Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Anti Virus and Windows Update not working

Started by hotdog_1984 , Jul 24 2015 03:35 PM

Please log in to reply

#1
hotdog_1984

Posted 24 July 2015 - 03:35 PM

Member

Member
28 posts

Hi,

I'm hoping I can have some help please. My anti virus software all of a sudden stopped providing real time protection. I had Avira Antivirus and it couldn't be enabled. I have then tried various other Antivirus software programs (Avast / AVG) and nothing will enable. I have managed to run scans through various adware removal programs and also Trend Micro online and I'm getting messages saying everything has been cleared, but clearly there is an issue. Windows Defender is also disabled and can't be enabled and neither will Windows Update. So at the moment I'm without updates or virus protection and can't resolve it. Please can I have some help.

Here is my Log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by Matt (administrator) on MATT-PC on 24-07-2015 22:25:18
Running from C:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8GZ22TFM
Loaded Profiles: Matt (Available Profiles: Matt & Jo & Mcx1-MATT-PC)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_18_0_0_209_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-12-04] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5844800 2015-04-02] (IObit)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-18] (Avast Software s.r.o.)
HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\e93caa8c-8f35-4e9f-ac67-dbce21c8d2b1.exe [183232 2015-07-24] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1492825921-750369754-554371985-1001\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung)
HKU\S-1-5-21-1492825921-750369754-554371985-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4283256 2011-05-13] (Microsoft Corporation)
HKU\S-1-5-21-1492825921-750369754-554371985-1001\...\Run: [EPSON Stylus DX7400 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICDE.EXE [213504 2007-04-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1492825921-750369754-554371985-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
HKU\S-1-5-21-1492825921-750369754-554371985-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung)
HKU\S-1-5-21-1492825921-750369754-554371985-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-1492825921-750369754-554371985-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil64_17_0_0_190_ActiveX.exe [623792 2015-06-23] (Adobe Systems Incorporated)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-18] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-05-27] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll [2010-05-27] (Egis Technology Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-1492825921-750369754-554371985-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.goo...&cc=GB&unqvl=86
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.goo...&cc=GB&unqvl=86
SearchScopes: HKU\S-1-5-21-1492825921-750369754-554371985-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1492825921-750369754-554371985-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1492825921-750369754-554371985-1001 -> {5681C7A8-6D2C-4454-8804-EFC7ACE05B89} URL = http://www.buenosear...rchTerms}&r=805
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-18] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-22] (Google Inc.)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-18] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-22] (Google Inc.)
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2015-04-01] (IObit)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-07-02] (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-22] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-22] (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{3DE1FAC4-B916-448F-A747-E5A362D2FC66}: [DhcpNameServer] 168.95.1.1
Tcpip\..\Interfaces\{4F5B2ED9-FFBF-4297-BE05-E23927C0EBF7}: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-07-01] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-07-01] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-07-02] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\user.js [2014-07-08]
FF SearchPlugin: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\searchplugins\buenosearch.xml [2014-07-08]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\v9.xml [2014-07-08]
FF Extension: Plus-HD-V1.1 - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\59def0ae-3df8-4e87-8551-8d6b609a202a@97824100-f5d8-46fa-8c09-0b959f58c578.com [2014-07-08]
FF Extension: foxfilterinspiredeffectnet - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] [2015-04-02]
FF Extension: 48 dresses - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] [2015-04-02]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] [2015-04-17]
FF Extension: SaleePPlus - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] [2015-04-16]
FF Extension: SAlePPlus - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] [2015-04-16]
FF Extension: bestadblocker - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] [2015-04-16]
FF Extension: SAlePlluis - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] [2015-04-16]
FF Extension: SalePluus - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] [2015-04-16]
FF Extension: Firefox Certificate Store Hotfix - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] [2015-04-17]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\extensions\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-04-18]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\my-prefs.js [2015-03-25] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\my.cfg [2015-03-25] <==== ATTENTION

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-23]
CHR Extension: (Google Docs) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-23]
CHR Extension: (Google Drive) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-24]
CHR Extension: (YouTube) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-24]
CHR Extension: (Google Search) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-24]
CHR Extension: (Google Sheets) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-23]
CHR Extension: (Avira Browser Safety) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-14]
CHR Extension: (Bookmark Manager) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-07-23]
CHR Extension: (Avast Online Security) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-23]
CHR Extension: (Google Wallet) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-01]
CHR Extension: (Quick start) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-08-14]
CHR Extension: (Gmail) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-24]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-18]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-07-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Locked "175b006c71bbd734" service could not be unlocked. <===== ATTENTION

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-18] (Avast Software s.r.o.)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [878912 2015-04-02] (IObit)
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2585408 2015-04-02] (IObit)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
U2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 175b006c71bbd734; C:\Windows\System32\Drivers\175b006c71bbd734.sys [41424 2014-08-25] () <===== ATTENTION Necurs Rootkit?
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-18] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-18] (Avast Software s.r.o.)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-18] (Avast Software s.r.o.)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-18] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-18] (Avast Software s.r.o.)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-18] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-18] (Avast Software s.r.o.)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-18] ()
S3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2015-03-25] (IObit)
S3 FlashUSB; C:\Windows\System32\DRIVERS\FlashUSB.sys [19968 2013-06-21] (Intel Mobile Communications)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-07-18] () [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [128000 2011-04-27] () [File not signed]
S3 msahci; C:\Windows\system32\drivers\msahci.sys [31104 2010-11-20] () [File not signed]
S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [140672 2010-11-20] () [File not signed]
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-14] ()
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] () [File not signed]
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-14] () [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] () [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] () [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] () [File not signed]
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [366976 2010-11-20] ()
R1 mssmbios; C:\Windows\system32\drivers\mssmbios.sys [32320 2009-07-14] () [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] () [File not signed]
S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [15360 2009-07-14] () [File not signed]
R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] () [File not signed]
R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [22576 2009-06-03] () [File not signed]
R1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [20016 2009-06-03] () [File not signed]
R1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [60464 2009-06-03] () [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] () [File not signed]
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [950128 2012-08-22] () [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] () [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] () [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-20] () [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-20] () [File not signed]
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-20] ()
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] () [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-20] () [File not signed]
S3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [51264 2009-07-14] () [File not signed]
S3 npf; C:\Users\Matt\AppData\Local\Temp\HouseCall32\tmase\nmap\npf\x64\npf.sys [36600 2014-08-19] (Riverbed Technology, Inc.)
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [148352 2011-03-11] () [File not signed]
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [166272 2011-03-11] () [File not signed]
S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [122960 2009-07-14] () [File not signed]
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-14] () [File not signed]
S3 Parport; C:\Windows\system32\DRIVERS\parport.sys [97280 2009-07-14] () [File not signed]
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2012-03-17] () [File not signed]
R0 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-20] () [File not signed]
S3 pciide; C:\Windows\system32\drivers\pciide.sys [12352 2009-07-14] () [File not signed]
S3 pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys [220752 2009-07-14] () [File not signed]
R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] () [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-14] () [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-20] () [File not signed]
S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [60416 2009-07-14] () [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-20] () [File not signed]
S3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1524816 2009-07-14] () [File not signed]
S3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [128592 2009-07-14] () [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] () [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] () [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] () [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] () [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] () [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-20] () [File not signed]
S3 rdpbus; C:\Windows\system32\DRIVERS\rdpbus.sys [24064 2009-07-14] () [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] () [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] () [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] () [File not signed]
R3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [210944 2012-04-28] ()
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-20] () [File not signed]
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2015-03-25] (IObit.com)
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] () [File not signed]
S3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [246376 2010-06-17] () [File not signed]
S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [103808 2010-11-20] () [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-20] () [File not signed]
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] () [File not signed]
S3 Serenum; C:\Windows\system32\DRIVERS\serenum.sys [23552 2009-07-14] () [File not signed]
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] () [File not signed]
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [26624 2009-07-14] () [File not signed]
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-14] () [File not signed]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-14] () [File not signed]
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-20] () [File not signed]
S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [16896 2009-07-14] () [File not signed]
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfslh.sys [767144 2013-06-26] () [File not signed]
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaylh.sys [273576 2013-06-26] () [File not signed]
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirlh.sys [28840 2013-06-26] () [File not signed]
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvollh.sys [23208 2013-06-26] () [File not signed]
S3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [43584 2009-07-14] () [File not signed]
S3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [80464 2009-07-14] () [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] () [File not signed]
R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] ()
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2011-04-29] () [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [410112 2011-04-29] () [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168448 2011-04-29] () [File not signed]
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [204568 2013-10-28] () [File not signed]
S3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [24656 2009-07-14] () [File not signed]
R3 swenum; C:\Windows\system32\drivers\swenum.sys [12496 2009-07-14] () [File not signed]
R3 SynTP; C:\Windows\System32\DRIVERS\SynTP.sys [301104 2009-12-10] () [File not signed]
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1903552 2014-04-05] () [File not signed]
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1903552 2014-04-05] () [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45568 2012-10-03] () [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] () [File not signed]
R3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-17] () [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2010-11-20] () [File not signed]
R1 TermDD; C:\Windows\system32\drivers\termdd.sys [63360 2010-11-20] () [File not signed]
R3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39936 2013-06-15] () [File not signed]
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [59392 2010-11-20] () [File not signed]
S3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-20] () [File not signed]
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] () [File not signed]
S3 uagp35; C:\Windows\system32\DRIVERS\uagp35.sys [64080 2009-07-14] () [File not signed]
R3 UBHelper; C:\Windows\system32\drivers\UBHelper.sys [17408 2010-07-09] () [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-20] () [File not signed]
S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [64592 2009-07-14] () [File not signed]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2010-11-20] () [File not signed]
R3 UmPass; C:\Windows\System32\DRIVERS\umpass.sys [9728 2009-07-14] () [File not signed]
S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2015-03-25] (IObit.com)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] () [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99840 2013-11-27] () [File not signed]
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2013-07-12] () [File not signed]
R3 usbehci; C:\Windows\system32\drivers\usbehci.sys [53248 2013-11-27] () [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2013-11-27] () [File not signed]
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2013-11-27] () [File not signed]
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-14] () [File not signed]
S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [42496 2013-07-03] () [File not signed]
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2011-03-11] () [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2013-11-27] () [File not signed]
R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] () [File not signed]
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-14] () [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] () [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] () [File not signed]
S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [215936 2010-11-20] () [File not signed]
S3 viaide; C:\Windows\system32\drivers\viaide.sys [17488 2009-07-14] () [File not signed]
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-20] () [File not signed]
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-20] () [File not signed]
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [295808 2010-11-20] () [File not signed]
S3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [161872 2009-07-14] () [File not signed]
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-14] () [File not signed]
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-14] () [File not signed]
S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [27776 2009-07-14] () [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] () [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] () [File not signed]
S3 Wd; C:\Windows\system32\DRIVERS\wd.sys [21056 2009-07-14] () [File not signed]
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785624 2013-06-25] () [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] () [File not signed]
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-14] () [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-20] () [File not signed]
R3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2009-07-14] () [File not signed]
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] () [File not signed]
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-26] () [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-26] () [File not signed]
U5 175b006c71bbd734; <===== ATTENTION Locked Service

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\system32\drivers\aswHwid.sys AA0B7720D0CB89DCC3363E5DBDF3EBB6
C:\Windows\system32\drivers\aswMonFlt.sys 3B154DDD747CBAC31E33B276800736B0
C:\Windows\system32\drivers\aswRdr2.sys CF1BFE4B95F0626C10E96A48B9B8EAC6
C:\Windows\System32\Drivers\aswRvrt.sys 67C5C6F9DE8F6B43372EDADEBAD85E67
C:\Windows\system32\drivers\aswSnx.sys BE3D7AC282909F1352742F98DA2C9D18
C:\Windows\system32\drivers\aswSP.sys 2EF2CB17A9C46AE16276A15EF2F3AF74
C:\Windows\system32\drivers\aswStm.sys D4408FE64734D8DA69AB699D8A4AEF0D
C:\Windows\System32\Drivers\aswVmm.sys 8DF6664681FF5ADDBEB0D749B85B6544
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys E642491F64E58CD5BC8FB8B347DCF65F
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ssudbus.sys 955FFE2B1D74A9E0E3E0E558E6A17F3B
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys D409D4A4517865131999FAC96D366CBF
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\FlashUSB.sys 322761FBC5D9439EE46FA997B4F88064
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\SysWOW64\FsUsbExDisk.SYS DDEE99DC54EFA20BD5A442CD733C4462
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HECIx64.sys B6AC71AAA2B10848F57FC49D55A651AF
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys 1384872112E8E7FD5786ECEB8BDDF4C9
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys 677AA5991026A65ADA128C4B59CF2BAD
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Impcd.sys DD587A55390ED2295BCE6D36AD567DA9
C:\Windows\System32\drivers\RTKVHD64.sys 235362D403D9D677514649D88DB31914
C:\Windows\System32\DRIVERS\IntcDAud.sys 03C74719D48056A1078F3A51CEB76BAA
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\k57nd60a.sys 37E053A2CF8F0082B689ED74106E0CEC
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\msahci.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\msdsm.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\Drivers\Msfs.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\mshidkmdf.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\msisadrv.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\MSKSSRV.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\MSPCLOCK.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\MSPQM.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\Drivers\MsRPC.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\mssmbios.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\MSTEE.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\DRIVERS\MTConfig.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\Drivers\mup.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\mwlPSDFilter.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\mwlPSDNServ.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\nwifi.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\ndis.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\ndiscap.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\ndistapi.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\ndisuio.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\ndiswan.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\Drivers\NDProxy.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\netbios.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\netbt.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\DRIVERS\nfrd960.sys D41D8CD98F00B204E9800998ECF8427E
C:\Users\Matt\AppData\Local\Temp\HouseCall32\tmase\nmap\npf\x64\npf.sys DE7FCC77F4A503AF4CA6A47D49B3713D
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\system32\drivers\NTIDrvr.sys EE3BA1024594D5D09E314F206B94069E
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\nvstor.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\nv_agp.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\ohci1394.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\DRIVERS\parport.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\partmgr.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\pci.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\pciide.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\DRIVERS\pcmcia.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\pcw.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\peauth.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\raspptp.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\DRIVERS\processr.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\pacer.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\DRIVERS\ql2300.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\DRIVERS\ql40xx.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\qwavedrv.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\rasacd.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\raspppoe.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\rassstp.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\rdbss.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\DRIVERS\rdpbus.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\RDPCDD.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\rdpencdd.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\rdprefmp.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\Drivers\RDPWD.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\rdyboost.sys D41D8CD98F00B204E9800998ECF8427E
C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys 5623E2CC4F1F6DE24BE9DB3319E42D23
C:\Windows\System32\DRIVERS\rspndr.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\Drivers\RtsUStor.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\sbp2port.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\scfilter.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\Drivers\secdrv.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\DRIVERS\serenum.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\DRIVERS\serial.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\DRIVERS\sermouse.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\sffdisk.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\sffp_mmc.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\sffp_sd.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\DRIVERS\sfloppy.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\Sftfslh.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\Sftplaylh.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\Sftredirlh.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\Sftvollh.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\DRIVERS\SiSRaid2.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\DRIVERS\sisraid4.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\smb.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\Drivers\spldr.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\srv.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\srv2.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\srvnet.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\ssudmdm.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\DRIVERS\stexstor.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\swenum.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\SynTP.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\tcpip.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\tcpip.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\tcpipreg.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\tdpipe.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\tdtcp.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\tdx.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\termdd.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\tssecsrv.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\tsusbflt.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\tunnel.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\TurboB.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\DRIVERS\uagp35.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\UBHelper.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\udfs.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\uliagpkx.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\umbus.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\umpass.sys D41D8CD98F00B204E9800998ECF8427E
C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys 893A6B67C8AA502648AD946CF50DDFD1
C:\Windows\System32\Drivers\usbaapl64.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\usbccgp.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\usbcir.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\usbehci.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\usbhub.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\usbohci.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\usbprint.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\usbscan.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\USBSTOR.SYS D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\usbuhci.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\Drivers\usbvideo.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\vdrvroot.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\vgapnp.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\vga.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\vhdmp.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\viaide.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\volmgr.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\volmgrx.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\volsnap.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\DRIVERS\vsmraid.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\vwifibus.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\vwififlt.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\DRIVERS\wacompen.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\wanarp.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\wanarp.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\DRIVERS\wd.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\Wdf01000.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\wfplwf.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\wimmount.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\wmiacpi.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\ws2ifsl.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\WudfPf.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\WUDFRd.sys D41D8CD98F00B204E9800998ECF8427E

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-24 22:24 - 2015-07-24 22:25 - 00000000 ____D C:\FRST
2015-07-23 12:42 - 2015-07-23 12:47 - 00000281 _____ C:\Users\Matt\Desktop\IMAC Comparison.txt
2015-07-18 22:10 - 2015-07-24 14:38 - 00000000 ____D C:\Users\Matt\AppData\Local\{E7DF2EB8-FD6E-4D97-947F-8195E6F3E7D2}
2015-07-11 11:02 - 2015-07-11 11:02 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-11 09:01 - 2015-07-11 09:02 - 00000000 ____D C:\Users\Jo\AppData\Local\{252270E9-4272-4809-9F13-3FC4FC5EC7E3}
2015-07-05 00:37 - 2015-07-10 18:32 - 00000000 ____D C:\Users\Matt\AppData\Local\{273F4760-3105-46FE-9F60-7FB0FA96E33C}
2015-06-28 22:45 - 2015-07-04 07:14 - 00000000 ____D C:\Users\Matt\AppData\Local\{AF14753A-D933-4377-B0D3-0E0718943F04}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-24 22:15 - 2015-04-02 09:15 - 00001312 _____ C:\Windows\Tasks\48_dresses_notification_service.job
2015-07-24 22:13 - 2014-07-08 22:13 - 00003112 _____ C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-3.job
2015-07-24 22:13 - 2014-07-08 22:13 - 00002198 _____ C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-4.job
2015-07-24 22:13 - 2014-07-08 22:13 - 00001532 _____ C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-1.job
2015-07-24 22:13 - 2014-07-08 22:13 - 00001528 _____ C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-6.job
2015-07-24 22:13 - 2014-07-08 22:13 - 00001462 _____ C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-7.job
2015-07-24 22:13 - 2014-07-08 22:13 - 00001448 _____ C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-5_user.job
2015-07-24 22:13 - 2014-07-08 22:13 - 00001430 _____ C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-5.job
2015-07-24 22:13 - 2014-07-08 22:13 - 00001348 _____ C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-2.job
2015-07-24 22:13 - 2014-07-08 22:13 - 00001278 _____ C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-10.job
2015-07-24 22:13 - 2014-07-08 22:13 - 00000576 _____ C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-11.job
2015-07-24 22:04 - 2012-11-10 17:16 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-24 22:03 - 2011-12-21 22:22 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-24 21:45 - 2015-04-02 09:15 - 00000674 _____ C:\Windows\Tasks\48_dresses_updating_service.job
2015-07-24 14:46 - 2011-12-21 22:22 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-24 14:38 - 2015-04-02 09:15 - 00000994 _____ C:\Windows\Tasks\qflnTLaE9hxkp.job
2015-07-23 19:23 - 2012-11-10 17:16 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-23 19:23 - 2012-11-10 17:16 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-23 19:23 - 2011-09-18 10:28 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-20 07:31 - 2012-01-29 23:46 - 00024264 _____ C:\Users\Matt\Downloads\House expenses.xlsx
2015-07-19 08:04 - 2011-12-21 22:32 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-19 07:58 - 2011-12-21 22:22 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-19 07:58 - 2011-12-21 22:22 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-18 22:17 - 2009-07-14 05:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-18 22:17 - 2009-07-14 05:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-18 22:09 - 2011-05-12 17:35 - 00000000 ____D C:\Users\Matt\Tracing
2015-07-18 22:08 - 2015-04-18 01:47 - 00001480 _____ C:\Windows\setupact.log
2015-07-18 22:08 - 2012-05-30 21:02 - 00000408 _____ C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2015-07-18 22:08 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-11 09:00 - 2011-11-16 14:24 - 00000000 ____D C:\Users\Jo\Tracing
2015-07-11 08:59 - 2009-07-14 05:45 - 00414704 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-28 22:43 - 2015-04-18 01:46 - 00360944 _____ C:\Windows\PFRO.log
2015-06-28 22:43 - 2013-03-15 17:09 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-06-28 22:43 - 2013-03-15 17:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-06-25 17:05 - 2011-05-10 20:24 - 00000000 ____D C:\Users\Matt\AppData\Roaming\SoftGrid Client
2015-06-24 18:27 - 2015-05-26 19:40 - 00000000 ____D C:\Users\Jo\AppData\Local\{8A3CB51E-98AB-45BB-BF46-EC81C91AE3E2}

==================== Files in the root of some directories =======

2014-07-08 22:07 - 2014-07-08 22:08 - 0001256 _____ () C:\Users\Matt\AppData\Roaming\Bubble Dock.boostrap.log
2014-07-08 22:07 - 2014-07-08 22:08 - 0009027 _____ () C:\Users\Matt\AppData\Roaming\Bubble Dock.installation.log
2013-11-26 00:16 - 2013-11-26 00:16 - 0025757 _____ () C:\Users\Matt\AppData\Roaming\UserTile.png
2011-11-09 14:16 - 2015-04-18 15:32 - 0105348 _____ () C:\Users\Matt\AppData\Local\ars.cache
2011-11-09 14:21 - 2015-04-18 15:33 - 7219139 _____ () C:\Users\Matt\AppData\Local\census.cache
2011-11-09 12:09 - 2011-11-09 12:09 - 0000036 _____ () C:\Users\Matt\AppData\Local\housecall.guid.cache
2015-04-17 00:35 - 2015-04-18 08:43 - 0000010 _____ () C:\Users\Matt\AppData\Local\sponge.last.runtime.cache
2010-08-30 10:12 - 2010-03-02 23:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe

Some files in TEMP:
====================
C:\Users\Jo\AppData\Local\Temp\AskSLib.dll
C:\Users\Jo\AppData\Local\Temp\avgnt.exe
C:\Users\Jo\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe
C:\Users\Jo\AppData\Local\Temp\MSN4A2C.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys
[2011-06-02 15:55] - [2010-11-20 14:34] - 0295808 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\System32\Drivers\volsnap.sys No Company Name <===== ATTENTION!

testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume2
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {97b4ea67-ffa5-11df-a62b-dbd01fb2883b}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {97b4ea69-ffa5-11df-a62b-dbd01fb2883b}
recoveryenabled         Yes
testsigning             Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {97b4ea67-ffa5-11df-a62b-dbd01fb2883b}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {97b4ea69-ffa5-11df-a62b-dbd01fb2883b}
device                  ramdisk=[C:]\Recovery\97b4ea69-ffa5-11df-a62b-dbd01fb2883b\Winre.wim,{97b4ea6a-ffa5-11df-a62b-dbd01fb2883b}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\97b4ea69-ffa5-11df-a62b-dbd01fb2883b\Winre.wim,{97b4ea6a-ffa5-11df-a62b-dbd01fb2883b}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {97b4ea67-ffa5-11df-a62b-dbd01fb2883b}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume2
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier              {97b4ea6a-ffa5-11df-a62b-dbd01fb2883b}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\97b4ea69-ffa5-11df-a62b-dbd01fb2883b\boot.sdi

LastRegBack: 2015-06-11 07:28

==================== End of log ============================

Thanks,

Matt

#2
RKinner

Posted 24 July 2015 - 04:34 PM

Malware Expert

Expert
24,625 posts

FRST seems to think you have the Nemurs rootkit. See if you can get ESET's tool to run:

http://kb.eset.com/e...ent&id=SOLN3137

Then

Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that. Run FRST again, check the Additions box and then Scan. You will get two logs. Post them both.

#3
hotdog_1984

Posted 26 July 2015 - 04:57 PM

Member

Topic Starter
Member
28 posts

Hi,

Thanks for the response. I ran the tool you recommended and it stated I did have the Nemurs Rootkit and that it has now been removed. I have downloaded the Fixlist.txt to the same location and run FIX on the FRST Tool. Below is the log:

Fix result of Farbar Recovery Scan Tool (x64) Version:26-07-2015

Ran by Matt at 2015-07-26 23:25:20 Run:1

Running from C:\Users\Matt\Downloads

Loaded Profiles: Matt (Available Profiles: Matt & Jo & Mcx1-MATT-PC)

Boot Mode: Normal

==============================================

fixlist content:

*****************

FF Extension: 48 dresses - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] [2015-04-02]

FF Extension: SaleePPlus - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] [2015-04-16]

FF Extension: SAlePPlus - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] [2015-04-16]

FF Extension: SAlePlluis - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] [2015-04-16]

FF Extension: SalePluus - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] [2015-04-16]

FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\my-prefs.js [2015-03-25] <==== ATTENTION (Points to *.cfg file)

FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\my.cfg [2015-03-25] <==== ATTENTION

Locked "175b006c71bbd734" service could not be unlocked. <===== ATTENTION

U5 175b006c71bbd734; C:\Windows\System32\Drivers\175b006c71bbd734.sys [41424 2014-08-25] () <===== ATTENTION Necurs Rootkit?

U5 175b006c71bbd734; <===== ATTENTION Locked Service

2015-07-24 22:15 - 2015-04-02 09:15 - 00001312 _____ C:\Windows\Tasks\48_dresses_notification_service.job

2015-07-24 22:13 - 2014-07-08 22:13 - 00003112 _____ C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-3.job

2015-07-24 22:13 - 2014-07-08 22:13 - 00002198 _____ C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-4.job

2015-07-24 22:13 - 2014-07-08 22:13 - 00001532 _____ C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-1.job

2015-07-24 22:13 - 2014-07-08 22:13 - 00001528 _____ C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-6.job

2015-07-24 22:13 - 2014-07-08 22:13 - 00001462 _____ C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-7.job

2015-07-24 22:13 - 2014-07-08 22:13 - 00001448 _____ C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-5_user.job

2015-07-24 22:13 - 2014-07-08 22:13 - 00001430 _____ C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-5.job

2015-07-24 22:13 - 2014-07-08 22:13 - 00001348 _____ C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-2.job

2015-07-24 22:13 - 2014-07-08 22:13 - 00001278 _____ C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-10.job

2015-07-24 22:13 - 2014-07-08 22:13 - 00000576 _____ C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-11.job

2015-07-24 22:04 - 2012-11-10 17:16 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-07-24 22:03 - 2011-12-21 22:22 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-07-24 21:45 - 2015-04-02 09:15 - 00000674 _____ C:\Windows\Tasks\48_dresses_updating_service.job

2015-07-24 14:46 - 2011-12-21 22:22 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-07-24 14:38 - 2015-04-02 09:15 - 00000994 _____ C:\Windows\Tasks\qflnTLaE9hxkp.job

2015-07-18 22:08 - 2012-05-30 21:02 - 00000408 _____ C:\Windows\Tasks\PC Optimizer Pro64 startups.job

C:\Windows\System32\Drivers\175b006c71bbd734.sys

EmptyTemp:

*****************

C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] => moved successfully.

C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\my-prefs.js => moved successfully.

C:\Program Files (x86)\mozilla firefox\my.cfg => moved successfully.

Locked "175b006c71bbd734" service could not be unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.

175b006c71bbd734 => service not found.

C:\Windows\Tasks\48_dresses_notification_service.job => moved successfully.

C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-3.job => moved successfully.

C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-4.job => moved successfully.

C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-1.job => moved successfully.

C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-6.job => moved successfully.

C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-7.job => moved successfully.

C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-5_user.job => moved successfully.

C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-5.job => moved successfully.

C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-2.job => moved successfully.

C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-10.job => moved successfully.

C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-11.job => moved successfully.

C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully.

C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully.

C:\Windows\Tasks\48_dresses_updating_service.job => moved successfully.

C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully.

C:\Windows\Tasks\qflnTLaE9hxkp.job => moved successfully.

C:\Windows\Tasks\PC Optimizer Pro64 startups.job => moved successfully.

"C:\Windows\System32\Drivers\175b006c71bbd734.sys" => File/Folder not found.

EmptyTemp: => 2.8 GB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 23:38:38 ====

Thanks

#4
hotdog_1984

Posted 26 July 2015 - 05:04 PM

Member

Topic Starter
Member
28 posts

Here are the other 2 logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:26-07-2015

Ran by Matt (administrator) on MATT-PC (26-07-2015 23:58:10)

Running from C:\Users\Matt\Downloads

Loaded Profiles: Matt (Available Profiles: Matt & Jo & Mcx1-MATT-PC)

Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

() C:\Windows\PLFSetI.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Intel Corporation) C:\Windows\System32\igfxext.exe

(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe

(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe

(Microsoft Corporation) C:\Windows\System32\consent.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\msiexec.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)

HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-12-04] ()

HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)

HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)

HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)

HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)

HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)

HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc.)

HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)

HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)

HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)

HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5844800 2015-04-02] (IObit)

HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-18] (Avast Software s.r.o.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKU\S-1-5-21-1492825921-750369754-554371985-1001\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung)

HKU\S-1-5-21-1492825921-750369754-554371985-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4283256 2011-05-13] (Microsoft Corporation)

HKU\S-1-5-21-1492825921-750369754-554371985-1001\...\Run: [EPSON Stylus DX7400 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICDE.EXE [213504 2007-04-12] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-1492825921-750369754-554371985-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)

HKU\S-1-5-21-1492825921-750369754-554371985-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung)

HKU\S-1-5-21-1492825921-750369754-554371985-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-18] (Avast Software s.r.o.)

ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-05-27] (Egis Technology Inc.)

ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll [2010-05-27] (Egis Technology Inc.)

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

HKU\S-1-5-21-1492825921-750369754-554371985-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/

SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox

SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.goo...&cc=GB&unqvl=86

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox

SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.goo...&cc=GB&unqvl=86

SearchScopes: HKU\S-1-5-21-1492825921-750369754-554371985-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-1492825921-750369754-554371985-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-1492825921-750369754-554371985-1001 -> {5681C7A8-6D2C-4454-8804-EFC7ACE05B89} URL = http://www.buenosear...rchTerms}&r=805

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-18] (Avast Software s.r.o.)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-22] (Google Inc.)

BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-18] (Avast Software s.r.o.)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-22] (Google Inc.)

BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2015-04-01] (IObit)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-07-02] (Sun Microsystems, Inc.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-22] (Google Inc.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-22] (Google Inc.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Tcpip\..\Interfaces\{3DE1FAC4-B916-448F-A747-E5A362D2FC66}: [DhcpNameServer] 168.95.1.1

Tcpip\..\Interfaces\{4F5B2ED9-FFBF-4297-BE05-E23927C0EBF7}: [DhcpNameServer] 192.168.1.254

FireFox:

========

FF ProfilePath: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-24] ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-24] ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()

FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-07-02] (Sun Microsystems, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)

FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File

FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-19] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-19] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

FF user.js: detected! => C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\user.js [2014-07-08]

FF SearchPlugin: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\searchplugins\buenosearch.xml [2014-07-08]

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\v9.xml [2014-07-08]

FF Extension: Plus-HD-V1.1 - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\59def0ae-3df8-4e87-8551-8d6b609a202a@97824100-f5d8-46fa-8c09-0b959f58c578.com [2014-07-08]

FF Extension: foxfilterinspiredeffectnet - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] [2015-04-02]

FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] [2015-04-17]

FF Extension: bestadblocker - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] [2015-04-16]

FF Extension: Firefox Certificate Store Hotfix - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] [2015-04-17]

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\extensions\[email protected]

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-04-18]

FF Extension: No Name - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\extensions\[email protected] [not found]

Chrome:

=======

CHR dev: Chrome dev build detected! <======= ATTENTION

CHR Profile: C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-23]

CHR Extension: (Google Docs) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-23]

CHR Extension: (Google Drive) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-24]

CHR Extension: (YouTube) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-24]

CHR Extension: (Google Search) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-24]

CHR Extension: (Google Sheets) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-23]

CHR Extension: (Avira Browser Safety) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-14]

CHR Extension: (Avast Online Security) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-17]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-23]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-01]

CHR Extension: (Gmail) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-24]

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.goo...ice/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-18]

CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-07-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-18] (Avast Software s.r.o.)

R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [878912 2015-04-02] (IObit)

R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]

S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2585408 2015-04-02] (IObit)

S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)

S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-18] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-18] (Avast Software s.r.o.)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-18] (Avast Software s.r.o.)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-18] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-18] (Avast Software s.r.o.)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-18] (Avast Software s.r.o.)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-18] (Avast Software s.r.o.)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-18] ()

R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2015-03-25] (IObit)

S3 FlashUSB; C:\Windows\System32\DRIVERS\FlashUSB.sys [19968 2013-06-21] (Intel Mobile Communications)

S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-07-18] () [File not signed]

R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2015-03-25] (IObit.com)

R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()

R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2015-03-25] (IObit.com)

S3 npf; \??\C:\Users\Matt\AppData\Local\Temp\HouseCall32\tmase\nmap\npf\x64\npf.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-26 23:41 - 2015-07-26 23:41 - 00000000 _____ C:\Windows\SysWOW64\sho6D72.tmp

2015-07-26 23:23 - 2015-07-26 23:23 - 00000302 _____ C:\Users\Matt\Downloads\Addition.txt

2015-07-26 23:17 - 2015-07-27 00:00 - 00024473 _____ C:\Users\Matt\Downloads\FRST.txt

2015-07-26 23:13 - 2015-07-26 23:13 - 00003886 _____ C:\Users\Matt\Downloads\ESETNecursCleaner.exe_20150726.231334.2184.log

2015-07-26 23:04 - 2015-07-26 23:05 - 00021395 _____ C:\Users\Matt\Downloads\ESETNecursCleaner.exe_20150726.230411.2676.zip

2015-07-26 23:04 - 2015-07-26 23:05 - 00004948 _____ C:\Users\Matt\Downloads\ESETNecursCleaner.exe_20150726.230411.2676.log

2015-07-26 23:04 - 2015-07-26 23:04 - 00260296 _____ (ESET) C:\Users\Matt\Downloads\ESETNecursCleaner.exe

2015-07-26 23:01 - 2015-07-26 23:01 - 02146816 _____ (Farbar) C:\Users\Matt\Downloads\FRST64.exe

2015-07-26 22:29 - 2015-07-26 22:29 - 00000000 ____D C:\Users\Matt\AppData\Local\{45081722-89C2-4395-A90C-ACBF05B01658}

2015-07-24 22:24 - 2015-07-26 23:58 - 00000000 ____D C:\FRST

2015-07-23 12:42 - 2015-07-23 12:47 - 00000281 _____ C:\Users\Matt\Desktop\IMAC Comparison.txt

2015-07-18 22:10 - 2015-07-25 16:23 - 00000000 ____D C:\Users\Matt\AppData\Local\{E7DF2EB8-FD6E-4D97-947F-8195E6F3E7D2}

2015-07-11 11:02 - 2015-07-11 11:02 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

2015-07-11 09:01 - 2015-07-11 09:02 - 00000000 ____D C:\Users\Jo\AppData\Local\{252270E9-4272-4809-9F13-3FC4FC5EC7E3}

2015-07-05 00:37 - 2015-07-10 18:32 - 00000000 ____D C:\Users\Matt\AppData\Local\{273F4760-3105-46FE-9F60-7FB0FA96E33C}

2015-06-28 22:45 - 2015-07-04 07:14 - 00000000 ____D C:\Users\Matt\AppData\Local\{AF14753A-D933-4377-B0D3-0E0718943F04}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-26 23:52 - 2009-07-14 05:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-07-26 23:52 - 2009-07-14 05:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-07-26 23:50 - 2015-06-17 19:42 - 00154278 _____ C:\Windows\WindowsUpdate.log

2015-07-26 23:46 - 2011-05-12 17:35 - 00000000 ____D C:\Users\Matt\Tracing

2015-07-26 23:43 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-07-26 23:43 - 2009-07-14 05:45 - 00414704 _____ C:\Windows\system32\FNTCACHE.DAT

2015-07-26 23:42 - 2015-04-18 01:47 - 00001648 _____ C:\Windows\setupact.log

2015-07-26 23:25 - 2011-09-18 10:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2015-07-26 23:08 - 2011-05-16 12:48 - 00000258 __RSH C:\ProgramData\ntuser.pol

2015-07-26 22:27 - 2015-04-18 01:46 - 00361602 _____ C:\Windows\PFRO.log

2015-07-24 23:04 - 2012-11-10 17:16 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-07-24 23:04 - 2012-11-10 17:16 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-07-24 23:04 - 2011-09-18 10:28 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-07-20 07:31 - 2012-01-29 23:46 - 00024264 _____ C:\Users\Matt\Downloads\House expenses.xlsx

2015-07-19 08:04 - 2011-12-21 22:32 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2015-07-19 07:58 - 2011-12-21 22:22 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-07-19 07:58 - 2011-12-21 22:22 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-07-11 09:00 - 2011-11-16 14:24 - 00000000 ____D C:\Users\Jo\Tracing

2015-06-28 22:43 - 2013-03-15 17:09 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2015-06-28 22:43 - 2013-03-15 17:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

==================== Files in the root of some directories =======

2014-07-08 22:07 - 2014-07-08 22:08 - 0001256 _____ () C:\Users\Matt\AppData\Roaming\Bubble Dock.boostrap.log

2014-07-08 22:07 - 2014-07-08 22:08 - 0009027 _____ () C:\Users\Matt\AppData\Roaming\Bubble Dock.installation.log

2013-11-26 00:16 - 2013-11-26 00:16 - 0025757 _____ () C:\Users\Matt\AppData\Roaming\UserTile.png

2011-11-09 14:16 - 2015-04-18 15:32 - 0105348 _____ () C:\Users\Matt\AppData\Local\ars.cache

2011-11-09 14:21 - 2015-04-18 15:33 - 7219139 _____ () C:\Users\Matt\AppData\Local\census.cache

2011-11-09 12:09 - 2011-11-09 12:09 - 0000036 _____ () C:\Users\Matt\AppData\Local\housecall.guid.cache

2015-04-17 00:35 - 2015-04-18 08:43 - 0000010 _____ () C:\Users\Matt\AppData\Local\sponge.last.runtime.cache

2010-08-30 10:12 - 2010-03-02 23:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!

LastRegBack: 2015-06-11 07:28

==================== End of log ============================

ADDITIONS TEXT LOG:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:26-07-2015

Ran by Matt at 2015-07-27 00:01:06

Running from C:\Users\Matt\Downloads

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1492825921-750369754-554371985-500 - Administrator - Disabled)

Guest (S-1-5-21-1492825921-750369754-554371985-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1492825921-750369754-554371985-1002 - Limited - Enabled)

Jo (S-1-5-21-1492825921-750369754-554371985-1003 - Administrator - Enabled) => C:\Users\Jo

Matt (S-1-5-21-1492825921-750369754-554371985-1001 - Administrator - Enabled) => C:\Users\Matt

Mcx1-MATT-PC (S-1-5-21-1492825921-750369754-554371985-1004 - Limited - Enabled) => C:\Users\Mcx1-MATT-PC

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

AS: IObit Malware Fighter (Enabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.21 (HKLM-x32\...\{23170F69-40C1-2701-0921-000001000000}) (Version: 9.21.00.0 - Igor Pavlov)

Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)

Acer Crystal Eye webcam Ver:1.1.194.1021 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.194.1021 - Chicony Electronics Co.,Ltd.)

Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)

Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)

Acer GameZone Console (HKLM-x32\...\{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1) (Version: 6.1.0.9 - Oberon Media, Inc.)

Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)

Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)

Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)

Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)

Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Airport Mania First Flight (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}) (Version: - Oberon Media)

Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version: - Oberon Media)

Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2215 - AVAST Software)

Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden

BallerMarkup (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{a24fdd4d}) (Version: - BallerMarkup) <==== ATTENTION

BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.2.0 - )

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)

Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media)

CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)

Celestix HOTPin Client 1.1 for Windows (HKLM-x32\...\{E74A64C6-F1A0-4729-B0B5-273471E81105}) (Version: 1.01.0000 - Celestix Networks, Inc.)

COWON Media Center - jetAudio Basic VX (HKLM-x32\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.0.16 - COWON)

CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3216.50 - CyberLink Corp.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media)

eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)

EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)

Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden

Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media)

Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)

Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)

Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)

IObit Malware Fighter 3 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 3.1 - IObit)

iTunes (HKLM\...\{A04DCB25-7040-4935-A30D-8E0A893ABF2D}) (Version: 11.1.2.32 - Apple Inc.)

Java™ 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216026FF}) (Version: 6.0.260 - Oracle)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)

LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 6.0.19.19317 - LeapFrog)

LeapFrog Connect (x32 Version: 6.0.19.19317 - LeapFrog) Hidden

LeapFrog My Pals Plugin (x32 Version: 6.0.19.19317 - LeapFrog) Hidden

LG PC Suite III (HKLM-x32\...\{C0E18DC4-C74A-4889-AE3A-933471023787}) (Version: 1.0.0.0 - LG Electronics)

LG PC Suite III (x32 Version: 1.0.0.0 - LG Electronics) Hidden

LG USB Modem Drivers (HKLM-x32\...\{FA02ACAC-9E14-4878-A257-92A22A647C2C}) (Version: 4.9.4 - LG Electronics)

Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version: - Oberon Media)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Zoo Tycoon (HKLM-x32\...\Zoo Tycoon 1.0) (Version: - )

Mozilla Firefox 10.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 10.0.2 (x86 en-GB)) (Version: 10.0.2 - Mozilla)

MyFreeCodec (HKU\S-1-5-21-1492825921-750369754-554371985-1001\...\MyFreeCodec) (Version: - )

MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden

MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)

MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden

NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8939 - NTI Corporation)

NTI Media Maker 9 (x32 Version: 9.0.2.8939 - NTI Corporation) Hidden

Poker Pop (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}) (Version: - Oberon Media)

QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)

SaleePPlus (HKLM-x32\...\{B696F285-F54E-2524-58B1-E06A70ABE6BE}) (Version: - ) <==== ATTENTION

Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.)

Samsung Kies (x32 Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.) Hidden

SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)

Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden

Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden

Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)

Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin) (HKLM-x32\...\MyPalsPlugin) (Version: - LeapFrog)

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)

Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)

Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)

Windows Media Center Add-in for Silverlight (HKLM-x32\...\{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}) (Version: 4.7.3.0 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

17-04-2015 22:14:17 avast! antivirus system restore point

17-04-2015 22:24:35 Installed Microsoft Fix it 50202

18-04-2015 01:01:08 Installed AVG 2015

18-04-2015 01:02:20 Installed AVG 2015

18-04-2015 08:24:13 Removed AVG 2015

18-04-2015 08:25:47 Removed AVG 2015

18-04-2015 20:48:15 avast! antivirus system restore point

04-05-2015 18:40:05 Scheduled Checkpoint

11-06-2015 07:35:01 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-04-18 00:51 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

127.0.0.1 10sek.com

127.0.0.1 www.10sek.com

127.0.0.1 www.1-2005-search.com

127.0.0.1 1-2005-search.com

127.0.0.1 123fporn.info

127.0.0.1 www.123fporn.info

127.0.0.1 123haustiereundmehr.com

127.0.0.1 www.123haustiereundmehr.com

127.0.0.1 123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07C5F1A7-B854-4AF5-B35F-768513EBAA39} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-24] (Adobe Systems Incorporated)

Task: {184B43D1-D0F0-46DB-B5DB-3525B0388B97} - System32\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-11 => C:\Program Files (x86)\Plus-HD-V1.1\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-11.exe <==== ATTENTION

Task: {34B9B85F-38EA-480F-B9AE-7B5BC218884C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)

Task: {4CB20647-6A4D-4046-8D2D-D2DF1111B258} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION

Task: {519ADA39-2545-4487-AFD7-084B95A3A84C} - System32\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-3 => C:\Program Files (x86)\Plus-HD-V1.1\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-3.exe <==== ATTENTION

Task: {52C0A07F-0AC5-4CE3-85EA-3FE26B50DDAD} - System32\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-4 => C:\Program Files (x86)\Plus-HD-V1.1\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-4.exe <==== ATTENTION

Task: {55920075-D578-434E-A66F-718B5376AAF2} - System32\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-5 => C:\Program Files (x86)\Plus-HD-V1.1\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-5.exe <==== ATTENTION

Task: {61BCD03D-7D1E-493D-8F18-A0DB53330E9D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-20] (Avast Software s.r.o.)

Task: {62B1784B-E682-42A9-8E76-5E341EACF4C2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)

Task: {67BFC6A3-F4C4-4984-85E7-0BECD70C97E5} - \SidebarExecute No Task File <==== ATTENTION

Task: {6A4CADA4-F5DE-4105-912A-7D052B79AEBC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {95F8F8F1-96B6-4DC0-91D5-032998B9D8F4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)

Task: {9EB34624-A650-4530-AF6F-2DFFB54B4DB9} - System32\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-10 => C:\Program Files (x86)\Plus-HD-V1.1\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-10.exe <==== ATTENTION

Task: {A065E288-729B-4C79-A862-74D936767F3D} - System32\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-7 => C:\Program Files (x86)\Plus-HD-V1.1\Plus-HD-V1.1-nova.exe <==== ATTENTION

Task: {A207D1C8-76E4-449F-87F1-5C1092283053} - System32\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-5_user => C:\Program Files (x86)\Plus-HD-V1.1\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-5.exe <==== ATTENTION

Task: {A8F59469-D32E-45E0-9D08-E3C8EFA603F4} - System32\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-6 => C:\Program Files (x86)\Plus-HD-V1.1\Plus-HD-V1.1-novainstaller.exe <==== ATTENTION

Task: {AB40CABE-83EE-42B4-9085-C5098D4FEF40} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)

Task: {C92CAFD2-DA6B-45C2-AF9E-67CCFE508C05} - System32\Tasks\48_dresses_notification_service => C:\Program Files (x86)\48 dresses\48_dresses_notification_service.exe <==== ATTENTION

Task: {D498279E-BBC3-4330-B02A-7F3532CD68F4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)

Task: {D86CFCB3-4C55-40D9-BDB8-E7836CC011DD} - System32\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-1 => C:\Program Files (x86)\Plus-HD-V1.1\Plus-HD-V1.1-codedownloader.exe <==== ATTENTION

Task: {E20D84A3-0BFC-4517-A56B-0F33EBB37F0D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)

Task: {E7986A30-ED57-4BAE-914D-375212B7711A} - System32\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-2 => C:\Program Files (x86)\Plus-HD-V1.1\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-2.exe <==== ATTENTION

Task: {E7F25E9D-5410-4311-BDB9-0111B64E1D62} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-MATT-PC => C:\Windows\ehome\McxTask.exe [2009-07-14] (Microsoft Corporation)

Task: {F5FC005D-2BDD-4AFF-AF48-B29188B52165} - System32\Tasks\qflnTLaE9hxkp => C:\Users\Matt\AppData\Roaming\qflnTLaE9hxkp.exe <==== ATTENTION

Task: {FB3088AC-8511-4F11-BF25-9514916D672D} - System32\Tasks\48_dresses_updating_service => C:\Program Files (x86)\48 dresses\48_dresses_updating_service.exe <==== ATTENTION

Task: {FC3A4E01-D105-4779-A08B-54C04DCDE2B6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Loaded Modules (Whitelisted) ==============

2010-12-04 06:24 - 2010-12-04 06:24 - 00206208 _____ () C:\Windows\PLFSetI.exe

2015-04-18 20:51 - 2015-04-18 20:51 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll

2015-04-18 20:51 - 2015-04-18 20:51 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

2015-07-26 23:14 - 2015-07-26 23:14 - 02960384 _____ () C:\Program Files\AVAST Software\Avast\defs\15072501\algo.dll

2015-04-17 22:42 - 2015-01-09 18:46 - 00517408 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\sqlite3.dll

2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2010-06-28 23:20 - 2010-06-28 23:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll

2010-06-28 23:12 - 2010-06-28 23:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll

2015-04-18 00:20 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl

2015-04-18 00:20 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl

2015-04-18 00:20 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl

2010-08-30 10:45 - 2009-05-20 07:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll

2014-02-01 13:30 - 2014-02-01 13:30 - 00861184 _____ () C:\Program Files (x86)\LeapFrog\LeapFrog Connect\platforms\qwindows.dll

2015-04-18 20:51 - 2015-04-18 20:51 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2015-04-17 22:42 - 2015-03-27 15:39 - 00182080 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll

2015-04-17 22:42 - 2015-01-09 18:46 - 00145184 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll

2014-08-15 18:21 - 2014-08-15 18:21 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\e28fdf645d0ce4b58b0ee3352e1de34c\IsdiInterop.ni.dll

2010-08-30 10:03 - 2010-04-13 17:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

2015-07-19 08:04 - 2015-07-13 22:55 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libglesv2.dll

2015-07-19 08:04 - 2015-07-13 22:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libegl.dll

2015-07-19 08:04 - 2015-07-13 22:55 - 16308040 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com

IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com

IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com

IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com

IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com

IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com

IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com

IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com

IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com

IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com

IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com

IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com

IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com

IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com

IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net

IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net

IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info

IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com

IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com

IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7866 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1492825921-750369754-554371985-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.1.254

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: )

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F4C0BA75-6C35-485E-9FE2-064F7F730F0F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE

FirewallRules: [{60B083C3-3B8C-4269-A541-4124472619B1}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

FirewallRules: [{6283E75F-40CB-404C-AB57-53A6DBDF2513}] => (Allow) svchost.exe

FirewallRules: [{416B6D9F-EF9B-4226-A373-1746B0D6DE39}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe

FirewallRules: [{762CC632-91BB-4DFD-B9BB-6E8404C6CB63}] => (Allow) C:\Program Files (x86)\BitTorrent\BitTorrent.exe

FirewallRules: [{11E45FA5-D4CF-406A-BFFB-93DE09ECB5A4}] => (Allow) C:\Program Files (x86)\BitTorrent\BitTorrent.exe

FirewallRules: [{4AD1E25D-E860-46CB-A828-1528DE8FDEA8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{2F3FD173-C279-4FD8-BFA4-C2B94527ACC9}] => (Allow) LPort=2869

FirewallRules: [{EB8B7112-5EB8-49C6-A27E-D5E6A3C7C618}] => (Allow) LPort=1900

FirewallRules: [{63FA221D-A17D-49C2-AE78-41F0A3FD3123}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{C2A4D703-A2F6-4060-9218-5DBDA438D592}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe

FirewallRules: [{492055C1-5ADB-4987-AD4E-3E3DC953DE84}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{710081BB-9237-4801-9241-C006CD563D68}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{82E71F38-330F-47F7-BA22-551F13DA3E9D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{DDFB697B-E267-4908-98B5-28995A7105BE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{D6ED9204-65DA-40F9-9539-E3A1994C0FDF}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe

FirewallRules: [{A8AD10C7-0404-4442-ACBF-3028A4A9A3B2}] => (Allow) C:\Windows\SysWOW64\muzapp.exe

FirewallRules: [{178591AB-98F4-4EFC-9D84-372B37C41523}] => (Allow) C:\Windows\SysWOW64\muzapp.exe

FirewallRules: [{6C717DC4-10F1-44FE-ADB6-C473E0378738}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exe

FirewallRules: [{861257E8-77DD-4882-99F0-5E15E5DD8E40}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe

FirewallRules: [{0E825599-375D-4975-9075-957DE6C19892}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe

FirewallRules: [{31EE339F-732A-4DE9-A6C3-4C00E6F9B8EA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access

StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service

StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater

StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft Teredo Tunneling Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:

==================

Error: (07/26/2015 11:56:26 PM) (Source: MsiInstaller) (EventID: 1024) (User: Matt-PC)

Description: Product: Adobe Reader XI - Update '{AC76BA86-7AD7-0000-2550-7A8C40011012}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Error: (07/26/2015 11:23:27 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: FRST64.exe, version: 26.7.2015.0, time stamp: 0x55b4ab01

Faulting module name: FRST64.exe, version: 26.7.2015.0, time stamp: 0x55b4ab01

Exception code: 0xc0000005

Fault offset: 0x000000000002652a

Faulting process id: 0x1bb0

Faulting application start time: 0xFRST64.exe0

Faulting application path: FRST64.exe1

Faulting module path: FRST64.exe2

Report Id: FRST64.exe3

Error: (07/26/2015 10:40:03 PM) (Source: MsiInstaller) (EventID: 1024) (User: Matt-PC)

Error: (07/26/2015 10:38:24 PM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Information only.

Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (07/25/2015 11:51:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 3416391

Error: (07/25/2015 11:51:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 3416391

Error: (07/25/2015 11:51:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/25/2015 11:51:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 3400775

Error: (07/25/2015 11:51:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 3400775

Error: (07/25/2015 11:51:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

System errors:

=============

Error: (07/26/2015 11:45:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:

%%1053

Error: (07/26/2015 11:45:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (07/26/2015 11:43:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:

%%1053

Error: (07/26/2015 11:43:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (07/26/2015 11:09:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:

%%1053

Error: (07/26/2015 11:09:40 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (07/26/2015 11:08:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:

%%1053

Error: (07/26/2015 11:08:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (07/26/2015 10:31:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The avast! HardwareID service failed to start due to the following error:

%%31

Error: (07/26/2015 10:30:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The UrlFilter service failed to start due to the following error:

%%31

Microsoft Office:

=========================

CodeIntegrity Error:

===================================

Date: 2014-08-25 10:54:50.726

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\345e40e9.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-25 10:54:50.242

Date: 2013-09-15 09:25:07.912

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-09-15 09:25:07.760

Date: 2013-09-15 09:25:05.286

Date: 2013-09-15 09:25:05.044

Date: 2013-09-15 09:25:02.717

Date: 2013-09-15 09:25:02.448

Date: 2013-09-15 09:24:59.984

Date: 2013-09-15 09:24:59.736

==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU M 480 @ 2.67GHz

Percentage of memory in use: 73%

Total physical RAM: 3766.71 MB

Available physical RAM: 999.79 MB

Total Virtual: 7531.6 MB

Available Virtual: 4665.33 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:452.66 GB) (Free:203.99 GB) NTFS

Drive d: (My Disc) (CDROM) (Total:0.14 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 01EF3CC9)

Partition 1: (Not Active) - (Size=13 GB) - (Type=27)

Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=452.7 GB) - (Type=07 NTFS)

==================== End of log ============================

What's my next step action wise?

Thanks again for your help

Matt

#5
RKinner

Posted 26 July 2015 - 08:53 PM

Malware Expert

Expert
24,625 posts

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You do not have the latest Java.
First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java™ 6 Update 26

Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.

If you feel you must have Java:
Get the latest Java at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.
Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.

(If you also want the 64 bit version then use the 64 bit version of IE to get it.)

Also uninstall:

SaleePPlus

Bonjour

Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that.

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply (or rename it as the next time you run VEW it will overwrite the first log) then repeat but select Application.

Run FRST again, check the Additions box and then Scan. You will get two logs. Post them both.

How is it running now?

#6
hotdog_1984

Posted 27 July 2015 - 12:25 AM

Member

Topic Starter
Member
28 posts

Hi,

Thanks again for your reply. I have now cleared the java cache and removed java 6 update. There were no other programs (java, runtime, virtual machine etc) in the Uninstall program in Control Panel.

I will not be re-installing it unless necessary at a later date.

I have also removed Safee and Bonjour

For the next stage here is my FixLog:

Fix result of Farbar Recovery Scan Tool (x64) Version:26-07-2015

Ran by Matt at 2015-07-27 07:02:27 Run:2