Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows 7 won't open Avast or Malwarebytes [Solved]

Virus

  • This topic is locked This topic is locked

#1
Sdub2032

Sdub2032

    New Member

  • Member
  • Pip
  • 7 posts
Hi, I'm hoping someone can help. I've looked on the forums and there are similar cases to mine but it seems like each one should be dealt with individually.
Something is wrong with my Windows 7 laptop, I'm not sure if it's connected to an ever-present USB virus that I can't seem to get rid of but now AVG deleted itself and wouldn't reinstall so I installed Avast and Malwarebytes but when it comes to opening them to do the scan neither of them will open.

Can anyone give me some advice or tell me how to get the computer working as it normally did because it's running much slower than normal.

Thanks in advance.
  • 0

Advertisements


#2
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Hi Sdub2032,

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

  • Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
  • Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.


- Save ALL Tools to your Desktop-

 

All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

Quoted from and used by permission of BrianDrab.  Thank you.


Let's get started....


Please download Farbar Recovery Scan Tool 32bit and save it to your Desktop.

Please download Farbar Recovery Scan Tool 64bit and save it to your Desktop.
 
Only one of these will run on your system; that is the correct one to have.

  • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • If an update is available, the program will inform you and download the update.  Allow it do this please.
  • Once the tool shows "The tool is ready to use." message, please press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#3
Sdub2032

Sdub2032

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Thanks for the fast reply.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-07-2015
Ran by Sam (administrator) on SAM-HP on 08-07-2015 17:21:15
Running from C:\Users\Sam\Desktop
Loaded Profiles: Sam (Available Profiles: Sam)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2013-01-06] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Yahoo Messenger] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-16] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [577408 2012-02-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-04-28] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-08] (Avast Software s.r.o.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-875823854-1062623708-1804306717-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-875823854-1062623708-1804306717-1002\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-875823854-1062623708-1804306717-1002\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-875823854-1062623708-1804306717-1002\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-875823854-1062623708-1804306717-1002\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-875823854-1062623708-1804306717-1002\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-875823854-1062623708-1804306717-1002\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-875823854-1062623708-1804306717-1002\...\MountPoints2: {d47d6c32-ef7d-11e2-84c1-2c41385d6dad} - G:\LaunchU3.exe -a
HKU\S-1-5-18\...\Run: [Copy] => C:\Users\Sam\AppData\Roaming\Copy\CopyAgent.exe [15414816 2015-04-07] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-08] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [1aCopyShExtError] -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => C:\Users\Sam\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-06-02] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [2aCopyShExtSynced] -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => C:\Users\Sam\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-06-02] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [3aCopyShExtSyncing] -> {F6378A7A-F753-449B-AE1B-997A96132E61} => C:\Users\Sam\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-06-02] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [4aCopyShExtSyncingProg1] -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => C:\Users\Sam\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-06-02] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [5aCopyShExtSyncingProg2] -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => C:\Users\Sam\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-06-02] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [6aCopyShExtSyncingProg3] -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => C:\Users\Sam\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-06-02] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [7aCopyShExtSyncingProg4] -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => C:\Users\Sam\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-06-02] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [8aCopyShExtSyncingProg5] -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => C:\Users\Sam\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-06-02] (Barracuda Networks, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://securityrespo...r/fix_homepage/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://securityrespo...r/fix_homepage/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/
HKU\S-1-5-21-875823854-1062623708-1804306717-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/we...&l=dis&o=HPNTDF
SearchScopes: HKLM -> {7E2E1EC1-FB5C-45D9-A1FE-91E0FEA415F3} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yah...psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/we...&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {7E2E1EC1-FB5C-45D9-A1FE-91E0FEA415F3} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yah...psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKU\S-1-5-21-875823854-1062623708-1804306717-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-875823854-1062623708-1804306717-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-875823854-1062623708-1804306717-1002 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKU\S-1-5-21-875823854-1062623708-1804306717-1002 -> {7E2E1EC1-FB5C-45D9-A1FE-91E0FEA415F3} URL =
SearchScopes: HKU\S-1-5-21-875823854-1062623708-1804306717-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
SearchScopes: HKU\S-1-5-21-875823854-1062623708-1804306717-1002 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\S-1-5-21-875823854-1062623708-1804306717-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Expat Shield Class -> {3706EE7C-3CAD-445D-8A43-03EBC3B75908} -> C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll No File
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-08] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: No Name -> {53707962-6F74-2D53-2644-206D7942484F} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-15] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-08] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-15] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab
DPF: HKLM-x32 {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
DPF: HKLM-x32 {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://zone.msn.com/...on.cab64162.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-09-02] (EasyBits Software Corp.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{72C28FC5-FDC2-4659-8838-11C5C3784931}: [DhcpNameServer] 195.175.39.40 195.175.39.39
Tcpip\..\Interfaces\{A02B5C7F-027E-4BDA-9E5D-2F23502154FE}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{A98478EB-20F4-46C4-95DB-9C99B93760A9}: [NameServer] 195.46.39.39,195.46.39.40
Tcpip\..\Interfaces\{A98478EB-20F4-46C4-95DB-9C99B93760A9}: [DhcpNameServer] 192.168.43.1

FireFox:
========
FF ProfilePath: C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\9xg61g5e.default
FF SearchEngineOrder.1: Mixi.DJ Search
FF SelectedSearchEngine: Google
FF Homepage: https://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-07-05] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-07-05] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-31] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll [2012-05-14] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
FF Plugin HKU\S-1-5-21-875823854-1062623708-1804306717-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Sam\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF user.js: detected! => C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\9xg61g5e.default\user.js [2015-06-02]
FF SearchPlugin: C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\9xg61g5e.default\searchplugins\mixidj.xml [2013-09-02]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-05-31]
FF Extension: British English Dictionary - C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\9xg61g5e.default\Extensions\[email protected] [2012-01-31]
FF Extension: DivX Web Player - C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\9xg61g5e.default\Extensions\[email protected] [2012-06-29]
FF Extension: Adblock Plus - C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\9xg61g5e.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-04]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2015-06-02]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-06-02]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-08]

Chrome:
=======
CHR Profile: C:\Users\Sam\AppData\Local\Google\Chrome\User Data\default
CHR Extension: (Google Docs) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-18]
CHR Extension: (Google Drive) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-18]
CHR Extension: (YouTube) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-18]
CHR Extension: (Adblock Plus) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-08]
CHR Extension: (Google Search) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-31]
CHR Extension: (Skype Click to Call) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-03-10]
CHR Extension: (Google Wallet) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-18]
CHR Extension: (Gmail) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-18]
CHR HKLM-x32\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\Sam\AppData\Local\Temp\ccex.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-08]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-04-02] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-08] (Avast Software s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [647680 2015-01-01] (Macrovision Europe Ltd.) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-12-25] (Realsil Microelectronics Inc.) [File not signed]
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-07-08] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-07-08] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-08] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-07-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-07-08] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-08] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-07-08] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-07-08] ()
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-24] (DT Soft Ltd)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [X]
U0 sr; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-08 17:21 - 2015-07-08 17:21 - 00025255 _____ C:\Users\Sam\Desktop\FRST.txt
2015-07-08 17:20 - 2015-07-08 17:21 - 00000000 ____D C:\FRST
2015-07-08 17:20 - 2015-07-08 17:20 - 02112512 _____ (Farbar) C:\Users\Sam\Desktop\FRST64.exe
2015-07-08 17:20 - 2015-07-08 17:20 - 01636352 _____ (Farbar) C:\Users\Sam\Desktop\FRST.exe
2015-07-08 16:23 - 2015-07-08 16:23 - 01415680 _____ (wj32) C:\Program Files\2SLE4X9E.exe
2015-07-08 16:01 - 2015-07-08 16:55 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-08 16:01 - 2015-07-08 16:01 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-08 16:00 - 2015-07-08 16:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-08 16:00 - 2015-07-08 16:00 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Sam\Desktop\mbam-setup-2.1.8.1057.exe
2015-07-08 16:00 - 2015-07-08 16:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-08 16:00 - 2015-07-08 16:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-08 16:00 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-08 16:00 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-08 16:00 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-08 15:58 - 2015-07-08 15:58 - 00000000 ____D C:\Users\Sam\AppData\Roaming\AVAST Software
2015-07-08 15:57 - 2015-07-08 15:57 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-07-08 15:57 - 2015-07-08 15:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-07-08 15:57 - 2015-07-08 15:51 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-07-08 15:51 - 2015-07-08 15:58 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-08 15:51 - 2015-07-08 15:57 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-07-08 15:51 - 2015-07-08 15:51 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-07-08 15:51 - 2015-07-08 15:51 - 00272248 _____ C:\Windows\system32\Drivers\aswVmm.sys
2015-07-08 15:51 - 2015-07-08 15:51 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-07-08 15:51 - 2015-07-08 15:51 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-07-08 15:51 - 2015-07-08 15:51 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-07-08 15:51 - 2015-07-08 15:51 - 00065736 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2015-07-08 15:51 - 2015-07-08 15:51 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-07-08 15:51 - 2015-07-08 15:51 - 00029168 _____ C:\Windows\system32\Drivers\aswHwid.sys
2015-07-08 15:49 - 2015-07-08 15:49 - 00000000 ____D C:\Program Files\AVAST Software
2015-07-08 15:48 - 2015-07-08 15:48 - 05481336 _____ (Avast Software s.r.o.) C:\Users\Sam\Desktop\avast_free_antivirus_setup_online_cnet.exe
2015-07-08 15:41 - 2015-07-08 15:41 - 00000000 ____D C:\Users\Sam\AppData\Local\Avg2015
2015-07-06 22:33 - 2015-07-07 21:38 - 00000324 _____ C:\Windows\Tasks\HPCeeScheduleForSam.job
2015-07-06 22:33 - 2015-07-06 22:33 - 00003174 _____ C:\Windows\System32\Tasks\HPCeeScheduleForSam
2015-07-06 00:37 - 2015-07-06 00:42 - 176214804 _____ C:\Users\Sam\Downloads\www.tfpdl.com-PD201480p.mkv
2015-06-30 14:22 - 2015-06-30 14:22 - 00003156 _____ C:\Windows\System32\Tasks\{3C67F5A7-1B8F-4DAE-B528-18C73FC6A1FE}
2015-06-28 21:10 - 2015-05-30 22:34 - 04928968 _____ (AVG Technologies) C:\Users\Sam\Desktop\avg_free_stb_all_5961p1_177.exe
2015-06-22 19:36 - 2015-07-06 20:35 - 00000000 ____D C:\Users\Public\Documents\DAEMON Tools Images
2015-06-09 13:55 - 2015-06-09 13:55 - 00000000 ____D C:\Users\Sam\Downloads\Penny.Dreadful.S02E01.720p.HDTV.x264-IMMERSE [GloDLS]
2015-06-09 13:48 - 2015-06-09 13:48 - 00000000 ____D C:\Users\Sam\Downloads\Avengers Age of Ultron 2015 NEW SOURCE 720p HDTS XVID MP3 TiTAN

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-08 17:21 - 2009-07-14 08:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-08 17:19 - 2014-04-07 14:53 - 01320996 _____ C:\Windows\WindowsUpdate.log
2015-07-08 17:15 - 2014-10-10 19:59 - 00000000 ____D C:\Users\Sam\AppData\Roaming\Copy
2015-07-08 17:15 - 2014-08-07 21:37 - 00036786 _____ C:\Windows\setupact.log
2015-07-08 17:15 - 2014-04-08 22:07 - 01233640 _____ C:\Windows\PFRO.log
2015-07-08 17:15 - 2013-09-18 21:05 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-08 17:15 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-08 17:14 - 2011-12-15 00:28 - 00000000 ____D C:\Program Files (x86)\uTorrentBar
2015-07-08 16:47 - 2014-12-14 17:06 - 00000000 ____D C:\Users\Sam\Desktop\translate
2015-07-08 16:37 - 2013-09-18 21:05 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-08 16:31 - 2009-07-14 07:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-08 16:31 - 2009-07-14 07:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-08 16:24 - 2012-04-17 09:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-08 15:48 - 2015-02-14 23:20 - 00000000 ____D C:\ProgramData\AVAST Software
2015-07-08 15:43 - 2011-12-03 14:30 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C5157F46-5DE1-4421-9423-14CF1C7CA347}
2015-07-08 15:42 - 2015-05-30 22:34 - 00000000 ____D C:\ProgramData\MFAData
2015-07-08 15:40 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-08 13:57 - 2011-12-12 21:38 - 00000920 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-875823854-1062623708-1804306717-1002UA.job
2015-07-08 11:59 - 2013-12-30 14:17 - 00000000 ____D C:\Users\Sam\Documents\Calibre Library
2015-07-08 11:57 - 2014-06-16 11:25 - 00000000 ____D C:\Users\Sam\AppData\Local\Adobe
2015-07-06 22:33 - 2011-12-03 14:24 - 00000000 ____D C:\Users\Sam
2015-07-06 11:45 - 2015-01-22 20:55 - 00000000 ____D C:\Users\Sam\Desktop\Yagmur
2015-07-06 00:41 - 2011-12-15 00:27 - 00000000 ____D C:\Users\Sam\AppData\Roaming\uTorrent
2015-07-05 13:24 - 2012-04-17 09:38 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-05 13:24 - 2012-04-17 09:38 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-05 13:24 - 2011-12-03 14:49 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-03 17:12 - 2011-12-12 21:38 - 00000898 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-875823854-1062623708-1804306717-1002Core.job
2015-06-28 21:17 - 2012-01-08 12:38 - 00000000 ____D C:\Users\Sam\AppData\Local\CrashDumps
2015-06-28 17:11 - 2011-12-05 02:45 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-06-27 17:24 - 2015-06-02 10:49 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-06-26 20:41 - 2013-09-18 21:08 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-14 19:49 - 2012-11-20 15:07 - 00000000 ____D C:\Users\Sam\Documents\My Kindle Content
2015-06-09 12:29 - 2014-10-10 20:30 - 00000000 ___RD C:\Users\Sam\Copy

==================== Files in the root of some directories =======

2015-07-08 16:23 - 2015-07-08 16:23 - 1415680 _____ (wj32) C:\Program Files\2SLE4X9E.exe
2012-12-11 12:04 - 2015-05-24 14:18 - 0009216 _____ () C:\Users\Sam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-16 20:26 - 2013-08-16 20:26 - 0000011 _____ () C:\ProgramData\.tv7

Some files in TEMP:
====================
C:\Users\Sam\AppData\Local\Temp\cdo1794648652.dll
C:\Users\Sam\AppData\Local\Temp\cdo2869434488.dll
C:\Users\Sam\AppData\Local\Temp\cdo4226283158.dll
C:\Users\Sam\AppData\Local\Temp\cdo460177648.dll
C:\Users\Sam\AppData\Local\Temp\UNINSTALL.EXE


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-03 15:45

==================== End of log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-07-2015
Ran by Sam at 2015-07-08 17:22:19
Running from C:\Users\Sam\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-875823854-1062623708-1804306717-500 - Administrator - Disabled)
Guest (S-1-5-21-875823854-1062623708-1804306717-501 - Limited - Disabled)
Sam (S-1-5-21-875823854-1062623708-1804306717-1002 - Administrator - Enabled) => C:\Users\Sam

