 08 February 2015 - 07:46 AM
dagresta
- Topic Starter
-
- Member
-
- 7 posts
New Member
Here you Go
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-02-2015
Ran by Dan at 2015-02-08 08:01:17 Run:1
Running from C:\Users\Dan\Desktop
Loaded Profiles: Dan (Available profiles: Dan)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Task: {51FCBECD-8693-41F9-AE8B-67076D904659} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
C:\Program Files (x86)\IObit
Task: {D3D9FDBB-20DE-49BC-8EFB-E00C3636300E} - System32\Tasks\ASC7_SkipUac_Dan => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-08-22] (IObit)
Task: {D8C2A90A-321B-4B2D-A236-970E0D56F5B1} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-08-22] (IObit)
Task: {DE9531EF-20C0-4F2C-81CC-61E6C4A36D93} -
System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe
Task: {E15EE83C-BE38-442D-B0D5-242B78E4F263} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-07-23] (IObit)
Task: {F99FACF5-C305-432C-AF69-73018946A221} - System32\Tasks\Driver Booster SkipUAC (Dan) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
2015-02-05 12:52 - 2014-11-03 16:37 - 00007168 _____ () C:\a\internetport3.exe
C:\a\
2014-05-08 21:21 - 2013-10-25 11:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\sqlite3.dll
2014-05-08 21:21 - 2013-01-15 17:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\webres.dll
FF Extension: Conduit Engine - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2015-02-06]
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 ->
DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
HKU\S-1-5-21-2918248101-3388894934-2879875847-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-2918248101-3388894934-2879875847-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2918248101-3388894934-2879875847-1000] => http=127.0.0.1:8877;https=127.0.0.1:8877
End
*****************
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{51FCBECD-8693-41F9-AE8B-67076D904659}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51FCBECD-8693-41F9-AE8B-67076D904659}" => Key deleted successfully.
C:\Windows\System32\Tasks\Driver Booster Update => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Update" => Key deleted successfully.
C:\Program Files (x86)\IObit => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3D9FDBB-20DE-49BC-8EFB-E00C3636300E} => Key not found.
C:\Windows\System32\Tasks\ASC7_SkipUac_Dan not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC7_SkipUac_Dan => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8C2A90A-321B-4B2D-A236-970E0D56F5B1} => Key not found.
C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstaller_SkipUac_Administrator => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Task: {DE9531EF-20C0-4F2C-81CC-61E6C4A36D93} - => Key not found.
System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E15EE83C-BE38-442D-B0D5-242B78E4F263} => Key not found.
C:\Windows\System32\Tasks\SmartDefrag3_Update not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag3_Update => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F99FACF5-C305-432C-AF69-73018946A221}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F99FACF5-C305-432C-AF69-73018946A221}" => Key deleted successfully.
C:\Windows\System32\Tasks\Driver Booster SkipUAC (Dan) => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (Dan)" => Key deleted successfully.
C:\a\internetport3.exe => Moved successfully.
"C:\a" directory move:
C:\a\57097757.zip => Moved successfully.
C:\a\72895555.bat => Moved successfully.
C:\a\FdFC5Ba05A.exe => Moved successfully.
C:\a\FiddlerCore.dll => Moved successfully.
C:\a\loading.gif => Moved successfully.
C:\a\ping.txt => Moved successfully.
Could not move "C:\a" directory. => Scheduled to move on reboot.
"C:\Program Files (x86)\IObit\Advanced SystemCare 7\sqlite3.dll" => File/Directory not found.
"C:\Program Files (x86)\IObit\Advanced SystemCare 7\webres.dll" => File/Directory not found.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] => Moved successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\SearchScopes: HKU\S-1-5-20 ->\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKU\S-1-5-20 -> => Value not found.
DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-2918248101-3388894934-2879875847-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-2918248101-3388894934-2879875847-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\S-1-5-21-2918248101-3388894934-2879875847-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-02-08 08:03:50)<=
C:\a => Is moved successfully.
==== End of Fixlog 08:03:50 ====
# AdwCleaner v4.110 - Logfile created 08/02/2015 at 08:35:25
# Updated 05/02/2015 by Xplode
# Database : 2015-02-05.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Dan - DAN-LAPTOP
# Running from : C:\Users\Dan\Desktop\AdwCleaner.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17420
-\\ Mozilla Firefox v35.0.1 (x86 en-US)
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [15230 bytes] - [06/02/2015 12:43:03]
AdwCleaner[R1].txt - [15290 bytes] - [06/02/2015 12:47:42]
AdwCleaner[R2].txt - [1921 bytes] - [06/02/2015 16:32:47]
AdwCleaner[R3].txt - [1276 bytes] - [08/02/2015 08:12:29]
AdwCleaner[R4].txt - [1191 bytes] - [08/02/2015 08:24:02]
AdwCleaner[S0].txt - [16396 bytes] - [06/02/2015 12:57:31]
AdwCleaner[S1].txt - [2009 bytes] - [06/02/2015 16:36:30]
AdwCleaner[S2].txt - [1346 bytes] - [08/02/2015 08:17:12]
AdwCleaner[S3].txt - [1119 bytes] - [08/02/2015 08:35:25]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1178 bytes] ##########
#6
Posted 08 February 2015 - 09:38 AM
Valinorum
-
- GeekU Moderator
-
- 3,330 posts
GeekU Guardian Bot
How is your PC performing?
Valinorum
- Step #5 Scan with Malwarebytes' Anti-Malware
- Download Malwarebytes' Anti-Malware from the suitable link below --
- Double-click mbam-setup.exe to install the application.
- Before clicking Finish perform the following actions --
- Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
- Check the box beside Launch Malwarebytes Anti-Malware
- Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
- Click on Setting--
- Navigate to the tab Detection and Protection and check all the boxes under Detection Options
- From the Dashboard click on Scan Now;
- If threats are detected click on Apply actions. If the program asks to reboot your PC, let it do so;
- On completion of the scan click on View Detailed Log after that click on Export Button, select Text File and save the log to your Desktop;
- Copy and Paste the contents of the log in your next reply.
- Step #6 ESET Online Scanner
Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.- Download esetsmartinstaller_enu.exe by clicking here.
- Right-click on the program and choose Run as administrator.
- Accept their terms and condition and proceed.
- Install Add-On/Active X if prompted.
- From the Computer Scan Setting check the following box --
- Enable detection for potentially unwanted programs
- Click on Advanced Setting --
- Check the box beside Remove Found Threats;
- Check the box beside Scan archives
- Check the box beside Scan for potentially unsafe applications
- Check the box beside Enable Anti-Stealth Technology
- Click on Start and wait for the virus signature database to update.
- The online scan will begin automatically and can take several hours.
- Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
- After the Scan finishes --
- If no threats were found:
- Put a checkmark in Uninstall application on close.
- Close the program and report that nothing was found
- If threats were found:
- Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
- Copy and Paste contents of the log file in your next reply.
- If no threats were found:
- Required Log(s):
- Malwarebytes' Anti-Malware Log
- ESET Scan Log
Valinorum
#7
Posted 08 February 2015 - 01:04 PM
dagresta
- Topic Starter
-
- Member
-
- 7 posts
New Member
Hello Valinorum,
I thought I had removed it a few times. Only to have it show up again will surfing the net .Not all site have this pop up Geeks site does and makes it very hard to read the screen at all.
It seems to be gone.At this point I'll surf and run know trouble sites to see if it appears. It seems to spawn showing on more and more sites as it goes.
Advance care and defrag that was removed could you make recommendations for replacements?
I do appreciate your efforts and time to this point thank you
.
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 2/8/2015
Scan Time: 11:19:28 AM
Logfile: malware log scan.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.02.08.04
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Dan
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 331037
Time Elapsed: 23 min, 50 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
Eset
C:\Program Files (x86)\Mozilla Firefox\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\91_monetizationLoader.js.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Program Files (x86)\Mozilla Firefox\extensions\3889d70a-3fde-4565-9f53-587ed12a797a@b90fd175-524e-46e6-a91f-624789f3369f.com\extensionData\plugins\91_monetizationLoader.js.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Dan\Documents\Old Firefox Data\os108p1e.default-1393465284968\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\91_monetizationLoader.js.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Dan\Documents\Old Firefox Data\os108p1e.default-1393465284968\extensions\3889d70a-3fde-4565-9f53-587ed12a797a@b90fd175-524e-46e6-a91f-624789f3369f.com\extensionData\plugins\91_monetizationLoader.js.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
#8
Posted 08 February 2015 - 01:12 PM
Valinorum
-
- GeekU Moderator
-
- 3,330 posts
GeekU Guardian Bot
Log looks good. I can proceed to the prevention speech or can ask you to monitor your PC for a day to check if the malware reappears; your call.
Regards,
Valinorum
Regards,
Valinorum
#9
Posted 08 February 2015 - 01:26 PM
dagresta
- Topic Starter
-
- Member
-
- 7 posts
New Member
Oh please,proceed to your prevention speech. I'll monitor PC to check if the malware reappears.
Thanks
#10
Posted 08 February 2015 - 01:44 PM
Valinorum
-
- GeekU Moderator
-
- 3,330 posts
GeekU Guardian Bot
Perusing your logs, I see no infection currently present in your system. Unless you are having any issue(s), the machine appears to be Malware-free as we speak.
Despite the tools we have used are clean, they are powerful removal tools and made in a way so that they carry out any commands given to them without (most cases) asking for a confirmation. In the hands of an inept person, they can make the machine un-bootable -- a scenario we do not wish to see. Also, we need to remove the quarantined files/folders from your system as a dormant malware can be as bad as an active one if given the proper environment. I shall now give you the guidelines to remove the tools and the quarantined files from your system.
Prevention is better than cure -- goes the old saying. As much as we love to see you visit our site, we do not want to see you having your PC infected by malwares again.
Valinorum
♣ Removal of Tools and Quarantined Files ♣
Despite the tools we have used are clean, they are powerful removal tools and made in a way so that they carry out any commands given to them without (most cases) asking for a confirmation. In the hands of an inept person, they can make the machine un-bootable -- a scenario we do not wish to see. Also, we need to remove the quarantined files/folders from your system as a dormant malware can be as bad as an active one if given the proper environment. I shall now give you the guidelines to remove the tools and the quarantined files from your system.
- Cleanup with Delfix
Please download DelFix by Xplode to your Desktop.
Download Link- Double-click to run the program;
- Note: Windows Vista/7/8 users right-click and choose Run as administrator
- Make sure that all the boxes are checked;
- Click Run;
- A log will be opened after the operation is finished;
- Copy and Paste it in your next reply
- Double-click to run the program;
♣ Prevention and Future Guidelines ♣
Prevention is better than cure -- goes the old saying. As much as we love to see you visit our site, we do not want to see you having your PC infected by malwares again.
- Keep Windows up-to-date.
It is extremely important that you keep your operating system (Windows) updated when updates are made available. It is set to alert you, so be sure not to ignore these notices and to allow the updates to install. Many of these are critical security packages which could very possibly be the difference between your picking up a future infiltration and simply passing right by it unharmed. - Run antivirus software and keep it up-to-date, too.
Antivirus software is your safety net if all other protections fail. The first line of defense is smart computing, of course, but everyone needs a backup. I'd recommend Microsoft Security Essentials or avast!, both of which are excellent, as well as free. Once they're installed, check periodically to ensure they have been successfully updating as well. An out-of-date antivirus is not a happy antivirus! - Keep your web browser plugins and other programs updated also.
This tip is rarely shared by technicians and its importance is not widely recognized, but it's absolutely critical. Programs such as Java, Adobe Flash Player and Adobe Reader, Internet Explorer, and myriad other such web-exposed items are deeply vulnerable to attack, which can quickly lead to a hopelessly infected system no matter what protection you currently have installed. The reason is that these programs are ubiquitous, but are also not perfect and are extremely complex... and as such, security vulnerabilities are discovered and exploited by hackers hoping to gain control over your machine. By performing every update for these programs as soon as it's made available, you will greatly reduce your exposure to dangerous internet threats.
A great way to do this is to install the Filehippo Update Checker and run it regularly. Also, try not to ignore any notifications you receive regarding updates to programs already installed on your PC.
No scripts is an excellent security device too. I like it but it is not for everyone because it requires you to take action if you want to see some things (pop ups, banners etc.) on sites you visit.
Download NoSript by Giorgio Maone.
Note: Sometimes you will get a site telling you that you need to install Java when actually all you need to do is enable the site through the no script icon down on the right hand side of your computer. - Watch out for new threat named CryptoLocker
CryptoLocker is a new type ransomware family malware that encrypts your important files and asks for a ransom to decrypt them. At the moment of posting this reply there are no tools that can undo the havoc this malware causes. We can help you to remove the malware from your system but the files that was encrypted cannot be recovered without the decryption key. So, I ask for your forbearance and practice constant vigilance. Please read the following article to acknowledge yourself about the safety measures.
How to prevent your computer from becoming infected by CryptoLocker. - And last of all, surf smart.
It doesn't matter how well the autopilot system works if the pilot keeps flying the plane into mountain ranges. Don't forget that no matter how much you have protecting yourself, your security ultimately begins and ends with you. Don't visit dangerous or questionable web sites, avoid suspicious links on Facebook and emails/email attachments you're unsure about, and just generally keep your wits about you, and you'll be much safer. Also, avoid illegal downloads, cracks, "warez", and all other too-good-to-be-true internet offerings: they're typically laden with malware. Be smart and you can avoid most threats lurking about the darker corners of the internet! And for even more tips, see our article How Did I Get Infected in the First Place? and Keep Your Computer Safe Online.
Valinorum
#11
Posted 08 February 2015 - 03:00 PM
dagresta
- Topic Starter
-
- Member
-
- 7 posts
New Member
Hello Valinorum,
Advance care and defrag that were removed could you make recommendations for replacements?
any help here
#12
Posted 08 February 2015 - 03:38 PM
dagresta
- Topic Starter
-
- Member
-
- 7 posts
New Member
# DelFix v10.8 - Logfile created 08/02/2015 at 16:33:07
# Updated 29/07/2014 by Xplode
# Username : Dan - DAN-LAPTOP
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
~ Activating UAC ... OK
~ Removing disinfection tools ...
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Dan\Desktop\AdwCleaner.exe
Deleted : C:\Users\Dan\Desktop\esetsmartinstaller_enu(1).exe
Deleted : C:\Users\Dan\Desktop\esetsmartinstaller_enu.exe
Deleted : C:\Users\Dan\Desktop\FRST64.exe
Deleted : C:\Users\Dan\Desktop\HiJackThis.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
~ Creating registry backup ... OK
~ Cleaning system restore ...
Deleted : RP #49 [Windows Backup | 02/05/2015 18:00:44]
Deleted : RP #50 [Windows Modules Installer | 02/05/2015 19:04:21]
Deleted : RP #51 [Windows Backup | 02/05/2015 19:34:49]
New restore point created !
~ Resetting system settings ... OK
########## - EOF - ##########
#13
Posted 09 February 2015 - 08:49 AM
Valinorum
-
- GeekU Moderator
-
- 3,330 posts
GeekU Guardian Bot
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
