[blondie53185]

EST Log

 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# EOSSerial=6f99defb4f02224d8bd3c5ea0f344a57
# end=init
# utc_time=2015-07-23 05:25:50
# local_time=2015-07-23 01:25:50 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.0.6002 NT Service Pack 2
Update Init
Update Download
Update Finalize
Updated modules version: 24944
# product=EOS
# version=8
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# EOSSerial=6f99defb4f02224d8bd3c5ea0f344a57
# end=updated
# utc_time=2015-07-23 05:31:34
# local_time=2015-07-23 01:31:34 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.0.6002 NT Service Pack 2
# product=EOS
# version=8
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=6f99defb4f02224d8bd3c5ea0f344a57
# engine=24944
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-07-23 09:56:18
# local_time=2015-07-23 05:56:18 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1=''
# compatibility_mode=5892 16776573 100 100 0 274287284 0 0
# scanned=478870
# found=7
# cleaned=0
# scan_time=15883
sh=2688CA41771CC9C5B318C60B8E4DAC94D479B00B ft=1 fh=5bd49792bb15c364 vn="a variant of Win32/Toolbar.Babylon.F potentially unwanted application" ac=I fn="C:\Windows.old\Users\Blondie\AppData\Local\Babylon\Setup\BExternal.dll"
sh=1B2801DD02E9D9B7F27789ED161BC1761943E921 ft=1 fh=8073091e54552e56 vn="a variant of Win32/Toolbar.Babylon.E potentially unwanted application" ac=I fn="C:\Windows.old\Users\Blondie\AppData\Local\Babylon\Setup\IECookieLow.dll"
sh=9ADB9EA752959E6945D58068CBC55FA04662D8AF ft=1 fh=1bf2c8288f6bd576 vn="a variant of Win32/Toolbar.Babylon.E potentially unwanted application" ac=I fn="C:\Windows.old\Users\Blondie\AppData\Local\Babylon\Setup\Setup.exe"
sh=911FE6ECC1594EC5CB87752C124BCECA91FA584D ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\Windows.old\Users\Blondie\AppData\Local\CRE\cpkbhnckbdnalgmkkiegjnegadodlden.crx"
sh=54F96D356C22699697C93C367D07949F4323F392 ft=1 fh=6cc653fc2f156ee9 vn="a variant of Win32/OpenInstall potentially unwanted application" ac=I fn="C:\Windows.old\Users\Blondie\AppData\Roaming\Microsoft\Windows\Cookies\Desktop\Speedtest_TuneUpUtilities2013_en-US.exe"
sh=1C5244967D8907B676C6CBCEEE6BD9F90F10CC6B ft=1 fh=51b3b1bbaa02ab32 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Windows.old\Users\Blondie\Downloads\PhotoScape_V3.6.2.exe"
sh=14AF605B79557CAA3C99633F0FADC7914BB92349 ft=1 fh=71eade1c84386124 vn="Win32/RegistryReviver potentially unwanted application" ac=I fn="C:\Windows.old\Windows\SysWOW64\IrfanView Setup\RegistryReviverSetup.exe"
 

[Advertisements]

Hi, the MBAM log looks good, and only a few things found by ESET. Let's go ahead and get rid of those. Also, please post the SecurityCheck log at your convenience.

One thing I want to point out: A couple things the ESET found, the Registry Reviver program and TuneUpUtilities program are very much not recommended. Program that say they can tune up, speed up, or clean the registry are nothing but trouble. Registry cleaners can break the registry to the point that the machine is unbootable, and tune up programs can cause just as much damage.

Let's remove the items ESET found.

Step 1: Fix with FRST

• Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
• Right-click in the open notepad and select Paste).
• Save it on the desktop as fixlist.txt
  
  NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
C:\Windows.old\Users\Blondie\AppData\Local\Babylon
C:\Windows.old\Users\Blondie\AppData\Local\CRE
C:\Windows.old\Users\Blondie\AppData\Roaming\Microsoft\Windows\Cookies\Desktop\Speedtest_TuneUpUtilities2013_en-US.exe
C:\Windows.old\Users\Blondie\Downloads\PhotoScape_V3.6.2.exe
C:\Windows.old\Windows\SysWOW64\IrfanView Setup\RegistryReviverSetup.exe
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

SecurityCheck Log

[pystryker]

Hi, the MBAM log looks good, and only a few things found by ESET. Let's go ahead and get rid of those. Also, please post the SecurityCheck log at your convenience.

One thing I want to point out: A couple things the ESET found, the Registry Reviver program and TuneUpUtilities program are very much not recommended. Program that say they can tune up, speed up, or clean the registry are nothing but trouble. Registry cleaners can break the registry to the point that the machine is unbootable, and tune up programs can cause just as much damage.

Let's remove the items ESET found.

Step 1: Fix with FRST

• Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
• Right-click in the open notepad and select Paste).
• Save it on the desktop as fixlist.txt
  
  NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
C:\Windows.old\Users\Blondie\AppData\Local\Babylon
C:\Windows.old\Users\Blondie\AppData\Local\CRE
C:\Windows.old\Users\Blondie\AppData\Roaming\Microsoft\Windows\Cookies\Desktop\Speedtest_TuneUpUtilities2013_en-US.exe
C:\Windows.old\Users\Blondie\Downloads\PhotoScape_V3.6.2.exe
C:\Windows.old\Windows\SysWOW64\IrfanView Setup\RegistryReviverSetup.exe
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

SecurityCheck Log

[blondie53185]

FYI:  After running your last 3 instructions, ending with the security check, Windows Explorer crashed. I had to reboot before beginning the FRST run.

[blondie53185]

I've run FRST and you can find the log below. I've noticed the directory Windows.old. This is because I thought the hard drive was going on this unit so I replaced it and gave this laptop to my daughter after finally thinking that I had all the malware cleaned up and had successfully reinstalled the operating system. When this machine first started giving my daughter problems, again I assumed the hd was on it's way out. I found a program online that showed the report from the built-in hard drive monitoring program. This report showed everything with the hd was fine. Should we remove the Windows.old or clean up this unit some other way? 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Haley at 2015-07-24 04:58:42 Run:2
Running from C:\Users\Haley\Desktop
Loaded Profiles: Haley (Available Profiles: Haley)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
C:\Windows.old\Users\Blondie\AppData\Local\Babylon
C:\Windows.old\Users\Blondie\AppData\Local\CRE
C:\Windows.old\Users\Blondie\AppData\Roaming\Microsoft\Windows\Cookies\Desktop\Speedtest_TuneUpUtilities2013_en-US.exe
C:\Windows.old\Users\Blondie\Downloads\PhotoScape_V3.6.2.exe
C:\Windows.old\Windows\SysWOW64\IrfanView Setup\RegistryReviverSetup.exe
End

*****************

Restore point was successfully created.
C:\Windows.old\Users\Blondie\AppData\Local\Babylon => moved successfully.
C:\Windows.old\Users\Blondie\AppData\Local\CRE => moved successfully.
C:\Windows.old\Users\Blondie\AppData\Roaming\Microsoft\Windows\Cookies\Desktop\Speedtest_TuneUpUtilities2013_en-US.exe => moved successfully.
C:\Windows.old\Users\Blondie\Downloads\PhotoScape_V3.6.2.exe => moved successfully.
C:\Windows.old\Windows\SysWOW64\IrfanView Setup\RegistryReviverSetup.exe => moved successfully.

==== End of Fixlog 04:59:24 ====

[pystryker]

FYI: After running your last 3 instructions, ending with the security check, Windows Explorer crashed. I had to reboot before beginning the FRST run.

No further crashes since then?
 

I've run FRST and you can find the log below. I've noticed the directory Windows.old. This is because I thought the hard drive was going on this unit so I replaced it and gave this laptop to my daughter after finally thinking that I had all the malware cleaned up and had successfully reinstalled the operating system. When this machine first started giving my daughter problems, again I assumed the hd was on it's way out. I found a program online that showed the report from the built-in hard drive monitoring program. This report showed everything with the hd was fine. Should we remove the Windows.old or clean up this unit some other way?

I think we can leave the Windows.old where it is. The scans picked some adware leftovers, none of which were affecting the operation of the machine, and we dealt with those. I'd like to run two scans. A rootkit scan, just to make sure nothing more nefarious is lurking and a fresh scan with FRST to make sure we got everything.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Malwarebytes Anti-Rootkit Scan

Please download Malwarebytes Anti-Rootkit to your Desktop

• Double-click the icon to start the tool.
• It will ask you where to extract it. Extracting to the Desktop will be fine. Then it will start.
• Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
• Click in the introduction screen "Next" to continue.
• Click in the following screen "Update" to obtain the latest malware definitions.
• Once the update is complete select "Next".
• In the next window, make sure that Drivers, Sectors, and System are checked. Then click "Scan".
• If an infection/s are found ensure "Create Restore Point" is checked, then select the "Cleanup Button" to remove threats.
• Or if you are sure any entries should be kept, just untick them. A list of infected files will be listed.
• The Clean up procedure will be Scheduled for process.
• When complete, the pop-up window will show you. Select the Yes button and the system should re-boot to complete the cleaning process.
• Open the MBAR folder, which is located on your Desktop and paste the content of the following files in your next reply:

"mbar-log-{date} (xx-xx-xx).txt"
"system-log.txt"


Step 2: Fresh FRST Scan

• Start Farbar's Recovery Scan Tool and press the Scan button.
• FRST will scan your system and produce one log this time. Please post it in your next reply.

Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

MBAR Logs

Fresh FRST.txt Log

[blondie53185]

No crashes since I last mentioned it:

 

MARBAR-LOG-2015-07-25:

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.07.25.03
  rootkit: v2015.07.22.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Haley :: HALEY-PC [administrator]

7/25/2015 4:24:36 PM
mbar-log-2015-07-25 (16-24-36).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 325739
Time elapsed: 14 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

[blondie53185]

SYSTEM LOG:

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 4223643648, free: 1651585024

Downloaded database version: v2015.07.25.03
Downloaded database version: v2015.07.22.01
Downloaded database version: v2015.07.20.01
Initializing...
======================
------------ Kernel report ------------
     07/25/2015 16:24:24
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\aswNdis2.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\aswNdis.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\bcmwl664.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimmpx64.sys
\SystemRoot\system32\DRIVERS\rixdpx64.sys
\SystemRoot\system32\DRIVERS\itecir.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\drivers\aswKbd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\hidir.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\drivers\aswTdi.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\aswRdr.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\aswHwid.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\??\C:\Windows\system32\drivers\mwac.sys
\SystemRoot\system32\DRIVERS\WSDPrint.sys
\SystemRoot\system32\DRIVERS\WSDScan.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\OA001Vid.sys
\SystemRoot\system32\DRIVERS\OA001Ufd.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2015.07.25.03
  rootkit: v2015.07.22.01

<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 18000000

Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 160587

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 161792  Numsec = 20971520

    Partition 2 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 21133312  Numsec = 604006400
    Partition file system is NTFS
    Partition is bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Done!
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-79BCEBB5C2C800078B0A1DEBBB64FC78A620B46E.bin.VF" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-79BCEBB5C2C800078B0A1DEBBB64FC78A620B46E.bin.VE1" is compressed (flags = 1)
Scan finished
------------ Kernel report ------------
     07/25/2015 16:56:41
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\aswNdis2.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\aswNdis.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\bcmwl664.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimmpx64.sys
\SystemRoot\system32\DRIVERS\rixdpx64.sys
\SystemRoot\system32\DRIVERS\itecir.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\drivers\aswKbd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\hidir.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\drivers\aswTdi.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\aswRdr.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\aswHwid.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\??\C:\Windows\system32\drivers\mwac.sys
\SystemRoot\system32\DRIVERS\WSDPrint.sys
\SystemRoot\system32\DRIVERS\WSDScan.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\OA001Vid.sys
\SystemRoot\system32\DRIVERS\OA001Ufd.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\Windows\System32\ntdll.dll
----------- End -----------
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-21133312-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

[blondie53185]

FRST.LOG

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-07-2015
Ran by Haley (administrator) on HALEY-PC (25-07-2015 18:11:37)
Running from C:\Users\Haley\Desktop
Loaded Profiles: Haley (Available Profiles: Haley)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Dropbox, Inc.) C:\Users\Haley\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3863040 2008-10-13] (Dell Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2014-11-02] (AVAST Software)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [BrStsMon00] => "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1849030827-776577423-3574151073-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1849030827-776577423-3574151073-1000\...\Run: [Dropbox Update] => C:\Users\Haley\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-14] (Dropbox, Inc.)
Startup: C:\Users\Haley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-07-14]
ShortcutTarget: Dropbox.lnk -> C:\Users\Haley\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Haley\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Haley\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Haley\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Haley\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Haley\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Haley\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Haley\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Haley\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-10-30] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1849030827-776577423-3574151073-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.c...&q={searchTerms}
HKU\S-1-5-21-1849030827-776577423-3574151073-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1849030827-776577423-3574151073-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-10-30] (AVAST Software)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-10-30] (AVAST Software)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{A4235AC5-5A89-47E1-8235-14B1A9D571DF}: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-10-29]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-30]

Chrome:
=======
CHR Profile: C:\Users\Haley\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Haley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-21]
CHR Extension: (Google Docs) - C:\Users\Haley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-21]
CHR Extension: (Google Drive) - C:\Users\Haley\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-21]
CHR Extension: (YouTube) - C:\Users\Haley\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-21]
CHR Extension: (Google Search) - C:\Users\Haley\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-21]
CHR Extension: (Google Sheets) - C:\Users\Haley\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-21]
CHR Extension: (Google Wallet) - C:\Users\Haley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-21]
CHR Extension: (AdZap
 Block ads across the web) - C:\Users\Haley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojnpdahnhojlgimjfcpnfmajngaljogh [2015-07-21]
CHR Extension: (Gmail) - C:\Users\Haley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-21]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-10-30]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-30] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-10-30] (AVAST Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2930688 2008-10-13] (Dell Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-30] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-10-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-02] (AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12368 2014-10-30] (ALWIL Software)
R0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [331504 2014-10-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-10-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-10-30] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-10-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-10-30] ()
S3 GemCCID; C:\Windows\System32\DRIVERS\GemCCID.sys [129792 2013-04-24] (Gemalto)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S3 USBCCID; C:\Windows\System32\DRIVERS\usbccid.sys [38400 2009-04-11] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-25 16:24 - 2015-07-25 17:01 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-07-25 16:22 - 2015-07-25 17:01 - 00000000 ____D C:\Users\Haley\Desktop\mbar
2015-07-25 16:21 - 2015-07-25 16:21 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Haley\Desktop\mbar-1.09.1.1004.exe
2015-07-23 20:06 - 2015-07-23 20:06 - 00852676 _____ C:\Users\Haley\Desktop\SecurityCheck.exe
2015-07-23 13:25 - 2015-07-23 13:25 - 00000000 ____D C:\Program Files (x86)\ESET
2015-07-23 13:21 - 2015-07-23 13:21 - 00001059 _____ C:\mbab.txt
2015-07-22 06:35 - 2015-07-23 06:34 - 00000000 ____D C:\AdwCleaner
2015-07-22 06:35 - 2015-07-22 06:35 - 02248704 _____ C:\Users\Haley\Desktop\AdwCleaner.exe
2015-07-22 06:30 - 2015-07-22 06:33 - 00001255 _____ C:\Users\Haley\Desktop\JRT.txt
2015-07-21 19:37 - 2015-07-21 19:37 - 00000000 ____D C:\Users\Haley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-21 06:50 - 2015-07-21 06:50 - 00029037 _____ C:\Users\Haley\Desktop\Addition.txt
2015-07-21 06:49 - 2015-07-25 18:11 - 00013449 _____ C:\Users\Haley\Desktop\FRST.txt
2015-07-21 06:49 - 2015-07-25 18:11 - 00000000 ____D C:\Users\Haley\Desktop\FRST-OlderVersion
2015-07-21 03:00 - 2015-07-14 12:02 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 03:00 - 2015-07-14 11:45 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 03:00 - 2015-07-14 10:34 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 03:00 - 2015-07-14 10:23 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-20 22:06 - 2015-07-20 22:06 - 00003114 _____ C:\Windows\System32\Tasks\avastBCLRestart_IEXPLORE.EXE
2015-07-16 03:14 - 2015-06-27 12:03 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-16 03:14 - 2015-06-27 12:03 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-16 03:14 - 2015-06-27 12:02 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-16 03:14 - 2015-06-27 12:02 - 00218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-16 03:14 - 2015-06-27 12:01 - 00801280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-07-16 03:14 - 2015-06-27 11:40 - 01304576 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-16 03:14 - 2015-06-27 11:40 - 00658944 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-16 03:14 - 2015-06-27 11:40 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-16 03:14 - 2015-06-27 11:39 - 01065472 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-07-16 03:14 - 2015-06-27 10:30 - 00278016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-16 03:14 - 2015-06-27 10:30 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-16 03:14 - 2015-06-12 09:13 - 00516544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-16 03:14 - 2015-01-08 20:28 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-16 03:13 - 2015-07-03 12:04 - 01316864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-16 03:13 - 2015-07-03 11:41 - 01916416 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-16 03:13 - 2015-06-24 23:09 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-16 03:12 - 2015-05-31 04:11 - 00225792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-16 03:12 - 2015-05-31 03:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-16 03:11 - 2015-06-17 12:50 - 02264576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-16 03:11 - 2015-06-17 12:23 - 03137536 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-16 03:11 - 2015-06-17 11:18 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-16 03:11 - 2015-06-17 11:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-16 03:11 - 2015-06-12 12:03 - 00304640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-16 03:11 - 2015-06-12 11:46 - 00390656 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 09:19 - 2015-07-03 02:18 - 17887744 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 09:19 - 2015-07-03 02:01 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 09:19 - 2015-07-03 01:31 - 12386304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 09:19 - 2015-07-03 01:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 09:14 - 2015-06-16 21:52 - 02343936 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 09:14 - 2015-06-16 21:50 - 10936320 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 09:14 - 2015-06-16 21:50 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 09:14 - 2015-06-16 21:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 09:14 - 2015-06-16 21:47 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 09:14 - 2015-06-16 21:46 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 09:14 - 2015-06-16 21:46 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 09:14 - 2015-06-16 21:46 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 09:14 - 2015-06-16 21:46 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 09:14 - 2015-06-16 21:46 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 09:14 - 2015-06-16 21:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 09:14 - 2015-06-16 21:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-07-15 09:14 - 2015-06-16 21:46 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 09:14 - 2015-06-16 21:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 09:14 - 2015-06-16 21:45 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 09:14 - 2015-06-16 21:45 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 09:14 - 2015-06-16 21:45 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 09:14 - 2015-06-16 21:45 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-07-15 09:14 - 2015-06-16 21:45 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-07-15 09:14 - 2015-06-16 21:45 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-07-15 09:14 - 2015-06-16 21:14 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 09:14 - 2015-06-16 21:12 - 09750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 09:14 - 2015-06-16 21:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 09:14 - 2015-06-16 21:10 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 09:14 - 2015-06-16 21:09 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 09:14 - 2015-06-16 21:09 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 09:14 - 2015-06-16 21:09 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 09:14 - 2015-06-16 21:09 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 09:14 - 2015-06-16 21:08 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 09:14 - 2015-06-16 21:08 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 09:14 - 2015-06-16 21:08 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 09:14 - 2015-06-16 21:08 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-07-15 09:14 - 2015-06-16 21:08 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 09:14 - 2015-06-16 21:08 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 09:14 - 2015-06-16 21:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 09:14 - 2015-06-16 21:08 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 09:14 - 2015-06-16 21:08 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 09:14 - 2015-06-16 21:08 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-07-15 09:14 - 2015-06-16 21:08 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-07-15 09:14 - 2015-06-16 21:08 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-07-15 07:39 - 2015-07-15 07:39 - 03034989 _____ (Malwarebytes Corporation) C:\Users\Haley\Desktop\JRT.exe
2015-07-15 07:35 - 2015-07-25 18:11 - 02146816 _____ (Farbar) C:\Users\Haley\Desktop\FRST64.exe
2015-07-15 07:25 - 2015-07-25 18:11 - 00000000 ____D C:\FRST
2015-07-15 07:25 - 2015-07-15 07:26 - 00025264 _____ C:\Users\Haley\Downloads\FRST.txt
2015-07-15 07:25 - 2015-07-15 07:26 - 00025145 _____ C:\Users\Haley\Downloads\Addition.txt
2015-07-15 07:23 - 2015-07-15 07:24 - 02133504 _____ (Farbar) C:\Users\Haley\Downloads\FRST64.exe
2015-07-15 07:14 - 2015-07-15 07:14 - 00000207 _____ C:\Windows\tweaking.com-regbackup-HALEY-PC-Windows-Vista-™-Home-Premium-(64-bit).dat
2015-07-15 07:13 - 2015-07-15 07:13 - 00000000 ____D C:\RegBackup
2015-07-15 03:55 - 2015-05-08 19:09 - 00861696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-07-15 03:55 - 2015-05-08 19:01 - 01212416 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-07-15 03:54 - 2015-05-04 18:51 - 10627584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-07-15 03:54 - 2015-05-04 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-07-15 03:54 - 2015-05-04 18:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-07-15 03:54 - 2015-05-04 18:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-07-15 03:54 - 2015-05-04 18:33 - 13427712 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-07-15 03:54 - 2015-05-04 18:33 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-07-15 03:54 - 2015-05-04 18:33 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-07-15 03:54 - 2015-05-04 18:32 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-07-15 03:54 - 2015-05-04 17:39 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-07-15 03:54 - 2015-05-04 17:21 - 08147456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-07-15 03:47 - 2015-04-24 11:54 - 00532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-07-15 03:47 - 2015-04-24 11:41 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-07-14 12:46 - 2015-07-25 10:07 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-14 12:45 - 2015-07-25 16:22 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-14 12:45 - 2015-07-14 12:45 - 00000943 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-14 12:45 - 2015-07-14 12:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-14 12:45 - 2015-07-14 12:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-14 12:45 - 2015-07-14 12:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-14 12:45 - 2015-06-18 08:41 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-14 12:45 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-14 12:27 - 2015-07-14 12:27 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_07_00.Wdf
2015-07-14 11:39 - 2015-07-25 17:50 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1849030827-776577423-3574151073-1000UA.job
2015-07-14 11:39 - 2015-07-25 10:13 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1849030827-776577423-3574151073-1000Core.job
2015-07-14 11:39 - 2015-07-20 21:45 - 00003802 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1849030827-776577423-3574151073-1000UA
2015-07-14 11:39 - 2015-07-20 21:45 - 00003406 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1849030827-776577423-3574151073-1000Core
2015-07-14 11:39 - 2015-07-14 11:39 - 00000000 ____D C:\Users\Haley\AppData\Local\Dropbox
2015-07-14 11:39 - 2015-07-14 11:39 - 00000000 ____D C:\ProgramData\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-25 18:06 - 2014-10-30 07:37 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-25 16:20 - 2008-01-20 21:53 - 01310627 _____ C:\Windows\WindowsUpdate.log
2015-07-25 12:06 - 2006-11-02 11:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-25 12:06 - 2006-11-02 11:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-25 10:20 - 2014-10-30 07:36 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-24 04:56 - 2006-11-02 08:46 - 00758626 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-24 04:51 - 2015-02-11 08:38 - 00000000 ___RD C:\Users\Haley\Dropbox
2015-07-24 04:51 - 2015-02-11 08:31 - 00000000 ____D C:\Users\Haley\AppData\Roaming\Dropbox
2015-07-24 04:49 - 2014-11-07 07:44 - 00000808 _____ C:\Windows\system32\spsys.log
2015-07-24 04:49 - 2006-11-02 11:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-24 04:47 - 2006-11-02 11:42 - 00020492 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-23 12:39 - 2014-10-30 08:38 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-22 05:59 - 2006-11-02 11:27 - 00027277 _____ C:\Windows\setupact.log
2015-07-21 03:18 - 2006-11-02 11:21 - 00237480 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-16 08:01 - 2014-10-30 07:37 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-16 08:01 - 2014-10-30 07:36 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-16 03:08 - 2014-10-29 14:27 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 04:31 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\rescache
2015-07-14 15:36 - 2008-01-20 23:26 - 00684180 _____ C:\Windows\PFRO.log
2015-07-14 13:51 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\Resources
2015-07-14 11:22 - 2015-06-04 10:20 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-07-03 08:43 - 2006-11-02 08:35 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

==================== Files in the root of some directories =======

2014-10-29 12:35 - 2014-10-29 13:37 - 0000732 _____ () C:\Users\Haley\AppData\Local\d3d9caps64.dat
2015-02-02 13:49 - 2015-02-02 13:49 - 0003584 _____ () C:\Users\Haley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Users\Haley\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpn6zwbn.dll
C:\Users\Haley\AppData\Local\Temp\Quarantine.exe
C:\Users\Haley\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-24 16:56

==================== End of log ============================

[pystryker]

Looks good, nothing showing in the MBAR log and nothing in the FRST log as well. Please post the SecurityCheck log, and we'll see if anything needs updating.

[blondie53185]

Finally - here is the Security Scan log. I'm having an issue with IE. It appears that every time I run anything you require, I have to close IE and reopen to post the results. I've checked my WiFi connection - my other computer is running just fine. I've run the Internet troubleshooter and it never finds a problem. When I attempt to paste and post a log file to you, the Internet just spins and spins (like for 10 minutes) causing me to finally close IE and reopen.

 

SECURITY SCAN:

 

 Results of screen317's Security Check version 1.005 
 Windows Vista Service Pack 2 x64 (UAC is enabled) 
 Internet Explorer 9 
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
avast! Antivirus  
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Google Chrome (44.0.2403.107)
 Google Chrome (44.0.2403.89)
````````Process Check: objlist.exe by Laurent```````` 
 Windows Defender MSASCui.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe  
 Windows Defender MSASCui.exe  
 windows defender MpCmdRun.exe  
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast afwServ.exe 
 AVAST Software Avast avastui.exe 
 AVAST Software Avast AvastEmUpdate.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 3 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

[pystryker]

Finally - here is the Security Scan log. I'm having an issue with IE. It appears that every time I run anything you require, I have to close IE and reopen to post the results. I've checked my WiFi connection - my other computer is running just fine. I've run the Internet troubleshooter and it never finds a problem. When I attempt to paste and post a log file to you, the Internet just spins and spins (like for 10 minutes) causing me to finally close IE and reopen.

Let's reset Internet Explorer back to it's default settings and see if that clears up the issue.



1.) Close all Internet Explorer windows that are currently open.

2.) Open the desktop, and then tap or click the Internet Explorer icon on the taskbar.

3.) Click the Tools button, , and then click Internet options.

4.) Click the Advanced tab, and then click Reset.

5.) In the Reset Internet Explorer Settings dialog box, click Reset.

6.) When Internet Explorer finishes applying default settings, click Close, and then click OK. You'll need to restart your PC for these changes to take effect.

Please let me know if this clears it up.

[blondie53185]

After closing IE to follow your instructions, I noticed I had a Windows Error - Host Process stopped working. Off to reset IE.

[blondie53185]

Ok, IE reset and I checked the IE security box. What's next?

[pystryker]

Hello

According to the SecurityCheck log, there's nothing to update and the last log from FRST was clear. So, let's remove my tools and create a clean restore point on the machine, and I believe we'll be done.


Step 1: Tool Removal with Delfix and Creation of a clean restore point

• Download Delfix from here
• Ensure Remove disinfection tools is ticked
  Also tick:
  • Create registry backup
  • Purge system restore
  • Reset System Settings
  
• Click Run

The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

• You can uninstall ESET Online Scanner at this time.
• I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.

Step 2: Tips, Information, and Optional Installation of Unchecky

• Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.
• Install and keep only one anti-virus on your machine. Update it and scan your machine with it at least once a week.
• Be careful of the websites you visit.
• When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take your time and read each screen as you go.

To help protect yourself while on the web, I recommend you read How did I get infected in the first place?


Installation of Unchecky

This is a very good little program that will automatically uncheck any boxes during a software installation. This helps prevent the software from installing any malware that is by default checked while the program is being installed.

• Click here to be taken to Unchecky.com
• Click the very large Download button.
• Click Save
• Once downloaded, double click the program (Vista, Win 7, and 8, right click and Run as Administrator)
• Once open, click the Install button.

Then click Finish




Unchecky is now installed and will help you keep unwanted check boxes unchecked.


Things I need to see in your next post

Delfix Log

[blondie53185]

# DelFix v10.8 - Logfile created 27/07/2015 at 08:20:52
# Updated 29/07/2014 by Xplode
# Username : Haley - HALEY-PC
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Haley\Desktop\FRST-OlderVersion
Deleted : C:\Users\Haley\Desktop\mbar
Deleted : C:\Users\Haley\Desktop\Addition.txt
Deleted : C:\Users\Haley\Desktop\AdwCleaner.exe
Deleted : C:\Users\Haley\Desktop\Fixlog.txt
Deleted : C:\Users\Haley\Desktop\FRST.txt
Deleted : C:\Users\Haley\Desktop\FRST64.exe
Deleted : C:\Users\Haley\Desktop\JRT.exe
Deleted : C:\Users\Haley\Desktop\JRT.txt
Deleted : C:\Users\Haley\Desktop\SecurityCheck.exe
Deleted : C:\Users\Haley\Downloads\Addition.txt
Deleted : C:\Users\Haley\Downloads\FRST.txt
Deleted : C:\Users\Haley\Downloads\FRST64.exe
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########