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-875823854-1062623708-1804306717-1002\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 6.2 - PainteR)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
Amazon Kindle (HKU\S-1-5-21-875823854-1062623708-1804306717-1002\...\Amazon Kindle) (Version:  - Amazon)
AMD System Monitor (HKLM-x32\...\{C1C82DC9-1547-4038-8F0A-C069F0B7F2ED}) (Version: 1.0.5 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{942836D4-5395-652B-F1E8-A7C5B039910C}) (Version: 3.0.820.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Broadcom 2070 Bluetooth 3.0 (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6300 - Broadcom Corporation)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.100.82.140 - Broadcom Corporation)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.68.1077 - AB Team, d.o.o.)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
calibre (HKLM-x32\...\{D0AA226A-712B-4119-9B28-ABEDD936720F}) (Version: 1.26.0 - Kovid Goyal)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Copy (HKLM\...\{580C53DC-DBA8-457B-8766-34C60F754BBD}) (Version: 3.2.1.481 - Barracuda Networks, Inc.)
CopyTrans Suite Remove Only (HKU\S-1-5-21-875823854-1062623708-1804306717-1002\...\CopyTrans Suite) (Version: 2.32 - WindSolutions)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.3922 - CyberLink Corp.)
CYL Flyers (HKLM-x32\...\CYL Flyers 1.0) (Version: 1.0 - Oxford University Press)
CYL Movers (HKLM-x32\...\CYL Movers 1.0) (Version: 1.0 - Oxford University Press)
CYL Starters (HKLM-x32\...\CYL Starters 1.0) (Version: 1.0 - Oxford University Press)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{DFB497E0-CE3F-40FC-9596-FC7A48775DE4}) (Version: 4.1.16.1 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{795AADBF-58C2-42D0-B779-E730702A247E}) (Version: 4.0.45.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{C1C43BC8-2460-4E01-9628-332E04523BDC}) (Version: 1.2.0.0 - Hewlett-Packard)
HP DVB-T TV Tuner 8.0.64.43 (HKLM-x32\...\HP DVB-T TV Tuner) (Version: 8.0.64.43 - )
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{00A42832-B21A-4296-B5F4-D296D0BC4A3E}) (Version: 2.6.3 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{1DFA0C99-6E2E-46F4-B242-51C7CF41DDE5}) (Version: 4.5.12.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
IBM SPSS Statistics 20 (HKLM-x32\...\{2AF8017B-E503-408F-AACE-8A335452CAD2}) (Version: 20.0.0.0 - IBM Corp)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6381.0 - IDT)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 10.0.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.0.0 - )
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Minecraft1.7.2 (HKLM-x32\...\Minecraft1.7.2) (Version:  - )
Mozilla Firefox 38.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-GB)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MPC-HC 1.6.8 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.6.8.7417 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-875823854-1062623708-1804306717-1002\...\MyFreeCodec) (Version:  - )
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Primary i-Dictionary Classroom version (HKLM-x32\...\Primary i-Dictionary Classroom version_is1) (Version:  - )
Product Library (HKLM\...\Product Library) (Version: 4.2.1909 - KYOCERA Document Solutions Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15045.4 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.15045.4 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
Speakout Elementary ActiveTeach (HKLM-x32\...\9781408216477-SPKOUTEAT) (Version:  - Pearson Education)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
uTorrentBar Toolbar (HKLM-x32\...\uTorrentBar Toolbar) (Version: 6.8.2.0 - uTorrentBar) <==== ATTENTION
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.36 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.10 beta 5 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.5 - win.rar GmbH)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 05:34 - 2012-11-20 13:00 - 00444833 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00E0516D-EB49-4B7E-9AC0-2259F2C58F44} - System32\Tasks\{73F516C3-D005-48C7-A48E-F6E04AC5A2D4} => C:\Program Files (x86)\Championship Manager 01-02\Editor\cm0102ed.exe
Task: {03E446DE-99AB-444F-8E9B-25249342F378} - System32\Tasks\DefaultReg => c:\Users\All Users\dtdata\R001.exe <==== ATTENTION
Task: {12BC7E6D-DCC6-4A58-BACF-2125BD5682DA} - System32\Tasks\{AC0C487A-CE76-4ADF-9FB9-8D785797FA43} => C:\Users\Sam\Desktop\CM\cm0102.exe
Task: {141B5A82-2AC5-480B-9E69-B622A358BC3C} - System32\Tasks\{FE3C5CBE-D85A-4A3F-BCA3-77B9AA865F81} => C:\Program Files (x86)\Football Manager 2013\fm.exe
Task: {14EC6C14-EE55-4B0E-B482-05EFD6047607} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-06-16] (Hewlett-Packard)
Task: {2818FBF3-190B-477D-91CE-36F692160154} - System32\Tasks\avastBCLRestartS-1-5-21-875823854-1062623708-1804306717-1002 => Firefox.exe
Task: {2C8DC1CA-1177-4DFE-B755-079D3D712B57} - System32\Tasks\{E1FDB907-F994-4A5B-96A8-175470A30902} => C:\Users\Sam\Desktop\CM\cm0102.exe
Task: {3A639165-EC8A-4384-AFDE-41C4AC166470} - System32\Tasks\{C3097AAC-D8C3-49A9-B821-5790BF260BEF} => C:\Program Files (x86)\Football Manager 2013\fm.exe
Task: {3E23848E-2221-4D1D-8236-62E8B4A17658} - System32\Tasks\{52C287F6-E843-4467-8B46-93612CBA6B09} => C:\Program Files (x86)\Championship Manager 01-02\cm0102.exe
Task: {4144E95B-A4BB-4BB9-830B-3CB5B0300D59} - System32\Tasks\{ED805481-089D-4ACF-8B7B-7F413168AA2E} => pcalua.exe -a F:\Installer.EXE -d F:\
Task: {49114096-7645-4483-AE02-86C49DD59ABD} - System32\Tasks\DefaultCheck => c:\Users\All Users\dtdata\R002.exe <==== ATTENTION
Task: {57365CD3-1E7A-4017-AFC4-4EE77884B9F9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-08] (Avast Software s.r.o.)
Task: {5C3627FB-5D70-4E2B-8EDB-0A1C22FB5810} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-875823854-1062623708-1804306717-1002UA => C:\Users\Sam\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {5DCF5ECC-1E85-4A9E-A5DD-B0F5239DDFAC} - System32\Tasks\{39DEE2C6-3958-4C66-9D53-898C6BC11D46} => Firefox.exe http://ui.skype.com/...?LastError=1603
Task: {5F32E2AE-6CCD-42F0-AF51-A4AD050212F1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-18] (Google Inc.)
Task: {6C417A64-C2D9-40F6-9AB1-EDB42D38859F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-18] (Google Inc.)
Task: {6C5C265F-6F8F-4E88-A5D9-B67CE756B5A6} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-875823854-1062623708-1804306717-1002Core => C:\Users\Sam\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {825E4A4C-2B6D-4A81-82AE-1E02CAD8BCA6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-05] (Adobe Systems Incorporated)
Task: {83935009-025E-4E27-BDF5-4BBC6EC67277} - System32\Tasks\{46E33CE3-E013-4F15-A140-D4B8EF4FB64C} => C:\Users\Sam\Desktop\Crack\cm0102.exe
Task: {8866DC9F-C0F5-4B96-8E1D-A2E359A60337} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard)
Task: {88AECCEE-03EF-40AE-88CC-A3A36820DA8B} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-22] (CyberLink)
Task: {8F579F83-B2A7-4280-8EB2-C0A4F73B1833} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard)
Task: {A9013897-C485-4A51-A895-5EAD8E55E6A1} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-01-31] ()
Task: {A9CB2BBA-7014-45B7-818C-D5FE88449B7F} - System32\Tasks\{20E1B135-D36E-4999-BC85-8DBA789FF5BC} => C:\Program Files (x86)\Football Manager 2013\fm.exe
Task: {AAC71206-B72C-4C0B-9106-5F7D5C97DD1F} - System32\Tasks\HPCeeScheduleForSam => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {BBDF443C-0876-4429-9C12-A52FD1868429} - System32\Tasks\{E47FE976-139E-41CD-92D6-8B4FC7F5ACC1} => Firefox.exe http://www.skype.com...LastError=12002
Task: {BC65B8DE-C098-4BEF-B6E1-DA04494AA757} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CC13A64C-CE73-49F3-891F-D2D0916D741C} - System32\Tasks\{24A75256-B39F-4258-93EC-20C1130BAFF4} => C:\Program Files (x86)\Championship Manager 01-02\Editor\cm0102ed.exe
Task: {D51BE219-3616-4B6E-98E2-5F203944F075} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-06-16] (Hewlett-Packard)
Task: {DA68A79E-793F-4651-9424-500958751E38} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2015-06-17] (Microsoft)
Task: {DDEC5542-1980-45E9-90FE-2AF0EA26A5F8} - System32\Tasks\{3C67F5A7-1B8F-4DAE-B528-18C73FC6A1FE} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe" -c /AppMode=SETUP /Uninstall /UDS=1
Task: {E4861DDC-EB9B-4A4E-8EA9-D54D18355F81} - System32\Tasks\BrowserDefendert => Sc.exe start BrowserDefendert <==== ATTENTION
Task: {E5767786-E53C-486C-ADA1-45E00032FDBA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {EC15CA03-F31A-42BC-968C-AEAF76C9C454} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {ECA46AD7-CC80-4A4B-AB53-5C1EAAC439A3} - System32\Tasks\AdobeAAMUpdater-1.0-Sam-HP-Sam => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)
Task: {F0810B1E-081E-45B3-8EE5-B52CD89EFDF7} - System32\Tasks\{AFF1D259-BF9C-4ACC-992A-D6E41794A08B} => C:\Program Files (x86)\Football Manager 2013\fm.exe
Task: {F53538D0-B204-4A68-B7CE-83694A6CDF8E} - System32\Tasks\{5A64CC0A-6FD5-4ED5-ACBA-B130399BAF8B} => C:\Program Files (x86)\Football Manager 2013\fm.exe
Task: {FE93C357-D568-414C-AAF2-D27D230E0BE8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-875823854-1062623708-1804306717-1002Core.job => C:\Users\Sam\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-875823854-1062623708-1804306717-1002UA.job => C:\Users\Sam\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForSam.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2012-01-03 16:21 - 2012-01-03 15:16 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2011-04-02 09:06 - 2011-04-02 09:06 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2011-04-02 09:06 - 2011-04-02 09:06 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-03-04 22:25 - 2011-03-04 22:25 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-04-02 08:57 - 2011-04-02 08:57 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-06-24 12:21 - 2010-06-24 12:21 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll
2015-07-08 15:51 - 2015-07-08 15:51 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-08 15:51 - 2015-07-08 15:51 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-08 15:51 - 2015-07-08 15:51 - 02956288 _____ () C:\Program Files\AVAST Software\Avast\defs\15070800\algo.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-08 15:51 - 2015-07-08 15:51 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2010-06-24 12:19 - 2010-06-24 12:19 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7774 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-875823854-1062623708-1804306717-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 172.20.10.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCEPServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Facebook Update => "C:\Users\Sam\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: iCloudDrive => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{12EED37E-07F6-4245-AC48-0D393F1CD131}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{4819A42A-DE98-483C-BBB3-F3F9C44BEC3A}] => (Allow) LPort=2869
FirewallRules: [{3F4E8C9E-4234-48C7-BB90-9D0F7FC0AFC7}] => (Allow) LPort=1900
FirewallRules: [{56F15EA8-5180-40DC-B4EA-AA542272B837}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{BEA90C6C-899D-43A7-BFC1-FCF5F511E309}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{8843DE93-4285-4F7D-A31B-71CD24F24BC0}] => (Allow) C:\Windows\system32\ezSharedSvcHost.exe
FirewallRules: [{9FCA2FE9-D39D-4764-9466-3D5390F538C6}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\ezDesktop.exe
FirewallRules: [{D52C9054-8212-4E42-941A-4B0B8A04DA49}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{AEBB6D16-F3C3-4F70-AF4E-7EC937BE8273}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6D531230-58AB-4797-81D8-F03094ACC383}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CDF4300E-1133-43C0-A5B7-C4989340344E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D18973DC-445A-45B3-8B44-662117D7CD21}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{156DCB6F-E60D-4E09-BF38-CA70781F0B39}C:\program files (x86)\calibre2\calibre.exe] => (Block) C:\program files (x86)\calibre2\calibre.exe
FirewallRules: [UDP Query User{3C9775A2-87C4-4357-9FA9-9724759E6CCE}C:\program files (x86)\calibre2\calibre.exe] => (Block) C:\program files (x86)\calibre2\calibre.exe
FirewallRules: [{C0799FED-7CF6-4D3F-81A1-2D76F1C7F2F6}] => (Allow) C:\Users\Sam\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{20F6A379-08F8-4528-8822-0A904AD0B3AD}] => (Allow) C:\Users\Sam\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0433A5C6-E308-4BD4-ACA8-6F5767263042}] => (Allow) C:\Users\Sam\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{6B7548BB-548B-4BDA-BC09-B9CE1909FF38}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{6497CEA8-087B-431F-AD86-60A16942DD0A}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\20\stats.exe
FirewallRules: [{A1385B4E-CF67-4985-93C0-5BA909A7FAE7}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\20\WinWrapIDE.exe
FirewallRules: [{22A456F3-20F7-4925-A5B6-D8FD83532E3E}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\20\stats.com
FirewallRules: [{CCC2E42D-87E6-4C2E-A629-AF7F55F7E046}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\20\stats.exe
FirewallRules: [{33DE8318-4998-46D6-8E38-547D7C9041A3}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\20\WinWrapIDE.exe
FirewallRules: [{BEB16A5D-4437-453C-88A2-F1D4122EAA66}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\20\stats.com
FirewallRules: [{1104DFD3-FB7F-4F9A-8F04-0AFDA32769A1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4D12CFDD-5C7B-4AEB-899C-94CDD6279349}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F03B6BF9-F3B7-4697-8078-DF35E9397665}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{98B389B0-455B-48DB-8EAF-559DF559E49F}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{BD1F6EBA-7245-467E-A794-0F1AA07FEB55}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{25FEFEB0-3A99-4E97-82E0-2DA8F8D3496E}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{F7C9227A-2881-4891-A9B3-1432946F5A19}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [TCP Query User{1CA96C7B-7E4B-4B67-8D59-7E3DC8B74559}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{EEFFF777-A29A-401E-A107-A33526469E69}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{2CE2CBA9-CC4C-41A2-8D67-E08A5E04CE1C}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{0CCF903C-56C7-4032-8E82-54CC1FE9B4FC}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{4D97BC9C-9ACD-49E8-9F74-58EB9C154685}] => (Allow) C:\Users\Sam\AppData\Roaming\Copy\CopyAgent.exe
FirewallRules: [{573873FA-ED40-44AA-AA13-BC7D5DCB1815}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/08/2015 05:15:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/08/2015 04:52:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/08/2015 04:50:16 PM) (Source: ATIeRecord) (EventID: 16398) (User: )
Description: ATI EEU failed to post message to CCC

Error: (07/08/2015 04:50:16 PM) (Source: ATIeRecord) (EventID: 16398) (User: )
Description: ATI EEU failed to post message to CCC

Error: (07/08/2015 04:24:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/08/2015 03:44:14 PM) (Source: MsiInstaller) (EventID: 11321) (User: Sam-HP)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 1321. SA_Error1321: StandardAction(0xC0070529): The Installer has insufficient privileges to modify this file: C:\Program Files (x86)\AVG\AVG2015\avgcrema.exe.

Error: (07/08/2015 03:38:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/08/2015 11:47:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/07/2015 09:38:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2015 05:36:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/08/2015 05:15:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SBSD Security Center Service service failed to start due to the following error:
%%2

Error: (07/08/2015 04:51:33 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (07/08/2015 04:51:33 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (07/08/2015 04:51:27 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\System32\bcmihvsrv64.dll
Error Code: 21

Error: (07/08/2015 04:51:26 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (07/08/2015 04:51:17 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (07/08/2015 04:51:12 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aswRvrt
aswSnx
aswSP
aswVmm
discache
spldr
Wanarpv6

Error: (07/08/2015 04:35:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avast Antivirus service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (07/08/2015 04:24:07 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error:
%%5

Error: (07/08/2015 04:24:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SBSD Security Center Service service failed to start due to the following error:
%%2


Microsoft Office:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-08-26 20:33:05.355
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-01 00:29:13.691
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-12 20:10:37.390
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-12 20:10:37.294
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-12 20:07:21.618
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-12 20:07:21.523
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-12 20:05:21.761
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-12 20:05:21.660
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-12 20:03:34.484
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-12 20:03:34.388
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD A6-3410MX APU with Radeon™ HD Graphics
Percentage of memory in use: 34%
Total physical RAM: 5609.91 MB
Available physical RAM: 3681.68 MB
Total Virtual: 11218 MB
Available Virtual: 9085.12 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:578.95 GB) (Free:76.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:16.93 GB) (Free:1.85 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 22901E26)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=578.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End of log ============================


  • 0

#4
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

We have a warning and then work to do>>>>
 

:upset: :upset: :upset: ALERT!!! P2P WARNING ALERT!!! :upset: :upset: :upset:



You have a P2P / file sharing application on your system!! While this may not be a surprize to you (most likely installed by you or another user on the system) and the file sharing application itself may be safe, the files shared could be a little more than you hoped for. File sharing has been shown to be a major source for trojans, virii, worms and webbot attacks to spread on the internet. There are exploits in file sharing software that can be used to compromise your system and personal information. You may be sharing a lot more than just a little bandwidth to 'help the community share' information.

Geeks to Go recommends that you uninstall your P2P software; you have to have open pathways (network ports) in and out of your system and you could be helping to move illegal files (copyrighted material (software, movies, video, etc.) even if you don't 'download' them yourself.

If you choose to keep your P2P program installed, I must ask that you de-activate / shutdown the software and not use it until the cleaning of your system is done.

Application to uninstall: µTorrent

Need more info? Read these:

 
Now to work >>>>


FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

MyFreeCodec
uTorrentBar Toolbar


To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.


SECOND >>>>

Open notepad by pressing the Windows Key + R key, typing notepad in the Run box and pressing Enter. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt
 

Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-875823854-1062623708-1804306717-1002\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-875823854-1062623708-1804306717-1002\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-875823854-1062623708-1804306717-1002\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-875823854-1062623708-1804306717-1002\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-875823854-1062623708-1804306717-1002\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-875823854-1062623708-1804306717-1002\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-875823854-1062623708-1804306717-1002\...\MountPoints2: {d47d6c32-ef7d-11e2-84c1-2c41385d6dad} - G:\LaunchU3.exe -a
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://securityrespo...r/fix_homepage/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://securityrespo...r/fix_homepage/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/we...&l=dis&o=HPNTDF
SearchScopes: HKLM -> {7E2E1EC1-FB5C-45D9-A1FE-91E0FEA415F3} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yah...psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKU\S-1-5-21-875823854-1062623708-1804306717-1002 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKU\S-1-5-21-875823854-1062623708-1804306717-1002 -> {7E2E1EC1-FB5C-45D9-A1FE-91E0FEA415F3} URL =
SearchScopes: HKU\S-1-5-21-875823854-1062623708-1804306717-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
SearchScopes: HKU\S-1-5-21-875823854-1062623708-1804306717-1002 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\S-1-5-21-875823854-1062623708-1804306717-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Expat Shield Class -> {3706EE7C-3CAD-445D-8A43-03EBC3B75908} -> C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll No File
C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: No Name -> {53707962-6F74-2D53-2644-206D7942484F} -> No File
FF SearchEngineOrder.1: Mixi.DJ Search
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF user.js: detected! => C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\9xg61g5e.default\user.js [2015-06-02]
FF SearchPlugin: C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\9xg61g5e.default\searchplugins\mixidj.xml [2013-09-02]
C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\9xg61g5e.default\searchplugins\mixidj.xml
CHR HKLM-x32\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\Sam\AppData\Local\Temp\ccex.crx [Not Found]
C:\Users\Sam\AppData\Local\Temp\ccex.crx
S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [X]
U0 sr; No ImagePath
C:\Program Files (x86)\AMD\System Monitor\atillk64.sys
2015-07-08 16:23 - 2015-07-08 16:23 - 01415680 _____ (wj32) C:\Program Files\2SLE4X9E.exe
2015-06-09 13:55 - 2015-06-09 13:55 - 00000000 ____D C:\Users\Sam\Downloads\Penny.Dreadful.S02E01.720p.HDTV.x264-IMMERSE [GloDLS]
2015-06-09 13:48 - 2015-06-09 13:48 - 00000000 ____D C:\Users\Sam\Downloads\Avengers Age of Ultron 2015 NEW SOURCE 720p HDTS XVID MP3 TiTAN
2015-07-08 17:14 - 2011-12-15 00:28 - 00000000 ____D C:\Program Files (x86)\uTorrentBar
C:\Users\Sam\AppData\Local\Temp\cdo1794648652.dll
C:\Users\Sam\AppData\Local\Temp\cdo2869434488.dll
C:\Users\Sam\AppData\Local\Temp\cdo4226283158.dll
C:\Users\Sam\AppData\Local\Temp\cdo460177648.dll
C:\Users\Sam\AppData\Local\Temp\UNINSTALL.EXE
Task: {03E446DE-99AB-444F-8E9B-25249342F378} - System32\Tasks\DefaultReg => c:\Users\All Users\dtdata\R001.exe <==== ATTENTION
c:\Users\All Users\dtdata
Task: {4144E95B-A4BB-4BB9-830B-3CB5B0300D59} - System32\Tasks\{ED805481-089D-4ACF-8B7B-7F413168AA2E} => pcalua.exe -a F:\Installer.EXE -d F:\
Task: {49114096-7645-4483-AE02-86C49DD59ABD} - System32\Tasks\DefaultCheck => c:\Users\All Users\dtdata\R002.exe <==== ATTENTION
Task: {5DCF5ECC-1E85-4A9E-A5DD-B0F5239DDFAC} - System32\Tasks\{39DEE2C6-3958-4C66-9D53-898C6BC11D46} => Firefox.exe http://ui.skype.com/...?LastError=1603
Task: {2C8DC1CA-1177-4DFE-B755-079D3D712B57} - System32\Tasks\{E1FDB907-F994-4A5B-96A8-175470A30902} => C:\Users\Sam\Desktop\CM\cm0102.exe
C:\Users\Sam\Desktop\CM
Task: {DDEC5542-1980-45E9-90FE-2AF0EA26A5F8} - System32\Tasks\{3C67F5A7-1B8F-4DAE-B528-18C73FC6A1FE} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe" -c /AppMode=SETUP /Uninstall /UDS=1
Task: {E4861DDC-EB9B-4A4E-8EA9-D54D18355F81} - System32\Tasks\BrowserDefendert => Sc.exe start BrowserDefendert <==== ATTENTION
C:\Program Files (x86)\AVG
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
CMD: DEL %TEMP%\*.* /F /S /Q
CMD: RD /S /Q %TEMP%
RemoveProxy:
Reboot:
end


NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Start FRST that is on the desktop by right clicking on file and selecting "Run as Administrator..." and press the Fix button just once and wait.

Press%20the%20FIX%20button_zpsdd5zi3mt.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Also, please tell me how your system is running now.


  • 0

#5
Sdub2032

Sdub2032

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Hi again dbreeze,

I have tried to follow the first steps, I successfuly uninstalled "MyFreeCodec" but when I found uTorrentBar Toolbar on the list and tried to uninstall nothing happened, no wizard opened, I tried closing the window and reopening but each time the same thing happened. I continued onto the second step:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-07-2015
Ran by Sam at 2015-07-09 10:57:54 Run:1
Running from C:\Users\Sam\Desktop
Loaded Profiles: Sam (Available Profiles: Sam)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-875823854-1062623708-1804306717-1002\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-875823854-1062623708-1804306717-1002\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-875823854-1062623708-1804306717-1002\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-875823854-1062623708-1804306717-1002\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-875823854-1062623708-1804306717-1002\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-875823854-1062623708-1804306717-1002\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-875823854-1062623708-1804306717-1002\...\MountPoints2: {d47d6c32-ef7d-11e2-84c1-2c41385d6dad} - G:\LaunchU3.exe -a
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://securityrespo...r/fix_homepage/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://securityrespo...r/fix_homepage/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/we...&l=dis&o=HPNTDF
SearchScopes: HKLM -> {7E2E1EC1-FB5C-45D9-A1FE-91E0FEA415F3} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yah...psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKU\S-1-5-21-875823854-1062623708-1804306717-1002 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKU\S-1-5-21-875823854-1062623708-1804306717-1002 -> {7E2E1EC1-FB5C-45D9-A1FE-91E0FEA415F3} URL =
SearchScopes: HKU\S-1-5-21-875823854-1062623708-1804306717-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
SearchScopes: HKU\S-1-5-21-875823854-1062623708-1804306717-1002 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\S-1-5-21-875823854-1062623708-1804306717-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Expat Shield Class -> {3706EE7C-3CAD-445D-8A43-03EBC3B75908} -> C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll No File
C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: No Name -> {53707962-6F74-2D53-2644-206D7942484F} -> No File
FF SearchEngineOrder.1: Mixi.DJ Search
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF user.js: detected! => C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\9xg61g5e.default\user.js [2015-06-02]
FF SearchPlugin: C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\9xg61g5e.default\searchplugins\mixidj.xml [2013-09-02]
C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\9xg61g5e.default\searchplugins\mixidj.xml
CHR HKLM-x32\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\Sam\AppData\Local\Temp\ccex.crx [Not Found]
C:\Users\Sam\AppData\Local\Temp\ccex.crx
S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [X]
U0 sr; No ImagePath
C:\Program Files (x86)\AMD\System Monitor\atillk64.sys
2015-07-08 16:23 - 2015-07-08 16:23 - 01415680 _____ (wj32) C:\Program Files\2SLE4X9E.exe
2015-06-09 13:55 - 2015-06-09 13:55 - 00000000 ____D C:\Users\Sam\Downloads\Penny.Dreadful.S02E01.720p.HDTV.x264-IMMERSE [GloDLS]
2015-06-09 13:48 - 2015-06-09 13:48 - 00000000 ____D C:\Users\Sam\Downloads\Avengers Age of Ultron 2015 NEW SOURCE 720p HDTS XVID MP3 TiTAN
2015-07-08 17:14 - 2011-12-15 00:28 - 00000000 ____D C:\Program Files (x86)\uTorrentBar
C:\Users\Sam\AppData\Local\Temp\cdo1794648652.dll
C:\Users\Sam\AppData\Local\Temp\cdo2869434488.dll
C:\Users\Sam\AppData\Local\Temp\cdo4226283158.dll
C:\Users\Sam\AppData\Local\Temp\cdo460177648.dll
C:\Users\Sam\AppData\Local\Temp\UNINSTALL.EXE
Task: {03E446DE-99AB-444F-8E9B-25249342F378} - System32\Tasks\DefaultReg => c:\Users\All Users\dtdata\R001.exe <==== ATTENTION
c:\Users\All Users\dtdata
Task: {4144E95B-A4BB-4BB9-830B-3CB5B0300D59} - System32\Tasks\{ED805481-089D-4ACF-8B7B-7F413168AA2E} => pcalua.exe -a F:\Installer.EXE -d F:\
Task: {49114096-7645-4483-AE02-86C49DD59ABD} - System32\Tasks\DefaultCheck => c:\Users\All Users\dtdata\R002.exe <==== ATTENTION
Task: {5DCF5ECC-1E85-4A9E-A5DD-B0F5239DDFAC} - System32\Tasks\{39DEE2C6-3958-4C66-9D53-898C6BC11D46} => Firefox.exe http://ui.skype.com/...?LastError=1603
Task: {2C8DC1CA-1177-4DFE-B755-079D3D712B57} - System32\Tasks\{E1FDB907-F994-4A5B-96A8-175470A30902} => C:\Users\Sam\Desktop\CM\cm0102.exe
C:\Users\Sam\Desktop\CM
Task: {DDEC5542-1980-45E9-90FE-2AF0EA26A5F8} - System32\Tasks\{3C67F5A7-1B8F-4DAE-B528-18C73FC6A1FE} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe" -c /AppMode=SETUP /Uninstall /UDS=1
Task: {E4861DDC-EB9B-4A4E-8EA9-D54D18355F81} - System32\Tasks\BrowserDefendert => Sc.exe start BrowserDefendert <==== ATTENTION
C:\Program Files (x86)\AVG
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
CMD: DEL %TEMP%\*.* /F /S /Q
CMD: RD /S /Q %TEMP%
RemoveProxy:
Reboot:
end
*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\EnableShellExecuteHooks => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\TaskbarNoNotification => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => value removed successfully
HKU\S-1-5-21-875823854-1062623708-1804306717-1002\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableLockWorkstation => value removed successfully
HKU\S-1-5-21-875823854-1062623708-1804306717-1002\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableChangePassword => value removed successfully
HKU\S-1-5-21-875823854-1062623708-1804306717-1002\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value removed successfully
HKU\S-1-5-21-875823854-1062623708-1804306717-1002\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value removed successfully
HKU\S-1-5-21-875823854-1062623708-1804306717-1002\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value removed successfully
HKU\S-1-5-21-875823854-1062623708-1804306717-1002\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value removed successfully
"HKU\S-1-5-21-875823854-1062623708-1804306717-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d47d6c32-ef7d-11e2-84c1-2c41385d6dad}" => key removed successfully
HKCR\CLSID\{d47d6c32-ef7d-11e2-84c1-2c41385d6dad} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7E2E1EC1-FB5C-45D9-A1FE-91E0FEA415F3}" => key removed successfully
HKCR\CLSID\{7E2E1EC1-FB5C-45D9-A1FE-91E0FEA415F3} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\Wow6432Node\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
"HKU\S-1-5-21-875823854-1062623708-1804306717-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
"HKU\S-1-5-21-875823854-1062623708-1804306717-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7E2E1EC1-FB5C-45D9-A1FE-91E0FEA415F3}" => key removed successfully
HKCR\CLSID\{7E2E1EC1-FB5C-45D9-A1FE-91E0FEA415F3} => key not found.
"HKU\S-1-5-21-875823854-1062623708-1804306717-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
"HKU\S-1-5-21-875823854-1062623708-1804306717-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
"HKU\S-1-5-21-875823854-1062623708-1804306717-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}" => key removed successfully
"HKCR\CLSID\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}" => key removed successfully
"C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}" => key removed successfully
HKCR\Wow6432Node\CLSID\{53707962-6F74-2D53-2644-206D7942484F} => key not found.
Firefox SearchEngineOrder.1 removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\9xg61g5e.default\user.js => moved successfully.
C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\9xg61g5e.default\searchplugins\mixidj.xml => moved successfully.
"C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\9xg61g5e.default\searchplugins\mixidj.xml" => File/Folder not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj" => key removed successfully
"C:\Users\Sam\AppData\Local\Temp\ccex.crx" => File/Folder not found.
atillk64 => Service removed successfully
sr => Service removed successfully
"C:\Program Files (x86)\AMD\System Monitor\atillk64.sys" => File/Folder not found.
C:\Program Files\2SLE4X9E.exe => moved successfully.
C:\Users\Sam\Downloads\Penny.Dreadful.S02E01.720p.HDTV.x264-IMMERSE [GloDLS] => moved successfully.
C:\Users\Sam\Downloads\Avengers Age of Ultron 2015 NEW SOURCE 720p HDTS XVID MP3 TiTAN => moved successfully.
C:\Program Files (x86)\uTorrentBar => moved successfully.
C:\Users\Sam\AppData\Local\Temp\cdo1794648652.dll => moved successfully.
C:\Users\Sam\AppData\Local\Temp\cdo2869434488.dll => moved successfully.
C:\Users\Sam\AppData\Local\Temp\cdo4226283158.dll => moved successfully.
C:\Users\Sam\AppData\Local\Temp\cdo460177648.dll => moved successfully.
C:\Users\Sam\AppData\Local\Temp\UNINSTALL.EXE => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03E446DE-99AB-444F-8E9B-25249342F378}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03E446DE-99AB-444F-8E9B-25249342F378}" => key removed successfully
C:\Windows\System32\Tasks\DefaultReg => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DefaultReg" => key removed successfully
c:\Users\All Users\dtdata => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4144E95B-A4BB-4BB9-830B-3CB5B0300D59}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4144E95B-A4BB-4BB9-830B-3CB5B0300D59}" => key removed successfully
C:\Windows\System32\Tasks\{ED805481-089D-4ACF-8B7B-7F413168AA2E} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{ED805481-089D-4ACF-8B7B-7F413168AA2E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{49114096-7645-4483-AE02-86C49DD59ABD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49114096-7645-4483-AE02-86C49DD59ABD}" => key removed successfully
C:\Windows\System32\Tasks\DefaultCheck => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DefaultCheck" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5DCF5ECC-1E85-4A9E-A5DD-B0F5239DDFAC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5DCF5ECC-1E85-4A9E-A5DD-B0F5239DDFAC}" => key removed successfully
C:\Windows\System32\Tasks\{39DEE2C6-3958-4C66-9D53-898C6BC11D46} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{39DEE2C6-3958-4C66-9D53-898C6BC11D46}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2C8DC1CA-1177-4DFE-B755-079D3D712B57}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C8DC1CA-1177-4DFE-B755-079D3D712B57}" => key removed successfully
C:\Windows\System32\Tasks\{E1FDB907-F994-4A5B-96A8-175470A30902} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E1FDB907-F994-4A5B-96A8-175470A30902}" => key removed successfully
"C:\Users\Sam\Desktop\CM" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DDEC5542-1980-45E9-90FE-2AF0EA26A5F8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DDEC5542-1980-45E9-90FE-2AF0EA26A5F8}" => key removed successfully
C:\Windows\System32\Tasks\{3C67F5A7-1B8F-4DAE-B528-18C73FC6A1FE} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3C67F5A7-1B8F-4DAE-B528-18C73FC6A1FE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E4861DDC-EB9B-4A4E-8EA9-D54D18355F81}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4861DDC-EB9B-4A4E-8EA9-D54D18355F81}" => key removed successfully
C:\Windows\System32\Tasks\BrowserDefendert => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserDefendert" => key removed successfully
C:\Program Files (x86)\AVG => moved successfully.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========


========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.



========= End of Reg: =========


========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {602F3E0C-03D3-44CF-9773-43F8DD5B4844}.
{99176C1C-431F-4E8C-99EA-1F91597187AB} canceled.
1 out of 2 jobs canceled.

========= End of CMD: =========


=========  DEL %TEMP%\*.* /F /S /Q =========

Deleted file - C:\Users\Sam\AppData\Local\Temp\102336.od
Deleted file - C:\Users\Sam\AppData\Local\Temp\1937360.od
Deleted file - C:\Users\Sam\AppData\Local\Temp\2161237.od
Deleted file - C:\Users\Sam\AppData\Local\Temp\21680160.od
Deleted file - C:\Users\Sam\AppData\Local\Temp\382686.od
Deleted file - C:\Users\Sam\AppData\Local\Temp\4227252.od
Deleted file - C:\Users\Sam\AppData\Local\Temp\700709.od
Deleted file - C:\Users\Sam\AppData\Local\Temp\7294965.od
Deleted file - C:\Users\Sam\AppData\Local\Temp\AIBB_5568.tmp
Deleted file - C:\Users\Sam\AppData\Local\Temp\AI_ResourceCleanerLog.txt
Deleted file - C:\Users\Sam\AppData\Local\Temp\amt3.log
Deleted file - C:\Users\Sam\AppData\Local\Temp\avginfo.id
Deleted file - C:\Users\Sam\AppData\Local\Temp\AVG_WT_DumpLog.txt
Deleted file - C:\Users\Sam\AppData\Local\Temp\calB183.tmp
Deleted file - C:\Users\Sam\AppData\Local\Temp\calB184.tmp
Deleted file - C:\Users\Sam\AppData\Local\Temp\calDA85.tmp
Deleted file - C:\Users\Sam\AppData\Local\Temp\calDA96.tmp
Deleted file - C:\Users\Sam\AppData\Local\Temp\chrome_installer.log
Deleted file - C:\Users\Sam\AppData\Local\Temp\configuration.xml
Deleted file - C:\Users\Sam\AppData\Local\Temp\copy-install.log
Deleted file - C:\Users\Sam\AppData\Local\Temp\CVR4FF5.tmp.cvr
Deleted file - C:\Users\Sam\AppData\Local\Temp\CVR80B4.tmp.cvr
Deleted file - C:\Users\Sam\AppData\Local\Temp\CVR8FC0.tmp.cvr
Deleted file - C:\Users\Sam\AppData\Local\Temp\CVR8FD0.tmp.cvr
Deleted file - C:\Users\Sam\AppData\Local\Temp\CVRB125.tmp.cvr
Deleted file - C:\Users\Sam\AppData\Local\Temp\CVRD011.tmp.cvr
Deleted file - C:\Users\Sam\AppData\Local\Temp\CVRD6DE.tmp.cvr
Deleted file - C:\Users\Sam\AppData\Local\Temp\CVRFA55.tmp.cvr
Deleted file - C:\Users\Sam\AppData\Local\Temp\default.txt
Deleted file - C:\Users\Sam\AppData\Local\Temp\dkdlqmdlrkqt
Deleted file - C:\Users\Sam\AppData\Local\Temp\DMI4D16.tmp
C:\Users\Sam\AppData\Local\Temp\FXSAPIDebugLogFile.txt
The process cannot access the file because it is being used by another process.
Deleted file - C:\Users\Sam\AppData\Local\Temp\HPSAActionItems.xml
Deleted file - C:\Users\Sam\AppData\Local\Temp\HPWarrantyChecker_updateCode.log
Deleted file - C:\Users\Sam\AppData\Local\Temp\ichcop
Deleted file - C:\Users\Sam\AppData\Local\Temp\Manual.pdf
Deleted file - C:\Users\Sam\AppData\Local\Temp\MSI36FB.tmp
Deleted file - C:\Users\Sam\AppData\Local\Temp\MSI3e723.LOG
Deleted file - C:\Users\Sam\AppData\Local\Temp\oobelib.log
Deleted file - C:\Users\Sam\AppData\Local\Temp\PDApp.log
Deleted file - C:\Users\Sam\AppData\Local\Temp\Sam.bmp
Deleted file - C:\Users\Sam\AppData\Local\Temp\setBA89.tmp
Deleted file - C:\Users\Sam\AppData\Local\Temp\swtag.log
Deleted file - C:\Users\Sam\AppData\Local\Temp\toolbar_log.txt
Deleted file - C:\Users\Sam\AppData\Local\Temp\UTCD4210.MDX
Deleted file - C:\Users\Sam\AppData\Local\Temp\wmplog00.sqm
Deleted file - C:\Users\Sam\AppData\Local\Temp\wmplog01.sqm
Deleted file - C:\Users\Sam\AppData\Local\Temp\wmplog02.sqm
Deleted file - C:\Users\Sam\AppData\Local\Temp\wmplog03.sqm
Deleted file - C:\Users\Sam\AppData\Local\Temp\wmplog04.sqm
Deleted file - C:\Users\Sam\AppData\Local\Temp\wmplog05.sqm
Deleted file - C:\Users\Sam\AppData\Local\Temp\wmplog06.sqm
Deleted file - C:\Users\Sam\AppData\Local\Temp\wmplog07.sqm
Deleted file - C:\Users\Sam\AppData\Local\Temp\wmplog08.sqm
Deleted file - C:\Users\Sam\AppData\Local\Temp\wmplog09.sqm
Deleted file - C:\Users\Sam\AppData\Local\Temp\wmplog10.sqm
Deleted file - C:\Users\Sam\AppData\Local\Temp\zlrkqt
Deleted file - C:\Users\Sam\AppData\Local\Temp\_isBB3.tmp
Deleted file - C:\Users\Sam\AppData\Local\Temp\AdobeDownload\DLM.log
Deleted file - C:\Users\Sam\AppData\Local\Temp\avastBCLTMP\{cbe9c57e-ffa9-4123-8354-ad360d6dd3cc}.zip
Deleted file - C:\Users\Sam\AppData\Local\Temp\avastBCLTMP\chrome\Default\History
Deleted file - C:\Users\Sam\AppData\Local\Temp\avastBCLTMP\chrome\Default\Web Data
Deleted file - C:\Users\Sam\AppData\Local\Temp\avastBCLTMP\firefox\default\places.sqlite
Deleted file - C:\Users\Sam\AppData\Local\Temp\HP Support Framework\HPSF_Config1.dll
Deleted file - C:\Users\Sam\AppData\Local\Temp\HPWarrantyChecker\HPWarrantyCheck\HPWarrantyChecker.exe
Deleted file - C:\Users\Sam\AppData\Local\Temp\HPWarrantyChecker\HPWarrantyCheck\Resources\Images\GenericProducts\Desktop.png
Deleted file - C:\Users\Sam\AppData\Local\Temp\HPWarrantyChecker\HPWarrantyCheck\Resources\Images\GenericProducts\Monitor.png
Deleted file - C:\Users\Sam\AppData\Local\Temp\HPWarrantyChecker\HPWarrantyCheck\Resources\Images\GenericProducts\Notebook.png
Deleted file - C:\Users\Sam\AppData\Local\Temp\HPWarrantyChecker\HPWarrantyCheck\Resources\Images\GenericProducts\Printer.png
Deleted file - C:\Users\Sam\AppData\Local\Temp\HPWarrantyChecker\HPWarrantyCheck\Resources\Images\HwUpgrades\Upgrade_CPC.png
Deleted file - C:\Users\Sam\AppData\Local\Temp\HPWarrantyChecker\HPWarrantyCheck\Resources\Images\HwUpgrades\Upgrade_NPC.png
Deleted file - C:\Users\Sam\AppData\Local\Temp\HPWarrantyChecker\HPWarrantyCheck\Resources\Images\HwUpgrades\Upgrade_PRN_2B.png
Deleted file - C:\Users\Sam\AppData\Local\Temp\HPWarrantyChecker\HPWarrantyCheck\Resources\Images\HwUpgrades\Upgrade_PRN_2N.png
Deleted file - C:\Users\Sam\AppData\Local\Temp\HPWarrantyChecker\HPWarrantyCheck\Resources\Images\HwUpgrades\Upgrade_PRN_2Q.png
Deleted file - C:\Users\Sam\AppData\Local\Temp\HPWarrantyChecker\HPWarrantyCheck\Resources\Images\HwUpgrades\Upgrade_PRN_4H.png
Deleted file - C:\Users\Sam\AppData\Local\Temp\HPWarrantyChecker\HPWarrantyCheck\Resources\Images\HwUpgrades\Upgrade_PRN_7T.png
Deleted file - C:\Users\Sam\AppData\Local\Temp\HPWarrantyChecker\HPWarrantyCheck\Resources\Images\HwUpgrades\Upgrade_PRN_Comm.png
Deleted file - C:\Users\Sam\AppData\Local\Temp\HPWarrantyChecker\HPWarrantyCheck\Resources\Images\HwUpgrades\Upgrade_PRN_DU.png
Deleted file - C:\Users\Sam\AppData\Local\Temp\HPWarrantyChecker\HPWarrantyCheck\Resources\Images\HwUpgrades\Upgrade_PRN_K5.png
Deleted file - C:\Users\Sam\AppData\Local\Temp\HPWarrantyChecker\HPWarrantyCheck\Resources\Images\HwUpgrades\Upgrade_PRN_SB.png
Deleted file - C:\Users\Sam\AppData\Local\Temp\HPWarrantyChecker\HPWarrantyCheck\Resources\Images\HwUpgrades\Upgrade_PRN_T4.png
Deleted file - C:\Users\Sam\AppData\Local\Temp\msohtmlclip1\01\clip_colorschememapping.xml
Deleted file - C:\Users\Sam\AppData\Local\Temp\msohtmlclip1\01\clip_themedata.thmx
Deleted file - C:\Users\Sam\AppData\Local\Temp\UninstallRes\ClientPackage\uninstall.html
Deleted file - C:\Users\Sam\AppData\Local\Temp\UninstallRes\ClientPackage\images\uninstaller\avg-logo.png
Deleted file - C:\Users\Sam\AppData\Local\Temp\UninstallRes\ClientPackage\images\uninstaller\cleaner.png
Deleted file - C:\Users\Sam\AppData\Local\Temp\UninstallRes\ClientPackage\images\uninstaller\gray_button_left.png
Deleted file - C:\Users\Sam\AppData\Local\Temp\UninstallRes\ClientPackage\images\uninstaller\gray_button_right.png
Deleted file - C:\Users\Sam\AppData\Local\Temp\UninstallRes\ClientPackage\images\uninstaller\light_button_left.png
Deleted file - C:\Users\Sam\AppData\Local\Temp\UninstallRes\ClientPackage\images\uninstaller\light_button_right.png
Deleted file - C:\Users\Sam\AppData\Local\Temp\UninstallRes\ClientPackage\images\uninstaller\privacy.png
Deleted file - C:\Users\Sam\AppData\Local\Temp\UninstallRes\ClientPackage\images\uninstaller\progressBarLeft.png
Deleted file - C:\Users\Sam\AppData\Local\Temp\UninstallRes\ClientPackage\images\uninstaller\progressBarRight.png
Deleted file - C:\Users\Sam\AppData\Local\Temp\UninstallRes\ClientPackage\images\uninstaller\progressBarTile.png
Deleted file - C:\Users\Sam\AppData\Local\Temp\UninstallRes\ClientPackage\images\uninstaller\safety.png
Deleted file - C:\Users\Sam\AppData\Local\Temp\UninstallRes\ClientPackage\images\uninstaller\Thumbs.db
Deleted file - C:\Users\Sam\AppData\Local\Temp\UninstallRes\ClientPackage\images\uninstaller\top-bg.png
Deleted file - C:\Users\Sam\AppData\Local\Temp\UninstallRes\ClientPackage\images\uninstaller\webtuneup.png
Deleted file - C:\Users\Sam\AppData\Local\Temp\UninstallRes\ClientPackage\images\uninstaller\x.png
Deleted file - C:\Users\Sam\AppData\Local\Temp\UninstallRes\ClientPackage\libs\jquery.min.js
Deleted file - C:\Users\Sam\AppData\Local\Temp\UninstallRes\ClientPackage\styles\bootstrap-2.3.2.min.css
Deleted file - C:\Users\Sam\AppData\Local\Temp\UninstallRes\ClientPackage\styles\uninstaller.css
Deleted file - C:\Users\Sam\AppData\Local\Temp\UninstallRes\ClientPackage\styles\fonts\AVGSans-Bold.eot
Deleted file - C:\Users\Sam\AppData\Local\Temp\UninstallRes\ClientPackage\styles\fonts\AVGSans-Book.eot
Deleted file - C:\Users\Sam\AppData\Local\Temp\UninstallRes\ClientPackage\styles\fonts\AVGSans-Light.eot
Deleted file - C:\Users\Sam\AppData\Local\Temp\_ir_tu2_temp_0\IRIMG1.JPG
Deleted file - C:\Users\Sam\AppData\Local\Temp\_ir_tu2_temp_0\IRIMG2.JPG
Deleted file - C:\Users\Sam\AppData\Local\Temp\_ir_tu2_temp_0\Product.ico
Deleted file - C:\Users\Sam\AppData\Local\Temp\{786B2CEC-475E-4B20-9A79-3F8A570B9BD5}\fpb.tmp
Deleted file - C:\Users\Sam\AppData\Local\Temp\{ACE9872E-6506-4E11-B9A2-B3B3F23EAF54}\fpb.tmp
Deleted file - C:\Users\Sam\AppData\Local\Temp\~nsu.tmp\Au_.exe

========= End of CMD: =========


=========  RD /S /Q %TEMP% =========

C:\Users\Sam\AppData\Local\Temp\CALIBR~2 - The directory is not empty.
C:\Users\Sam\AppData\Local\Temp\FXSAPIDebugLogFile.txt - The process cannot access the file because it is being used by another process.
C:\Users\Sam\AppData\Local\Temp\Rar$DRa0.265 - The directory is not empty.

========= End of CMD: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-875823854-1062623708-1804306717-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-875823854-1062623708-1804306717-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========



The system needed a reboot..

==== End of Fixlog 10:58:08 ====

 

It seems like the computer is running better than before. Avast is opening automatically on startup. Yesterday was a one off where the computer wouldn't shut down and when it restarted it said scans need to be completed before windows could open to see if it was damaged.

 

I don't know if you've seen it on the list or if it's gone now, or even if it is there but have you noticed anything about the USB shortcut virus? It's driving me crazy, I've formatted all of the USB's I use but then the virus always seems to come back somehow and I can't understand where it's coming from.


  • 0

#6
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

FIRST >>>>
The following will help with the USB malwares:

Download MCShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives
mcshield%20unhide.JPG
Plug in the drive and McShield will start a scan
Select logs and then copy/paste it to your next post


SECOND >>>>

Your System Restore is turned off.  If you did this yourself then please inform me of why.
If you did not do this, then please follow the steps here to enable and turn on System Restore again.

LAST >>>>

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwCleaner_v4111_zpsn56hzjza.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Waiting for action. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


  • 0

#7
Sdub2032

Sdub2032

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

I've scanned all of the USB's that I use regularly and that seem to cause problems sometimes, it looks like everything is ok with those now:

 

>>> MCShield AllScans.txt <<<

-----------------------------




MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2015.6.7.1 / Windows 7 <<<


09/07/2015 18:24:24 > Drive C: - scan started (no label ~579 GB, NTFS HDD )...



=> The drive is clean.


09/07/2015 18:24:24 > Drive D: - scan started (RECOVERY ~17 GB, NTFS HDD )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2015.6.7.1 / Windows 7 <<<


09/07/2015 18:25:32 > Drive F: - scan started (REVENGE ~7617 MB, FAT32 flash drive )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2015.6.7.1 / Windows 7 <<<


09/07/2015 18:26:03 > Drive H: - scan started ( ~7381 MB, FAT32 flash drive )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2015.6.7.1 / Windows 7 <<<


09/07/2015 18:27:19 > Drive I: - scan started (TOSHIBA ~7384 MB, FAT32 flash drive )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2015.6.7.1 / Windows 7 <<<


09/07/2015 18:29:00 > Drive H: - scan started ( ~7381 MB, FAT32 flash drive )...



=> The drive is clean.

 

 

I didn't know that my System Restore was turned off, it is now on.

 

The second scan log is:

 

# AdwCleaner v4.207 - Logfile created 09/07/2015 at 18:34:52
# Updated 21/06/2015 by Xplode
# Database : 2015-07-05.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Sam - SAM-HP
# Running from : C:\Users\Sam\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab
Folder Deleted : C:\Users\Sam\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Sam\AppData\LocalLow\uTorrentBar
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKCU\Software\d578cd8b76fe514
Key Deleted : HKLM\SOFTWARE\d578cd8b76fe514
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F5A29F21-B121-48A0-A317-737AF8BB106A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D8F1A61E-8489-437C-89BC-0FE9DEC019B4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{48911421-3E43-4B34-B551-CB074491C6BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Avg Secure Update
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\uTorrentBar
Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\93BAD29AC2E44034A96BCB446EB8552E
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v38.0.1 (x86 en-GB)

[9xg61g5e.default\prefs.js] - Line Deleted : user_pref("[email protected]", true);
[9xg61g5e.default\prefs.js] - Line Deleted : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,en-GB%40dictionaries.addons.mozilla.org:1.19.1,wrc%40avast.com:10.2.0.187,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:38.0.1");
[9xg61g5e.default\prefs.js] - Line Deleted : user_pref("extensions.xpiState", "{\"app-profile\":{\"[email protected]\":{\"d\":\"C:\\\\Users\\\\Sam\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\9xg61g5e.default\\\\extensions\\\\[...]

-\\ Google Chrome v43.0.2357.132

[C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

-\\ Chromium v

[C:\Users\Sam\AppData\Local\Chromium\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [5039 bytes] - [09/07/2015 18:33:19]
AdwCleaner[S0].txt - [4857 bytes] - [09/07/2015 18:34:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4916  bytes] ##########
 

 

It seems that the computer is working much better now, there have been no shut downs or failure to start like before. I know it sounds like a strange question but was there a virus/malware on the computer that caused the problems or is the computer just old and in need of replacing?

 


  • 0

#8
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Malware; not anything that bad but enough to interfere with normal operations.

 

I see you have the latest version of Malwarebytes' Antimalware on your system.  Does a scan with that find anything?


  • 0

#9
Sdub2032

Sdub2032

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

It looks like there's nothing showing up in the scan

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/07/2015
Scan Time: 18:45
Logfile: malware.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.10.05
Rootkit Database: v2015.07.10.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Sam

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 371987
Time Elapsed: 23 min, 50 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


  • 0

#10
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Looking good so far!  Let's see if the USB thingie is hiding from view now .....
 

Download aswMBR.exe ( 511KB ) to your desktop. If you already have this application, this is a new version I need you to download.
 
Double click the aswMBR.exe to run it
 
aswMBR1.png
 
Click the "Scan" button to start scan
 
If your computer supports Virtualization Technology, select Yes to use it for rootkit detection.
 
msgbox.png
 
On completion of the scan click Save Log, save it to your desktop and post in your next reply
 
aswMBR2.png
 
The tool will also produce a copy of the mbrdump labeled MBR.dat. Please zip that file and attach it to a reply.


  • 0

#11
Sdub2032

Sdub2032

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2015-07-11 11:40:55
-----------------------------
11:40:55.935    OS Version: Windows x64 6.1.7601 Service Pack 1
11:40:55.935    Number of processors: 4 586 0x100
11:40:55.936    ComputerName: SAM-HP  UserName: Sam
11:41:01.249    Initialize success
11:41:01.261    VM: initialized successfully
11:41:01.264    VM: Amd CPU BiosDisabled
11:41:04.469    AVAST engine defs: 15071100
11:41:06.578    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000068
11:41:06.584    Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 610480MB BusType: 11
11:41:06.753    Disk 0 MBR read successfully
11:41:06.760    Disk 0 MBR scan
11:41:06.769    Disk 0 Windows 7 default MBR code
11:41:06.784    Disk 0 Partition 1 80 (A) 07      HPFS/NTFS NTFS          199 MB offset 2048
11:41:06.793    Disk 0 default boot code
11:41:06.811    Disk 0 Partition 2 00     07      HPFS/NTFS NTFS       592840 MB offset 409600
11:41:06.842    Disk 0 Partition 3 00     07      HPFS/NTFS NTFS        17336 MB offset 1214545920
11:41:06.865    Disk 0 Partition 4 00     0C      FAT32 LBA MSDOS5.0      103 MB offset 1250050048
11:41:06.908    Disk 0 scanning C:\Windows\system32\drivers
11:41:20.536    Service scanning
11:41:46.253    Modules scanning
11:41:46.253    Disk 0 trace - called modules:
11:41:46.331    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys amd_xata.sys ACPI.sys storport.sys hal.dll amd_sata.sys
11:41:46.331    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80062c7060]
11:41:46.347    3 CLASSPNP.SYS[fffff880019c443f] -> nt!IofCallDriver -> [0xfffffa800613ab10]
11:41:46.362    5 hpdskflt.sys[fffff8800196b189] -> nt!IofCallDriver -> [0xfffffa800603ca30]
11:41:46.362    7 amd_xata.sys[fffff880010eca1d] -> nt!IofCallDriver -> [0xfffffa800603a690]
11:41:46.362    9 ACPI.sys[fffff88000f797a1] -> nt!IofCallDriver -> \Device\00000068[0xfffffa8006033730]
11:41:46.971    AVAST engine scan C:\Windows
11:41:49.420    AVAST engine scan C:\Windows\system32
11:44:59.959    AVAST engine scan C:\Windows\system32\drivers
11:45:15.590    AVAST engine scan C:\Users\Sam
12:46:52.294    AVAST engine scan C:\ProgramData
12:54:14.500    Disk 0 statistics 6493269/0/0 @ 0.84 MB/s
12:54:14.500    Scan finished successfully
12:56:39.432    Disk 0 MBR has been saved successfully to "C:\Users\Sam\Desktop\MBR.dat"
12:56:39.439    The log file has been saved successfully to "C:\Users\Sam\Desktop\aswMBR.txt"

 

Attached Files

  • Attached File  MBR.rar   564bytes   116 downloads

  • 0

#12
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

All right!! :D Your logs are clean and you're good to go now!! :thumbsup: We've got some final steps left to do to clean up our tools and get your system in good running condition and then you are on your way. I must say though, even though we met through less than ideal circumstances, it has been really great to work with you. :) Just run through the steps from the Cleanup of Tools to the Program Update Checker. That's it. Thanks. :cool:


Clean up of Malware Removal Tools
Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.
If you did not do so at the end of its scan, please uninstall ESET Online Scanner at this time.  You can use the Control Panel 'Add / Remove Programs' or 'Programs and Features' utility to uninstall it.

  • Download Delfix from here to your desktop and double click it to start the program
  • Ensure Remove disinfection tools is ticked
    Also tick:
  • Activate UAC
  • Create registry backup
  • Purge system restore
  • Reset system settings
  • DelFixSelectall_zps0f04cec4.png
  • Click Run
  • The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can delete any log files left on your desktop as these are no longer needed.


Keep Windows Updated
Microsoft issues updates to Windows to close vulnerabilities as they are discovered. Staying updated helps protect your system from current exploits.

  • Click Start and then click Control Panel.
  • Click on the View by: in the upper right corner and select Large Icons (you can change this back later if you like).
  • Scroll down and click on Windows Update.
  • Click on Change settings.
  • Under Important Updates, click on Install updates automatically (recommended).
  • Select (click on) the other options on this page.
  • Select a day and time to have windows install the updates.
  • Click on Ok to change the settings.
  • If you want to change the view of the Control Panel display, click on the View by: in the upper right hand corner and select an option you prefer.

Keep other Important Programs Updated
Along with keeping Windows updated, it is a good idea to keep important programs updated. Java and Adobe Reader both need to be kept updated to the latest versions; malware writers utilize exploits in the unpatched versions to their advantages.

Java
Most security experts and the US CERT (part of the US Homeland Security) now recommend that users uninstall Java from their systems; if you don't have any programs that need Java on your system, you are safe to do this. You can read some of the articles on this here and here. I strongly suggest you uninstall Java unless you need it run certain software; in that case I would recommend that you disable or unplug Java from your web browsers and only enable it when you need it.

To disable / unplug Java in your browsers:

To uninstall Java (on Win7):

  • Click Start and then click Control Panel.
  • If you need to, click View by: and select either Large Icons or Small Icons.
  • Click on Programs and Features.
  • Scroll down until you find Java and click on it to select that program.
  • (Older versions of Java may appear in the program list as J2SE, Java 2, Java SE or Java Runtime Environment.)
  • Click Uninstall.
  • If more than one version of Java shows in your program list, you should repeat the selection and uninstall until all of them are removed.

To check for the latest version of Java and installation steps:

  • Go to java.com and click on Do I have Java?.
  • On the next page, click on Verify Java Version.
  • If you get a security pop up entitled "Do you want to run this application?" with the Name: Java Detection and Publisher: Oracle America, Inc., click Run.
  • Follow the recommendations (if any) on the results screen.
  • If there is a new version (or none at all on your system), there will be a button on the page showing Agree and Start Free Download. Click on it to update or install Java.
  • The site will start a download of jxpiinstall.exe. Save the file to your desktop.
  • When the download is finished, close your browser.
  • Right click on the jxpiinstall.exe and select Run as Administrator.
  • On the opening window, check Change destination folder and then click Install>.
  • The program will now download the rest of the files needed to install Java.
  • On the Destination Folder window, click Next>.
  • On the next window, the install will present you the option of adding additional software (this is known as Foistware).
  • Uncheck the Set and keep Ask as my default search provider.
  • Uncheck the Install the Ask Toolbar.
  • Click Next> to finish the install.
  • When the installation is finished, you will be taken to a web page that will check to see if Java is working properly.

Adobe Reader
Adobe Reader is the second most targeted (by malware) common software. If all you ever do with Adobe Reader is view PDF files, then please consider replacing it with a lighter, free PDF reader that is not exploitable. One that we recommend is Sumatra PDF.

To update Adobe Reader:

  • Launch your Adobe Reader.
  • Click Help and then click on About Adobe Reader from the menu list.
  • If the version is 11.0.04 then you are up to date. If it is less than this and you are keeping Adobe Reader, you should update to the latest version.
  • The best place to get Adobe Reader is from Adobe (click on Adobe to go there now).
  • Click on Download in the menu bar on top of the Adobe web page.
  • Click on Adobe Reader in the list on the right hand side of the page.
  • On the next page, click on the check mark (to turn it off) beside the option to include the McAfee scanner in the download and install. Make sure the check is NOT marked (this is another example of Foistware).
  • Click the Install Now button and follow the directions on next page.
  • If you are prompted to Save the installer file, choose to save it to your desktop. Once it is saved, right click on the file and select Run as Administrator.
  • When the installation is finished, you can delete the installer file on your desktop.

Consider a program that will check for out-of-date programs on your system
Some programs don't have update checks built in or make you run the application to start the check for updates process. An easier way to stay on top of the current versions of your installed programs is to use a version checking program like Heimdal Free from Heimdal Security (you can get the software from here and read more about it on the same page).


You are now done! :yeah:

Now some information on programs to help keep you safe:

First, an Antivirus program. You NEED one; free is just as good as paid-for as long as you keep them updated. ONLY use one at a time as having more than that will cause system problems. Here are some free ones to check out:
Microsoft Security Essentials
Avast! Free Antivirus

Next, a firewall is a must have now-a-days. The built in firewall in Windows 7 is fine (just make sure it is turned on (Start > Control Panel > Windows Firewall)). Or, if you like, you could choose one of the free ones listed here:
Emsisoft Online Armor  -  installs as trialware which converts to freeware in 30 days
Zone Alarm Free Firewall  -  installer includes foistware so read the options very carefully

=== options ====
Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing.  By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.

CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system.  You can read the details about this program here.

Also, consider keeping MalwareBytes Antimalware in your arsenal of safe keeping programs. Use the free version (not the paid or trial version) and you won't have a problem with your antivirus scanner program. Keep it updated and run a scan with it once a week.

Lastly, if you use Firefox as your main web browser, consider adding the NoScript and AdBlockPlus add-ons to the browser to block scripting hijacks and remove unwanted ads from the pages you view.

You may also find some information and tips at this thread:
 How did I get infected in the first place?
and
COMPUTER SECURITY - a short quide to staying safer online
 

I'll leave this topic open for a few days so that if you have any questions you can come back here. Surf safe, my friend!!


  • 0

#13
Sdub2032

Sdub2032

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Thank you so much for your help dbreeze. You've saved me so much stress and problems by dealing with this quickly and very, very helpfully. I will definitely recommend this site to anyone in the future. I have a few questions, would it be ok to keep MC Shield active on my computer too? I liked it because whenever a USB was plugged in it quickly scanned it and saved me having to deal with unhiding the folders myself. As I mentioned earlier, I didn't know that the System Restore save was turned off, but since I have turned it on the 'Recovery' part of my harddrive is showing  1.54GB of 16.9GB free and it is red. Will this become an issue with lack of space and is there anything I can do about that except for buying more space?

 

The final log that you have asked for is:

 

# DelFix v1.010 - Logfile created 12/07/2015 at 16:43:54
# Updated 26/04/2015 by Xplode
# Username : Sam - SAM-HP
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Sam\Desktop\Addition.txt
Deleted : C:\Users\Sam\Desktop\AdwCleaner.exe
Deleted : C:\Users\Sam\Desktop\aswmbr.exe
Deleted : C:\Users\Sam\Desktop\aswMBR.txt
Deleted : C:\Users\Sam\Desktop\Fixlog.txt
Deleted : C:\Users\Sam\Desktop\FRST.txt
Deleted : C:\Users\Sam\Desktop\FRST64.exe
Deleted : C:\Users\Sam\Desktop\MBR.dat
Deleted : C:\Users\Sam\Desktop\MBR.rar
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #274 [Scheduled Checkpoint | 07/09/2015 16:29:16]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
 

 

Thank you again for all of your help in solving my problem


  • 0

#14
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Thank you for the kind words and I hope you a great summer!

 

MCShield is great to have running and doesn't interfere with any other AV software but really protects your USB drives.  Please do keep it running; it will help you a lot.

 

As to the System Restore -> you can turn that off for the Recovery partition but leave it on for the main Windows partition ( partition = drives in this case ).  System Restore only stores the changes to each "drive" on that drive so the Recovery drive only gets the changes to that drive stored on it.  Bottom line is that since there should never be any changes done to the Recovery "drive" there will never be any SR points made.  However, since this is a vital recovery media, I would say go into System Restore (under the System Protection in System Properties) and click on the RECOVERY drive, then Configure > Disable > Apply.

 

Have a great summer and surf safely!  Come back any time you need help with anything. :prop: :wave:


  • 0

#15
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics


Also tagged with one or more of these keywords: Virus

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP