Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help removing "Ads by Jabuticata" [Solved]

Malware?

  • This topic is locked This topic is locked

#31
Johnde2000

Johnde2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts

First I could not stop AVAST from running (don't know how to)

 

Second let me tell you I did backup my pictures, documents, videos and desk top items. Last time I had put all those onto a flashdrive and deleted them from the computer. This time I left everything except Pictures and documents.

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-07-2015
Ran by John (administrator) on JOHN-PC-1 (31-07-2015 12:55:50)
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available Profiles: John)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\LVPrS64H.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMax] => C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe [3866624 2009-05-18] (Analog Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2013-11-04] (Analog Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-30] (AVAST Software)
HKU\S-1-5-21-4074055908-3935984809-2394099874-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-07-28] (AMD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-01-06]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-30] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-4074055908-3935984809-2394099874-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4074055908-3935984809-2394099874-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.co...q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-30] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-06-09] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-26] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-30] (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-26] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-06-18] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{E9C7566B-7793-4DBE-9A0F-520B2635A5DF}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{E9C7566B-7793-4DBE-9A0F-520B2635A5DF}: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\7od82dfo.default
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-26] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-26] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-06-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [2012-05-31] (Oberon-Media )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4074055908-3935984809-2394099874-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\John\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-10] (Unity Technologies ApS)
FF Extension: Adblock Edge - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\7od82dfo.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-07-30]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-06-02]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-30]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-30]

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2013-11-04] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-30] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-07-30] (Avast Software)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [441216 2015-05-08] ()
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-01] (Microsoft Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-17] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S4 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2013-10-18] (Enigma Software Group USA, LLC.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-30] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-07-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-30] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-07-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-30] (AVAST Software)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2013-11-04] ()
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-07-30] (AVAST Software)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2014-05-19] (Razer Inc)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2013-12-24] (IObit)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-30] (Avast Software)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-31 12:55 - 2015-07-31 12:56 - 00015346 _____ C:\Users\John\Desktop\FRST.txt
2015-07-31 12:55 - 2015-07-31 12:55 - 00000000 ___DC C:\FRST
2015-07-31 12:53 - 2015-07-31 12:53 - 02168832 ____C (Farbar) C:\Users\John\Desktop\FRST64.exe
2015-07-31 10:01 - 2015-07-31 10:01 - 00000000 ____D C:\Users\John\AppData\Local\VirtualStore
2015-07-31 00:13 - 2015-07-31 00:17 - 00003029 ____C C:\DelFix.txt
2015-07-31 00:13 - 2015-07-31 00:13 - 00000000 ____D C:\Windows\ERUNT
2015-07-30 23:40 - 2015-07-30 23:40 - 00000000 ____D C:\Users\John\Documents\SCHOOL
2015-07-30 23:39 - 2014-01-05 11:04 - 00028160 _____ C:\Users\John\Documents\Resume 2006.wps
2015-07-30 23:31 - 2015-07-31 12:49 - 00000000 ___RD C:\Users\John\Desktop\Jacobs Games
2015-07-30 23:31 - 2015-07-30 23:35 - 00000000 ___RD C:\Users\John\Desktop\John's Games
2015-07-30 23:31 - 2015-07-30 23:31 - 00000000 ___RD C:\Users\John\Desktop\Movie Channels
2015-07-30 23:30 - 2015-07-31 12:44 - 00000000 ___RD C:\Users\John\Desktop\Saved
2015-07-30 23:30 - 2015-07-30 23:31 - 00000000 ___RD C:\Users\John\Desktop\Jacobs Folder
2015-07-30 23:30 - 2015-07-19 18:21 - 00000128 _____ C:\Users\John\Desktop\New Radio.url
2015-07-30 23:30 - 2015-07-15 09:42 - 00000231 _____ C:\Users\John\Desktop\Weather.URL
2015-07-30 23:30 - 2015-04-06 17:55 - 00000177 _____ C:\Users\John\Desktop\Yahoo.url
2015-07-30 23:30 - 2014-02-06 00:35 - 00000190 _____ C:\Users\John\Desktop\BWC Forum.url
2015-07-30 23:17 - 2013-11-08 16:16 - 00000215 _____ C:\Users\John\Desktop\Facebook.url
2015-07-30 21:54 - 2015-07-30 21:54 - 12431584 ____C (Nullsoft, Inc.) C:\Users\John\Downloads\winamp5666_full_en-us.exe
2015-07-30 21:39 - 2015-07-31 09:48 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-30 21:39 - 2015-07-30 21:40 - 00000000 ____D C:\Windows\SysWOW64\vbox
2015-07-30 21:39 - 2015-07-30 21:40 - 00000000 ____D C:\Windows\system32\vbox
2015-07-30 21:39 - 2015-07-30 21:39 - 00001922 _____ C:\Users\John\Desktop\Avast Free Antivirus.lnk
2015-07-30 21:39 - 2015-07-30 21:39 - 00000000 ____D C:\Users\John\AppData\Roaming\AVAST Software
2015-07-30 21:39 - 2015-07-30 21:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-07-30 21:38 - 2015-07-30 21:38 - 01048856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-07-30 21:38 - 2015-07-30 21:38 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-07-30 21:38 - 2015-07-30 21:38 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-07-30 21:38 - 2015-07-30 21:38 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-07-30 21:38 - 2015-07-30 21:38 - 00150672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-07-30 21:38 - 2015-07-30 21:38 - 00115152 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-07-30 21:38 - 2015-07-30 21:38 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-07-30 21:38 - 2015-07-30 21:38 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-07-30 21:38 - 2015-07-30 21:38 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-07-30 21:38 - 2015-07-30 21:38 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-07-30 21:38 - 2015-07-30 21:38 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-07-30 21:37 - 2015-07-30 21:37 - 00000000 ____D C:\Program Files\AVAST Software
2015-07-30 21:35 - 2015-07-30 21:35 - 05685584 ____C (AVAST Software) C:\Users\John\Downloads\avast_free_antivirus_setup_online.exe
2015-07-30 21:35 - 2015-07-30 21:35 - 00000000 ____D C:\ProgramData\AVAST Software
2015-07-30 20:20 - 2015-07-30 20:03 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-07-30 07:42 - 2015-07-30 07:42 - 00001106 _____ C:\Users\John\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-30 07:42 - 2015-07-30 07:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-30 07:42 - 2015-07-30 07:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-30 07:42 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-30 07:42 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-30 06:27 - 2015-07-30 06:27 - 00419840 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2015-07-30 06:27 - 2015-07-30 06:27 - 00413696 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2015-07-30 06:27 - 2015-07-30 06:27 - 00133632 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2015-07-30 06:27 - 2015-07-30 06:27 - 00110592 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2015-07-30 06:27 - 2015-07-30 06:27 - 00000000 ____D C:\Program Files (x86)\Creative
2015-07-30 06:27 - 2008-09-17 15:11 - 01828352 ____N (Creative) C:\Windows\system32\adi_oal.dll
2015-07-30 06:27 - 2008-09-17 15:07 - 01503232 ____N (Creative) C:\Windows\SysWOW64\adi_oal.dll
2015-07-30 06:26 - 2015-07-30 06:27 - 00008622 _____ C:\Windows\SMinstall.log
2015-07-30 06:26 - 2015-07-30 06:26 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundMAX
2015-07-29 23:02 - 2015-07-31 11:38 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-29 23:01 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-29 23:00 - 2015-07-29 23:00 - 16502728 _____ (Malwarebytes Corp.) C:\Users\John\Desktop\mbar-1.09.1.1004.exe
2015-07-29 22:11 - 2015-07-29 22:11 - 02248704 _____ C:\Users\John\Desktop\AdwCleaner.exe
2015-07-29 21:15 - 2015-07-29 21:38 - 00000000 ____D C:\Users\John\AppData\Local\CrashDumps
2015-07-29 19:39 - 2015-07-29 19:39 - 00001134 _____ C:\Users\John\Desktop\TeamSpeak 3 Client.lnk
2015-07-29 14:04 - 2015-07-31 09:45 - 00023606 _____ C:\Windows\PFRO.log
2015-07-28 11:51 - 2015-07-31 09:50 - 00077141 _____ C:\Windows\WindowsUpdate.log
2015-07-28 11:47 - 2015-07-31 09:45 - 00002365 _____ C:\Windows\setupact.log
2015-07-28 11:47 - 2015-07-28 11:47 - 00000000 _____ C:\Windows\setuperr.log
2015-07-27 12:06 - 2015-07-27 12:06 - 00000000 ____D C:\Users\John\AppData\Roaming\TuneUp Software
2015-07-27 12:03 - 2015-07-29 14:05 - 00000000 ____D C:\ProgramData\MFAData
2015-07-27 12:03 - 2015-07-27 12:03 - 00000000 ____D C:\Users\John\AppData\Local\MFAData
2015-07-27 09:20 - 2015-07-27 09:20 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-27 09:20 - 2015-07-27 09:20 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-27 09:20 - 2015-07-27 09:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-26 21:52 - 2015-07-26 21:52 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-07-26 18:48 - 2015-07-26 20:05 - 00000000 ____D C:\ProgramData\RogueKiller
2015-07-26 18:00 - 2015-07-29 23:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-26 17:21 - 2015-07-26 17:21 - 00003246 _____ C:\Windows\System32\Tasks\Trojan Killer
2015-07-26 17:21 - 2015-07-26 17:21 - 00000000 ____D C:\ProgramData\GridinSoft
2015-07-25 21:22 - 2015-07-25 22:22 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-07-25 21:21 - 2015-07-25 21:21 - 00000000 ____D C:\Users\John\AppData\Local\PopupID1
2015-07-25 21:19 - 2015-07-25 21:19 - 00000000 ____D C:\Users\John\AppData\Roaming\JV Update
2015-07-25 20:48 - 2009-06-10 17:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-07-14 08:52 - 2015-07-14 08:52 - 00063628 _____ C:\Users\John\Documents\ts3_clientui-win32-1407159763-2015-07-14 08_52_06.043339.dmp
2015-07-11 16:46 - 2015-07-11 16:46 - 00000000 ____D C:\Users\John\AppData\Local\WpfApplication1
2015-07-09 19:42 - 2015-07-09 19:42 - 00000000 ____D C:\Users\John\AppData\Local\Sony Online Entertainment

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-31 09:55 - 2009-07-14 00:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-31 09:55 - 2009-07-14 00:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-31 09:46 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-31 09:45 - 2013-11-08 00:51 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2015-07-30 21:55 - 2013-11-08 04:00 - 00000000 ____D C:\Users\John\AppData\Roaming\TS3Client
2015-07-30 19:57 - 2014-04-24 20:01 - 00000000 ____D C:\Users\John\AppData\Roaming\Skype
2015-07-30 06:26 - 2013-11-04 23:27 - 00000000 ____D C:\ProgramData\SonicFocus
2015-07-30 06:26 - 2013-11-04 23:27 - 00000000 ____D C:\Program Files (x86)\Analog Devices
2015-07-29 23:51 - 2009-07-14 01:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-29 21:15 - 2015-06-02 16:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-29 18:00 - 2014-09-25 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-07-28 18:31 - 2015-02-06 11:15 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-07-27 14:11 - 2013-11-27 19:00 - 00000000 ____D C:\Users\John\AppData\Roaming\.minecraft
2015-07-27 08:58 - 2013-11-27 19:00 - 00000000 ____D C:\Program Files (x86)\Java
2015-07-26 21:56 - 2013-11-27 19:00 - 00000000 ____D C:\ProgramData\Oracle
2015-07-26 21:52 - 2014-12-23 18:21 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-26 21:52 - 2014-08-09 11:47 - 00000000 ____D C:\Users\John\AppData\Local\Adobe
2015-07-26 21:52 - 2013-11-09 16:45 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-26 21:50 - 2013-11-27 19:00 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-07-26 18:19 - 2014-12-12 15:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-26 17:14 - 2014-12-12 15:34 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-26 17:14 - 2013-11-08 14:08 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-26 17:14 - 2013-11-08 14:08 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-25 23:15 - 2013-11-11 13:02 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-25 22:16 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-07-25 22:15 - 2013-11-11 13:02 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-25 22:15 - 2009-07-14 00:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-07-25 22:14 - 2013-11-04 21:22 - 00001417 _____ C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-25 21:25 - 2013-11-10 10:34 - 00000000 ____D C:\Windows\Minidump
2015-07-25 21:22 - 2013-11-04 21:49 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-07-25 21:22 - 2013-11-04 21:49 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2015-07-25 21:19 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\spp
2015-07-21 15:01 - 2015-06-18 17:47 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-07-18 23:05 - 2013-12-12 16:17 - 00032768 ___SH C:\Users\John\Documents\Thumbs.db
2015-07-18 18:00 - 2014-04-24 20:01 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-18 17:59 - 2014-04-24 20:01 - 00000000 ____D C:\ProgramData\Skype
2015-07-15 10:35 - 2014-07-25 01:01 - 00000000 ____D C:\Users\John\AppData\Local\Windows Live
2015-07-12 15:38 - 2013-11-08 05:15 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-07-11 07:31 - 2014-11-30 00:48 - 00007608 _____ C:\Users\John\AppData\Local\Resmon.ResmonCfg
2015-07-07 07:31 - 2009-07-14 00:45 - 05102600 _____ C:\Windows\system32\FNTCACHE.DAT

==================== Files in the root of some directories =======

2014-05-10 22:05 - 2014-05-10 22:05 - 0000084 _____ () C:\Users\John\AppData\Local\DVDPATH.TXT
2014-11-30 00:48 - 2015-07-11 07:31 - 0007608 _____ () C:\Users\John\AppData\Local\Resmon.ResmonCfg
2013-11-08 11:51 - 2014-01-06 15:49 - 0005614 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-23 01:25

==================== End of log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-07-2015
Ran by John (2015-07-31 12:56:32)
Running from C:\Users\John\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4074055908-3935984809-2394099874-500 - Administrator - Disabled)
Guest (S-1-5-21-4074055908-3935984809-2394099874-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4074055908-3935984809-2394099874-1003 - Limited - Enabled)
John (S-1-5-21-4074055908-3935984809-2394099874-1000 - Administrator - Enabled) => C:\Users\John

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{853A112F-241F-E344-4636-103C25D3751E}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software)
Bookworm Adventures (HKLM-x32\...\111940693) (Version:  - Oberon Media)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Copy (x32 Version: 130.0.366.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
DJ_AIO_05_F4400_Software_Min (x32 Version: 130.0.448.000 - Hewlett-Packard) Hidden
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05.0.0 - Electronic Arts)
Dream Day First Home (HKLM-x32\...\113832110) (Version:  - Oberon Media)
F4400 (x32 Version: 130.0.448.000 - Hewlett-Packard) Hidden
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Host OpenAL (ADI) (HKLM-x32\...\Host OpenAL (ADI)) (Version:  - )
HP Deskjet F4400 Printer Driver Software 13.0 Rel .5 (HKLM\...\{5AEBB4A3-6878-4CEE-AD34-0F6958A983F0}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HydraVision (x32 Version: 4.2.210.0 - Advanced Micro Devices, Inc.) Hidden
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Marvel Heroes Game (HKLM-x32\...\{ca6069b5-fc6b-4ce8-a03e-2304143706b7}_is1) (Version: 1.0 - Gazillion Entertainment)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.10.5.3 - Marvell)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Word 2013 - en-us (HKLM\...\WordRetail - en-us) (Version: 15.0.4737.1003 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
PlanetSide 2 (HKU\S-1-5-21-4074055908-3935984809-2394099874-1000\...\SOE-PlanetSide 2) (Version:  - Sony Online Entertainment)
Pokémon Trading Card Game Online (HKLM-x32\...\{0D9304CD-1C83-4703-AFEF-0C46D1DB21F2}) (Version: 2.27.0 - The Pokémon Company International)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.15.20888 - Razer Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.0 - IObit)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.6585 - Analog Devices)
SpyHunter (HKLM\...\{72AAF455-1E54-475B-B0AB-5413C78D0E63}) (Version: 4.16.5.4290 - Enigma Software Group USA, LLC)
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1042 - SUPERAntiSpyware.com)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-4074055908-3935984809-2394099874-1000\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vivitar Experience Image Manager (HKLM-x32\...\Vivitar Experience Image Manager) (Version:  - Sakar)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

31-07-2015 00:16:13 End of disinfection
31-07-2015 00:19:54 Revo Uninstaller's restore point - ESET Online Scanner v3
31-07-2015 12:13:48 Revo Uninstaller's restore point - Winamp

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-07-29 21:44 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00C665E3-DD18-4A14-8168-426AA221F64B} - System32\Tasks\{BFAAC155-0BA6-454C-85E9-9B2FCF5477D3} => Firefox.exe http://ui.skype.com/...e=tsProgressBar
Task: {03EDC389-F075-4BEB-B373-73498A390B9E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-06-09] (Microsoft Corporation)
Task: {12C1A078-C2D7-4F61-8502-E2C5704FE45C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-30] (AVAST Software)
Task: {12DBB90F-4CF4-4EE6-9792-A942FE928750} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe
Task: {21D7BFED-A5D1-48D1-B06A-048802FFD219} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-06-18] (Microsoft Corporation)
Task: {29AA740D-ED40-4F4B-BDC8-B163E96202B3} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {357588E7-9BC4-4591-B375-711D5A9FCA77} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-02-13] (IObit)
Task: {38B0002C-700B-4B08-8804-F4ED757204DB} - System32\Tasks\{A7AF326D-2524-4C1D-B535-681370A53758} => pcalua.exe -a "C:\Users\John\Desktop\Microsoft Works\Microsoft Works\Setup.exe" -d "C:\Users\John\Desktop\Microsoft Works\Microsoft Works"
Task: {3C796899-2BDC-455F-9ACE-9E17B8DF9145} - System32\Tasks\{68695F58-F77F-4A46-A96B-545C4F08B26F} => C:\Program Files (x86)\Gazillion Entertainment\Marvel Heroes Game\MarvelHeroesLauncher.exe [2015-07-07] (Gazillion Entertainment)
Task: {40881F86-B83D-48FC-AD79-A002271D69E4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-06-18] (Microsoft Corporation)
Task: {40FCBED7-9381-47F1-BE6B-A72CD30464A7} - System32\Tasks\{D163DBE0-5816-4CF2-815B-B05811740DF1} => pcalua.exe -a "C:\Program Files (x86)\Microsoft Office\Office\Setup\AcmeWord.exe" -c /w Word97.stf
Task: {4C07F0C2-179C-4E1C-B808-A0E17EB50C93} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {684A985A-29BA-4C10-B335-7C0BEEF6E0A4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {86411529-1D38-41BA-B160-9B49C466E36D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {C5BA8E36-EFAE-434A-88C8-EFFE18E5114D} - System32\Tasks\{812EFF4B-8F83-4790-9CB1-8BFF5BE8B1BA} => Firefox.exe http://ui.skype.com/...all?page=tsMain
Task: {DC65E2CE-B50C-49A6-A803-DBCC74C9FB5E} - System32\Tasks\{A66C56A0-07EA-42FA-B5E0-BC25144CC273} => pcalua.exe -a "C:\Program Files (x86)\CTB\Online Assessment\Online Assessment.exe" -d "C:\Program Files (x86)\CTB\Online Assessment\"
Task: {ED49157A-5366-4941-9CBB-6B8DB9A8DC2E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-26] (Adobe Systems Incorporated)
Task: {F7C4BB60-BAA9-4878-9EF0-1696F1F98B2D} - System32\Tasks\{3E72F2D1-D4B1-45C0-8F1B-30A901A8C5EE} => pcalua.exe -a "C:\Users\John\Downloads\Smart Technology 7_0_27_13 64Bit.exe" -d C:\Users\John\Downloads

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-06-18 17:47 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-06-18 17:48 - 2015-06-18 17:48 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-07-30 21:38 - 2015-07-30 21:38 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-30 21:38 - 2015-07-30 21:38 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-31 08:14 - 2015-07-31 08:14 - 02959872 _____ () C:\Program Files\AVAST Software\Avast\defs\15073100\algo.dll
2015-07-31 09:49 - 2015-07-31 09:49 - 02959872 _____ () C:\Program Files\AVAST Software\Avast\defs\15073101\algo.dll
2015-07-30 21:38 - 2015-07-30 21:38 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-07-26 17:14 - 2015-07-26 17:14 - 17448624 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Rofdhowal => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-4074055908-3935984809-2394099874-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-4074055908-3935984809-2394099874-1000\...\sony.com -> sony.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4074055908-3935984809-2394099874-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\John\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: c2cautoupdatesvc => 2
MSCONFIG\Services: c2cpnrsvc => 2
MSCONFIG\Services: ClickToRunSvc => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SpyHunter 4 Service => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: SysMain => 2
MSCONFIG\Services: UMVPFSrv => 2
MSCONFIG\Services: WinDefend => 2
MSCONFIG\Services: WMPNetworkSvc => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\startupfolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Office Startup.lnk => C:\Windows\pss\Office Startup.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{2FAB9223-A3C7-48BE-A1D1-C337B24D9861}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{A7723B1B-C860-4E25-A6E8-1465168A1257}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{3AD6F0C8-E04B-410B-A22E-ED3B1C5E8F62}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2_x64.exe] => (Allow) C:\users\public\sony online entertainment\installed games\planetside 2\planetside2_x64.exe
FirewallRules: [UDP Query User{48627AB8-C6E7-4E12-97E7-31F94C404960}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2_x64.exe] => (Allow) C:\users\public\sony online entertainment\installed games\planetside 2\planetside2_x64.exe
FirewallRules: [{DC872486-29E3-4940-9F84-54009DD8A71A}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{AAA60CC0-D6F4-4CEA-ABAC-D127A29E983D}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

==================== Faulty Device Manager Devices =============

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller #2
Description: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Marvell
Service: yukonw7
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/31/2015 09:47:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2015 08:23:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2015 08:04:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LVPrcSrv.exe, version: 12.10.1110.0, time stamp: 0x4acc50c4
Faulting module name: LVPrcSrv.exe, version: 12.10.1110.0, time stamp: 0x4acc50c4
Exception code: 0xc0000005
Fault offset: 0x0000000000007af2
Faulting process id: 0x6c8
Faulting application start time: 0xLVPrcSrv.exe0
Faulting application path: LVPrcSrv.exe1
Faulting module path: LVPrcSrv.exe2
Report Id: LVPrcSrv.exe3

Error: (07/30/2015 12:39:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2015 11:48:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2015 11:40:41 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/30/2015 08:08:34 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/30/2015 08:08:32 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/30/2015 08:08:23 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/30/2015 06:30:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/31/2015 03:44:10 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom1.

Error: (07/31/2015 03:10:47 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom1.

Error: (07/31/2015 12:06:19 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom1.

Error: (07/30/2015 08:15:52 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (07/30/2015 08:15:51 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (07/30/2015 08:15:51 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (07/30/2015 08:15:50 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (07/30/2015 08:15:50 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (07/30/2015 08:04:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Process Monitor service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/30/2015 12:54:38 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.


Microsoft Office:
=========================
Error: (07/31/2015 09:47:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2015 08:23:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2015 08:04:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LVPrcSrv.exe12.10.1110.04acc50c4LVPrcSrv.exe12.10.1110.04acc50c4c00000050000000000007af26c801d0cae638938f4fC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exec1d44f7a-3717-11e5-8bd4-001e8c2e26d5

Error: (07/30/2015 12:39:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2015 11:48:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2015 11:40:41 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (07/30/2015 08:08:34 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\John\Desktop\esetsmartinstaller_enu.exe

Error: (07/30/2015 08:08:32 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\John\Desktop\esetsmartinstaller_enu.exe

Error: (07/30/2015 08:08:23 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\John\Desktop\esetsmartinstaller_enu.exe

Error: (07/30/2015 06:30:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel® Core™2 Extreme CPU X9650 @ 3.00GHz
Percentage of memory in use: 23%
Total physical RAM: 8191.12 MB
Available physical RAM: 6234.13 MB
Total Virtual: 16380.44 MB
Available Virtual: 14254.94 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:372.61 GB) (Free:268.25 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (USB20FD) (Removable) (Total:7.59 GB) (Free:5.29 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 372.6 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=372.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.6 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=7.6 GB) - (Type=0C)

==================== End of log ============================


  • 0

Advertisements


#32
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hi :) Let's keep the correspondence inside the thread, as I need to be able to access everything related to the machine inside the thread. :thumbsup:

I asked earlier about the Chrome browser, but got no response. You do not use that browser, correct? Only FF? Also, I've gotten some feedback from my colleagues and will have instructions for you soon.
 

First I could not stop AVAST from running (don't know how to)

Second let me tell you I did backup my pictures, documents, videos and desk top items. Last time I had put all those onto a flashdrive and deleted them from the computer. This time I left everything except Pictures and documents.


I apologize for that, I should have included instructions to temporarily shut it's protection down while running the scans. I will do so in the next set I post. Also, very good idea to backup your irreplacable items. :thumbsup:
  • 0

#33
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hi, I need some screenshots of the add ons in your browsers. :)

Step 1: Screenshots

I need to see screenshots of both Firefox and Internet Explorer's add on windows. I'd like to check and make sure nothing malicious is installed. To access the add on windows, please follow the instructions below for each browser.

FireFox
  • Click on Tools and then Extensions. Please take a screenshot of that, and save it.
  • Then click on Plugins and take a screenshot of that one as well. Please save that one as well.
Internet Explorer
  • Click the Tools button in the top right corner of the browser ietoolsbutton_zps9zy7vn6m.jpg and then click Manage add-ons.
  • Under Show, click All add-ons. Please take a screenshot of the window that will open.
  • Please post all 3 screenshots in your next reply.

  • 0

#34
Johnde2000

Johnde2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts

f0D40p9.jpg

 

 

 

rq994X1.jpg

rhA6MgT.jpg


  • 0

#35
Johnde2000

Johnde2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts

No I don't use chrome, I also do not use Internet Explorer unless I need to re download FireFox. I've always used FireFox


  • 0

#36
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

Thank you for the screenshots. Let's run a small fix with FRST, and then please let me know how the machine is running.

Step 1: Disable Avast Antivirus

Right click on the orange orb in the tray at the bottom right of your screen. Select the Avast Shields Control and disable it until the next reboot.


Step 2: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
CreateRestorePoint:
CloseProcesses:
2015-07-25 21:21 - 2015-07-25 21:21 - 00000000 ____D C:\Users\John\AppData\Local\PopupID1
2015-07-25 21:20 - 2015-07-25 22:04 - 00000000 ____D C:\Program Files (x86)\TechVedic
2015-07-25 21:19 - 2015-07-25 21:19 - 00000000 ____D C:\Users\John\AppData\Roaming\JV Update
2015-07-25 21:19 - 2015-07-25 21:19 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-07-25 20:49 - 2015-07-25 20:49 - 00000000 ____D C:\Users\John\AppData\Roaming\Open Download Manager
2015-07-25 20:48 - 2015-07-25 20:48 - 00000000 ____D C:\Program Files (x86)\TestXp
2015-07-29 11:00 - 2015-01-23 23:08 - 00000000 ____D C:\Program Files (x86)\gravitysensation.com
2015-07-25 21:22 - 2015-07-25 22:22 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Rofdhowal => ""="service"
cmd: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Things I need to see in your next post:

Fixlog.txt Log

How is the machine running?

  • 1

#37
Johnde2000

Johnde2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts

Fix result of Farbar Recovery Scan Tool (x64) Version:30-07-2015
Ran by John (2015-07-31 22:37:20) Run:1
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available Profiles: John)
Boot Mode: Normal
==============================================

fixlist content:
*****************
    Start
    CreateRestorePoint:
    CloseProcesses:
    2015-07-25 21:21 - 2015-07-25 21:21 - 00000000 ____D C:\Users\John\AppData\Local\PopupID1
    2015-07-25 21:20 - 2015-07-25 22:04 - 00000000 ____D C:\Program Files (x86)\TechVedic
    2015-07-25 21:19 - 2015-07-25 21:19 - 00000000 ____D C:\Users\John\AppData\Roaming\JV Update
    2015-07-25 21:19 - 2015-07-25 21:19 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
    2015-07-25 20:49 - 2015-07-25 20:49 - 00000000 ____D C:\Users\John\AppData\Roaming\Open Download Manager
    2015-07-25 20:48 - 2015-07-25 20:48 - 00000000 ____D C:\Program Files (x86)\TestXp
    2015-07-29 11:00 - 2015-01-23 23:08 - 00000000 ____D C:\Program Files (x86)\gravitysensation.com
    2015-07-25 21:22 - 2015-07-25 22:22 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Rofdhowal => ""="service"
    cmd: bitsadmin /reset /allusers
    CMD: netsh advfirewall reset
    CMD: netsh advfirewall set allprofiles state on
    CMD: ipconfig /flushdns
    Emptytemp:
    End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Users\John\AppData\Local\PopupID1 => moved successfully.
"C:\Program Files (x86)\TechVedic" => File/Folder not found.
C:\Users\John\AppData\Roaming\JV Update => moved successfully.
"C:\ProgramData\28341ff220e0446c9fff27c4493d622e" => File/Folder not found.
"C:\Users\John\AppData\Roaming\Open Download Manager" => File/Folder not found.
"C:\Program Files (x86)\TestXp" => File/Folder not found.
"C:\Program Files (x86)\gravitysensation.com" => File/Folder not found.
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 => moved successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Rofdhowal" => key removed successfully

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 253.4 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 22:38:15 ====


  • 0

#38
Johnde2000

Johnde2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts

To be honest since the last FRST64 scan I haven't seen one pop up or redirect, But after the reboot I can see tabs trying to open and sites trying to come up but dont or cant


  • 0

#39
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

To be honest since the last FRST64 scan I haven't seen one pop up or redirect, But after the reboot I can see tabs trying to open and sites trying to come up but dont or cant


Seems like we're making some progress, then. :thumbsup:

I'd like to get a fresh FRST log to confirm the deletion of everything and make sure none of it has returned.


Please start FRST and press the Scan button. FRST will scan your machine and produce one log this time, FRST.txt. Please post it in your next reply.

Things I need to see in your next post

FRST.txt Log

  • 0

#40
Johnde2000

Johnde2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts

Ok will do a FRST scan and post it after this post(Please read) Came to this page this morning, clicked on page 3 same stuff is happening again. (see screen shots and History below) Now I haven't opened anything that I don't normally open. I surfed and played games last night , no problems. I come to this page get pop ups, redirects and ads by Jabuticata. I'm not saying it's this page. I'm sure this stuff is running on my computer in the background somewhere.  It seems to like to expose itself when I come here. Like these pop ups and redirects know we're trying to delete them from the computer and saying Ha Ha can't find me and GTG cant help. Even now when I click my mouse in this chat window things pop up and I have to close them to continue typing. Seems to me we have two recourses.  1. call in the big boys and get this done. ...or ...2. a hard drive wipe and reinstall.

When all this started I ran Spy Hunter and it came up with 987 hits. I don't own the full version so I opened regedit and manually went down the list taking out all I could that was listed in SpyHunter. When I was finished I rescanned and came up with only 6 files I couldn't delete. Controlset, controlset001 and controlset002 had Legacy files in them that couldn't be deleted. I Googled how to delete them and had to change their permissions. I did so and they were gone. BUT what I saw in Googling how to delete "ads by Jabuticata' was those same Legacy files in their screenshots. Don't know if this helps but I'd like to get this done and over with. I have full confidence in you and GTG, but I'm leaning toward a hard drive wipe if we can't get this done soon. Update while trying to load images with Imgur, Avast detected 18 things and gave me an audio warning of an infection.

 

6d6LOH6.jpg

 

mY1vRmx.jpg

 

YNWZSam.jpg


Edited by Johnde2000, 01 August 2015 - 05:39 AM.

  • 0

Advertisements


#41
Johnde2000

Johnde2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-07-2015
Ran by John (administrator) on JOHN-PC-1 (01-08-2015 07:40:18)
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available Profiles: John)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\LVPrS64H.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMax] => C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe [3866624 2009-05-18] (Analog Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2013-11-04] (Analog Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-30] (AVAST Software)
HKU\S-1-5-21-4074055908-3935984809-2394099874-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-07-28] (AMD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-01-06]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-30] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-4074055908-3935984809-2394099874-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4074055908-3935984809-2394099874-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.co...q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-30] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-06-09] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-26] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-30] (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-26] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-06-18] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{E9C7566B-7793-4DBE-9A0F-520B2635A5DF}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{E9C7566B-7793-4DBE-9A0F-520B2635A5DF}: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\7od82dfo.default
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-26] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-26] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-06-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [2012-05-31] (Oberon-Media )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4074055908-3935984809-2394099874-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\John\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-10] (Unity Technologies ApS)
FF Extension: Adblock Edge - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\7od82dfo.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-07-30]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-06-02]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-30]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-30]

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2013-11-04] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-30] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-07-30] (Avast Software)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [441216 2015-05-08] ()
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-01] (Microsoft Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-17] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S4 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2013-10-18] (Enigma Software Group USA, LLC.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-30] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-07-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-30] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-07-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-30] (AVAST Software)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2013-11-04] ()
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-07-30] (AVAST Software)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2014-05-19] (Razer Inc)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2013-12-24] (IObit)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-30] (Avast Software)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-01 07:40 - 2015-08-01 07:40 - 00015707 _____ C:\Users\John\Desktop\FRST.txt
2015-07-31 12:55 - 2015-08-01 07:40 - 00000000 ___DC C:\FRST
2015-07-31 12:53 - 2015-07-31 12:53 - 02168832 ____C (Farbar) C:\Users\John\Desktop\FRST64.exe
2015-07-31 10:01 - 2015-07-31 10:01 - 00000000 ____D C:\Users\John\AppData\Local\VirtualStore
2015-07-31 00:13 - 2015-07-31 00:17 - 00003029 ____C C:\DelFix.txt
2015-07-31 00:13 - 2015-07-31 00:13 - 00000000 ____D C:\Windows\ERUNT
2015-07-30 23:40 - 2015-07-30 23:40 - 00000000 ____D C:\Users\John\Documents\SCHOOL
2015-07-30 23:39 - 2014-01-05 11:04 - 00028160 _____ C:\Users\John\Documents\Resume 2006.wps
2015-07-30 23:31 - 2015-07-31 12:49 - 00000000 ___RD C:\Users\John\Desktop\Jacobs Games
2015-07-30 23:31 - 2015-07-30 23:35 - 00000000 ___RD C:\Users\John\Desktop\John's Games
2015-07-30 23:31 - 2015-07-30 23:31 - 00000000 ___RD C:\Users\John\Desktop\Movie Channels
2015-07-30 23:30 - 2015-07-31 12:44 - 00000000 ___RD C:\Users\John\Desktop\Saved
2015-07-30 23:30 - 2015-07-30 23:31 - 00000000 ___RD C:\Users\John\Desktop\Jacobs Folder
2015-07-30 23:30 - 2015-07-19 18:21 - 00000128 _____ C:\Users\John\Desktop\New Radio.url
2015-07-30 23:30 - 2015-07-15 09:42 - 00000231 _____ C:\Users\John\Desktop\Weather.URL
2015-07-30 23:30 - 2015-04-06 17:55 - 00000177 _____ C:\Users\John\Desktop\Yahoo.url
2015-07-30 23:30 - 2014-02-06 00:35 - 00000190 _____ C:\Users\John\Desktop\BWC Forum.url
2015-07-30 23:17 - 2013-11-08 16:16 - 00000215 _____ C:\Users\John\Desktop\Facebook.url
2015-07-30 21:54 - 2015-07-30 21:54 - 12431584 ____C (Nullsoft, Inc.) C:\Users\John\Downloads\winamp5666_full_en-us.exe
2015-07-30 21:39 - 2015-07-31 09:48 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-30 21:39 - 2015-07-30 21:40 - 00000000 ____D C:\Windows\SysWOW64\vbox
2015-07-30 21:39 - 2015-07-30 21:40 - 00000000 ____D C:\Windows\system32\vbox
2015-07-30 21:39 - 2015-07-30 21:39 - 00001922 _____ C:\Users\John\Desktop\Avast Free Antivirus.lnk
2015-07-30 21:39 - 2015-07-30 21:39 - 00000000 ____D C:\Users\John\AppData\Roaming\AVAST Software
2015-07-30 21:39 - 2015-07-30 21:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-07-30 21:38 - 2015-07-30 21:38 - 01048856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-07-30 21:38 - 2015-07-30 21:38 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-07-30 21:38 - 2015-07-30 21:38 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-07-30 21:38 - 2015-07-30 21:38 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-07-30 21:38 - 2015-07-30 21:38 - 00150672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-07-30 21:38 - 2015-07-30 21:38 - 00115152 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-07-30 21:38 - 2015-07-30 21:38 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-07-30 21:38 - 2015-07-30 21:38 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-07-30 21:38 - 2015-07-30 21:38 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-07-30 21:38 - 2015-07-30 21:38 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-07-30 21:38 - 2015-07-30 21:38 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-07-30 21:37 - 2015-07-30 21:37 - 00000000 ____D C:\Program Files\AVAST Software
2015-07-30 21:35 - 2015-07-30 21:35 - 05685584 ____C (AVAST Software) C:\Users\John\Downloads\avast_free_antivirus_setup_online.exe
2015-07-30 21:35 - 2015-07-30 21:35 - 00000000 ____D C:\ProgramData\AVAST Software
2015-07-30 20:20 - 2015-07-30 20:03 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-07-30 07:42 - 2015-07-30 07:42 - 00001106 _____ C:\Users\John\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-30 07:42 - 2015-07-30 07:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-30 07:42 - 2015-07-30 07:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-30 07:42 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-30 07:42 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-30 06:27 - 2015-07-30 06:27 - 00419840 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2015-07-30 06:27 - 2015-07-30 06:27 - 00413696 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2015-07-30 06:27 - 2015-07-30 06:27 - 00133632 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2015-07-30 06:27 - 2015-07-30 06:27 - 00110592 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2015-07-30 06:27 - 2015-07-30 06:27 - 00000000 ____D C:\Program Files (x86)\Creative
2015-07-30 06:27 - 2008-09-17 15:11 - 01828352 ____N (Creative) C:\Windows\system32\adi_oal.dll
2015-07-30 06:27 - 2008-09-17 15:07 - 01503232 ____N (Creative) C:\Windows\SysWOW64\adi_oal.dll
2015-07-30 06:26 - 2015-07-30 06:27 - 00008622 _____ C:\Windows\SMinstall.log
2015-07-30 06:26 - 2015-07-30 06:26 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundMAX
2015-07-29 23:02 - 2015-08-01 07:36 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-29 23:01 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-29 23:00 - 2015-07-29 23:00 - 16502728 _____ (Malwarebytes Corp.) C:\Users\John\Desktop\mbar-1.09.1.1004.exe
2015-07-29 22:11 - 2015-07-29 22:11 - 02248704 _____ C:\Users\John\Desktop\AdwCleaner.exe
2015-07-29 21:15 - 2015-07-29 21:38 - 00000000 ____D C:\Users\John\AppData\Local\CrashDumps
2015-07-29 19:39 - 2015-07-29 19:39 - 00001134 _____ C:\Users\John\Desktop\TeamSpeak 3 Client.lnk
2015-07-29 14:04 - 2015-07-31 22:39 - 00026574 _____ C:\Windows\PFRO.log
2015-07-28 11:51 - 2015-08-01 03:13 - 00093024 _____ C:\Windows\WindowsUpdate.log
2015-07-28 11:47 - 2015-07-31 22:40 - 00002421 _____ C:\Windows\setupact.log
2015-07-28 11:47 - 2015-07-28 11:47 - 00000000 _____ C:\Windows\setuperr.log
2015-07-27 12:06 - 2015-07-27 12:06 - 00000000 ____D C:\Users\John\AppData\Roaming\TuneUp Software
2015-07-27 12:03 - 2015-07-29 14:05 - 00000000 ____D C:\ProgramData\MFAData
2015-07-27 12:03 - 2015-07-27 12:03 - 00000000 ____D C:\Users\John\AppData\Local\MFAData
2015-07-27 09:20 - 2015-07-27 09:20 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-27 09:20 - 2015-07-27 09:20 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-27 09:20 - 2015-07-27 09:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-26 21:52 - 2015-07-26 21:52 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-07-26 18:48 - 2015-07-26 20:05 - 00000000 ____D C:\ProgramData\RogueKiller
2015-07-26 18:00 - 2015-07-29 23:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-26 17:21 - 2015-07-26 17:21 - 00003246 _____ C:\Windows\System32\Tasks\Trojan Killer
2015-07-26 17:21 - 2015-07-26 17:21 - 00000000 ____D C:\ProgramData\GridinSoft
2015-07-25 20:48 - 2009-06-10 17:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-07-14 08:52 - 2015-07-14 08:52 - 00063628 _____ C:\Users\John\Documents\ts3_clientui-win32-1407159763-2015-07-14 08_52_06.043339.dmp
2015-07-11 16:46 - 2015-07-11 16:46 - 00000000 ____D C:\Users\John\AppData\Local\WpfApplication1
2015-07-09 19:42 - 2015-07-09 19:42 - 00000000 ____D C:\Users\John\AppData\Local\Sony Online Entertainment

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-31 22:50 - 2009-07-14 00:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-31 22:50 - 2009-07-14 00:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-31 22:40 - 2013-11-08 00:51 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2015-07-31 22:40 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-31 22:35 - 2013-11-08 04:00 - 00000000 ____D C:\Users\John\AppData\Roaming\TS3Client
2015-07-31 18:21 - 2014-04-24 20:01 - 00000000 ____D C:\Users\John\AppData\Roaming\Skype
2015-07-30 06:26 - 2013-11-04 23:27 - 00000000 ____D C:\ProgramData\SonicFocus
2015-07-30 06:26 - 2013-11-04 23:27 - 00000000 ____D C:\Program Files (x86)\Analog Devices
2015-07-29 23:51 - 2009-07-14 01:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-29 21:15 - 2015-06-02 16:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-29 18:00 - 2014-09-25 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-07-28 18:31 - 2015-02-06 11:15 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-07-27 14:11 - 2013-11-27 19:00 - 00000000 ____D C:\Users\John\AppData\Roaming\.minecraft
2015-07-27 08:58 - 2013-11-27 19:00 - 00000000 ____D C:\Program Files (x86)\Java
2015-07-26 21:56 - 2013-11-27 19:00 - 00000000 ____D C:\ProgramData\Oracle
2015-07-26 21:52 - 2014-12-23 18:21 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-26 21:52 - 2014-08-09 11:47 - 00000000 ____D C:\Users\John\AppData\Local\Adobe
2015-07-26 21:52 - 2013-11-09 16:45 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-26 21:50 - 2013-11-27 19:00 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-07-26 18:19 - 2014-12-12 15:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-26 17:14 - 2014-12-12 15:34 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-26 17:14 - 2013-11-08 14:08 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-26 17:14 - 2013-11-08 14:08 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-25 23:15 - 2013-11-11 13:02 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-25 22:16 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-07-25 22:15 - 2013-11-11 13:02 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-25 22:15 - 2009-07-14 00:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-07-25 22:14 - 2013-11-04 21:22 - 00001417 _____ C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-25 21:25 - 2013-11-10 10:34 - 00000000 ____D C:\Windows\Minidump
2015-07-25 21:22 - 2013-11-04 21:49 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-07-25 21:22 - 2013-11-04 21:49 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2015-07-25 21:19 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\spp
2015-07-21 15:01 - 2015-06-18 17:47 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-07-18 23:05 - 2013-12-12 16:17 - 00032768 ___SH C:\Users\John\Documents\Thumbs.db
2015-07-18 18:00 - 2014-04-24 20:01 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-18 17:59 - 2014-04-24 20:01 - 00000000 ____D C:\ProgramData\Skype
2015-07-15 10:35 - 2014-07-25 01:01 - 00000000 ____D C:\Users\John\AppData\Local\Windows Live
2015-07-12 15:38 - 2013-11-08 05:15 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-07-11 07:31 - 2014-11-30 00:48 - 00007608 _____ C:\Users\John\AppData\Local\Resmon.ResmonCfg
2015-07-07 07:31 - 2009-07-14 00:45 - 05102600 _____ C:\Windows\system32\FNTCACHE.DAT

==================== Files in the root of some directories =======

2014-05-10 22:05 - 2014-05-10 22:05 - 0000084 _____ () C:\Users\John\AppData\Local\DVDPATH.TXT
2014-11-30 00:48 - 2015-07-11 07:31 - 0007608 _____ () C:\Users\John\AppData\Local\Resmon.ResmonCfg
2013-11-08 11:51 - 2014-01-06 15:49 - 0005614 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-23 01:25

==================== End of log ============================

.

.

.

Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-07-2015
Ran by John (2015-08-01 07:40:39)
Running from C:\Users\John\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4074055908-3935984809-2394099874-500 - Administrator - Disabled)
Guest (S-1-5-21-4074055908-3935984809-2394099874-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4074055908-3935984809-2394099874-1003 - Limited - Enabled)
John (S-1-5-21-4074055908-3935984809-2394099874-1000 - Administrator - Enabled) => C:\Users\John

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{853A112F-241F-E344-4636-103C25D3751E}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software)
Bookworm Adventures (HKLM-x32\...\111940693) (Version:  - Oberon Media)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Copy (x32 Version: 130.0.366.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
DJ_AIO_05_F4400_Software_Min (x32 Version: 130.0.448.000 - Hewlett-Packard) Hidden
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05.0.0 - Electronic Arts)
Dream Day First Home (HKLM-x32\...\113832110) (Version:  - Oberon Media)
F4400 (x32 Version: 130.0.448.000 - Hewlett-Packard) Hidden
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Host OpenAL (ADI) (HKLM-x32\...\Host OpenAL (ADI)) (Version:  - )
HP Deskjet F4400 Printer Driver Software 13.0 Rel .5 (HKLM\...\{5AEBB4A3-6878-4CEE-AD34-0F6958A983F0}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HydraVision (x32 Version: 4.2.210.0 - Advanced Micro Devices, Inc.) Hidden
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Marvel Heroes Game (HKLM-x32\...\{ca6069b5-fc6b-4ce8-a03e-2304143706b7}_is1) (Version: 1.0 - Gazillion Entertainment)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.10.5.3 - Marvell)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Word 2013 - en-us (HKLM\...\WordRetail - en-us) (Version: 15.0.4737.1003 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
PlanetSide 2 (HKU\S-1-5-21-4074055908-3935984809-2394099874-1000\...\SOE-PlanetSide 2) (Version:  - Sony Online Entertainment)
Pokémon Trading Card Game Online (HKLM-x32\...\{0D9304CD-1C83-4703-AFEF-0C46D1DB21F2}) (Version: 2.27.0 - The Pokémon Company International)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.15.20888 - Razer Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.0 - IObit)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.6585 - Analog Devices)
SpyHunter (HKLM\...\{72AAF455-1E54-475B-B0AB-5413C78D0E63}) (Version: 4.16.5.4290 - Enigma Software Group USA, LLC)
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1042 - SUPERAntiSpyware.com)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-4074055908-3935984809-2394099874-1000\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vivitar Experience Image Manager (HKLM-x32\...\Vivitar Experience Image Manager) (Version:  - Sakar)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

31-07-2015 00:16:13 End of disinfection
31-07-2015 00:19:54 Revo Uninstaller's restore point - ESET Online Scanner v3
31-07-2015 12:13:48 Revo Uninstaller's restore point - Winamp
31-07-2015 22:37:22 Restore Point Created by FRST

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-07-29 21:44 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00C665E3-DD18-4A14-8168-426AA221F64B} - System32\Tasks\{BFAAC155-0BA6-454C-85E9-9B2FCF5477D3} => Firefox.exe http://ui.skype.com/...e=tsProgressBar
Task: {03EDC389-F075-4BEB-B373-73498A390B9E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-06-09] (Microsoft Corporation)
Task: {12C1A078-C2D7-4F61-8502-E2C5704FE45C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-30] (AVAST Software)
Task: {12DBB90F-4CF4-4EE6-9792-A942FE928750} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe
Task: {21D7BFED-A5D1-48D1-B06A-048802FFD219} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-06-18] (Microsoft Corporation)
Task: {29AA740D-ED40-4F4B-BDC8-B163E96202B3} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {357588E7-9BC4-4591-B375-711D5A9FCA77} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-02-13] (IObit)
Task: {38B0002C-700B-4B08-8804-F4ED757204DB} - System32\Tasks\{A7AF326D-2524-4C1D-B535-681370A53758} => pcalua.exe -a "C:\Users\John\Desktop\Microsoft Works\Microsoft Works\Setup.exe" -d "C:\Users\John\Desktop\Microsoft Works\Microsoft Works"
Task: {3C796899-2BDC-455F-9ACE-9E17B8DF9145} - System32\Tasks\{68695F58-F77F-4A46-A96B-545C4F08B26F} => C:\Program Files (x86)\Gazillion Entertainment\Marvel Heroes Game\MarvelHeroesLauncher.exe [2015-07-07] (Gazillion Entertainment)
Task: {40881F86-B83D-48FC-AD79-A002271D69E4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-06-18] (Microsoft Corporation)
Task: {40FCBED7-9381-47F1-BE6B-A72CD30464A7} - System32\Tasks\{D163DBE0-5816-4CF2-815B-B05811740DF1} => pcalua.exe -a "C:\Program Files (x86)\Microsoft Office\Office\Setup\AcmeWord.exe" -c /w Word97.stf
Task: {4C07F0C2-179C-4E1C-B808-A0E17EB50C93} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {684A985A-29BA-4C10-B335-7C0BEEF6E0A4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {86411529-1D38-41BA-B160-9B49C466E36D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {C5BA8E36-EFAE-434A-88C8-EFFE18E5114D} - System32\Tasks\{812EFF4B-8F83-4790-9CB1-8BFF5BE8B1BA} => Firefox.exe http://ui.skype.com/...all?page=tsMain
Task: {DC65E2CE-B50C-49A6-A803-DBCC74C9FB5E} - System32\Tasks\{A66C56A0-07EA-42FA-B5E0-BC25144CC273} => pcalua.exe -a "C:\Program Files (x86)\CTB\Online Assessment\Online Assessment.exe" -d "C:\Program Files (x86)\CTB\Online Assessment\"
Task: {ED49157A-5366-4941-9CBB-6B8DB9A8DC2E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-26] (Adobe Systems Incorporated)
Task: {F7C4BB60-BAA9-4878-9EF0-1696F1F98B2D} - System32\Tasks\{3E72F2D1-D4B1-45C0-8F1B-30A901A8C5EE} => pcalua.exe -a "C:\Users\John\Downloads\Smart Technology 7_0_27_13 64Bit.exe" -d C:\Users\John\Downloads

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-06-18 17:47 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-06-18 17:48 - 2015-06-18 17:48 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-07-30 21:38 - 2015-07-30 21:38 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-30 21:38 - 2015-07-30 21:38 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-31 17:50 - 2015-07-31 17:50 - 02959872 _____ () C:\Program Files\AVAST Software\Avast\defs\15073103\algo.dll
2015-08-01 06:43 - 2015-08-01 06:43 - 02959872 _____ () C:\Program Files\AVAST Software\Avast\defs\15080100\algo.dll
2015-07-30 21:38 - 2015-07-30 21:38 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-4074055908-3935984809-2394099874-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-4074055908-3935984809-2394099874-1000\...\sony.com -> sony.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4074055908-3935984809-2394099874-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\John\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: c2cautoupdatesvc => 2
MSCONFIG\Services: c2cpnrsvc => 2
MSCONFIG\Services: ClickToRunSvc => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SpyHunter 4 Service => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: SysMain => 2
MSCONFIG\Services: UMVPFSrv => 2
MSCONFIG\Services: WinDefend => 2
MSCONFIG\Services: WMPNetworkSvc => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\startupfolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Office Startup.lnk => C:\Windows\pss\Office Startup.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Faulty Device Manager Devices =============

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller #2
Description: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Marvell
Service: yukonw7
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/31/2015 10:42:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/31/2015 09:47:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2015 08:23:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2015 08:04:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LVPrcSrv.exe, version: 12.10.1110.0, time stamp: 0x4acc50c4
Faulting module name: LVPrcSrv.exe, version: 12.10.1110.0, time stamp: 0x4acc50c4
Exception code: 0xc0000005
Fault offset: 0x0000000000007af2
Faulting process id: 0x6c8
Faulting application start time: 0xLVPrcSrv.exe0
Faulting application path: LVPrcSrv.exe1
Faulting module path: LVPrcSrv.exe2
Report Id: LVPrcSrv.exe3

Error: (07/30/2015 12:39:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2015 11:48:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2015 11:40:41 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/30/2015 08:08:34 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/30/2015 08:08:32 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/30/2015 08:08:23 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.


System errors:
=============
Error: (07/31/2015 10:38:10 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (07/31/2015 10:37:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/31/2015 10:37:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/31/2015 10:37:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Process Monitor service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/31/2015 10:37:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office ClickToRun Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (07/31/2015 10:37:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP CUE DeviceDiscovery Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/31/2015 10:37:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The hpqcxs08 service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/31/2015 10:37:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Andrea ADI Filters Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/31/2015 10:37:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/31/2015 10:37:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.


Microsoft Office:
=========================
Error: (07/31/2015 10:42:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/31/2015 09:47:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2015 08:23:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2015 08:04:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LVPrcSrv.exe12.10.1110.04acc50c4LVPrcSrv.exe12.10.1110.04acc50c4c00000050000000000007af26c801d0cae638938f4fC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exec1d44f7a-3717-11e5-8bd4-001e8c2e26d5

Error: (07/30/2015 12:39:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2015 11:48:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2015 11:40:41 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (07/30/2015 08:08:34 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\John\Desktop\esetsmartinstaller_enu.exe

Error: (07/30/2015 08:08:32 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\John\Desktop\esetsmartinstaller_enu.exe

Error: (07/30/2015 08:08:23 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\John\Desktop\esetsmartinstaller_enu.exe


==================== Memory info ===========================

Processor: Intel® Core™2 Extreme CPU X9650 @ 3.00GHz
Percentage of memory in use: 19%
Total physical RAM: 8191.12 MB
Available physical RAM: 6571.14 MB
Total Virtual: 16380.44 MB
Available Virtual: 14570.45 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:372.61 GB) (Free:267.94 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 372.6 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=372.6 GB) - (Type=07 NTFS)

==================== End of log ============================


  • 0

#42
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
I understand your frustration and I do apologize that it's taking so long to find the culprit. I've got colleagues taking a look along with me trying to see what could possibly be the cause of the continued ads. I will post just as soon as possible. :thumbsup:
  • 0

#43
Johnde2000

Johnde2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts

I may have found the problem, I ran Spy hunter, It came up with one hit. HKCU/Software//microsoft/Internet Explorer/Approved Extentions........It was called "Shopperz. I've deleted it. Waiting to see what happens. I've now been here twice and no problems, Malwarebytes does warn me of something when I do come to this site. It says

 

Malicious Website Blocked,

Domain: www.tr553.com,

IP: 162.209.115.238,

Port: 56752,

Type: Outbound,

Process: C\Program Files(86)\Mozilla Firefox\firefox.exe

 

 

Been here three times now and no pop ups or redirects. Altho Im still getting the Malicious website blocked when I come here


Edited by Johnde2000, 01 August 2015 - 07:13 PM.

  • 0

#44
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

I may have found the problem, I ran Spy hunter, It came up with one hit. HKCU/Software//microsoft/Internet Explorer/Approved Extentions........It was called "Shopperz. I've deleted it. Waiting to see what happens. I've now been here twice and no problems, Malwarebytes does warn me of something when I do come to this site. It says
 
Malicious Website Blocked,
Domain: www.tr553.com,
IP: 162.209.115.238,
Port: 56752,
Type: Outbound,
Process: C\Program Files(86)\Mozilla Firefox\firefox.exe
 
 
Been here three times now and no pop ups or redirects. Altho Im still getting the Malicious website blocked when I come here


That's good, as Shopperz is a known malware program. Please give it some more time, and let me know if it stops. :thumbsup:
  • 0

#45
Johnde2000

Johnde2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts

Unfortunatly there is now pop ups and redirects, I disabled storing cookies in Firefox to see what keeps trying to put crud on my computer. It's come up with several things. Also ran Spyware hunter again this morning and it came up with 5 hits. All cookies (the same Cookie) and all stored in Firefox profiles. Seriously PY, I think a system wipe and reinstall of windows is going to be the only way to rid this computer with whats going on. Firefox keeps storing and allowing this to continue in Profiles. What do you think about first Deleting Firefox from the system, installing Google Crome and see what happends?

 

Update: In preparing for a hard drive wipe, I saved all my pictures and docs to a thumb drive. I contacted the person who built this computer. Since I never backed up windows he says that it will only put the same windows , junk and all, back on the computer if I do a back up now. He suggested to upgrade to windows 10 that that will give me a clean install. What do you say?


Edited by Johnde2000, 02 August 2015 - 11:03 AM.

  • 0






Similar Topics


Also tagged with one or more of these keywords: Malware?

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP