Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

msdownld - Can't Update Windows 7 - Can't Use AV

Started by Decoys , Sep 30 2016 09:33 PM

  • Please log in to reply

#1
Decoys
Posted 30 September 2016 - 09:33 PM

Decoys

    Member

  • Member
  • PipPip
  • 78 posts

Windows 7 cant update, says the service isn't turned on... ran Windows tool to fix that problem, didn't work, still can't update... can't uninstall programs... definitely a nefarious virus. Ran combofix, delete something i think! 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-09-2016
Ran by Black Box (administrator) on PC (30-09-2016 23:24:15)
Running from C:\Users\Black Box\Desktop
Loaded Profiles: Black Box (Available Profiles: Black Box & Guest)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Thorvald Natvig) C:\Program Files (x86)\Mumble\mumble.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
(Valve Corporation) C:\Program Files (x86)\Steam\GameOverlayUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6133520 2016-09-30] (AVAST Software)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-09-23] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-10-04] (AVAST Software)
Startup: C:\Users\Black Box\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2013-12-08]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7C17DABB-E63F-4AA0-9394-1AD9754A0E57}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3319826057-1193631410-3104018917-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3319826057-1193631410-3104018917-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-10-04] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-10-04] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
 
FireFox:
========
FF ProfilePath: C:\Users\Black Box\AppData\Roaming\Mozilla\Firefox\Profiles\hszag6z3.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-30] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-30] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Extension: (DownThemAll!) - C:\Users\Black Box\AppData\Roaming\Mozilla\Firefox\Profiles\hszag6z3.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-05-06] [not signed]
FF Extension: (Adblock Plus) - C:\Users\Black Box\AppData\Roaming\Mozilla\Firefox\Profiles\hszag6z3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-05] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-10-04] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Black Box\AppData\Local\Google\Chrome\User Data\Default [2016-09-30]
CHR Extension: (Google Docs) - C:\Users\Black Box\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-30]
CHR Extension: (Google Drive) - C:\Users\Black Box\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-30]
CHR Extension: (YouTube) - C:\Users\Black Box\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-30]
CHR Extension: (4chan Backtracebook) - C:\Users\Black Box\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjnalefakhffmjkhijpgdhkfeadhaljd [2013-10-21]
CHR Extension: (Google Search) - C:\Users\Black Box\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-09-30]
CHR Extension: (Google Docs Offline) - C:\Users\Black Box\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-30]
CHR Extension: (AdBlock) - C:\Users\Black Box\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-09-30]
CHR Extension: (Jeffrey's Exif viewer) - C:\Users\Black Box\AppData\Local\Google\Chrome\User Data\Default\Extensions\glpbdeclgjmeoojlmhpamjddandmplki [2013-10-21]
CHR Extension: (Avast Online Security) - C:\Users\Black Box\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-09-30]
CHR Extension: (Dossier) - C:\Users\Black Box\AppData\Local\Google\Chrome\User Data\Default\Extensions\hohaaljbjhjodnncjbeeilfdloeinfbh [2013-10-21]
CHR Extension: (Readability Redux) - C:\Users\Black Box\AppData\Local\Google\Chrome\User Data\Default\Extensions\jggheggpdocamneaacmfoipeehedigia [2013-10-21]
CHR Extension: (SparkChess 9) - C:\Users\Black Box\AppData\Local\Google\Chrome\User Data\Default\Extensions\khgabmflimjjbclkmljlpmgaleanedem [2016-09-30]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Black Box\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-09-30]
CHR Extension: (4chan 4chrome) - C:\Users\Black Box\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncbfnjcklemldbidfoceaffkjofkcomb [2013-10-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Black Box\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-30]
CHR Extension: (Gmail) - C:\Users\Black Box\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-30]
CHR Extension: (Chrome Media Router) - C:\Users\Black Box\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-30]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-10-04]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-04] (AVAST Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-10-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-10-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-10-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-10-04] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2016-09-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2016-09-30] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-10-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-10-04] (AVAST Software)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-30 23:24 - 2016-09-30 23:24 - 00013156 _____ C:\Users\Black Box\Desktop\FRST.txt
2016-09-30 23:23 - 2016-09-30 23:23 - 02404352 _____ (Farbar) C:\Users\Black Box\Desktop\FRST64.exe
2016-09-30 23:03 - 2016-09-30 23:03 - 03298367 _____ C:\Users\Black Box\Desktop\Windows6.1-KB3050265-x64.msu
2016-09-30 23:03 - 2016-09-30 23:03 - 00000000 ___HT C:\Windows\wusa.lock
2016-09-30 23:03 - 2016-09-30 23:03 - 00000000 ____D C:\0469af9510592d6607bf31ac45
2016-09-30 22:29 - 2016-09-30 22:30 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-30 22:29 - 2016-09-30 22:29 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-30 22:29 - 2016-09-30 22:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-30 22:29 - 2016-09-30 22:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-30 22:29 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-09-30 22:29 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-09-30 22:28 - 2016-09-30 22:28 - 00000000 ____D C:\Windows\system32\appmgmt
2016-09-30 22:19 - 2016-09-30 22:19 - 00000639 _____ C:\Users\Black Box\Desktop\WindowsUpdateDiagnostic.diagcab
2016-09-30 22:15 - 2016-09-30 22:15 - 00008673 _____ C:\ComboFix.txt
2016-09-30 22:07 - 2016-09-30 22:15 - 00000000 ____D C:\Qoobox
2016-09-30 22:07 - 2016-09-30 22:14 - 00000000 ____D C:\Windows\erdnt
2016-09-30 22:07 - 2016-09-30 22:07 - 05659993 ____R (Swearware) C:\Users\Black Box\Desktop\ComboFix.exe
2016-09-30 22:07 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2016-09-30 22:07 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2016-09-30 22:07 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-09-30 22:07 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-09-30 22:07 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-09-30 22:07 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2016-09-30 22:07 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2016-09-30 22:07 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2016-09-30 22:05 - 2016-09-30 22:05 - 00072575 _____ C:\Users\Black Box\Desktop\download.htm
2016-09-30 21:51 - 2016-09-30 21:51 - 00000000 __SHD C:\Users\Black Box\AppData\LocalLow\EmieSiteList
2016-09-30 21:43 - 2016-09-30 21:43 - 00000000 ____D C:\Users\Black Box\AppData\Local\Steam
2016-09-30 21:43 - 2016-09-30 21:43 - 00000000 ____D C:\Users\Black Box\AppData\Local\CEF
2016-09-30 21:33 - 2016-09-30 21:33 - 00000000 ____D C:\Users\Black Box\AppData\Local\ElevatedDiagnostics
2016-09-30 21:28 - 2016-09-30 21:28 - 07065600 _____ C:\Program Files (x86)\GUT58BA.tmp
2016-09-30 21:28 - 2016-09-30 21:28 - 00000000 ____D C:\Program Files (x86)\GUM58B9.tmp
2016-09-30 21:23 - 2016-09-30 21:23 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-09-30 21:23 - 2016-09-30 21:23 - 00000000 ____D C:\Program Files\Common Files\AV
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-30 23:24 - 2014-03-16 13:00 - 00000000 ____D C:\FRST
2016-09-30 23:21 - 2013-10-24 17:46 - 00000000 ____D C:\Program Files (x86)\Steam
2016-09-30 23:19 - 2009-07-14 00:45 - 00013760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-30 23:19 - 2009-07-14 00:45 - 00013760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-30 23:14 - 2014-03-17 20:50 - 00007624 _____ C:\Users\Black Box\AppData\Local\Resmon.ResmonCfg
2016-09-30 22:55 - 2013-12-02 22:22 - 00000000 ____D C:\Users\Black Box\AppData\Roaming\Mumble
2016-09-30 22:49 - 2009-07-14 01:13 - 00781782 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-30 22:49 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-09-30 22:43 - 2013-10-21 20:55 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-30 22:43 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-30 22:38 - 2014-01-31 19:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-30 22:34 - 2013-10-21 20:55 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-30 22:34 - 2013-10-21 20:55 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-30 22:29 - 2013-10-24 17:52 - 00000000 ____D C:\Users\Black Box\AppData\Roaming\Malwarebytes
2016-09-30 22:29 - 2013-10-24 17:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-30 22:28 - 2014-03-12 21:14 - 00000000 ____D C:\Program Files\Adobe
2016-09-30 22:25 - 2013-10-21 20:55 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-09-30 22:25 - 2013-10-21 20:55 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-09-30 22:14 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2016-09-30 22:03 - 2013-10-26 13:15 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-09-30 22:01 - 2015-10-04 18:56 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-09-30 21:53 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2016-09-30 21:48 - 2013-12-02 22:05 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-09-30 21:38 - 2014-01-31 19:12 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-09-30 21:38 - 2014-01-31 19:12 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-30 21:38 - 2014-01-31 19:12 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-09-30 21:38 - 2014-01-31 19:12 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-09-30 21:38 - 2014-01-31 19:12 - 00000000 ____D C:\Windows\system32\Macromed
2016-09-30 21:23 - 2014-03-27 20:46 - 00000000 ____D C:\ProgramData\Skype
2016-09-30 21:23 - 2013-10-25 18:25 - 01059656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-09-30 21:23 - 2013-10-25 18:25 - 00449992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
 
==================== Files in the root of some directories =======
 
2016-09-30 21:28 - 2016-09-30 21:28 - 7065600 _____ () C:\Program Files (x86)\GUT58BA.tmp
2014-03-17 20:50 - 2016-09-30 23:14 - 0007624 _____ () C:\Users\Black Box\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-04 17:49
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-09-2016
Ran by Black Box (30-09-2016 23:24:41)
Running from C:\Users\Black Box\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2013-10-21 23:40:15)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3319826057-1193631410-3104018917-500 - Administrator - Disabled)
Black Box (S-1-5-21-3319826057-1193631410-3104018917-1000 - Administrator - Enabled) => C:\Users\Black Box
Guest (S-1-5-21-3319826057-1193631410-3104018917-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3319826057-1193631410-3104018917-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.17) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{A50679D9-6CBD-4FCD-BACB-62EF3894F6F3}) (Version: 4.0.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{1F72FDD5-A069-45B4-928F-D0F16492DC69}) (Version: 4.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.2.9.0 - Asmedia Technology)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.4.2233 - AVAST Software)
Belkin Basic Wireless USB Adapter (HKLM-x32\...\{577EA8FF-7FA8-4D88-B7E2-29A437605F80}) (Version: 2.0.5.0 - Belkin International, Inc.)
Belkin F7D1101 Basic Wireless USB Adapter (HKLM-x32\...\InstallShield_{AFD89880-C544-4777-B645-FBF6D3391B11}) (Version: 1.0.0.4 - Belkin)
Belkin F7D1101 Basic Wireless USB Adapter (x32 Version: 1.0.0.4 - Belkin) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
iTunes (HKLM\...\{96984DE8-1DB8-425C-AC8C-3098BC696F04}) (Version: 12.3.0.44 - Apple Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mumble 1.2.6 (HKLM-x32\...\{461A5021-EE14-4E57-9A06-8ABCE9C38FE4}) (Version: 1.2.6 - Thorvald Natvig)
OCCT 4.4.0 (HKLM-x32\...\OCCT) (Version: 4.4.0 - Ocbase.com)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Speccy (HKLM\...\Speccy) (Version: 1.23 - Piriform)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {08FD3526-A76D-41A0-8EEF-699E331A864C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-30] (Adobe Systems Incorporated)
Task: {182FED41-D7C4-4541-8084-063337BBF066} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-30] (Google Inc.)
Task: {2920020F-A156-419C-8304-0333BE3AB655} - System32\Tasks\{3B74A004-5F42-4F95-8C5F-1245CB457338} => Chrome.exe hxxp://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?source=lightinstaller&amp;page=tsMain
Task: {35FAA0A0-D51F-46F1-ADA9-0D7476ACD2FC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-10-04] (AVAST Software)
Task: {5D0DBE94-2A5C-4B6B-8A00-7334D9C20A0F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {8465D01B-AF45-428F-AC0B-6ADDBB2B70D9} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy
Task: {99DE4821-2A17-4265-B5DB-110A34EC9BC2} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-09-30] (AVAST Software)
Task: {FB91996E-A47D-4E3C-A41C-4B30ECD93FF1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {FE8351D5-7231-409E-8B00-FB086961BABD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-30] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-09-23 16:47 - 2015-09-23 16:47 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-23 16:47 - 2015-09-23 16:47 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-30 22:49 - 2016-09-30 22:49 - 00103424 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
2015-10-04 16:55 - 2015-10-04 16:55 - 00103376 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-10-04 16:55 - 2015-10-04 16:55 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-09-30 21:22 - 2016-09-30 21:22 - 03118360 _____ () C:\Program Files\AVAST Software\Avast\defs\16093003\algo.dll
2015-10-04 16:55 - 2015-10-04 16:55 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-08-21 14:18 - 2016-09-07 23:14 - 00784672 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-09-30 21:41 - 2016-08-31 21:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-09-30 21:41 - 2016-08-31 21:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-09-30 21:41 - 2016-08-31 21:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-05-21 17:00 - 2016-09-20 15:28 - 02321696 _____ () C:\Program Files (x86)\Steam\video.dll
2016-09-30 21:41 - 2016-01-27 03:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-09-30 21:41 - 2016-01-27 03:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-09-30 21:41 - 2016-01-27 03:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-09-30 21:41 - 2016-01-27 03:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-09-30 21:41 - 2016-01-27 03:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-10-08 18:19 - 2016-09-20 15:28 - 00835360 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-09-30 21:41 - 2016-07-04 18:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2013-10-08 18:19 - 2016-09-20 15:28 - 00145696 _____ () C:\Program Files (x86)\Steam\bin\audio.dll
2013-06-14 15:49 - 2014-04-09 00:25 - 00071680 _____ () C:\Program Files (x86)\Steam\bin\mssmp3.asi
2013-06-14 15:49 - 2014-04-09 00:25 - 00153088 _____ () C:\Program Files (x86)\Steam\bin\mssvoice.asi
2014-05-15 01:08 - 2014-05-15 01:08 - 00135312 _____ () C:\Program Files (x86)\Mumble\mumble_ol.dll
2013-09-10 14:20 - 2016-08-04 16:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2016-09-30 21:41 - 2015-09-24 19:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-09-30 22:34 - 2016-09-13 20:38 - 01806152 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libglesv2.dll
2016-09-30 22:34 - 2016-09-13 20:38 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libegl.dll
2016-09-30 22:34 - 2016-09-13 20:25 - 17754304 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\PepperFlash\pepflashplayer.dll
2014-05-15 01:08 - 2014-05-15 01:08 - 00220816 _____ () C:\Program Files (x86)\Mumble\opus.dll
2011-07-13 22:27 - 2011-07-13 22:27 - 02304512 _____ () C:\Program Files (x86)\Mumble\libsndfile-1.dll
2014-01-30 00:00 - 2014-01-30 00:00 - 04469248 _____ () C:\Program Files (x86)\Mumble\libmysql.dll
2014-05-15 01:08 - 2014-05-15 01:08 - 00115344 _____ () C:\Program Files (x86)\Mumble\ZLIB1.dll
2014-05-15 01:08 - 2014-05-15 01:08 - 00169104 _____ () C:\Program Files (x86)\Mumble\speex.dll
2014-05-15 01:08 - 2014-05-15 01:08 - 00074384 _____ () C:\Program Files (x86)\Mumble\celt0.0.7.0.sse2.dll
2014-05-15 01:08 - 2014-05-15 01:08 - 00090256 _____ () C:\Program Files (x86)\Mumble\celt0.0.11.0.sse2.dll
2013-12-02 22:26 - 2013-12-02 22:26 - 00036872 _____ () C:\Users\Black Box\AppData\Roaming\Mumble\Plugins\aoc.dll
2013-12-02 22:26 - 2013-12-02 22:26 - 00020488 _____ () C:\Users\Black Box\AppData\Roaming\Mumble\Plugins\arma2.dll
2013-12-02 22:26 - 2013-12-02 22:26 - 00020488 _____ () C:\Users\Black Box\AppData\Roaming\Mumble\Plugins\bf1942.dll
2013-12-02 22:26 - 2013-12-02 22:26 - 00038920 _____ () C:\Users\Black Box\AppData\Roaming\Mumble\Plugins\bf2.dll
2013-12-02 22:26 - 2013-12-02 22:26 - 00038920 _____ () C:\Users\Black Box\AppData\Roaming\Mumble\Plugins\bf3.dll
2013-12-02 22:26 - 2013-12-02 22:26 - 00020488 _____ () C:\Users\Black Box\AppData\Roaming\Mumble\Plugins\bfbc2.dll
2013-12-02 22:26 - 2013-12-02 22:26 - 00020488 _____ () C:\Users\Black Box\AppData\Roaming\Mumble\Plugins\bfheroes.dll
2013-12-02 22:26 - 2013-12-02 22:26 - 00022024 _____ () C:\Users\Black Box\AppData\Roaming\Mumble\Plugins\blacklight.dll
2013-12-02 22:26 - 2013-12-02 22:26 - 00023560 _____ () C:\Users\Black Box\AppData\Roaming\Mumble\Plugins\borderlands.dll
2013-12-02 22:26 - 2014-04-08 16:46 - 00022512 _____ () C:\Users\Black Box\AppData\Roaming\Mumble\Plugins\borderlands2.dll
2013-12-02 22:26 - 2013-12-02 22:26 - 00020488 _____ () C:\Users\Black Box\AppData\Roaming\Mumble\Plugins\breach.dll
2013-12-02 22:26 - 2013-12-02 22:26 - 00022024 _____ () C:\Users\Black Box\AppData\Roaming\Mumble\Plugins\cs.dll
2013-12-02 22:26 - 2013-12-02 22:26 - 00022536 _____ () C:\Users\Black Box\AppData\Roaming\Mumble\Plugins\etqw.dll
2013-12-02 22:26 - 2013-12-02 22:26 - 00037384 _____ () C:\Users\Black Box\AppData\Roaming\Mumble\Plugins\gmod.dll
2013-12-02 22:26 - 2013-12-02 22:26 - 00021000 _____ () C:\Users\Black Box\AppData\Roaming\Mumble\Plugins\gtaiv.dll
2013-12-02 22:26 - 2013-12-02 22:26 - 00022536 _____ () C:\Users\Black Box\AppData\Roaming\Mumble\Plugins\gw.dll
2013-12-02 22:26 - 2013-12-02 22:26 - 00037384 _____ () C:\Users\Black Box\AppData\Roaming\Mumble\Plugins\insurgency.dll
2013-12-02 22:26 - 2013-12-02 22:26 - 00022536 _____ () C:\Users\Black Box\AppData\Roaming\Mumble\Plugins\l4d.dll
2013-12-02 22:26 - 2014-04-08 16:46 - 00031728 _____ () C:\Users\Black Box\AppData\Roaming\Mumble\Plugins\l4d2.dll
2013-12-02 22:26 - 2013-12-02 22:26 - 00018952 _____ () C:\Users\Black Box\AppData\Roaming\Mumble\Plugins\link.dll
2013-12-02 22:26 - 2013-12-02 22:26 - 00019976 _____ () C:\Users\Black Box\AppData\Roaming\Mumble\Plugins\sr.dll
2013-12-02 22:26 - 2013-12-02 22:26 - 00020488 _____ () C:\Users\Black Box\AppData\Roaming\Mumble\Plugins\ut2004.dll
2013-12-02 22:26 - 2013-12-02 22:26 - 00032264 _____ () C:\Users\Black Box\AppData\Roaming\Mumble\Plugins\ut99.dll
2013-12-02 22:26 - 2013-12-02 22:26 - 00024584 _____ () C:\Users\Black Box\AppData\Roaming\Mumble\Plugins\wolfet.dll
2014-05-15 01:08 - 2014-05-15 01:08 - 00023696 _____ () C:\Program Files (x86)\Mumble\plugins\bf2142.dll
2014-05-15 01:08 - 2014-05-15 01:08 - 00022160 _____ () C:\Program Files (x86)\Mumble\plugins\cod2.dll
2014-05-15 01:08 - 2014-05-15 01:08 - 00024208 _____ () C:\Program Files (x86)\Mumble\plugins\cod4.dll
2014-05-15 01:08 - 2014-05-15 01:08 - 00022160 _____ () C:\Program Files (x86)\Mumble\plugins\cod5.dll
2014-05-15 01:08 - 2014-05-15 01:08 - 00022160 _____ () C:\Program Files (x86)\Mumble\plugins\codmw2.dll
2014-05-15 01:08 - 2014-05-15 01:08 - 00022160 _____ () C:\Program Files (x86)\Mumble\plugins\codmw2so.dll
2014-05-15 01:08 - 2014-05-15 01:08 - 00039056 _____ () C:\Program Files (x86)\Mumble\plugins\dys.dll
2014-05-15 01:08 - 2014-05-15 01:08 - 00022160 _____ () C:\Program Files (x86)\Mumble\plugins\jc2.dll
2014-05-15 01:08 - 2014-05-15 01:08 - 00024208 _____ () C:\Program Files (x86)\Mumble\plugins\lol.dll
2014-05-15 01:08 - 2014-05-15 01:08 - 00023696 _____ () C:\Program Files (x86)\Mumble\plugins\lotro.dll
2014-05-15 01:08 - 2014-05-15 01:08 - 00072848 _____ () C:\Program Files (x86)\Mumble\plugins\manual.dll
2014-05-15 01:08 - 2014-05-15 01:08 - 00024720 _____ () C:\Program Files (x86)\Mumble\plugins\sto.dll
2014-05-15 01:08 - 2014-05-15 01:08 - 00022160 _____ () C:\Program Files (x86)\Mumble\plugins\ut3.dll
2014-05-15 01:08 - 2014-05-15 01:08 - 00032912 _____ () C:\Program Files (x86)\Mumble\plugins\wow.dll
2016-09-30 22:49 - 2016-09-30 22:49 - 00206336 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\launcher.dll
2016-09-30 22:49 - 2016-09-30 22:49 - 00320000 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\tier0.dll
2016-09-30 22:49 - 2016-09-30 22:49 - 00212992 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\vstdlib.dll
2016-09-30 22:49 - 2016-09-30 22:49 - 00452608 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\filesystem_stdio.dll
2016-09-30 22:49 - 2016-09-30 22:49 - 06003712 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\engine.dll
2016-09-30 22:49 - 2016-09-30 22:49 - 00158208 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\inputsystem.dll
2016-09-30 22:49 - 2016-09-30 22:49 - 01183232 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vphysics.dll
2016-09-30 22:49 - 2016-09-30 22:49 - 01268224 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\materialsystem.dll
2016-09-30 22:49 - 2016-09-30 22:49 - 00370688 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\datacache.dll
2016-09-30 22:49 - 2016-09-30 22:49 - 00610816 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\studiorender.dll
2016-09-30 22:49 - 2016-09-30 22:49 - 00173568 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\soundemittersystem.dll
2016-09-30 22:49 - 2016-09-30 22:49 - 00714240 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vscript.dll
2016-09-30 22:49 - 2016-09-30 22:49 - 00135168 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\valve_avi.dll
2016-09-30 22:49 - 2016-09-30 22:49 - 01383936 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vguimatsurface.dll
2016-09-30 22:49 - 2016-09-30 22:49 - 00415232 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vgui2.dll
2016-09-30 22:49 - 2016-09-30 22:49 - 03209728 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\scaleformui.dll
2016-09-30 22:49 - 2016-09-30 22:49 - 01660416 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\shaderapidx9.dll
2016-09-30 22:49 - 2016-09-30 22:49 - 00151552 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\localize.dll
2016-09-30 22:49 - 2016-09-30 22:49 - 00232448 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\stdshader_dbg.dll
2016-09-30 22:49 - 2016-09-30 22:49 - 00990208 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\stdshader_dx9.dll
2016-09-30 22:49 - 2016-09-30 22:49 - 01060352 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\chromehtml.dll
2016-09-30 22:49 - 2016-09-30 22:49 - 20625832 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\libcef.dll
2016-09-30 22:49 - 2016-09-30 22:49 - 01099616 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\avcodec-53.dll
2016-09-30 22:49 - 2016-09-30 22:49 - 00123232 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\avutil-51.dll
2016-09-30 22:49 - 2016-09-30 22:49 - 00190816 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\avformat-53.dll
2016-09-30 22:49 - 2016-09-30 22:49 - 00608256 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo\bin\matchmaking.dll
2016-09-30 22:49 - 2016-09-30 22:49 - 11951616 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo\bin\client.dll
2016-09-30 22:49 - 2016-09-30 22:49 - 09974784 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo\bin\server.dll
2016-09-30 22:49 - 2016-09-30 22:49 - 00094720 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\scenefilecache.dll
2016-09-30 22:49 - 2016-09-30 22:49 - 00068096 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vaudio_miles.dll
2016-09-30 22:49 - 2016-09-30 22:49 - 00095744 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\mssmp3.asi
2016-09-30 22:49 - 2016-09-30 22:49 - 00153600 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\mssvoice.asi
2016-09-30 22:49 - 2016-09-30 22:49 - 00013312 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\mssds3d.flt
2016-09-30 22:49 - 2016-09-30 22:49 - 00060416 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\msseax.flt
2016-09-30 22:49 - 2016-09-30 22:49 - 00176640 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vaudio_speex.dll
2016-09-30 22:49 - 2016-09-30 22:49 - 01013760 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\serverbrowser.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3319826057-1193631410-3104018917-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Black Box\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{D10843F1-876F-4907-906D-F14FC37CF761}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CB4A84D3-77E1-4AF7-8635-43ED9D89B132}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6E37995D-087B-418B-B6C4-0A4A38E1348E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E9DFD4D5-51B0-4F7E-96F8-542E8390C2AB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{856B5703-5224-40CD-A5A5-3071847C28EC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{057DC648-F6F4-46AA-B16E-9325580B67E1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{93FAE76A-F302-4FC2-BDB5-640AF6154940}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{796C7432-9971-4FEB-AC7C-31AA3BFBD57B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{4A425230-3784-4277-ABAA-D6DE51A44CCE}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{CEE34972-BBB6-4039-8E57-EC8E8FD8E9D5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C1FE2AAD-FEE9-4775-B7E0-1418406416E3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{79A30E1E-21E5-444A-BD57-116ED98E586C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{4AE55740-6DCD-4F76-9E8A-0C887FB35ED3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
 
==================== Restore Points =========================
 
04-10-2015 16:39:35 avast! antivirus system restore point
04-10-2015 16:54:56 avast! antivirus system restore point
30-09-2016 22:07:43 ComboFix created restore point
30-09-2016 22:27:41 Removed Adobe Photoshop Lightroom 5.3 64-bit.
30-09-2016 23:21:05 Installed DirectX
 
==================== Faulty Device Manager Devices =============
 
Name: Realtek PCI GBE Family Controller
Description: Realtek PCI GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/30/2016 09:23:00 PM) (Source: MsiInstaller) (EventID: 1041) (User: NT AUTHORITY)
Description: Failed to begin a Windows Installer transaction ASU_MSI_TRAN. Error 1603 occurred while beginning the transaction.
 
Error: (10/04/2015 05:53:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 62369
 
Error: (10/04/2015 05:53:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 62369
 
Error: (10/04/2015 05:53:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/04/2015 05:53:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 46769
 
Error: (10/04/2015 05:53:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 46769
 
Error: (10/04/2015 05:53:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/04/2015 05:52:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31169
 
Error: (10/04/2015 05:52:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 31169
 
Error: (10/04/2015 05:52:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (09/30/2016 10:43:03 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (09/30/2016 10:14:00 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (09/30/2016 10:12:07 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (09/30/2016 09:56:00 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (09/30/2016 09:48:30 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (09/30/2016 09:48:07 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (09/30/2016 09:47:58 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (09/30/2016 09:43:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (09/30/2016 09:43:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (09/30/2016 09:35:29 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 93%
Total physical RAM: 4077.26 MB
Available physical RAM: 271.38 MB
Total Virtual: 8152.7 MB
Available Virtual: 3440.7 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:106.91 GB) (Free:36.49 GB) NTFS
Drive d: (Storage) (Fixed) (Total:596.17 GB) (Free:380.04 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 2934C121)
Partition 1: (Not Active) - (Size=596.2 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 107.1 GB) (Disk ID: 73E073E0)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
ComboFix 16-09-28.01 - Black Box 09/30/2016  22:09:13.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.4077.2250 [GMT -4:00]
Running from: c:\users\Black Box\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msdownld.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2016-09-01 to 2016-10-01  )))))))))))))))))))))))))))))))
.
.
2016-10-01 02:13 . 2016-10-01 02:13 -------- d-----w- c:\users\Guest\AppData\Local\temp
2016-10-01 02:13 . 2016-10-01 02:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-10-01 02:00 . 2016-10-01 02:00 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F75C4696-62BB-4416-A631-68027B00400B}\offreg.dll
2016-10-01 01:43 . 2016-10-01 01:43 -------- d-----w- c:\users\Black Box\AppData\Local\CEF
2016-10-01 01:43 . 2016-10-01 01:43 -------- d-----w- c:\users\Black Box\AppData\Local\Steam
2016-10-01 01:33 . 2016-10-01 01:33 -------- d-----w- c:\users\Black Box\AppData\Local\ElevatedDiagnostics
2016-10-01 01:28 . 2016-10-01 01:28 7065600 ----a-w- c:\program files (x86)\GUT58BA.tmp
2016-10-01 01:28 . 2016-10-01 01:28 -------- d-----w- c:\program files (x86)\GUM58B9.tmp
2016-10-01 01:23 . 2016-10-01 01:23 -------- d-----w- c:\program files\Common Files\AV
2016-10-01 01:23 . 2016-10-01 01:23 -------- d-----w- c:\program files (x86)\Common Files\AV
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-10-01 01:38 . 2014-01-31 23:12 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-10-01 01:38 . 2014-01-31 23:12 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-10-01 01:23 . 2013-10-25 22:25 449992 ----a-w- c:\windows\system32\drivers\aswsp.sys
2016-10-01 01:23 . 2013-10-25 22:25 1059656 ----a-w- c:\windows\system32\drivers\aswsnx.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-10-01 6133520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-09-23 60688]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
.
c:\users\Black Box\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-23 17:54 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-10-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-31 01:38]
.
2016-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-22 00:55]
.
2015-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-22 00:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-10-04 20:55 780616 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-09-24 170256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Black Box\AppData\Roaming\Mozilla\Firefox\Profiles\hszag6z3.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-09-30  22:15:36
ComboFix-quarantined-files.txt  2016-10-01 02:15
.
Pre-Run: 39,704,219,648 bytes free
Post-Run: 40,514,215,936 bytes free
.
- - End Of File - - 72BFEB8F7031F8B89C214E1A25F22750
A36C5E4F47E84449FF07ED3517B43A31
 
 
 

 


  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP