Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Computer running slow and browser not blocking popups

Started by Zambian , Feb 22 2015 09:32 PM

Please log in to reply

#16
Zambian

Posted 04 March 2015 - 01:07 AM

Member

Topic Starter
Member
66 posts

Is there something gone wrong or is it just me? All my posts including the logs and detailed report seem to be missing, anything i can do?

#17
RKinner

Posted 04 March 2015 - 06:38 AM

Malware Expert

Expert
24,625 posts

I think it's probably because the forum has started a new page for your thread. We're on page 2 now. Your original page and post are on page 1. Click on the Prev button or the 1 button and it will take you to page 1. Were you able to switch to Avast as I asked in http://www.geekstogo...s/#entry2483096 ?

#18
Zambian

Posted 04 March 2015 - 09:56 PM

Member

Topic Starter
Member
66 posts

Yes , i have installed and run Avast, there were problems which were fixed, there is still something that is installing an extension into Chrome browser , this i have deleted and will see if it comes back. there was a program installed called coup coup that i deleted and when i reran Avast it detected the program coup coup again. It seems each time i run Avast it finds something.

#19
RKinner

Posted 05 March 2015 - 02:22 PM

Malware Expert

Expert
24,625 posts

Can you open

C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt

and copy and paste it into a reply?

If you have problems seeing the file:

Open the Control Panel menu and click Folder Options.

After the new window appears select the View tab.

Put a checkmark in the checkbox labeled Display the contents of system folders.

Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.

Remove the checkmark from the checkbox labeled Hide file extensions for known file types.

Remove the checkmark from the checkbox labeled Hide protected operating system files.

Press the Apply button and then the OK button

Run FRST again, check the Additions box and then Scan. You will get two logs. Post them both.

#20
Zambian

Posted 05 March 2015 - 06:19 PM

Member

Topic Starter
Member
66 posts

I couldn't find the Avast scan log in the Avast folder, so here are the loge from FRST

FRST.txt.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-03-2015

Ran by Davie (administrator) on DAVIE-PC on 06-03-2015 08:12:32

Running from C:\Users\Davie\Downloads

Loaded Profiles: Davie (Available profiles: Davie)

Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)

Internet Explorer Version 9 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe

(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe

(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe

(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe

(Microsoft Corporation) C:\Windows\vVX1000.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe

(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe

(Dell) C:\Users\Davie\AppData\Local\Apps\2.0\L1YMPGED.XGQ\1G05GZ07.40T\dell..tion_e30b47f5d4a30e9e_0005.000e_4ab3a7332dd76702\DellSystemDetect.exe

(WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK32.EXE

(Dropbox, Inc.) C:\Users\Davie\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe

(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe

(Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)

HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1797008 2010-07-21] (Microsoft Corporation)

HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-27] (AVAST Software)

HKU\S-1-5-21-30905629-1660685971-3630012643-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)

HKU\S-1-5-21-30905629-1660685971-3630012643-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)

HKU\S-1-5-21-30905629-1660685971-3630012643-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-22] (Piriform Ltd)

HKU\S-1-5-21-30905629-1660685971-3630012643-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)

HKU\S-1-5-21-30905629-1660685971-3630012643-1000\...\Run: [DellSystemDetect] => C:\Users\Davie\AppData\Local\Apps\2.0\L1YMPGED.XGQ\1G05GZ07.40T\dell..tion_e30b47f5d4a30e9e_0005.000e_4ab3a7332dd76702\DellSystemDetect.exe [283432 2015-02-08] (Dell)

HKU\S-1-5-21-30905629-1660685971-3630012643-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Program Files\Webshots\webshots.scr [1646592 2006-01-25] (Webshots.com)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)

Startup: C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Davie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

HKU\S-1-5-21-30905629-1660685971-3630012643-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=au&ibd=1080802

HKU\S-1-5-21-30905629-1660685971-3630012643-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:

========

FF ProfilePath: C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406

FF NewTab: https://www.google.com.au/

FF Homepage: about:home

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()

FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @pack.google.com/Google Updater;version=13 -> C:\Program Files\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll (Google)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Extension: MediaPlayersvideos 1.1 - C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\Extensions\[email protected] [2015-01-01]

FF Extension: captiondownloaderhiephmcom - C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\Extensions\[email protected] [2015-02-23]

FF Extension: 023e9ca063f347b1bcb29badf9d9ef28 - C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\Extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28} [2015-02-23]

FF Extension: Flash and Video Download - C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}(2) [2014-06-18]

FF Extension: No Flash - C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\Extensions\[email protected] [2014-10-04]

FF Extension: Youtube and more - Easy Video Downloader - C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\Extensions\[email protected] [2014-12-05]

FF Extension: Youtube downloader master - C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\Extensions\[email protected] [2014-10-04]

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-10]

FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-27]

Chrome:

=======

CHR Profile: C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-08]

CHR Extension: (Google Docs) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08]

CHR Extension: (Google Drive) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-08]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-08]

CHR Extension: (YouTube) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-08]

CHR Extension: (Google Search) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-08]

CHR Extension: (Google Sheets) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-08]

CHR Extension: (Avast Online Security) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-27]

CHR Extension: (Google Wallet) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-08]

CHR Extension: (Gmail) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-08]

CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-27]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-13] (SUPERAntiSpyware.com)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-27] (AVAST Software)

R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2015-02-27] (AVAST Software)

R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2015-02-27] (Avast Software)

S4 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [57344 2004-06-13] (brother Industries Ltd) [File not signed]

S4 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]

R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [161048 2008-04-28] (Stardock Corporation)

S2 gupdate1c9a11782fb64e7; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-11-01] (Google Inc.)

S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]

S4 SftService; C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE [1692480 2011-08-18] (SoftThinks SAS)

R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2015-02-27] ()

R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2015-02-27] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73480 2015-02-27] (AVAST Software)

R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2015-02-27] (ALWIL Software)

R0 aswNdis2; C:\Windows\system32\Drivers\aswNdis2.sys [253640 2015-02-27] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55240 2015-02-27] (AVAST Software)

R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2015-02-27] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2015-02-27] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2015-02-27] (AVAST Software)

R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57928 2015-02-27] (AVAST Software)

R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2015-02-27] ()

S3 ioFakMap; C:\Windows\System32\DRIVERS\ioFakMap.sys [10624 2010-12-15] (KYE System Corp.)

S3 ioTblMap; C:\Windows\System32\DRIVERS\ioTblMap.sys [10632 2011-06-07] (KYE System Corp.)

R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2008-03-06] (Windows ® Codename Longhorn DDK provider)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-05-21] () [File not signed]

R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2010-10-27] () [File not signed]

R3 stdriver; C:\Windows\System32\DRIVERS\stdriverx86.sys [40344 2012-10-01] ()

R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2015-02-27] (Avast Software)

R3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1961072 2010-05-20] (Microsoft Corporation)

U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-06 08:12 - 2015-03-06 08:12 - 00020953 _____ () C:\Users\Davie\Downloads\FRST.txt

2015-03-06 08:11 - 2015-03-06 08:11 - 00000000 ____D () C:\Users\Davie\Downloads\FRST-OlderVersion

2015-03-06 07:41 - 2015-03-06 07:41 - 00000197 _____ () C:\Windows\system32\2015-03-05-23-41-45.029-AvastVBoxSVC.exe-3032.log

2015-03-05 11:41 - 2015-03-05 11:41 - 00000197 _____ () C:\Windows\system32\2015-03-05-03-41-41.090-AvastVBoxSVC.exe-2988.log

2015-03-04 17:09 - 2015-03-04 17:09 - 00000197 _____ () C:\Windows\system32\2015-03-04-09-09-55.042-AvastVBoxSVC.exe-3692.log

2015-03-04 08:34 - 2015-03-04 08:34 - 00000197 _____ () C:\Windows\system32\2015-03-04-00-34-10.001-AvastVBoxSVC.exe-4352.log

2015-02-27 15:50 - 2015-02-27 15:50 - 00000000 ____D () C:\Users\Davie\AppData\Local\{445E4688-1907-4350-9CF6-C33C78C364DA}

2015-02-27 15:36 - 2015-02-27 15:36 - 00000000 ____D () C:\Users\Davie\AppData\Local\{F2EF7F01-C0EC-4431-B5D0-44FB24869713}

2015-02-27 14:31 - 2015-02-27 14:31 - 00001862 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk

2015-02-27 14:31 - 2015-02-27 14:31 - 00001856 _____ () C:\Users\Public\Desktop\WinZip.lnk

2015-02-27 14:31 - 2015-02-27 14:31 - 00000000 ____D () C:\Users\Davie\AppData\Local\WinZip

2015-02-27 14:31 - 2015-02-27 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip

2015-02-27 14:31 - 2015-02-27 14:31 - 00000000 ____D () C:\Program Files\WinZip

2015-02-27 14:18 - 2015-02-27 14:18 - 00000247 _____ () C:\Windows\system32\2015-02-27-06-18-18.013-aswFe.exe-6028.log

2015-02-27 14:04 - 2015-02-27 14:18 - 00000247 _____ () C:\Windows\system32\2015-02-27-06-04-04.095-aswFe.exe-5504.log

2015-02-27 14:03 - 2015-02-27 14:03 - 00000197 _____ () C:\Windows\system32\2015-02-27-06-03-57.041-AvastVBoxSVC.exe-3136.log

2015-02-27 12:03 - 2015-02-27 12:03 - 00001879 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk

2015-02-27 12:02 - 2015-02-27 12:02 - 00026136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys

2015-02-27 12:02 - 2015-02-27 12:01 - 00253640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdis2.sys

2015-02-27 12:02 - 2015-02-27 11:51 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2015-02-27 12:01 - 2015-02-27 12:01 - 00012112 _____ (ALWIL Software) C:\Windows\system32\Drivers\aswNdis.sys

2015-02-27 11:54 - 2015-02-27 11:56 - 00000000 ____D () C:\Windows\system32\vbox

2015-02-27 11:53 - 2015-02-27 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software

2015-02-27 11:53 - 2015-02-27 11:53 - 00000000 ____D () C:\Users\Davie\AppData\Roaming\AVAST Software

2015-02-27 11:52 - 2015-02-27 11:53 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys

2015-02-27 11:52 - 2015-02-27 11:53 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

2015-02-27 11:52 - 2015-02-27 11:53 - 00073480 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys

2015-02-27 11:52 - 2015-02-27 11:52 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys

2015-02-27 11:52 - 2015-02-27 11:52 - 00057928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys

2015-02-27 11:52 - 2015-02-27 11:52 - 00055240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys

2015-02-27 11:52 - 2015-02-27 11:52 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

2015-02-27 11:52 - 2015-02-27 11:52 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys

2015-02-27 11:51 - 2015-02-27 11:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2015-02-27 11:50 - 2015-02-27 11:50 - 00000000 ____D () C:\Program Files\AVAST Software

2015-02-27 11:48 - 2015-02-27 11:50 - 00000000 ____D () C:\ProgramData\AVAST Software

2015-02-27 11:38 - 2015-02-27 11:41 - 132469808 _____ (AVAST Software) C:\Users\Davie\Downloads\avast_free_antivirus_setup.exe

2015-02-27 10:14 - 2015-03-04 16:58 - 00000020 _____ () C:\Users\Davie\AppData\Roaming\appdataFr3.bin

2015-02-27 09:54 - 2015-02-27 12:09 - 00000000 ____D () C:\Program Files\comfix

2015-02-26 16:34 - 2015-02-26 16:34 - 02480312 _____ (Sysinternals - www.sysinternals.com) C:\Users\Davie\Downloads\procexp.exe

2015-02-26 16:34 - 2015-02-26 16:34 - 02480312 _____ (Sysinternals - www.sysinternals.com) C:\Users\Davie\Desktop\procexp.exe

2015-02-25 14:37 - 2015-02-25 14:39 - 00000806 _____ () C:\VEW.txt

2015-02-25 14:34 - 2015-02-25 14:34 - 00061440 _____ ( ) C:\Users\Davie\Desktop\VEW (1).exe

2015-02-25 14:33 - 2015-02-25 14:33 - 00061440 _____ ( ) C:\Users\Davie\Downloads\VEW.exe

2015-02-24 14:42 - 2015-01-23 11:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-02-24 14:42 - 2015-01-23 10:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-02-23 13:16 - 2015-03-06 08:12 - 00000000 ____D () C:\FRST

2015-02-23 13:03 - 2015-03-06 08:11 - 01132544 _____ (Farbar) C:\Users\Davie\Downloads\FRST.exe

2015-02-23 13:02 - 2015-02-23 13:03 - 01388274 _____ (Thisisu) C:\Users\Davie\Downloads\JRT.exe

2015-02-23 12:59 - 2015-02-23 13:00 - 02126848 _____ () C:\Users\Davie\Downloads\AdwCleaner.exe

2015-02-23 10:53 - 2015-02-23 10:53 - 00602112 _____ (OldTimer Tools) C:\Users\Davie\Downloads\OTL.exe

2015-02-23 09:47 - 2014-11-26 10:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll

2015-02-23 09:46 - 2015-01-15 12:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-02-23 09:46 - 2015-01-13 09:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2015-02-23 09:46 - 2015-01-09 08:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-02-23 09:42 - 2015-01-14 09:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-02-23 09:42 - 2015-01-14 09:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-02-23 09:42 - 2015-01-14 09:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-02-23 09:42 - 2015-01-14 09:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-02-23 09:42 - 2015-01-14 09:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-02-23 09:42 - 2015-01-14 09:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-02-23 09:42 - 2015-01-14 09:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-02-23 09:42 - 2015-01-14 09:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-02-23 09:42 - 2015-01-14 09:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-02-23 09:42 - 2015-01-14 09:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2015-02-23 09:42 - 2015-01-14 09:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-02-23 09:42 - 2015-01-14 09:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-02-23 09:42 - 2015-01-14 09:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-02-23 09:42 - 2015-01-14 09:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-02-23 09:42 - 2015-01-14 09:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-02-23 09:42 - 2015-01-14 09:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-02-23 09:42 - 2015-01-14 09:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-02-23 09:42 - 2015-01-14 09:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2015-02-23 09:42 - 2015-01-14 09:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2015-02-23 09:42 - 2015-01-14 09:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2015-02-23 09:37 - 2015-02-23 09:37 - 00000000 ____D () C:\Windows\Temp49189D3D-F36E-6298-86B0-6AD8E0F4F57D-Signatures

2015-02-23 09:34 - 2014-12-08 09:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll

2015-02-23 09:32 - 2015-02-23 09:32 - 00001127 _____ () C:\Users\Davie\Desktop\Watchtower Library 2014 - English.lnk

2015-02-23 09:32 - 2015-02-23 09:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Watchtower Library 2014

2015-02-23 09:29 - 2015-02-23 09:30 - 00000000 ____D () C:\1dde1cb4387c5846477e94eeeafd

2015-02-09 09:48 - 2015-02-09 09:48 - 00000000 ____D () C:\Program Files\Common Files\Java

2015-02-08 12:58 - 2014-12-19 08:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2015-02-08 12:53 - 2014-12-06 11:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

2015-02-08 12:53 - 2014-12-06 11:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

2015-02-08 12:53 - 2014-12-06 11:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll

2015-02-08 12:53 - 2014-12-06 11:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll

2015-02-08 12:46 - 2015-02-08 12:46 - 00417064 _____ () C:\Users\Davie\Downloads\DellSystemDetect.exe

2015-02-08 12:04 - 2015-02-08 12:04 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-02-08 12:04 - 2015-02-08 12:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-02-08 12:00 - 2015-02-08 12:00 - 00880208 _____ (Google Inc.) C:\Users\Davie\Downloads\ChromeSetup.exe

2015-02-08 11:48 - 2015-02-08 11:48 - 00001269 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell ResourceCD.lnk

2015-02-08 11:47 - 2015-02-08 11:47 - 00000000 ____D () C:\Windows\system32\vmm32

2015-02-08 11:14 - 2015-02-27 09:54 - 00000000 ____D () C:\ProgramData\59b4cf200005341

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-06 07:54 - 2014-10-08 13:43 - 00000000 ___RD () C:\Users\Davie\Dropbox

2015-03-06 07:54 - 2013-10-11 19:54 - 00000000 ____D () C:\Users\Davie\AppData\Roaming\Skype

2015-03-06 07:54 - 2013-06-27 12:22 - 00000000 ____D () C:\Users\Davie\AppData\Roaming\Dropbox

2015-03-06 07:53 - 2009-06-27 16:32 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-03-06 07:53 - 2008-08-01 17:19 - 00000276 _____ () C:\Windows\Tasks\RtlNICDiagVistaStart.job

2015-03-06 07:44 - 2012-03-10 10:28 - 01248571 _____ () C:\Windows\WindowsUpdate.log

2015-03-06 07:43 - 2013-06-03 15:44 - 00000868 _____ () C:\Windows\Tasks\Google Software Updater.job

2015-03-06 07:40 - 2006-11-02 21:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-03-06 07:40 - 2006-11-02 20:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2015-03-06 07:40 - 2006-11-02 20:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2015-03-05 16:34 - 2006-11-02 21:01 - 00032638 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2015-03-05 16:20 - 2014-12-05 20:49 - 00000861 _____ () C:\Users\Public\Desktop\VLC media player.lnk

2015-03-05 11:41 - 2013-06-03 15:44 - 00000000 ____D () C:\ProgramData\Google Updater

2015-03-04 17:13 - 2013-11-29 15:36 - 00000000 ____D () C:\AdwCleaner

2015-03-04 16:59 - 2013-08-01 18:37 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware

2015-03-04 14:42 - 2006-11-02 18:33 - 00759542 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-02-27 17:34 - 2015-01-06 12:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-02-27 14:31 - 2010-11-11 11:09 - 00000000 ____D () C:\ProgramData\WinZip

2015-02-27 14:30 - 2015-01-06 12:52 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2015-02-27 14:30 - 2015-01-06 12:52 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2015-02-27 14:00 - 2008-08-01 17:23 - 00000000 ____D () C:\Program Files\Google

2015-02-27 13:02 - 2014-08-29 15:24 - 00000000 ____D () C:\Users\Public\Documents\Wondershare

2015-02-27 12:46 - 2014-09-01 16:18 - 00000365 _____ () C:\Users\Davie\AppData\Roaming\LSHLRGPF

2015-02-27 12:36 - 2015-01-09 16:06 - 00000000 ____D () C:\ProgramData\4001812108

2015-02-27 11:43 - 2011-01-26 19:40 - 00001945 _____ () C:\Windows\epplauncher.mif

2015-02-25 14:00 - 2015-01-13 17:56 - 00000008 __RSH () C:\ProgramData\ntuser.pol

2015-02-25 13:56 - 2006-11-02 19:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2015-02-23 12:19 - 2011-06-01 21:14 - 00000000 ____D () C:\Users\Davie\dwhelper

2015-02-23 12:18 - 2012-11-29 12:51 - 00000000 ____D () C:\Users\Davie\AppData\Roaming\vlc

2015-02-23 10:16 - 2006-11-02 20:47 - 00315880 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-02-23 10:00 - 2013-08-10 10:28 - 00000000 ____D () C:\Windows\system32\MRT

2015-02-23 09:49 - 2011-09-25 14:14 - 00000000 ____D () C:\Program Files\Watchtower

2015-02-23 09:47 - 2006-11-02 18:24 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2015-02-16 09:39 - 2014-10-08 13:43 - 00000921 _____ () C:\Users\Davie\Desktop\Dropbox.lnk

2015-02-16 09:39 - 2014-10-08 13:27 - 00000000 ____D () C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2015-02-09 09:53 - 2009-10-26 14:48 - 00000000 ____D () C:\Users\Davie\AppData\Local\Deployment

2015-02-09 09:52 - 2013-11-18 16:22 - 00000000 ____D () C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell

2015-02-09 09:49 - 2013-11-29 10:55 - 00000000 ____D () C:\ProgramData\Oracle

2015-02-09 09:49 - 2008-08-01 17:17 - 00000000 ____D () C:\Program Files\Java

2015-02-09 09:47 - 2014-10-26 18:09 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2015-02-09 09:47 - 2014-10-26 18:09 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2015-02-09 09:47 - 2014-10-26 18:09 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2015-02-09 09:47 - 2014-10-26 18:09 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2015-02-09 08:48 - 2015-01-09 15:54 - 00000000 ___HD () C:\Users\Public\Temp

2015-02-08 12:43 - 2013-05-22 18:45 - 00000000 ____D () C:\Program Files\My Dell

2015-02-08 12:18 - 2015-01-09 15:32 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2015-02-08 12:07 - 2009-06-27 16:32 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-02-08 11:47 - 2008-08-01 17:23 - 00000000 ____D () C:\Program Files\Dell

==================== Files in the root of some directories =======

2013-06-11 12:15 - 2013-06-11 12:13 - 0013824 _____ () C:\Program Files\1033.MST

2012-09-17 13:33 - 2012-09-17 13:33 - 0000288 _____ () C:\Users\Davie\AppData\Roaming\.backup.dm

2015-02-27 10:14 - 2015-03-04 16:58 - 0000020 _____ () C:\Users\Davie\AppData\Roaming\appdataFr3.bin

2014-09-01 16:18 - 2015-02-27 12:46 - 0000365 _____ () C:\Users\Davie\AppData\Roaming\LSHLRGPF

2014-01-20 12:30 - 2014-01-20 12:30 - 0000041 _____ () C:\Users\Davie\AppData\Roaming\mbam.context.scan

2014-09-01 16:18 - 2014-09-01 16:18 - 0002086 _____ () C:\Users\Davie\AppData\Roaming\QAKOG

2008-10-12 13:48 - 2008-10-12 13:48 - 0026340 _____ () C:\Users\Davie\AppData\Roaming\UserTile.png

2009-09-24 16:17 - 2014-03-14 11:46 - 0000140 _____ () C:\Users\Davie\AppData\Roaming\wklnhst.dat

2012-04-18 13:56 - 2012-04-18 13:56 - 0000552 _____ () C:\Users\Davie\AppData\Local\d3d8caps.dat

2008-09-26 11:56 - 2012-04-18 13:56 - 0006836 _____ () C:\Users\Davie\AppData\Local\d3d9caps.dat

2008-09-25 20:09 - 2014-10-17 21:49 - 0045568 _____ () C:\Users\Davie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2009-06-07 14:46 - 2009-06-07 14:46 - 0008248 _____ () C:\Users\Davie\AppData\Local\en.ini

2012-09-05 17:11 - 2012-09-05 17:11 - 0001503 _____ () C:\Users\Davie\AppData\Local\recently-used.xbel

2010-02-10 17:23 - 2010-02-10 17:23 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

2008-10-15 16:08 - 2010-10-27 18:40 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt

Some content of TEMP:

====================

C:\Users\Davie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdb5nbg.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-06 07:55

==================== End Of Log ============================

Here is the Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-03-2015

Ran by Davie at 2015-03-06 08:13:04

Running from C:\Users\Davie\Downloads

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)

Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)

Adobe Reader X (10.1.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)

ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.008.0512.1132 - )

Avast Internet Security (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)

Brother MFL-Pro Suite DCP-J315W (HKLM\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 1.0.3.0 - Brother Industries, Ltd.)

Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)

ccc-core-static (Version: 2008.0512.1133.18639 - ATI) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)

CONNEXX 6.5.4 (HKLM\...\{EDDF7146-1083-41CD-8D64-4D0612776D24}) (Version: 6.5.4 - Siemens Audiologische Technik GmbH)

D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden

Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)

Dell DataSafe Local Backup - Support Software (HKLM\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)

Dell DataSafe Local Backup (HKLM\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)

Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)

Dell Driver Download Manager (HKU\S-1-5-21-30905629-1660685971-3630012643-1000\...\309a46b1dc89b774) (Version: 1.1.0.0 - Dell Inc.)

Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)

Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.10.0000 - Dell Inc.)

Dell System Detect - 1 (HKU\S-1-5-21-30905629-1660685971-3630012643-1000\...\73f463568823ebbe) (Version: 5.14.0.9 - Dell)

Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)

Dropbox (HKU\S-1-5-21-30905629-1660685971-3630012643-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)

EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version: - )

Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)

Google Earth (HKLM\...\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google)

Google Talk (remove only) (HKU\S-1-5-21-30905629-1660685971-3630012643-1000\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version: - )

Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden

Google Updater (HKLM\...\Google Updater) (Version: 2.4.1508.6312 - Google Inc.)

Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)

Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

LINE (HKLM\...\LINE) (Version: 3.5.2.42 - LINE Corporation)

MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.0 - Dell)

Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Expression Encoder 4 (HKLM\...\Encoder_4.0.3205.0) (Version: 4.0.3205.0 - Microsoft Corporation)

Microsoft Expression Encoder 4 Screen Capture Codec (HKLM\...\{F9EC30D1-F688-4708-9850-CB5120074AAA}) (Version: 4.0.3205.0 - Microsoft Corporation)

Microsoft Flight Simulator X Demo (HKLM\...\InstallShield_{B98A34C0-A6A2-4087-B272-557C1C6D0A07}) (Version: 10.0.60905 - Microsoft Game Studios)

Microsoft IntelliPoint 8.0 (HKLM\...\{00F93853-D9D3-4795-A89E-84CCBA0205C9}) (Version: 8.0.225.0 - Microsoft)

Microsoft LifeCam (HKLM\...\{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}) (Version: 3.22.270.0 - Microsoft Corporation)

Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)

Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.17.8 - Dell)

MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)

My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)

Naviextras Toolbox (HKLM\...\Naviextras Toolbox) (Version: 3.18.3.412849 - NNG Llc.)

Naviextras Toolbox Prerequesities (HKLM\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.)

NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.44 - BVRP Software, Inc)

OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden

OOo-dev 3.4 (HKLM\...\{1153700F-C007-4EC7-B04A-7C14D1E6E3DD}) (Version: 3.4.9583 - OpenOffice.org)

PaperPort (HKLM\...\{A17EABB6-D0C6-44E5-820C-72DC7F495064}) (Version: 9.02.0823 - ScanSoft, Inc.)

Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)

Realtek Ethernet Network Card Diagnostic tool for Windows Vista (HKLM\...\{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}) (Version: 1.00 - Realtek)

Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)

Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 6.0.0 - Roxio)

Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden

SHS6 Common (HKLM\...\{7EA9F56C-DF0E-4937-BEC1-5267A61B3216}) (Version: 1.0 - Siemens Audiologische Technik GmbH)

SHS6 Fitting (HKLM\...\{829154BB-A671-44E1-8103-28310E9BCD59}) (Version: 1.0 - Siemens Audiologische Technik GmbH)

SIFIT (HKLM\...\{C82C3BB6-34D2-4CE3-B700-35A0C748203F}) (Version: 6.10.3.1096 - Siemens)

Skins (Version: 2008.0512.1133.18639 - ATI) Hidden

Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)

Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

Sophos Anti-Rootkit 1.5.20 (HKLM\...\Sophos-AntiRootkit) (Version: 1.5.20 - Sophos Plc)

SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)

VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)

Watchtower Library 2014 - English (HKLM\...\{DB6F2EEA-CEEA-4096-8BD7-ABF100A90820}) (Version: 16.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)

Webshots Desktop (HKLM\...\Webshots Desktop) (Version: - )

Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E6}) (Version: 19.0.11294 - WinZip Computing, S.L. )

XviD 1.1 final uninstall (HKLM\...\XviD_is1) (Version: 1.1 - XviD team (Koepi))

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Davie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Davie\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Davie\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)

CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

26-02-2015 09:53:21 Scheduled Checkpoint

27-02-2015 11:19:53 Scheduled Checkpoint

27-02-2015 11:50:11 avast! antivirus system restore point

27-02-2015 11:58:30 avast! antivirus system restore point

27-02-2015 12:02:46 Device Driver Package Install: ALWIL Software Network Service

04-03-2015 08:41:46 Windows Update

05-03-2015 12:40:04 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 18:23 - 2012-09-09 18:54 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0312CF9D-1717-4060-A541-3DFC8F9C511B} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2008-01-21] (Microsoft Corporation)

Task: {082A3490-8583-42FC-BA0F-D7C64C129FDD} - System32\Tasks\NCH Software\SoundTapReminder => C:\Program Files\NCH Software\SoundTap\SoundTap.exe

Task: {1135BB68-D0B1-4B75-9817-6C5DC7F375B8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

Task: {139A74ED-8638-4F3E-B01C-1A841559354A} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)

Task: {1A01BC66-ACE8-4EC4-AF2B-484BC686BE1F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-01] (Google Inc.)

Task: {23CC02FE-C997-4D39-A3DF-8B7BD60F86A6} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Davie => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)

Task: {30346CC6-E909-47CB-8439-4E93245F0A5C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-27] (Adobe Systems Incorporated)

Task: {43988667-0A76-474B-A024-041C76E912A5} - System32\Tasks\{A5C06A36-B431-46FF-80C4-E69B802BB2E3} => pcalua.exe -a C:\Users\Davie\Downloads\sar_15_sfx(1).exe -d C:\Users\Davie\Downloads

Task: {482DFB24-54E0-4D8C-A8B9-38FFB7FB4613} - System32\Tasks\{4586A9F7-8D49-4011-8084-D52116E170F7} => pcalua.exe -a C:\Users\Davie\Downloads\UWC-1.6.6-setup.exe -d C:\Users\Davie\Downloads

Task: {648D1896-4029-4A3F-9F4C-572BC7BEF210} - System32\Tasks\{67136D08-7A91-4DFE-B7B3-3C424B54710B} => pcalua.exe -a C:\Users\Davie\Documents\EOSDemoInstaller-1.0.556e\EOSDemoInstaller-1.0.556e.exe -d C:\Users\Davie\Documents\EOSDemoInstaller-1.0.556e

Task: {68303AE2-A8BA-446E-8818-1131643CCA35} - System32\Tasks\{5A894DF6-971E-4012-937E-867340820B50} => pcalua.exe -a C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe -c /M{B98A34C0-A6A2-4087-B272-557C1C6D0A07}

Task: {6F3E3A57-9C56-4619-893B-2A6EEAC21C48} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-22] (Piriform Ltd)

Task: {7DB29D85-BE62-4292-9BF1-E87DF4405383} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)

Task: {81F0A997-6226-446A-9214-30354B107C25} - System32\Tasks\{27EFB552-D6D8-4D1B-BF0B-6437C9ADF7DD} => pcalua.exe -a "C:\Program Files\GameHouse\The Rise of Atlantis\GDFUninstall.exe" -d "C:\Program Files\GameHouse\The Rise of Atlantis"

Task: {8373807F-98CB-4B09-85E7-AD14798212E1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-01] (Google Inc.)

Task: {8FCFC650-8A05-42A0-9974-6978B9D11AC6} - System32\Tasks\{D913099B-469A-4779-A7DE-1AE0C2ADC6AE} => pcalua.exe -a C:\DELL\E-Center\UninstallTB.exe -d C:\Windows\system32

Task: {992FEA72-5302-4BE2-B35E-B417A23AE557} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-30905629-1660685971-3630012643-1000Core => C:\Users\Davie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-20] (Facebook Inc.)

Task: {99315673-E85E-4C73-A0B3-CA5DBA179345} - System32\Tasks\{9AEE2A97-A7DC-49C0-871E-76639E99EF06} => pcalua.exe -a C:\Users\Davie\Documents\I519-106.EXE -d C:\Users\Davie\Documents

Task: {A32288CB-C3F2-44C1-9ACC-22F933EAE8C3} - System32\Tasks\{6107023B-40B7-4271-96BB-1F283BC5B5F9} => pcalua.exe -a "C:\Users\Davie\AppData\Roaming\Google\Google Talk\uninstall.exe"

Task: {A83274D6-E6E0-4FED-A603-73B80BB18081} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-02-27] (AVAST Software)

Task: {C3A4CBB5-F05C-4C5B-B122-041EAB8AECD6} - System32\Tasks\{04111AD4-F525-4CF7-8019-6D339CDCA81F} => C:\Program Files\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)

Task: {D2F12AD7-076E-4A61-8925-8E8B64D5658A} - System32\Tasks\RtlNICDiagVistaStart => C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe [2008-03-06] (Realtek)

Task: {E714106D-3CF1-4A04-8F20-2284D92C2A09} - System32\Tasks\{73D211A9-C77E-4245-9D51-9E3F1EF57902} => pcalua.exe -a C:\Users\Davie\AppData\Local\Apps\2.0\L1YMPGED.XGQ\1G05GZ07.40T\dell..tion_e30b47f5d4a30e9e_0005.000e_4ab3a7332dd76702\Uninstaller.exe -c uninstall

Task: {F589D1AB-5214-4408-A2D4-7CF67BFBCDBF} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\RtlNICDiagVistaStart.job => C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe

Task: C:\Windows\Tasks\User_Feed_Synchronization-{482C88B6-77D7-485C-AA97-80C9C2BCAB5A}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) ==============

2015-02-27 11:51 - 2015-02-27 11:51 - 02151544 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxVMM.dll

2015-02-27 11:51 - 2015-02-27 11:51 - 00021488 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxREM.dll

2015-02-27 11:51 - 2015-02-27 11:51 - 04474224 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll

2015-03-06 07:41 - 2015-03-06 07:41 - 02918400 _____ () C:\Program Files\AVAST Software\Avast\defs\15030501\algo.dll

2012-10-12 11:00 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll

2015-02-27 11:51 - 2015-02-27 11:51 - 00317632 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll

2008-08-02 08:59 - 2008-06-13 19:34 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll

2015-02-27 11:51 - 2015-02-27 11:51 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2014-10-17 03:21 - 2014-10-17 03:21 - 00223744 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\7c1c70a15ac0d8b5995d970def1d0502\VistaBridgeLibrary.ni.dll

2015-02-11 05:00 - 2015-02-11 05:00 - 00750080 _____ () C:\Users\Davie\AppData\Roaming\Dropbox\bin\libGLESv2.dll

2015-03-06 07:54 - 2015-03-06 07:54 - 00043008 _____ () c:\users\davie\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdb5nbg.dll

2015-02-11 05:00 - 2015-02-11 05:00 - 00047616 _____ () C:\Users\Davie\AppData\Roaming\Dropbox\bin\libEGL.dll

2015-02-11 05:00 - 2015-02-11 05:00 - 00865280 _____ () C:\Users\Davie\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll

2015-02-11 05:00 - 2015-02-11 05:00 - 00200704 _____ () C:\Users\Davie\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-30905629-1660685971-3630012643-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Davie\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg

DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2

MSCONFIG\Services: Ati External Event Utility => 2

MSCONFIG\Services: Brother XP spl Service => 2

MSCONFIG\Services: BrYNSvc => 3

MSCONFIG\Services: NAUpdate => 2

MSCONFIG\Services: SftService => 2

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup

MSCONFIG\startupfolder: C:^Users^Davie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk => C:\Windows\pss\OpenOffice.org 3.1.lnk.Startup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe

MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

MSCONFIG\startupreg: autodetect => C:\Windows\system32\SupportAppXL\AutoDect.exe

MSCONFIG\startupreg: AutoStartNPSAgent => C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

MSCONFIG\startupreg: BrMfcWnd => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

MSCONFIG\startupreg: BrStsMon00 => C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN

MSCONFIG\startupreg: ControlCenter3 => C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun

MSCONFIG\startupreg: Exetender => "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup

MSCONFIG\startupreg: Facebook Update => "C:\Users\Davie\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

MSCONFIG\startupreg: FileHippo.com => "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background

MSCONFIG\startupreg: IndexSearch => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

MSCONFIG\startupreg: LifeCam => "C:\Program Files\Microsoft LifeCam\LifeExp.exe"

MSCONFIG\startupreg: Malwarebytes Anti-Malware (reboot) => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

MSCONFIG\startupreg: NeroCheck => C:\Windows\system32\NeroCheck.exe

MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

MSCONFIG\startupreg: PaperPort PTD => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

MSCONFIG\startupreg: PCMService => "C:\Program Files\Dell\MediaDirect\PCMService.exe"

MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime

MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-30905629-1660685971-3630012643-500 - Administrator - Disabled)

Davie (S-1-5-21-30905629-1660685971-3630012643-1000 - Administrator - Enabled) => C:\Users\Davie

Guest (S-1-5-21-30905629-1660685971-3630012643-501 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (03/06/2015 08:10:35 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program FRST.exe version 22.2.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.

Process ID: 169c

Start Time: 01d057a1dc67f5d7

Termination Time: 5

Error: (03/06/2015 07:41:19 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/05/2015 11:39:39 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/04/2015 05:08:55 PM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY)

Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.

Error: (03/04/2015 05:07:35 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/04/2015 08:31:38 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/27/2015 01:51:43 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/27/2015 00:14:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description:

Details:

AddWin32ServiceFiles: Unable to back up image of service comfix since QueryServiceConfig API failed

System Error:

The system cannot find the file specified.

Error: (02/27/2015 00:13:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description:

Details:

AddWin32ServiceFiles: Unable to back up image of service comfix since QueryServiceConfig API failed

System Error:

The system cannot find the file specified.

Error: (02/27/2015 00:10:06 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:

=============

Error: (03/06/2015 07:40:52 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)

Description: 2147942402

Error: (03/05/2015 00:42:37 PM) (Source: disk) (EventID: 7) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/05/2015 00:42:33 PM) (Source: disk) (EventID: 7) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/05/2015 11:39:01 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)

Description: 2147942402

Error: (03/04/2015 05:07:14 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)

Description: 2147942402

Error: (03/04/2015 08:42:44 AM) (Source: disk) (EventID: 7) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/04/2015 08:42:39 AM) (Source: disk) (EventID: 7) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/04/2015 08:34:03 AM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: MSCamSvc

Error: (03/04/2015 08:31:05 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)

Description: 2147942402

Error: (02/27/2015 01:51:17 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)

Description: 2147942402

Microsoft Office Sessions:

=========================

Error: (03/06/2015 08:10:35 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: FRST.exe22.2.2015.0169c01d057a1dc67f5d75

Error: (03/06/2015 07:41:19 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/05/2015 11:39:39 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/04/2015 05:08:55 PM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY)

Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.(NULL)(NULL)(NULL)(NULL)

Error: (03/04/2015 05:07:35 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/04/2015 08:31:38 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/27/2015 01:51:43 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/27/2015 00:14:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description:

Details:

AddWin32ServiceFiles: Unable to back up image of service comfix since QueryServiceConfig API failed

System Error:

The system cannot find the file specified.

Error: (02/27/2015 00:13:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description:

Details:

AddWin32ServiceFiles: Unable to back up image of service comfix since QueryServiceConfig API failed

System Error:

The system cannot find the file specified.

Error: (02/27/2015 00:10:06 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:

===================================

Date: 2014-07-16 09:07:24.226

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-15 18:23:15.719

Date: 2014-07-14 18:05:51.194

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-14 18:05:50.972

Date: 2014-07-14 18:05:50.746

Date: 2014-07-14 18:05:50.516

Date: 2014-07-14 16:23:12.685

Date: 2014-07-14 16:23:12.457

Date: 2014-07-14 16:23:12.230

Date: 2014-07-14 16:23:12.001

==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz

Percentage of memory in use: 39%

Total physical RAM: 3325.27 MB

Available physical RAM: 2019.5 MB

Total Pagefile: 6869.53 MB

Available Pagefile: 5656.22 MB

Total Virtual: 2047.88 MB

Available Virtual: 1915.69 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:410.46 GB) (Free:313.94 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:7.16 GB) NTFS

Drive f: (RECOVERY) (Fixed) (Total:40.23 GB) (Free:40.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 60000000)

Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)

Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)

Partition 3: (Active) - (Size=410.5 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=40.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================

#21
RKinner

Posted 05 March 2015 - 10:56 PM

Malware Expert

Expert
24,625 posts

Did you really run a boot-time scan?

Download RogueKiller and save it on your desktop.

Quit all programs

Start RogueKiller.exe.

Wait until Prescan has finished ...

Click on Scan

Wait for the end of the scan.

Send me the RKreport.txt located on your desktop.

#22
Zambian

Posted 05 March 2015 - 10:59 PM

Member

Topic Starter
Member
66 posts

in C:\ProgramData\AVAST Software\Avast\report\ there are three txt. files EmailSheildtxt. FileSystemSheild.txt. Websheild.txt no aswBoot.txt file

Yes i did run the boot scan and the report says virus found, but i am unable to copy the report, and it is too big to take a snapshot, also i was unable to find that in the Avast folder

Edited by Zambian, 05 March 2015 - 11:29 PM.

#23
Zambian

Posted 05 March 2015 - 11:03 PM

Member

Topic Starter
Member
66 posts

I keep getting a German language site when i klick on your link

#24
RKinner

Posted 05 March 2015 - 11:15 PM

Malware Expert

Expert
24,625 posts

Try:

http://www.adlice.co...res/roguekiller

Downloads are toward the bottom. You want the 32 bit version.

#25
Zambian

Posted 09 March 2015 - 10:31 PM

Member

Topic Starter
Member
66 posts

well it seems like it has happened again, I post a log and when i return it has disappeared, Yes i downloaded Roguekiller from their home page and ran the program and posted the log, when i tried to rerun this morning i was told the program was outdated and i would need to download again which i did Here are the new KR report

RogueKiller V10.5.2.0 [Mar 9 2015] by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.co...es/roguekiller/

Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User : Davie [Administrator]

Started from : C:\Program Files\RogueKiller\RogueKiller.exe

Mode : Scan -- Date : 03/10/2015 12:23:52

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 10 ¤¤¤

[Suspicious.Path] HKEY_USERS\S-1-5-21-30905629-1660685971-3630012643-1000\Software\Microsoft\Windows\CurrentVersion\Run | DellSystemDetect : C:\Users\Davie\AppData\Local\Apps\2.0\L1YMPGED.XGQ\1G05GZ07.40T\dell..tion_e30b47f5d4a30e9e_0005.000e_4ab3a7332dd76702\DellSystemDetect.exe -> Found

[Hj.RegVal] HKEY_LOCAL_MACHINE\RK_Software_ON_D_18AF\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe -> Found

[PUM.StartMenu] HKEY_USERS\S-1-5-21-30905629-1660685971-3630012643-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> Found

[PUM.StartMenu] HKEY_USERS\S-1-5-21-30905629-1660685971-3630012643-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Found

[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-30905629-1660685971-3630012643-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found

[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_18AF\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found

[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_18AF\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found

[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-30905629-1660685971-3630012643-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 2 ¤¤¤

[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

[C:\Windows\System32\drivers\etc\hosts] ::1 localhost

¤¤¤ Antirootkit : 8 (Driver: Loaded) ¤¤¤

[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CREATE[0] : Unknown @ 0x85fcd1f8

[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x85fcd1f8

[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x85fcd1f8

[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x85fcd1f8

[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_POWER[22] : Unknown @ 0x85fcd1f8

[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x85fcd1f8

[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_PNP[27] : Unknown @ 0x85fcd1f8

[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\system32\DRIVERS\1394BUS.SYS)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: ST3500620AS ATA Device +++++

--- User ---

[MBR] 30cb7ad1c12b2886795834a18526fd3d

[BSP] f447cd3dc644cd931fe7f4d39e641310 : HP MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 78 MB

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 161792 | Size: 15360 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 31619072 | Size: 420308 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 892410750 | Size: 41192 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

User = LL1 ... OK

User = LL2 ... OK

+++++ PhysicalDrive1: TEAC USB HS-CF Card USB Device +++++

Error reading User MBR! ([15] The device is not ready. )

Error reading LL1 MBR! NOT VALID!

Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: TEAC USB HS-xD/SM USB Device +++++

Error reading User MBR! ([15] The device is not ready. )

Error reading LL1 MBR! NOT VALID!

Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: TEAC USB HS-MS Card USB Device +++++

Error reading User MBR! ([15] The device is not ready. )

Error reading LL1 MBR! NOT VALID!

Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: TEAC USB HS-SD Card USB Device +++++

Error reading User MBR! ([15] The device is not ready. )

Error reading LL1 MBR! NOT VALID!

Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: Brother DCP-J315W USB Device +++++

Error reading User MBR! ([15] The device is not ready. )

Error reading LL1 MBR! NOT VALID!

Error reading LL2 MBR! ([32] The request is not supported. )

============================================

RKreport_SCN_03062015_131936.log

#26
RKinner

Posted 10 March 2015 - 10:29 AM

Malware Expert

Expert
24,625 posts

Rogue Killer found some hooks but doesn't know what they are. I would just close the program if you haven't done so already. Let's try:

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK

Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download

Latest Version button - Do NOT press the large Start Download button on the upper left!) Download, Save and Install it.

Close all browsers and open progrms before running Speccy. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Save the file and close notepad Attach the file to your next post as it is usually too large for the forum (Click on More Reply Options then Choose file, select the file, Open, Attach this File) Uninstall Speccy.

#27
Zambian

Posted 10 March 2015 - 06:10 PM

Member

Topic Starter
Member
66 posts

Here is the System Idle Process txt

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer

armsvc.exe 2,160 K 3,276 K 2364 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems

audiodg.exe 12,516 K 9,872 K 1148 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows

DockLogin.exe 1,188 K 3,516 K 1324 Dock Login Service Stardock Corporation (Verified) Stardock Corporation

dpupdchk.exe 2,220 K 3,560 K 3764 dpupdchk.exe Microsoft Corporation (Verified) Microsoft Corporation

dwm.exe 1,116 K 3,608 K 844 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows

ehmsas.exe 992 K 3,392 K 3972 Media Center Media Status Aggregator Service Microsoft Corporation (Verified) Microsoft Windows

ehtray.exe 1,384 K 1,556 K 3884 Media Center Tray Applet Microsoft Corporation (Verified) Microsoft Windows

GoogleCrashHandler.exe 2,536 K 1,000 K 3140 Google Crash Handler Google Inc. (Verified) Google Inc

lsass.exe 4,836 K 9,968 K 692 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows

lsm.exe 2,204 K 3,780 K 704 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows

mobsync.exe 3,116 K 6,296 K 4680 Microsoft Sync Center Microsoft Corporation (Verified) Microsoft Windows

MSCamS32.exe 14,416 K 10,436 K 2560 MsCamSvc.exe Microsoft Corporation (Verified) Microsoft Corporation

services.exe 2,812 K 6,312 K 640 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows

SLsvc.exe 6,300 K 4,764 K 1188 Microsoft Software Licensing Service Microsoft Corporation (Verified) Microsoft Windows

smss.exe 344 K 776 K 460 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows

svchost.exe 2,232 K 4,600 K 2604 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

svchost.exe 600 K 2,044 K 2824 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

svchost.exe 1,680 K 15,452 K 2460 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

svchost.exe 2,440 K 4,572 K 1172 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

svchost.exe 15,096 K 9,332 K 1860 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

svchost.exe 3,704 K 6,448 K 860 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

svchost.exe 48,052 K 45,644 K 4956 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

svchost.exe 16,196 K 11,584 K 1028 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

svchost.exe 9,016 K 11,092 K 1220 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

svchost.exe 3,716 K 6,944 K 4332 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

svchost.exe 3,780 K 5,960 K 936 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

taskeng.exe 2,096 K 5,676 K 1596 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows

taskeng.exe 1,456 K 4,404 K 3296 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows

taskeng.exe 9,580 K 8,644 K 2064 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows

TrustedInstaller.exe 12,716 K 15,788 K 5460 Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows

unsecapp.exe 2,228 K 4,588 K 5232 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows

VSSVC.exe 9,404 K 13,300 K 4292 Microsoft® Volume Shadow Copy Service Microsoft Corporation (Verified) Microsoft Windows

vVX1000.exe 1,604 K 4,248 K 3720 Microsoft LifeCam Device Application Microsoft Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher

wininit.exe 1,332 K 3,488 K 596 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows

winlogon.exe 2,088 K 4,892 K 668 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows

WLIDSVC.EXE 6,680 K 8,208 K 2864 Microsoft® Windows Live ID Service Microsoft Corp. (Verified) Microsoft Corporation

WLIDSVCM.EXE 948 K 2,780 K 2948 Microsoft® Windows Live ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation

WmiPrvSE.exe 9,804 K 14,084 K 5388 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows

WUDFHost.exe 2,936 K 4,316 K 3260 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows

Interrupts < 0.01 0 K 0 K n/a Hardware Interrupts and DPCs

spoolsv.exe < 0.01 9,304 K 8,396 K 1836 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows

AvastVBoxSVC.exe < 0.01 9,932 K 13,508 K 3996 AvastVirtualBox Interface Avast Software (Verified) AVAST Software a.s.

ipoint.exe < 0.01 7,940 K 15,000 K 3668 IPoint.exe Microsoft Corporation (Verified) Microsoft Corporation

SearchIndexer.exe < 0.01 41,776 K 17,100 K 2888 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows

svchost.exe < 0.01 6,824 K 6,244 K 2748 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

SASCORE.EXE < 0.01 2,084 K 3,248 K 2348 Core Service SUPERAntiSpyware.com (Verified) SUPERAntiSpyware.com

afwServ.exe < 0.01 5,716 K 5,848 K 1628 avast! firewall service AVAST Software (Verified) AVAST Software a.s.

InputPersonalization.exe < 0.01 6,384 K 4,996 K 2644 Input Personalization Server Microsoft Corporation (Verified) Microsoft Windows

svchost.exe < 0.01 98,836 K 99,592 K 1056 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

DellSystemDetect.exe < 0.01 24,656 K 22,596 K 3480 Dell System Detect Dell (Verified) Dell Inc.

Dropbox.exe < 0.01 72,704 K 77,048 K 2212 Dropbox Dropbox, Inc. (Verified) Dropbox

svchost.exe < 0.01 22,748 K 20,448 K 1468 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

c2c_service.exe < 0.01 3,056 K 4,708 K 2700 Skype C2C Service Skype Technologies S.A. (Verified) Skype Technologies SA

CCleaner.exe < 0.01 9,772 K 9,628 K 1356 CCleaner Piriform Ltd (Verified) Piriform Ltd

avastui.exe < 0.01 20,432 K 21,808 K 3768 avast! Antivirus AVAST Software (Verified) AVAST Software a.s.

AvastSvc.exe < 0.01 104,672 K 37,600 K 1584 avast! Service AVAST Software (Verified) AVAST Software a.s.

csrss.exe < 0.01 1,972 K 5,876 K 536 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows

DellDock.exe < 0.01 33,764 K 21,108 K 3148 Dell Dock Stardock Corporation (Verified) Stardock Corporation

WinMail.exe < 0.01 35,612 K 38,480 K 1364 Windows Mail Microsoft Corporation (Verified) Microsoft Windows

explorer.exe < 0.01 32,440 K 40,196 K 2136 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows

XAudio.exe < 0.01 820 K 2,288 K 3268 Modem Audio Service Conexant Systems, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher

WmiPrvSE.exe < 0.01 3,432 K 6,336 K 5304 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows

wmpnetwk.exe < 0.01 13,680 K 19,856 K 5800 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows

Skype.exe < 0.01 117,580 K 122,112 K 3036 Skype Skype Technologies S.A. (Verified) Skype Software Sarl

csrss.exe < 0.01 11,128 K 11,376 K 608 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows

System < 0.01 0 K 44,236 K 4

procexp.exe 0.39 24,080 K 31,104 K 6096 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation

svchost.exe 1.16 630,744 K 627,880 K 1068 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

System Idle Process 98.45 0 K 24 K 0

#28
Zambian

Posted 10 March 2015 - 06:26 PM

Member

Topic Starter
Member
66 posts

Here is the file from Speccy

Attached Files

DAVIE-PC.txt 874.09KB 131 downloads

#29
RKinner

Posted 10 March 2015 - 08:41 PM

Malware Expert

Expert
24,625 posts

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt

notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.

Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)

1. Please download the Event Viewer Tool by Vino Rosso

http://images.malwar...om/vino/VEW.exe

and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator

3. Under 'Select log to query', select:

* System

4. Under 'Select type to list', select:

* Error

* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Is it still slow? Do you still get popups?

#30
Zambian

Posted 11 March 2015 - 12:55 AM

Member

Topic Starter
Member
66 posts

Administer command log, hope i did that right,

Microsoft Windows [Version 6.0.6002]

C:\Windows\system32>Microsoft Windows [Version 6.0.6002]

'Microsoft' is not recognized as an internal or external command,

operable program or batch file.

ed.

'Copyright' is not recognized as an internal or external command,

operable program or batch file.

C:\Windows\system32>

C:\Windows\system32>C:\Windows\system32>sfc/scannow

The system cannot find the path specified.

C:\Windows\system32>

C:\Windows\system32>Beginning system scan. This process will take some time.

'Beginning' is not recognized as an internal or external command,

operable program or batch file.

C:\Windows\system32>

C:\Windows\system32>Beginning verification phase of system scan.

'Beginning' is not recognized as an internal or external command,

operable program or batch file.

C:\Windows\system32>Verification 100% complete.

'Verification' is not recognized as an internal or external command,

operable program or batch file.

C:\Windows\system32>Windows Resource Protection found corrupt files but was unab

le to fix some of th

'Windows' is not recognized as an internal or external command,

operable program or batch file.

C:\Windows\system32>em.

'em.' is not recognized as an internal or external command,

operable program or batch file.

C:\Windows\system32>Details are included in the CBS.Log windir\Logs\CBS\CBS.log.

For example

'Details' is not recognized as an internal or external command,

operable program or batch file.

C:\Windows\system32>C:\Windows\Logs\CBS\CBS.log

Access is denied.

C:\Windows\system32>

C:\Windows\system32>C:\Windows\system32>findstr/c."[SR]"\windows\logs\cbs\cbs.lo

g>\windows\logs\cbs\

The system cannot find the path specified.

C:\Windows\system32>junk.txt

'junk.txt' is not recognized as an internal or external command,

operable program or batch file.

C:\Windows\system32>FINDSTR: /c ignored

'FINDSTR:' is not recognized as an internal or external command,

operable program or batch file.

C:\Windows\system32>FINDSTR: /. ignored

'FINDSTR:' is not recognized as an internal or external command,

operable program or batch file.

C:\Windows\system32>FINDSTR: /[ ignored

'FINDSTR:' is not recognized as an internal or external command,

operable program or batch file.

C:\Windows\system32>FINDSTR: /] ignored

'FINDSTR:' is not recognized as an internal or external command,

operable program or batch file.

C:\Windows\system32>FINDSTR: /\ ignored

'FINDSTR:' is not recognized as an internal or external command,

operable program or batch file.

C:\Windows\system32>FINDSTR: /w ignored

'FINDSTR:' is not recognized as an internal or external command,

operable program or batch file.

C:\Windows\system32>FINDSTR: /d ignored

'FINDSTR:' is not recognized as an internal or external command,

operable program or batch file.

C:\Windows\system32>FINDSTR: /w ignored

'FINDSTR:' is not recognized as an internal or external command,

operable program or batch file.

C:\Windows\system32>FINDSTR: /\ ignored

'FINDSTR:' is not recognized as an internal or external command,

operable program or batch file.

C:\Windows\system32>FINDSTR: /g ignored

'FINDSTR:' is not recognized as an internal or external command,

operable program or batch file.

C:\Windows\system32>FINDSTR: /\ ignored

'FINDSTR:' is not recognized as an internal or external command,

operable program or batch file.

C:\Windows\system32>FINDSTR: /c ignored

'FINDSTR:' is not recognized as an internal or external command,

operable program or batch file.

C:\Windows\system32>FINDSTR: /\ ignored

'FINDSTR:' is not recognized as an internal or external command,

operable program or batch file.

C:\Windows\system32>FINDSTR: /c ignored

'FINDSTR:' is not recognized as an internal or external command,

operable program or batch file.

C:\Windows\system32>FINDSTR: /. ignored

'FINDSTR:' is not recognized as an internal or external command,

operable program or batch file.

C:\Windows\system32>FINDSTR: /g ignored

'FINDSTR:' is not recognized as an internal or external command,

operable program or batch file.

C:\Windows\system32>Specify only /L or /R.

'Specify' is not recognized as an internal or external command,

operable program or batch file.

C:\Windows\system32>

C:\Windows\system32>C:\Windows\system32>notepad\windows\logs\cbs\junk.txt

The system cannot find the path specified.

C:\Windows\system32>The system cannot find the path specified.

'The' is not recognized as an internal or external command,

operable program or batch file.

C:\Windows\system32>

C:\Windows\system32>C:\Windows\system32>

The syntax of the command is incorrect.

C:\Windows\system32>

Back to Virus, Spyware, Malware Removal · Next Unread Topic →

As Featured On:

Geeks to Go Forum 343,327 topics
Quick Links FAQ Malware Cleaning Guide How it Works
Downloads 2+ million

View New Content

Computer running slow and browser not blocking popups

#16
Zambian

Posted 04 March 2015 - 01:07 AM

Advertisements

#17
RKinner

Posted 04 March 2015 - 06:38 AM

#18
Zambian

Posted 04 March 2015 - 09:56 PM

#19
RKinner

Posted 05 March 2015 - 02:22 PM

#20
Zambian

Posted 05 March 2015 - 06:19 PM

#21
RKinner

Posted 05 March 2015 - 10:56 PM

#22
Zambian

Posted 05 March 2015 - 10:59 PM

#23
Zambian

Posted 05 March 2015 - 11:03 PM

#24
RKinner

Posted 05 March 2015 - 11:15 PM

#25
Zambian

Posted 09 March 2015 - 10:31 PM

Advertisements

#26
RKinner

Posted 10 March 2015 - 10:29 AM

#27
Zambian

Posted 10 March 2015 - 06:10 PM

#28
Zambian

Posted 10 March 2015 - 06:26 PM

Attached Files

#29
RKinner

Posted 10 March 2015 - 08:41 PM

#30
Zambian

Posted 11 March 2015 - 12:55 AM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Computer running slow and browser not blocking popups

#16 Zambian Posted 04 March 2015 - 01:07 AM

Advertisements

#17 RKinner Posted 04 March 2015 - 06:38 AM

#18 Zambian Posted 04 March 2015 - 09:56 PM

#19 RKinner Posted 05 March 2015 - 02:22 PM

#20 Zambian Posted 05 March 2015 - 06:19 PM

#21 RKinner Posted 05 March 2015 - 10:56 PM

#22 Zambian Posted 05 March 2015 - 10:59 PM

#23 Zambian Posted 05 March 2015 - 11:03 PM

#24 RKinner Posted 05 March 2015 - 11:15 PM

#25 Zambian Posted 09 March 2015 - 10:31 PM

Advertisements

#26 RKinner Posted 10 March 2015 - 10:29 AM

#27 Zambian Posted 10 March 2015 - 06:10 PM

#28 Zambian Posted 10 March 2015 - 06:26 PM

Attached Files

#29 RKinner Posted 10 March 2015 - 08:41 PM

#30 Zambian Posted 11 March 2015 - 12:55 AM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Sign In

#16
Zambian

Posted 04 March 2015 - 01:07 AM

#17
RKinner

Posted 04 March 2015 - 06:38 AM

#18
Zambian

Posted 04 March 2015 - 09:56 PM

#19
RKinner

Posted 05 March 2015 - 02:22 PM

#20
Zambian

Posted 05 March 2015 - 06:19 PM

#21
RKinner

Posted 05 March 2015 - 10:56 PM

#22
Zambian

Posted 05 March 2015 - 10:59 PM

#23
Zambian

Posted 05 March 2015 - 11:03 PM

#24
RKinner

Posted 05 March 2015 - 11:15 PM

#25
Zambian

Posted 09 March 2015 - 10:31 PM

#26
RKinner

Posted 10 March 2015 - 10:29 AM

#27
Zambian

Posted 10 March 2015 - 06:10 PM

#28
Zambian

Posted 10 March 2015 - 06:26 PM

#29
RKinner

Posted 10 March 2015 - 08:41 PM

#30
Zambian

Posted 11 March 2015 - 12:55 AM