Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer running slow and browser not blocking popups


  • Please log in to reply

#16
Zambian

Zambian

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Is there something gone wrong or is it just me? All my posts including the logs and detailed report seem to be missing, anything i can do?


  • 0

Advertisements


#17
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,010 posts
  • MVP

I think it's probably because the forum has started a new page for your thread.  We're on page 2 now.  Your original page and post are on page 1.  Click on the Prev button or the 1 button and it will take you to page 1.  Were you able to switch to Avast as I asked in http://www.geekstogo...s/#entry2483096 ?


  • 0

#18
Zambian

Zambian

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Yes , i have installed and run Avast, there were problems which were fixed, there is still something that is installing an extension into Chrome browser , this i have deleted and will see if it comes back. there was a program installed called coup coup that i deleted and when i reran Avast it detected the program coup coup again. It seems each time i run Avast it finds something.


  • 0

#19
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,010 posts
  • MVP

Can you open

 

C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt 

and copy and paste it into a reply?

 

If you have problems seeing the file:

 

Open the Control Panel menu and click Folder Options.

    After the new window appears select the View tab.
    Put a checkmark in the checkbox labeled Display the contents of system folders.
    Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
    Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
    Remove the checkmark from the checkbox labeled Hide protected operating system files.
    Press the Apply button and then the OK button 
 
 
Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.

  • 0

#20
Zambian

Zambian

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

I couldn't find the Avast scan log in the Avast folder, so here are the loge from FRST

 

FRST.txt.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-03-2015
Ran by Davie (administrator) on DAVIE-PC on 06-03-2015 08:12:32
Running from C:\Users\Davie\Downloads
Loaded Profiles: Davie (Available profiles: Davie)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Dell) C:\Users\Davie\AppData\Local\Apps\2.0\L1YMPGED.XGQ\1G05GZ07.40T\dell..tion_e30b47f5d4a30e9e_0005.000e_4ab3a7332dd76702\DellSystemDetect.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK32.EXE
(Dropbox, Inc.) C:\Users\Davie\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1797008 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-27] (AVAST Software)
HKU\S-1-5-21-30905629-1660685971-3630012643-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-30905629-1660685971-3630012643-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-30905629-1660685971-3630012643-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-22] (Piriform Ltd)
HKU\S-1-5-21-30905629-1660685971-3630012643-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-30905629-1660685971-3630012643-1000\...\Run: [DellSystemDetect] => C:\Users\Davie\AppData\Local\Apps\2.0\L1YMPGED.XGQ\1G05GZ07.40T\dell..tion_e30b47f5d4a30e9e_0005.000e_4ab3a7332dd76702\DellSystemDetect.exe [283432 2015-02-08] (Dell)
HKU\S-1-5-21-30905629-1660685971-3630012643-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Program Files\Webshots\webshots.scr [1646592 2006-01-25] (Webshots.com)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
Startup: C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Davie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-30905629-1660685971-3630012643-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=au&ibd=1080802
HKU\S-1-5-21-30905629-1660685971-3630012643-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=13 -> C:\Program Files\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll (Google)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: MediaPlayersvideos  1.1 - C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\Extensions\[email protected] [2015-01-01]
FF Extension: captiondownloaderhiephmcom - C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\Extensions\[email protected] [2015-02-23]
FF Extension: 023e9ca063f347b1bcb29badf9d9ef28 - C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\Extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28} [2015-02-23]
FF Extension: Flash and Video Download - C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}(2) [2014-06-18]
FF Extension: No Flash - C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\Extensions\[email protected] [2014-10-04]
FF Extension: Youtube and more - Easy Video Downloader - C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\Extensions\[email protected] [2014-12-05]
FF Extension: Youtube downloader master - C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\Extensions\[email protected] [2014-10-04]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-10]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-27]
 
Chrome: 
=======
CHR Profile: C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-08]
CHR Extension: (Google Docs) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08]
CHR Extension: (Google Drive) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-08]
CHR Extension: (YouTube) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-08]
CHR Extension: (Google Search) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-08]
CHR Extension: (Google Sheets) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-08]
CHR Extension: (Avast Online Security) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-27]
CHR Extension: (Google Wallet) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-08]
CHR Extension: (Gmail) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-08]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-27]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-13] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-27] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2015-02-27] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2015-02-27] (Avast Software)
S4 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [57344 2004-06-13] (brother Industries Ltd) [File not signed]
S4 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [161048 2008-04-28] (Stardock Corporation)
S2 gupdate1c9a11782fb64e7; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-11-01] (Google Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 SftService; C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE [1692480 2011-08-18] (SoftThinks SAS)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2015-02-27] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2015-02-27] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73480 2015-02-27] (AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2015-02-27] (ALWIL Software)
R0 aswNdis2; C:\Windows\system32\Drivers\aswNdis2.sys [253640 2015-02-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55240 2015-02-27] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2015-02-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2015-02-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2015-02-27] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57928 2015-02-27] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2015-02-27] ()
S3 ioFakMap; C:\Windows\System32\DRIVERS\ioFakMap.sys [10624 2010-12-15] (KYE System Corp.)
S3 ioTblMap; C:\Windows\System32\DRIVERS\ioTblMap.sys [10632 2011-06-07] (KYE System Corp.)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2008-03-06] (Windows ® Codename Longhorn DDK provider)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-05-21] () [File not signed]
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2010-10-27] () [File not signed]
R3 stdriver; C:\Windows\System32\DRIVERS\stdriverx86.sys [40344 2012-10-01] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2015-02-27] (Avast Software)
R3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1961072 2010-05-20] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-06 08:12 - 2015-03-06 08:12 - 00020953 _____ () C:\Users\Davie\Downloads\FRST.txt
2015-03-06 08:11 - 2015-03-06 08:11 - 00000000 ____D () C:\Users\Davie\Downloads\FRST-OlderVersion
2015-03-06 07:41 - 2015-03-06 07:41 - 00000197 _____ () C:\Windows\system32\2015-03-05-23-41-45.029-AvastVBoxSVC.exe-3032.log
2015-03-05 11:41 - 2015-03-05 11:41 - 00000197 _____ () C:\Windows\system32\2015-03-05-03-41-41.090-AvastVBoxSVC.exe-2988.log
2015-03-04 17:09 - 2015-03-04 17:09 - 00000197 _____ () C:\Windows\system32\2015-03-04-09-09-55.042-AvastVBoxSVC.exe-3692.log
2015-03-04 08:34 - 2015-03-04 08:34 - 00000197 _____ () C:\Windows\system32\2015-03-04-00-34-10.001-AvastVBoxSVC.exe-4352.log
2015-02-27 15:50 - 2015-02-27 15:50 - 00000000 ____D () C:\Users\Davie\AppData\Local\{445E4688-1907-4350-9CF6-C33C78C364DA}
2015-02-27 15:36 - 2015-02-27 15:36 - 00000000 ____D () C:\Users\Davie\AppData\Local\{F2EF7F01-C0EC-4431-B5D0-44FB24869713}
2015-02-27 14:31 - 2015-02-27 14:31 - 00001862 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-02-27 14:31 - 2015-02-27 14:31 - 00001856 _____ () C:\Users\Public\Desktop\WinZip.lnk
2015-02-27 14:31 - 2015-02-27 14:31 - 00000000 ____D () C:\Users\Davie\AppData\Local\WinZip
2015-02-27 14:31 - 2015-02-27 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-02-27 14:31 - 2015-02-27 14:31 - 00000000 ____D () C:\Program Files\WinZip
2015-02-27 14:18 - 2015-02-27 14:18 - 00000247 _____ () C:\Windows\system32\2015-02-27-06-18-18.013-aswFe.exe-6028.log
2015-02-27 14:04 - 2015-02-27 14:18 - 00000247 _____ () C:\Windows\system32\2015-02-27-06-04-04.095-aswFe.exe-5504.log
2015-02-27 14:03 - 2015-02-27 14:03 - 00000197 _____ () C:\Windows\system32\2015-02-27-06-03-57.041-AvastVBoxSVC.exe-3136.log
2015-02-27 12:03 - 2015-02-27 12:03 - 00001879 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk
2015-02-27 12:02 - 2015-02-27 12:02 - 00026136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2015-02-27 12:02 - 2015-02-27 12:01 - 00253640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdis2.sys
2015-02-27 12:02 - 2015-02-27 11:51 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-02-27 12:01 - 2015-02-27 12:01 - 00012112 _____ (ALWIL Software) C:\Windows\system32\Drivers\aswNdis.sys
2015-02-27 11:54 - 2015-02-27 11:56 - 00000000 ____D () C:\Windows\system32\vbox
2015-02-27 11:53 - 2015-02-27 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-02-27 11:53 - 2015-02-27 11:53 - 00000000 ____D () C:\Users\Davie\AppData\Roaming\AVAST Software
2015-02-27 11:52 - 2015-02-27 11:53 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-02-27 11:52 - 2015-02-27 11:53 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-02-27 11:52 - 2015-02-27 11:53 - 00073480 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-02-27 11:52 - 2015-02-27 11:52 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-02-27 11:52 - 2015-02-27 11:52 - 00057928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2015-02-27 11:52 - 2015-02-27 11:52 - 00055240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2015-02-27 11:52 - 2015-02-27 11:52 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-02-27 11:52 - 2015-02-27 11:52 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-02-27 11:51 - 2015-02-27 11:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-02-27 11:50 - 2015-02-27 11:50 - 00000000 ____D () C:\Program Files\AVAST Software
2015-02-27 11:48 - 2015-02-27 11:50 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-02-27 11:38 - 2015-02-27 11:41 - 132469808 _____ (AVAST Software) C:\Users\Davie\Downloads\avast_free_antivirus_setup.exe
2015-02-27 10:14 - 2015-03-04 16:58 - 00000020 _____ () C:\Users\Davie\AppData\Roaming\appdataFr3.bin
2015-02-27 09:54 - 2015-02-27 12:09 - 00000000 ____D () C:\Program Files\comfix
2015-02-26 16:34 - 2015-02-26 16:34 - 02480312 _____ (Sysinternals - www.sysinternals.com) C:\Users\Davie\Downloads\procexp.exe
2015-02-26 16:34 - 2015-02-26 16:34 - 02480312 _____ (Sysinternals - www.sysinternals.com) C:\Users\Davie\Desktop\procexp.exe
2015-02-25 14:37 - 2015-02-25 14:39 - 00000806 _____ () C:\VEW.txt
2015-02-25 14:34 - 2015-02-25 14:34 - 00061440 _____ ( ) C:\Users\Davie\Desktop\VEW (1).exe
2015-02-25 14:33 - 2015-02-25 14:33 - 00061440 _____ ( ) C:\Users\Davie\Downloads\VEW.exe
2015-02-24 14:42 - 2015-01-23 11:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-24 14:42 - 2015-01-23 10:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-23 13:16 - 2015-03-06 08:12 - 00000000 ____D () C:\FRST
2015-02-23 13:03 - 2015-03-06 08:11 - 01132544 _____ (Farbar) C:\Users\Davie\Downloads\FRST.exe
2015-02-23 13:02 - 2015-02-23 13:03 - 01388274 _____ (Thisisu) C:\Users\Davie\Downloads\JRT.exe
2015-02-23 12:59 - 2015-02-23 13:00 - 02126848 _____ () C:\Users\Davie\Downloads\AdwCleaner.exe
2015-02-23 10:53 - 2015-02-23 10:53 - 00602112 _____ (OldTimer Tools) C:\Users\Davie\Downloads\OTL.exe
2015-02-23 09:47 - 2014-11-26 10:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-23 09:46 - 2015-01-15 12:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-23 09:46 - 2015-01-13 09:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-23 09:46 - 2015-01-09 08:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-23 09:42 - 2015-01-14 09:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-23 09:42 - 2015-01-14 09:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-23 09:42 - 2015-01-14 09:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-23 09:42 - 2015-01-14 09:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-23 09:42 - 2015-01-14 09:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-23 09:42 - 2015-01-14 09:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-23 09:42 - 2015-01-14 09:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-23 09:42 - 2015-01-14 09:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-23 09:42 - 2015-01-14 09:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-23 09:42 - 2015-01-14 09:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-23 09:42 - 2015-01-14 09:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-23 09:42 - 2015-01-14 09:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-23 09:42 - 2015-01-14 09:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-23 09:42 - 2015-01-14 09:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-23 09:42 - 2015-01-14 09:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-23 09:42 - 2015-01-14 09:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-23 09:42 - 2015-01-14 09:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-23 09:42 - 2015-01-14 09:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-23 09:42 - 2015-01-14 09:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-23 09:42 - 2015-01-14 09:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-23 09:37 - 2015-02-23 09:37 - 00000000 ____D () C:\Windows\Temp49189D3D-F36E-6298-86B0-6AD8E0F4F57D-Signatures
2015-02-23 09:34 - 2014-12-08 09:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-23 09:32 - 2015-02-23 09:32 - 00001127 _____ () C:\Users\Davie\Desktop\Watchtower Library 2014 - English.lnk
2015-02-23 09:32 - 2015-02-23 09:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Watchtower Library 2014
2015-02-23 09:29 - 2015-02-23 09:30 - 00000000 ____D () C:\1dde1cb4387c5846477e94eeeafd
2015-02-09 09:48 - 2015-02-09 09:48 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-02-08 12:58 - 2014-12-19 08:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-02-08 12:53 - 2014-12-06 11:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-02-08 12:53 - 2014-12-06 11:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-02-08 12:53 - 2014-12-06 11:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-02-08 12:53 - 2014-12-06 11:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-02-08 12:46 - 2015-02-08 12:46 - 00417064 _____ () C:\Users\Davie\Downloads\DellSystemDetect.exe
2015-02-08 12:04 - 2015-02-08 12:04 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-08 12:04 - 2015-02-08 12:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-08 12:00 - 2015-02-08 12:00 - 00880208 _____ (Google Inc.) C:\Users\Davie\Downloads\ChromeSetup.exe
2015-02-08 11:48 - 2015-02-08 11:48 - 00001269 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell ResourceCD.lnk
2015-02-08 11:47 - 2015-02-08 11:47 - 00000000 ____D () C:\Windows\system32\vmm32
2015-02-08 11:14 - 2015-02-27 09:54 - 00000000 ____D () C:\ProgramData\59b4cf200005341
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-06 07:54 - 2014-10-08 13:43 - 00000000 ___RD () C:\Users\Davie\Dropbox
2015-03-06 07:54 - 2013-10-11 19:54 - 00000000 ____D () C:\Users\Davie\AppData\Roaming\Skype
2015-03-06 07:54 - 2013-06-27 12:22 - 00000000 ____D () C:\Users\Davie\AppData\Roaming\Dropbox
2015-03-06 07:53 - 2009-06-27 16:32 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-06 07:53 - 2008-08-01 17:19 - 00000276 _____ () C:\Windows\Tasks\RtlNICDiagVistaStart.job
2015-03-06 07:44 - 2012-03-10 10:28 - 01248571 _____ () C:\Windows\WindowsUpdate.log
2015-03-06 07:43 - 2013-06-03 15:44 - 00000868 _____ () C:\Windows\Tasks\Google Software Updater.job
2015-03-06 07:40 - 2006-11-02 21:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-06 07:40 - 2006-11-02 20:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-06 07:40 - 2006-11-02 20:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-05 16:34 - 2006-11-02 21:01 - 00032638 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-05 16:20 - 2014-12-05 20:49 - 00000861 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-03-05 11:41 - 2013-06-03 15:44 - 00000000 ____D () C:\ProgramData\Google Updater
2015-03-04 17:13 - 2013-11-29 15:36 - 00000000 ____D () C:\AdwCleaner
2015-03-04 16:59 - 2013-08-01 18:37 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-03-04 14:42 - 2006-11-02 18:33 - 00759542 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-27 17:34 - 2015-01-06 12:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-27 14:31 - 2010-11-11 11:09 - 00000000 ____D () C:\ProgramData\WinZip
2015-02-27 14:30 - 2015-01-06 12:52 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-27 14:30 - 2015-01-06 12:52 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-27 14:00 - 2008-08-01 17:23 - 00000000 ____D () C:\Program Files\Google
2015-02-27 13:02 - 2014-08-29 15:24 - 00000000 ____D () C:\Users\Public\Documents\Wondershare
2015-02-27 12:46 - 2014-09-01 16:18 - 00000365 _____ () C:\Users\Davie\AppData\Roaming\LSHLRGPF
2015-02-27 12:36 - 2015-01-09 16:06 - 00000000 ____D () C:\ProgramData\4001812108
2015-02-27 11:43 - 2011-01-26 19:40 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-02-25 14:00 - 2015-01-13 17:56 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-02-25 13:56 - 2006-11-02 19:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-02-23 12:19 - 2011-06-01 21:14 - 00000000 ____D () C:\Users\Davie\dwhelper
2015-02-23 12:18 - 2012-11-29 12:51 - 00000000 ____D () C:\Users\Davie\AppData\Roaming\vlc
2015-02-23 10:16 - 2006-11-02 20:47 - 00315880 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-23 10:00 - 2013-08-10 10:28 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-23 09:49 - 2011-09-25 14:14 - 00000000 ____D () C:\Program Files\Watchtower
2015-02-23 09:47 - 2006-11-02 18:24 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-02-16 09:39 - 2014-10-08 13:43 - 00000921 _____ () C:\Users\Davie\Desktop\Dropbox.lnk
2015-02-16 09:39 - 2014-10-08 13:27 - 00000000 ____D () C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-09 09:53 - 2009-10-26 14:48 - 00000000 ____D () C:\Users\Davie\AppData\Local\Deployment
2015-02-09 09:52 - 2013-11-18 16:22 - 00000000 ____D () C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2015-02-09 09:49 - 2013-11-29 10:55 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-09 09:49 - 2008-08-01 17:17 - 00000000 ____D () C:\Program Files\Java
2015-02-09 09:47 - 2014-10-26 18:09 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-02-09 09:47 - 2014-10-26 18:09 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-02-09 09:47 - 2014-10-26 18:09 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-02-09 09:47 - 2014-10-26 18:09 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-02-09 08:48 - 2015-01-09 15:54 - 00000000 ___HD () C:\Users\Public\Temp
2015-02-08 12:43 - 2013-05-22 18:45 - 00000000 ____D () C:\Program Files\My Dell
2015-02-08 12:18 - 2015-01-09 15:32 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-08 12:07 - 2009-06-27 16:32 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-08 11:47 - 2008-08-01 17:23 - 00000000 ____D () C:\Program Files\Dell
 
==================== Files in the root of some directories =======
 
2013-06-11 12:15 - 2013-06-11 12:13 - 0013824 _____ () C:\Program Files\1033.MST
2012-09-17 13:33 - 2012-09-17 13:33 - 0000288 _____ () C:\Users\Davie\AppData\Roaming\.backup.dm
2015-02-27 10:14 - 2015-03-04 16:58 - 0000020 _____ () C:\Users\Davie\AppData\Roaming\appdataFr3.bin
2014-09-01 16:18 - 2015-02-27 12:46 - 0000365 _____ () C:\Users\Davie\AppData\Roaming\LSHLRGPF
2014-01-20 12:30 - 2014-01-20 12:30 - 0000041 _____ () C:\Users\Davie\AppData\Roaming\mbam.context.scan
2014-09-01 16:18 - 2014-09-01 16:18 - 0002086 _____ () C:\Users\Davie\AppData\Roaming\QAKOG
2008-10-12 13:48 - 2008-10-12 13:48 - 0026340 _____ () C:\Users\Davie\AppData\Roaming\UserTile.png
2009-09-24 16:17 - 2014-03-14 11:46 - 0000140 _____ () C:\Users\Davie\AppData\Roaming\wklnhst.dat
2012-04-18 13:56 - 2012-04-18 13:56 - 0000552 _____ () C:\Users\Davie\AppData\Local\d3d8caps.dat
2008-09-26 11:56 - 2012-04-18 13:56 - 0006836 _____ () C:\Users\Davie\AppData\Local\d3d9caps.dat
2008-09-25 20:09 - 2014-10-17 21:49 - 0045568 _____ () C:\Users\Davie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-06-07 14:46 - 2009-06-07 14:46 - 0008248 _____ () C:\Users\Davie\AppData\Local\en.ini
2012-09-05 17:11 - 2012-09-05 17:11 - 0001503 _____ () C:\Users\Davie\AppData\Local\recently-used.xbel
2010-02-10 17:23 - 2010-02-10 17:23 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2008-10-15 16:08 - 2010-10-27 18:40 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt
 
Some content of TEMP:
====================
C:\Users\Davie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdb5nbg.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-06 07:55
 
 
==================== End Of Log ============================
 
 
Here is the Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-03-2015
Ran by Davie at 2015-03-06 08:13:04
Running from C:\Users\Davie\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.008.0512.1132 - )
Avast Internet Security (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Brother MFL-Pro Suite DCP-J315W (HKLM\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
ccc-core-static (Version: 2008.0512.1133.18639 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
CONNEXX 6.5.4 (HKLM\...\{EDDF7146-1083-41CD-8D64-4D0612776D24}) (Version: 6.5.4 - Siemens Audiologische Technik GmbH)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Dell DataSafe Local Backup - Support Software (HKLM\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Driver Download Manager (HKU\S-1-5-21-30905629-1660685971-3630012643-1000\...\309a46b1dc89b774) (Version: 1.1.0.0 - Dell Inc.)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.10.0000 - Dell Inc.)
Dell System Detect - 1  (HKU\S-1-5-21-30905629-1660685971-3630012643-1000\...\73f463568823ebbe) (Version: 5.14.0.9 - Dell)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
Dropbox (HKU\S-1-5-21-30905629-1660685971-3630012643-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Earth (HKLM\...\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google)
Google Talk (remove only) (HKU\S-1-5-21-30905629-1660685971-3630012643-1000\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.1508.6312 - Google Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LINE (HKLM\...\LINE) (Version: 3.5.2.42 - LINE Corporation)
MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.0 - Dell)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Expression Encoder 4 (HKLM\...\Encoder_4.0.3205.0) (Version: 4.0.3205.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM\...\{F9EC30D1-F688-4708-9850-CB5120074AAA}) (Version: 4.0.3205.0 - Microsoft Corporation)
Microsoft Flight Simulator X Demo (HKLM\...\InstallShield_{B98A34C0-A6A2-4087-B272-557C1C6D0A07}) (Version: 10.0.60905 - Microsoft Game Studios)
Microsoft IntelliPoint 8.0 (HKLM\...\{00F93853-D9D3-4795-A89E-84CCBA0205C9}) (Version: 8.0.225.0 - Microsoft)
Microsoft LifeCam (HKLM\...\{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.17.8 - Dell)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Naviextras Toolbox (HKLM\...\Naviextras Toolbox) (Version: 3.18.3.412849 - NNG Llc.)
Naviextras Toolbox Prerequesities (HKLM\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.44 - BVRP Software, Inc)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OOo-dev 3.4 (HKLM\...\{1153700F-C007-4EC7-B04A-7C14D1E6E3DD}) (Version: 3.4.9583 - OpenOffice.org)
PaperPort (HKLM\...\{A17EABB6-D0C6-44E5-820C-72DC7F495064}) (Version: 9.02.0823 - ScanSoft, Inc.)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Realtek Ethernet Network Card Diagnostic tool for Windows Vista (HKLM\...\{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}) (Version: 1.00 - Realtek)
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 6.0.0 - Roxio)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
SHS6 Common (HKLM\...\{7EA9F56C-DF0E-4937-BEC1-5267A61B3216}) (Version: 1.0 - Siemens Audiologische Technik GmbH)
SHS6 Fitting (HKLM\...\{829154BB-A671-44E1-8103-28310E9BCD59}) (Version: 1.0 - Siemens Audiologische Technik GmbH)
SIFIT (HKLM\...\{C82C3BB6-34D2-4CE3-B700-35A0C748203F}) (Version: 6.10.3.1096 - Siemens)
Skins (Version: 2008.0512.1133.18639 - ATI) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sophos Anti-Rootkit 1.5.20 (HKLM\...\Sophos-AntiRootkit) (Version: 1.5.20 - Sophos Plc)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
Watchtower Library 2014 - English (HKLM\...\{DB6F2EEA-CEEA-4096-8BD7-ABF100A90820}) (Version: 16.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
Webshots Desktop (HKLM\...\Webshots Desktop) (Version:  - )
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E6}) (Version: 19.0.11294 - WinZip Computing, S.L. )
XviD 1.1 final uninstall (HKLM\...\XviD_is1) (Version: 1.1 - XviD team (Koepi))
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Davie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Davie\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Davie\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
26-02-2015 09:53:21 Scheduled Checkpoint
27-02-2015 11:19:53 Scheduled Checkpoint
27-02-2015 11:50:11 avast! antivirus system restore point
27-02-2015 11:58:30 avast! antivirus system restore point
27-02-2015 12:02:46 Device Driver Package Install: ALWIL Software Network Service
04-03-2015 08:41:46 Windows Update
05-03-2015 12:40:04 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 18:23 - 2012-09-09 18:54 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0312CF9D-1717-4060-A541-3DFC8F9C511B} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2008-01-21] (Microsoft Corporation)
Task: {082A3490-8583-42FC-BA0F-D7C64C129FDD} - System32\Tasks\NCH Software\SoundTapReminder => C:\Program Files\NCH Software\SoundTap\SoundTap.exe
Task: {1135BB68-D0B1-4B75-9817-6C5DC7F375B8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {139A74ED-8638-4F3E-B01C-1A841559354A} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {1A01BC66-ACE8-4EC4-AF2B-484BC686BE1F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-01] (Google Inc.)
Task: {23CC02FE-C997-4D39-A3DF-8B7BD60F86A6} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Davie => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {30346CC6-E909-47CB-8439-4E93245F0A5C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-27] (Adobe Systems Incorporated)
Task: {43988667-0A76-474B-A024-041C76E912A5} - System32\Tasks\{A5C06A36-B431-46FF-80C4-E69B802BB2E3} => pcalua.exe -a C:\Users\Davie\Downloads\sar_15_sfx(1).exe -d C:\Users\Davie\Downloads
Task: {482DFB24-54E0-4D8C-A8B9-38FFB7FB4613} - System32\Tasks\{4586A9F7-8D49-4011-8084-D52116E170F7} => pcalua.exe -a C:\Users\Davie\Downloads\UWC-1.6.6-setup.exe -d C:\Users\Davie\Downloads
Task: {648D1896-4029-4A3F-9F4C-572BC7BEF210} - System32\Tasks\{67136D08-7A91-4DFE-B7B3-3C424B54710B} => pcalua.exe -a C:\Users\Davie\Documents\EOSDemoInstaller-1.0.556e\EOSDemoInstaller-1.0.556e.exe -d C:\Users\Davie\Documents\EOSDemoInstaller-1.0.556e
Task: {68303AE2-A8BA-446E-8818-1131643CCA35} - System32\Tasks\{5A894DF6-971E-4012-937E-867340820B50} => pcalua.exe -a C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe -c /M{B98A34C0-A6A2-4087-B272-557C1C6D0A07}
Task: {6F3E3A57-9C56-4619-893B-2A6EEAC21C48} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-22] (Piriform Ltd)
Task: {7DB29D85-BE62-4292-9BF1-E87DF4405383} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)
Task: {81F0A997-6226-446A-9214-30354B107C25} - System32\Tasks\{27EFB552-D6D8-4D1B-BF0B-6437C9ADF7DD} => pcalua.exe -a "C:\Program Files\GameHouse\The Rise of Atlantis\GDFUninstall.exe" -d "C:\Program Files\GameHouse\The Rise of Atlantis"
Task: {8373807F-98CB-4B09-85E7-AD14798212E1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-01] (Google Inc.)
Task: {8FCFC650-8A05-42A0-9974-6978B9D11AC6} - System32\Tasks\{D913099B-469A-4779-A7DE-1AE0C2ADC6AE} => pcalua.exe -a C:\DELL\E-Center\UninstallTB.exe -d C:\Windows\system32
Task: {992FEA72-5302-4BE2-B35E-B417A23AE557} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-30905629-1660685971-3630012643-1000Core => C:\Users\Davie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-20] (Facebook Inc.)
Task: {99315673-E85E-4C73-A0B3-CA5DBA179345} - System32\Tasks\{9AEE2A97-A7DC-49C0-871E-76639E99EF06} => pcalua.exe -a C:\Users\Davie\Documents\I519-106.EXE -d C:\Users\Davie\Documents
Task: {A32288CB-C3F2-44C1-9ACC-22F933EAE8C3} - System32\Tasks\{6107023B-40B7-4271-96BB-1F283BC5B5F9} => pcalua.exe -a "C:\Users\Davie\AppData\Roaming\Google\Google Talk\uninstall.exe"
Task: {A83274D6-E6E0-4FED-A603-73B80BB18081} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-02-27] (AVAST Software)
Task: {C3A4CBB5-F05C-4C5B-B122-041EAB8AECD6} - System32\Tasks\{04111AD4-F525-4CF7-8019-6D339CDCA81F} => C:\Program Files\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {D2F12AD7-076E-4A61-8925-8E8B64D5658A} - System32\Tasks\RtlNICDiagVistaStart => C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe [2008-03-06] (Realtek)
Task: {E714106D-3CF1-4A04-8F20-2284D92C2A09} - System32\Tasks\{73D211A9-C77E-4245-9D51-9E3F1EF57902} => pcalua.exe -a C:\Users\Davie\AppData\Local\Apps\2.0\L1YMPGED.XGQ\1G05GZ07.40T\dell..tion_e30b47f5d4a30e9e_0005.000e_4ab3a7332dd76702\Uninstaller.exe -c uninstall
Task: {F589D1AB-5214-4408-A2D4-7CF67BFBCDBF} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RtlNICDiagVistaStart.job => C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{482C88B6-77D7-485C-AA97-80C9C2BCAB5A}.job => C:\Windows\system32\msfeedssync.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2015-02-27 11:51 - 2015-02-27 11:51 - 02151544 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxVMM.dll
2015-02-27 11:51 - 2015-02-27 11:51 - 00021488 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxREM.dll
2015-02-27 11:51 - 2015-02-27 11:51 - 04474224 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2015-03-06 07:41 - 2015-03-06 07:41 - 02918400 _____ () C:\Program Files\AVAST Software\Avast\defs\15030501\algo.dll
2012-10-12 11:00 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2015-02-27 11:51 - 2015-02-27 11:51 - 00317632 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2008-08-02 08:59 - 2008-06-13 19:34 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2015-02-27 11:51 - 2015-02-27 11:51 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-17 03:21 - 2014-10-17 03:21 - 00223744 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\7c1c70a15ac0d8b5995d970def1d0502\VistaBridgeLibrary.ni.dll
2015-02-11 05:00 - 2015-02-11 05:00 - 00750080 _____ () C:\Users\Davie\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-06 07:54 - 2015-03-06 07:54 - 00043008 _____ () c:\users\davie\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdb5nbg.dll
2015-02-11 05:00 - 2015-02-11 05:00 - 00047616 _____ () C:\Users\Davie\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-11 05:00 - 2015-02-11 05:00 - 00865280 _____ () C:\Users\Davie\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-11 05:00 - 2015-02-11 05:00 - 00200704 _____ () C:\Users\Davie\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-30905629-1660685971-3630012643-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Davie\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.0.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Ati External Event Utility => 2
MSCONFIG\Services: Brother XP spl Service => 2
MSCONFIG\Services: BrYNSvc => 3
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: SftService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Davie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk => C:\Windows\pss\OpenOffice.org 3.1.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: autodetect => C:\Windows\system32\SupportAppXL\AutoDect.exe
MSCONFIG\startupreg: AutoStartNPSAgent => C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: Exetender => "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
MSCONFIG\startupreg: Facebook Update => "C:\Users\Davie\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: FileHippo.com => "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background
MSCONFIG\startupreg: IndexSearch => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
MSCONFIG\startupreg: LifeCam => "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: Malwarebytes Anti-Malware (reboot) => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NeroCheck => C:\Windows\system32\NeroCheck.exe
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: PaperPort PTD => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
MSCONFIG\startupreg: PCMService => "C:\Program Files\Dell\MediaDirect\PCMService.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-30905629-1660685971-3630012643-500 - Administrator - Disabled)
Davie (S-1-5-21-30905629-1660685971-3630012643-1000 - Administrator - Enabled) => C:\Users\Davie
Guest (S-1-5-21-30905629-1660685971-3630012643-501 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/06/2015 08:10:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST.exe version 22.2.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 169c
Start Time: 01d057a1dc67f5d7
Termination Time: 5
 
Error: (03/06/2015 07:41:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/05/2015 11:39:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/04/2015 05:08:55 PM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.
 
Error: (03/04/2015 05:07:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/04/2015 08:31:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/27/2015 01:51:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/27/2015 00:14:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service comfix since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
 
Error: (02/27/2015 00:13:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service comfix since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
 
Error: (02/27/2015 00:10:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (03/06/2015 07:40:52 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: 2147942402
 
Error: (03/05/2015 00:42:37 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (03/05/2015 00:42:33 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (03/05/2015 11:39:01 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: 2147942402
 
Error: (03/04/2015 05:07:14 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: 2147942402
 
Error: (03/04/2015 08:42:44 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (03/04/2015 08:42:39 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (03/04/2015 08:34:03 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: MSCamSvc
 
Error: (03/04/2015 08:31:05 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: 2147942402
 
Error: (02/27/2015 01:51:17 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: 2147942402
 
 
Microsoft Office Sessions:
=========================
Error: (03/06/2015 08:10:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST.exe22.2.2015.0169c01d057a1dc67f5d75
 
Error: (03/06/2015 07:41:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/05/2015 11:39:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/04/2015 05:08:55 PM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.(NULL)(NULL)(NULL)(NULL)
 
Error: (03/04/2015 05:07:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/04/2015 08:31:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/27/2015 01:51:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/27/2015 00:14:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service comfix since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
 
Error: (02/27/2015 00:13:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service comfix since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
 
Error: (02/27/2015 00:10:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-07-16 09:07:24.226
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-15 18:23:15.719
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-14 18:05:51.194
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-14 18:05:50.972
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-14 18:05:50.746
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-14 18:05:50.516
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-14 16:23:12.685
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-14 16:23:12.457
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-14 16:23:12.230
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-14 16:23:12.001
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 39%
Total physical RAM: 3325.27 MB
Available physical RAM: 2019.5 MB
Total Pagefile: 6869.53 MB
Available Pagefile: 5656.22 MB
Total Virtual: 2047.88 MB
Available Virtual: 1915.69 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:410.46 GB) (Free:313.94 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:7.16 GB) NTFS
Drive f: (RECOVERY) (Fixed) (Total:40.23 GB) (Free:40.1 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 60000000)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=410.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=40.2 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#21
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,010 posts
  • MVP

Did you really run a boot-time scan?

 

 
  • Download RogueKiller  and save it on your desktop.  
  • Quit all programs 
  • Start RogueKiller.exe. 
  • Wait until Prescan has finished ...  
  • Click on Scan
  • RGKRScan.png    
  • Wait for the end of the scan.  
  • Send me the RKreport.txt located on your desktop.

    • 0

    #22
    Zambian

    Zambian

      Member

    • Topic Starter
    • Member
    • PipPip
    • 66 posts

     in C:\ProgramData\AVAST Software\Avast\report\ there are three txt.  files EmailSheildtxt.  FileSystemSheild.txt.  Websheild.txt   no aswBoot.txt file

     

    Yes i did run the boot scan and the report says virus found, but i am unable to copy the report, and it is too big to take a snapshot, also i was unable to find that in the Avast folder


    Edited by Zambian, 05 March 2015 - 11:29 PM.

    • 0

    #23
    Zambian

    Zambian

      Member

    • Topic Starter
    • Member
    • PipPip
    • 66 posts

    I keep getting a German language site when i klick on your link


    • 0

    #24
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,010 posts
    • MVP

    Try:

     

    http://www.adlice.co...res/roguekiller

     

    Downloads are toward the bottom.  You want the 32 bit version.


    • 0

    #25
    Zambian

    Zambian

      Member

    • Topic Starter
    • Member
    • PipPip
    • 66 posts

    well it seems like it has happened again, I post a log and when i return it has disappeared, Yes i downloaded Roguekiller from their home page and ran the program and posted the log, when i tried to rerun this morning i was told the program was outdated and i would need to download again which i did Here are the new KR report

     

    RogueKiller V10.5.2.0 [Mar  9 2015] by Adlice Software
     
    Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : Davie [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller.exe
    Mode : Scan -- Date : 03/10/2015  12:23:52
     
    ¤¤¤ Processes : 0 ¤¤¤
     
    ¤¤¤ Registry : 10 ¤¤¤
    [Suspicious.Path] HKEY_USERS\S-1-5-21-30905629-1660685971-3630012643-1000\Software\Microsoft\Windows\CurrentVersion\Run | DellSystemDetect : C:\Users\Davie\AppData\Local\Apps\2.0\L1YMPGED.XGQ\1G05GZ07.40T\dell..tion_e30b47f5d4a30e9e_0005.000e_4ab3a7332dd76702\DellSystemDetect.exe  -> Found
    [Hj.RegVal] HKEY_LOCAL_MACHINE\RK_Software_ON_D_18AF\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe  -> Found
    [PUM.StartMenu] HKEY_USERS\S-1-5-21-30905629-1660685971-3630012643-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0  -> Found
    [PUM.StartMenu] HKEY_USERS\S-1-5-21-30905629-1660685971-3630012643-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Found
    [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-30905629-1660685971-3630012643-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> Found
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_18AF\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_18AF\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
    [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-30905629-1660685971-3630012643-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> Found
     
    ¤¤¤ Tasks : 0 ¤¤¤
     
    ¤¤¤ Files : 0 ¤¤¤
     
    ¤¤¤ Hosts File : 2 ¤¤¤
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
    [C:\Windows\System32\drivers\etc\hosts] ::1       localhost
     
    ¤¤¤ Antirootkit : 8 (Driver: Loaded) ¤¤¤
    [IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CREATE[0] : Unknown @ 0x85fcd1f8
    [IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x85fcd1f8
    [IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x85fcd1f8
    [IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x85fcd1f8
    [IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_POWER[22] : Unknown @ 0x85fcd1f8
    [IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x85fcd1f8
    [IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_PNP[27] : Unknown @ 0x85fcd1f8
    [Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\system32\DRIVERS\1394BUS.SYS)
     
    ¤¤¤ Web browsers : 0 ¤¤¤
     
    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: ST3500620AS ATA Device +++++
    --- User ---
    [MBR] 30cb7ad1c12b2886795834a18526fd3d
    [BSP] f447cd3dc644cd931fe7f4d39e641310 : HP MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 78 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 161792 | Size: 15360 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 31619072 | Size: 420308 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 892410750 | Size: 41192 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK
     
    +++++ PhysicalDrive1: TEAC USB   HS-CF Card USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )
     
    +++++ PhysicalDrive2: TEAC USB   HS-xD/SM USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )
     
    +++++ PhysicalDrive3: TEAC USB   HS-MS Card USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )
     
    +++++ PhysicalDrive4: TEAC USB   HS-SD Card USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )
     
    +++++ PhysicalDrive5: Brother DCP-J315W USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )
     
     
    ============================================
    RKreport_SCN_03062015_131936.log

    • 0

    Advertisements


    #26
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,010 posts
    • MVP

    Rogue Killer found some hooks but doesn't know what they are.  I would just close the program if you haven't done so already.  Let's try:

     

    Get Process Explorer
     
    Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
     
    View, Select Column, check Verified Signer, OK
    Options, Verify Image Signatures
     
     
    Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
     
    Wait a full minute then:
     
    File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
     
     
    Get the free version of Speccy:
     
    http://www.filehippo...download_speccy  (Look in the upper right for the Download
    Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  
     
    Close all browsers and open progrms before running Speccy.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.)  Save the file and close notepad  Attach the file to your next post as it is usually too large for the forum (Click on More Reply Options then Choose file, select the file, Open, Attach this File) Uninstall Speccy.
     

    • 0

    #27
    Zambian

    Zambian

      Member

    • Topic Starter
    • Member
    • PipPip
    • 66 posts

    Here is the System Idle Process txt

     

    Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
    armsvc.exe 2,160 K 3,276 K 2364 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
    audiodg.exe 12,516 K 9,872 K 1148 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
    DockLogin.exe 1,188 K 3,516 K 1324 Dock Login Service Stardock Corporation (Verified) Stardock Corporation
    dpupdchk.exe 2,220 K 3,560 K 3764 dpupdchk.exe Microsoft Corporation (Verified) Microsoft Corporation
    dwm.exe 1,116 K 3,608 K 844 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
    ehmsas.exe 992 K 3,392 K 3972 Media Center Media Status Aggregator Service Microsoft Corporation (Verified) Microsoft Windows
    ehtray.exe 1,384 K 1,556 K 3884 Media Center Tray Applet Microsoft Corporation (Verified) Microsoft Windows
    GoogleCrashHandler.exe 2,536 K 1,000 K 3140 Google Crash Handler Google Inc. (Verified) Google Inc
    lsass.exe 4,836 K 9,968 K 692 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
    lsm.exe 2,204 K 3,780 K 704 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
    mobsync.exe 3,116 K 6,296 K 4680 Microsoft Sync Center Microsoft Corporation (Verified) Microsoft Windows
    MSCamS32.exe 14,416 K 10,436 K 2560 MsCamSvc.exe Microsoft Corporation (Verified) Microsoft Corporation
    services.exe 2,812 K 6,312 K 640 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
    SLsvc.exe 6,300 K 4,764 K 1188 Microsoft Software Licensing Service Microsoft Corporation (Verified) Microsoft Windows
    smss.exe 344 K 776 K 460 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 2,232 K 4,600 K 2604 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 600 K 2,044 K 2824 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 1,680 K 15,452 K 2460 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 2,440 K 4,572 K 1172 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 15,096 K 9,332 K 1860 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 3,704 K 6,448 K 860 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 48,052 K 45,644 K 4956 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 16,196 K 11,584 K 1028 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 9,016 K 11,092 K 1220 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 3,716 K 6,944 K 4332 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 3,780 K 5,960 K 936 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    taskeng.exe 2,096 K 5,676 K 1596 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
    taskeng.exe 1,456 K 4,404 K 3296 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
    taskeng.exe 9,580 K 8,644 K 2064 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
    TrustedInstaller.exe 12,716 K 15,788 K 5460 Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows
    unsecapp.exe 2,228 K 4,588 K 5232 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
    VSSVC.exe 9,404 K 13,300 K 4292 Microsoft® Volume Shadow Copy Service Microsoft Corporation (Verified) Microsoft Windows
    vVX1000.exe 1,604 K 4,248 K 3720 Microsoft LifeCam Device Application Microsoft Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
    wininit.exe 1,332 K 3,488 K 596 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
    winlogon.exe 2,088 K 4,892 K 668 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
    WLIDSVC.EXE 6,680 K 8,208 K 2864 Microsoft® Windows Live ID Service Microsoft Corp. (Verified) Microsoft Corporation
    WLIDSVCM.EXE 948 K 2,780 K 2948 Microsoft® Windows Live ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation
    WmiPrvSE.exe 9,804 K 14,084 K 5388 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
    WUDFHost.exe 2,936 K 4,316 K 3260 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
    Interrupts < 0.01 0 K 0 K n/a Hardware Interrupts and DPCs
    spoolsv.exe < 0.01 9,304 K 8,396 K 1836 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
    AvastVBoxSVC.exe < 0.01 9,932 K 13,508 K 3996 AvastVirtualBox Interface Avast Software (Verified) AVAST Software a.s.
    ipoint.exe < 0.01 7,940 K 15,000 K 3668 IPoint.exe Microsoft Corporation (Verified) Microsoft Corporation
    SearchIndexer.exe < 0.01 41,776 K 17,100 K 2888 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe < 0.01 6,824 K 6,244 K 2748 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    SASCORE.EXE < 0.01 2,084 K 3,248 K 2348 Core Service SUPERAntiSpyware.com (Verified) SUPERAntiSpyware.com
    afwServ.exe < 0.01 5,716 K 5,848 K 1628 avast! firewall service AVAST Software (Verified) AVAST Software a.s.
    InputPersonalization.exe < 0.01 6,384 K 4,996 K 2644 Input Personalization Server Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe < 0.01 98,836 K 99,592 K 1056 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    DellSystemDetect.exe < 0.01 24,656 K 22,596 K 3480 Dell System Detect Dell (Verified) Dell Inc.
    Dropbox.exe < 0.01 72,704 K 77,048 K 2212 Dropbox Dropbox, Inc. (Verified) Dropbox
    svchost.exe < 0.01 22,748 K 20,448 K 1468 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    c2c_service.exe < 0.01 3,056 K 4,708 K 2700 Skype C2C Service Skype Technologies S.A. (Verified) Skype Technologies SA
    CCleaner.exe < 0.01 9,772 K 9,628 K 1356 CCleaner Piriform Ltd (Verified) Piriform Ltd
    avastui.exe < 0.01 20,432 K 21,808 K 3768 avast! Antivirus AVAST Software (Verified) AVAST Software a.s.
    AvastSvc.exe < 0.01 104,672 K 37,600 K 1584 avast! Service AVAST Software (Verified) AVAST Software a.s.
    csrss.exe < 0.01 1,972 K 5,876 K 536 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
    DellDock.exe < 0.01 33,764 K 21,108 K 3148 Dell Dock Stardock Corporation (Verified) Stardock Corporation
    WinMail.exe < 0.01 35,612 K 38,480 K 1364 Windows Mail Microsoft Corporation (Verified) Microsoft Windows
    explorer.exe < 0.01 32,440 K 40,196 K 2136 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
    XAudio.exe < 0.01 820 K 2,288 K 3268 Modem Audio Service Conexant Systems, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
    WmiPrvSE.exe < 0.01 3,432 K 6,336 K 5304 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
    wmpnetwk.exe < 0.01 13,680 K 19,856 K 5800 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
    Skype.exe < 0.01 117,580 K 122,112 K 3036 Skype Skype Technologies S.A. (Verified) Skype Software Sarl
    csrss.exe < 0.01 11,128 K 11,376 K 608 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
    System < 0.01 0 K 44,236 K 4
    procexp.exe 0.39 24,080 K 31,104 K 6096 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
    svchost.exe 1.16 630,744 K 627,880 K 1068 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    System Idle Process 98.45 0 K 24 K 0

    • 0

    #28
    Zambian

    Zambian

      Member

    • Topic Starter
    • Member
    • PipPip
    • 66 posts

    Here is the file from Speccy

     

     

    Attached Files


    • 0

    #29
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,010 posts
    • MVP
     
    Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
     
    Reboot. 
     
    Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
    sfc  /scannow
     
    (This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
     
    Copy the next two lines:
     
    findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
    notepad \windows\logs\cbs\junk.txt 
     
    Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
    Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
     
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.
     
     
    Is it still slow?  Do you still get popups?

    • 0

    #30
    Zambian

    Zambian

      Member

    • Topic Starter
    • Member
    • PipPip
    • 66 posts

    Administer command log, hope i did that right,

     

    Microsoft Windows [Version 6.0.6002]
    Copyright © 2006 Microsoft Corporation.  All rights reserved.
     
    C:\Windows\system32>Microsoft Windows [Version 6.0.6002]
    'Microsoft' is not recognized as an internal or external command,
    operable program or batch file.
     
    C:\Windows\system32>Copyright © 2006 Microsoft Corporation.  All rights reserv
    ed.
    'Copyright' is not recognized as an internal or external command,
    operable program or batch file.
     
    C:\Windows\system32>
    C:\Windows\system32>C:\Windows\system32>sfc/scannow
    The system cannot find the path specified.
     
    C:\Windows\system32>
    C:\Windows\system32>Beginning system scan.  This process will take some time.
    'Beginning' is not recognized as an internal or external command,
    operable program or batch file.
     
    C:\Windows\system32>
    C:\Windows\system32>Beginning verification phase of system scan.
    'Beginning' is not recognized as an internal or external command,
    operable program or batch file.
     
    C:\Windows\system32>Verification 100% complete.
    'Verification' is not recognized as an internal or external command,
    operable program or batch file.
     
    C:\Windows\system32>Windows Resource Protection found corrupt files but was unab
    le to fix some of th
    'Windows' is not recognized as an internal or external command,
    operable program or batch file.
     
    C:\Windows\system32>em.
    'em.' is not recognized as an internal or external command,
    operable program or batch file.
     
    C:\Windows\system32>Details are included in the CBS.Log windir\Logs\CBS\CBS.log.
     For example
    'Details' is not recognized as an internal or external command,
    operable program or batch file.
     
    C:\Windows\system32>C:\Windows\Logs\CBS\CBS.log
    Access is denied.
     
    C:\Windows\system32>
    C:\Windows\system32>C:\Windows\system32>findstr/c."[SR]"\windows\logs\cbs\cbs.lo
    g>\windows\logs\cbs\
    The system cannot find the path specified.
     
    C:\Windows\system32>junk.txt
    'junk.txt' is not recognized as an internal or external command,
    operable program or batch file.
     
    C:\Windows\system32>FINDSTR: /c ignored
    'FINDSTR:' is not recognized as an internal or external command,
    operable program or batch file.
     
    C:\Windows\system32>FINDSTR: /. ignored
    'FINDSTR:' is not recognized as an internal or external command,
    operable program or batch file.
     
    C:\Windows\system32>FINDSTR: /[ ignored
    'FINDSTR:' is not recognized as an internal or external command,
    operable program or batch file.
     
    C:\Windows\system32>FINDSTR: /] ignored
    'FINDSTR:' is not recognized as an internal or external command,
    operable program or batch file.
     
    C:\Windows\system32>FINDSTR: /\ ignored
    'FINDSTR:' is not recognized as an internal or external command,
    operable program or batch file.
     
    C:\Windows\system32>FINDSTR: /w ignored
    'FINDSTR:' is not recognized as an internal or external command,
    operable program or batch file.
     
    C:\Windows\system32>FINDSTR: /d ignored
    'FINDSTR:' is not recognized as an internal or external command,
    operable program or batch file.
     
    C:\Windows\system32>FINDSTR: /w ignored
    'FINDSTR:' is not recognized as an internal or external command,
    operable program or batch file.
     
    C:\Windows\system32>FINDSTR: /\ ignored
    'FINDSTR:' is not recognized as an internal or external command,
    operable program or batch file.
     
    C:\Windows\system32>FINDSTR: /g ignored
    'FINDSTR:' is not recognized as an internal or external command,
    operable program or batch file.
     
    C:\Windows\system32>FINDSTR: /\ ignored
    'FINDSTR:' is not recognized as an internal or external command,
    operable program or batch file.
     
    C:\Windows\system32>FINDSTR: /c ignored
    'FINDSTR:' is not recognized as an internal or external command,
    operable program or batch file.
     
    C:\Windows\system32>FINDSTR: /\ ignored
    'FINDSTR:' is not recognized as an internal or external command,
    operable program or batch file.
     
    C:\Windows\system32>FINDSTR: /c ignored
    'FINDSTR:' is not recognized as an internal or external command,
    operable program or batch file.
     
    C:\Windows\system32>FINDSTR: /. ignored
    'FINDSTR:' is not recognized as an internal or external command,
    operable program or batch file.
     
    C:\Windows\system32>FINDSTR: /g ignored
    'FINDSTR:' is not recognized as an internal or external command,
    operable program or batch file.
     
    C:\Windows\system32>Specify only /L or /R.
    'Specify' is not recognized as an internal or external command,
    operable program or batch file.
     
    C:\Windows\system32>
    C:\Windows\system32>C:\Windows\system32>notepad\windows\logs\cbs\junk.txt
    The system cannot find the path specified.
     
    C:\Windows\system32>The system cannot find the path specified.
    'The' is not recognized as an internal or external command,
    operable program or batch file.
     
    C:\Windows\system32>
    C:\Windows\system32>C:\Windows\system32>
    The syntax of the command is incorrect.
    C:\Windows\system32>

    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP