Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help! Cryptowall virus on computer!

Started by sarahb16 , Mar 29 2015 07:33 PM

  • Please log in to reply

#16
sarahb16
Posted 02 April 2015 - 05:56 PM

sarahb16

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Mitch (administrator) on KRIS-PC on 02-04-2015 19:54:59
Running from C:\Users\Mitch\Desktop
Loaded Profiles: Mitch (Available profiles: Mitch & Sarah)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_f86438be\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\BM\TMBMSRV.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Primax Electronics Ltd.) C:\Windows\System32\ico.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Users\Mitch\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Primax Electronics Ltd.) C:\Windows\System32\pmxmiced.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_305_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [PMX Daemon] => C:\Windows\system32\ICO.EXE [91648 2006-11-08] (Primax Electronics Ltd.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-15] (Intel Corporation)
HKLM\...\Run: [UfSeAgnt.exe] => C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [1290504 2011-01-22] (Trend Micro Inc.)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [443904 2008-06-26] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [WinampAgent] => "C:\Program Files (x86)\Winamp\winampa.exe"
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [417792 2010-02-15] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-3003745939-3766210737-3386188188-1004\...\Run: [Amazon Music] => C:\Users\Mitch\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()
HKU\S-1-5-21-3003745939-3766210737-3386188188-1004\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3003745939-3766210737-3386188188-1004\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_305_ActiveX.exe [960688 2015-02-05] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.HTML ()
Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG ()
Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT ()
InternetURL: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://7oqnsnzwwnm6zb7y.icepaytor.com/4j730
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3003745939-3766210737-3386188188-1004\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...&p={searchTerms}
HKU\S-1-5-21-3003745939-3766210737-3386188188-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
HKU\S-1-5-21-3003745939-3766210737-3386188188-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...t&type=avastbcl
URLSearchHook: HKLM-x32 - (No Name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - No File
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3003745939-3766210737-3386188188-1004 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-08-23] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-07-06] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-08-23] (Oracle Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-03-26] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-20] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-07-06] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: No Name -> {C56CB6B0-0D96-11D6-8C65-B2868B609932} ->  No File
BHO-x32: No Name -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} ->  No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-20] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\aj64lc09.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @java.com/DTPlugin,version=10.6.2 -> C:\Windows\system32\npDeployJava1.dll [2012-08-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.6.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-08-23] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2008-11-06] (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll [2008-12-10] (DivX, Inc)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-03-26] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009-02-06] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2012-03-26] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2010-03-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2010-03-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2010-03-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2010-03-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2010-03-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2010-03-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2010-03-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll [2010-02-15] (RealNetworks, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-11-14]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-06]

Chrome:
=======
CHR Profile: C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-06]
CHR Extension: (Google Drive) - C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-06]
CHR Extension: (YouTube) - C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-06]
CHR Extension: (Google Search) - C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-06]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-08]
CHR Extension: (Google Wallet) - C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-06]
CHR Extension: (Gmail) - C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-06]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-06]
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Kris\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-06] (AVAST Software)
R2 CTDevice_Srv; C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) [File not signed]
S3 CTUPnPSv; C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd) [File not signed]
S3 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S4 MSSQL$BWDATOOLSET; c:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 SfCtlCom; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [820488 2011-01-22] (Trend Micro Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_f86438be\STacSV64.exe [246272 2008-06-26] (IDT, Inc.)
R2 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [563464 2011-01-22] (Trend Micro Inc.)
S3 TmPfw; C:\Program Files\Trend Micro\Internet Security\TmPfw.exe [587696 2011-01-22] (Trend Micro Inc.)
S3 tmproxy; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [854280 2011-01-22] (Trend Micro Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
S3 DAUpdaterSvc; c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-06] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [0 2014-07-06] () <==== ATTENTION (zero size file/folder)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-07-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-06] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-07-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-06] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310728 2009-03-14] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2009-03-14] ()
S3 motport; C:\Windows\System32\DRIVERS\motport.sys [31744 2013-03-19] (Motorola Mobility Inc)
S3 Secdrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [14304 1999-07-28] () [File not signed]
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [192528 2011-01-22] (Trend Micro Inc.)
R2 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [42768 2011-07-12] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [80912 2011-01-22] (Trend Micro Inc.)
R2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [277008 2011-01-22] (Trend Micro Inc.)
R2 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [342288 2011-07-12] (Trend Micro Inc.)
R2 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [2077456 2011-07-12] (Trend Micro Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-02 19:54 - 2015-04-02 19:54 - 00009222 _____ () C:\Users\Mitch\Desktop\fixlist.txt
2015-04-02 15:15 - 2015-04-02 15:15 - 00032908 _____ () C:\Users\Mitch\Desktop\Addition.txt
2015-04-02 15:14 - 2015-04-02 19:55 - 00023931 _____ () C:\Users\Mitch\Desktop\FRST.txt
2015-04-02 15:14 - 2015-03-29 21:04 - 02095616 _____ (Farbar) C:\Users\Mitch\Desktop\FRST64.exe
2015-04-01 20:43 - 2015-04-01 20:43 - 00028524 _____ () C:\Users\Sarah\Desktop\Addition.txt
2015-03-31 20:52 - 2015-03-31 20:53 - 00632536 _____ () C:\Users\Sarah\Desktop\ESETPoweliksCleaner.exe_20150331.205249.9828.log
2015-03-31 20:52 - 2015-03-31 20:52 - 00000022 _____ () C:\Users\Sarah\Desktop\ESETPoweliksCleaner.exe_20150331.205249.9828.zip
2015-03-31 20:51 - 2015-03-31 20:47 - 00221384 _____ (ESET) C:\Users\Sarah\Desktop\ESETPoweliksCleaner.exe
2015-03-31 20:18 - 2015-03-31 20:25 - 00000000 ___SD () C:\ComboFix
2015-03-31 20:13 - 2015-03-30 23:26 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Sarah\Desktop\TDSSKiller.exe
2015-03-30 23:09 - 2015-03-30 23:09 - 00000000 ____D () C:\Windows\erdnt
2015-03-30 23:09 - 2015-03-30 23:09 - 00000000 ____D () C:\Qoobox
2015-03-30 23:09 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-30 23:09 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-30 23:09 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-30 23:09 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-30 23:09 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-30 23:09 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-30 23:09 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-30 23:09 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-30 23:08 - 2015-03-30 23:05 - 05617067 ____R (Swearware) C:\Users\Sarah\Desktop\ComboFix.exe
2015-03-30 22:24 - 2015-03-30 22:24 - 00008546 _____ () C:\Users\Sarah\HELP_DECRYPT.HTML
2015-03-30 22:24 - 2015-03-30 22:24 - 00008546 _____ () C:\Users\Sarah\Downloads\HELP_DECRYPT.HTML
2015-03-30 22:24 - 2015-03-30 22:24 - 00004210 _____ () C:\Users\Sarah\HELP_DECRYPT.TXT
2015-03-30 22:24 - 2015-03-30 22:24 - 00004210 _____ () C:\Users\Sarah\Downloads\HELP_DECRYPT.TXT
2015-03-30 22:24 - 2015-03-30 22:24 - 00000272 _____ () C:\Users\Sarah\HELP_DECRYPT.URL
2015-03-30 22:24 - 2015-03-30 22:24 - 00000272 _____ () C:\Users\Sarah\Downloads\HELP_DECRYPT.URL
2015-03-30 22:16 - 2015-03-30 22:16 - 00000000 ____D () C:\ProgramData\LadjaLkovz
2015-03-29 21:13 - 2015-04-01 20:43 - 00032325 _____ () C:\Users\Sarah\Desktop\FRST.txt
2015-03-29 21:09 - 2015-04-02 19:55 - 00000000 ____D () C:\FRST
2015-03-29 21:08 - 2015-03-29 21:04 - 02095616 _____ (Farbar) C:\Users\Sarah\Desktop\FRST64.exe
2015-03-29 20:55 - 2015-03-29 20:55 - 00000732 _____ () C:\Users\Sarah\AppData\Local\d3d9caps64.dat
2015-03-26 23:47 - 2015-03-26 23:47 - 00002772 _____ () C:\Windows\System32\Tasks\task432902228
2015-03-22 17:08 - 2015-03-22 17:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-10 19:26 - 2015-03-10 19:26 - 14487928 _____ (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) C:\Users\Mitch\Downloads\R78500.EXE
2015-03-10 19:25 - 2015-03-10 19:25 - 08874624 _____ (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) C:\Users\Mitch\Downloads\R87461.EXE
2015-03-07 02:55 - 2015-03-08 14:03 - 00005120 _____ () C:\Users\Mitch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-02 19:52 - 2009-01-15 10:11 - 01678661 _____ () C:\Windows\WindowsUpdate.log
2015-04-02 19:25 - 2014-06-30 22:04 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-02 19:11 - 2012-06-16 21:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-02 18:54 - 2006-11-02 11:22 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-02 18:54 - 2006-11-02 11:22 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-02 15:14 - 2014-06-30 22:04 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-02 15:13 - 2009-04-13 21:20 - 00000000 ____D () C:\temp
2015-03-31 21:00 - 2006-11-02 08:46 - 00838784 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-31 20:54 - 2014-07-14 19:40 - 00010280 _____ () C:\Windows\system32\spsys.log
2015-03-31 20:54 - 2011-01-22 11:16 - 00058400 _____ () C:\Windows\PFRO.log
2015-03-31 20:54 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-31 20:53 - 2006-11-02 11:42 - 00032568 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-30 22:24 - 2015-02-18 14:43 - 00000000 ____D () C:\Users\Sarah\Downloads\comicpress
2015-03-30 22:24 - 2014-06-30 22:01 - 00000000 ____D () C:\Users\Sarah
2015-03-30 22:01 - 2014-07-06 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2015-03-30 21:57 - 2014-10-08 21:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-29 21:13 - 2014-01-24 11:15 - 00000000 ____D () C:\Users\Mitch
2015-03-27 09:04 - 2014-10-02 21:14 - 00000000 ____D () C:\Users\Mitch\AppData\Roaming\Skype
2015-03-27 00:32 - 2014-07-03 00:23 - 00000680 _____ () C:\Users\Sarah\AppData\Local\d3d9caps.dat
2015-03-26 23:49 - 2014-10-08 21:54 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Mozilla
2015-03-26 23:49 - 2014-07-01 21:56 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Skype
2015-03-26 23:49 - 2014-07-01 21:56 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Skype
2015-03-26 23:49 - 2014-06-30 22:02 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Adobe
2015-03-26 23:48 - 2014-07-01 23:46 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Apple Computer
2015-03-26 23:48 - 2014-06-30 22:03 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Google
2015-03-26 23:47 - 2012-08-28 18:22 - 00000000 ____D () C:\ProgramData\Battle.net
2015-03-26 23:47 - 2010-03-14 20:10 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-03-21 20:14 - 2014-06-30 22:05 - 00002027 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-10 19:23 - 2006-11-02 11:27 - 00168974 _____ () C:\Windows\setupact.log
2015-03-08 10:18 - 2015-02-28 18:10 - 00000000 ____D () C:\Users\Mitch\Documents\red usb drive

==================== Files in the root of some directories =======

2014-01-24 16:23 - 2014-10-16 09:07 - 0000680 _____ () C:\Users\Mitch\AppData\Local\d3d9caps.dat
2015-03-07 02:55 - 2015-03-08 14:03 - 0005120 _____ () C:\Users\Mitch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-11-14 14:46 - 2014-01-23 16:28 - 0006754 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Mitch\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Mitch\AppData\Local\Temp\ose00000.exe
C:\Users\Mitch\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Sarah\AppData\Local\Temp\repfix.exe

Some zero byte size files/folders:
==========================
C:\Windows\System32\Drivers\aswMonFlt.sys

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-04-02 09:23

==================== End Of Log ============================


  • 0

Advertisements

#17
sarahb16
Posted 02 April 2015 - 05:57 PM

sarahb16

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Mitch at 2015-04-02 19:55:31
Running from C:\Users\Mitch\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Trend Micro Internet Security (Disabled - Out of date) {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
AS: Trend Micro Internet Security (Disabled - Out of date) {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Trend Micro Personal Firewall (Disabled) {70A91CD9-303D-A217-A80E-6DEE136EDB2B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AAC Decoder (HKLM-x32\...\{AEF9DC35ADDF4825B049ACBFD1C6EB37}) (Version: 7.1.0 - DivX, Inc.)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader 9.5.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.1 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-3003745939-3766210737-3386188188-1004\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.008.0409.2230 - )
ATI Catalyst Install Manager (HKLM\...\{9C81B8DC-A1C2-56E3-A22B-FC00C0DE1454}) (Version: 3.0.719.0 - ATI Technologies, Inc.)
AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Browser Address Error Redirector (HKLM-x32\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version:  - )
Browser Address Error Redirector (HKLM-x32\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
ccc-core-static (x32 Version: 2008.0409.2231.38463 - ATI) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.74.00 - Conexant)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Copy (x32 Version: 130.0.366.000 - Hewlett-Packard) Hidden
Creative Centrale (x32 Version: 1.03.01 - Creative Technology Ltd.) Hidden
Creative Software Update (x32 Version: 1.01.02 - Creative Technology Ltd.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
Digital Line Detect (HKLM-x32\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
DivX Codec (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.8.5 - DivX, Inc.)
DivX Player (HKLM-x32\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.0.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM-x32\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Version Checker (HKLM-x32\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.0.0.19 - DivX, Inc.)
DivX Web Player (HKLM-x32\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.4.2 - DivX,Inc.)
DJ_AIO_05_F4400_Software_Min (x32 Version: 130.0.448.000 - Hewlett-Packard) Hidden
Dragon Age Toolset (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.01 - Electronic Arts, Inc.)
DVDx 2 (HKLM-x32\...\{4EC8B911-98AB-4819-B5EE-D32E8A0A8AAA}_is1) (Version: 2.20 - labDV®)
EDocs (HKLM-x32\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version:  - )
F4400 (x32 Version: 130.0.448.000 - Hewlett-Packard) Hidden
Feedback Tool (HKLM-x32\...\{90024193-9F13-4877-89D5-A1CDF0CBBF28}) (Version: 1.1.0 - Microsoft Corporation)
Game Elements PC Recoil Pad (HKLM-x32\...\Game Elements PC Recoil Pad) (Version:  - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
GTK+ Runtime 2.14.6 rev a (remove only) (HKLM-x32\...\GTK 2.0) (Version:  - )
H.264 Decoder (HKLM-x32\...\{A96E97134CA649888820BCDE5E300BBD}) (Version: 1.0.0 - DivX, Inc.)
Hauppauge MCE XP/Vista Software Encoder (2.0.25296) (HKLM-x32\...\Hauppauge MCE2005 Software Encoder) (Version: 2.0.25296 - Hauppauge Computer Works, Inc.)
Hauppauge TV Tuner Driver (x32 Version: 2.0.25312 - Hauppauge Computer Works) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet F4400 Printer Driver Software 13.0 Rel .5 (HKLM\...\{5AEBB4A3-6878-4CEE-AD34-0F6958A983F0}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 6 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417006FF}) (Version: 7.0.60 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java™ 6 Update 13 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216013F0}) (Version: 6.0.130 - Sun Microsystems, Inc.)
Java™ 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Java™ 6 Update 7 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
Juniper Networks Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 1.3.1.6 - Juniper Networks)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Media Player Classic - Home Cinema 1.6.0.4014 x64 (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.6.0.4014 - MPC-HC Team)
Memorex exPressit Label Design Studio (HKLM-x32\...\MVApplication1) (Version:  - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{86A4C6D9-29EE-4719-AFA1-BA3341862B83}) (Version: 3.4.54.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{1FDA5A37-B22D-43FF-B582-B8964050DC13}) (Version: 3.4.18.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Meeting 2005 (HKLM-x32\...\{AB6972B2-CF5D-4CC8-AF4F-B5D6888AB120}) (Version: 7.9.3812.0 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MKV Splitter (HKLM-x32\...\{AAC389499AEF40428987B3D30CFC76C9}) (Version: 1.0.0 - DivX, Inc.)
Modem Diagnostic Tool (HKLM\...\{0335701D-8E28-4A7F-B0EF-312974755BB2}) (Version: 1.0.24.0 - Dell)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
Mouse Suite for Desktop Computers (HKLM-x32\...\{448E2D77-E504-4221-B2C2-93646B344729}) (Version: 2.50.025 - Dell)
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
NetWaiting (HKLM-x32\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.53 - BVRP Software, Inc)
NVIDIA PhysX (HKLM-x32\...\{9530AE42-DAE1-4619-9594-B23487285D17}) (Version: 9.11.1107 - NVIDIA Corporation)
Paint Shop Pro 7 Try And Buy (HKLM-x32\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.4.0000 - Jasc Software Inc)
Philips Retractable PC Controller (HKLM-x32\...\Philips Retractable PC Controller) (Version:  - )
QuickTime (HKLM-x32\...\{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}) (Version: 7.65.17.80 - Apple Inc.)
Real Alternative 2.0.2 (HKLM-x32\...\RealAlt_is1) (Version: 2.0.2 - )
RiffTrax DVD Player (x32 Version: 1.9.8.8 - RiffTrax) Hidden
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
SDP Downloader (HKLM-x32\...\{B547CB8D-549A-436E-97B5-E79F911B11E2}) (Version: 2.3.0 - SDP Multimedia)
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skins (x32 Version: 2008.0409.2231.38463 - ATI) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Super Mario Bros. X (HKLM-x32\...\Super Mario Bros. X) (Version:  - )
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
Trend Micro Internet Security (HKLM\...\{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}) (Version: 16.60 - Trend Micro Inc.)
Trend Micro Internet Security (Version: 16.60 - Trend Micro Inc.) Hidden
uTorrentControl2 Toolbar (HKLM-x32\...\uTorrentControl2 Toolbar) (Version: 6.8.11.4 - uTorrentControl2) <==== ATTENTION
Vista Codec Package (HKLM-x32\...\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}) (Version: 5.1.3 - Shark007)
VistaCodecs x64 Components v1.7.0 (HKLM\...\VistaCodecs x64 Components_is1) (Version: 1.7.0 - Shark007)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Media Encoder 9 Series x64 Edition (HKLM\...\Windows Media Encoder 9) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

20-03-2015 23:20:22 Scheduled Checkpoint
23-03-2015 05:21:56 Scheduled Checkpoint
24-03-2015 01:59:07 Windows Update
25-03-2015 00:00:26 Scheduled Checkpoint
27-03-2015 04:02:24 Scheduled Checkpoint
29-03-2015 21:30:48 Windows Update
31-03-2015 22:10:16 Scheduled Checkpoint
02-04-2015 00:00:06 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 08:34 - 2009-09-08 06:32 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02ADC3D5-095C-48E9-B11A-2339776498CF} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
Task: {0A7C9C56-BCC7-4C52-BBDA-370E3619CF6C} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Kris => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)
Task: {1372F740-5389-4AC5-938D-F1EC737F64E3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-30] (Google Inc.)
Task: {26C5F298-465E-4F7F-9FDF-A9ECBC66A15C} - System32\Tasks\Leader Technologies\PowerRegister\Seagate NA0LH4H4 Product Registration (Kris) => C:\Users\Kris\AppData\Roaming\Leadertech\PowerRegister\Seagate NA0LH4H4 Product Registration.exe
Task: {2CE3C139-BCB0-42D3-829D-86EABB78AF18} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-30] (Google Inc.)
Task: {3858CBB8-7B4B-4FAE-914C-56BB9591A536} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {3958734D-F6E2-449C-96FC-CF43A70D9EB3} - System32\Tasks\93c88880 => C:\Users\Kris\AppData\Local\Temp\\setup2290491264.exe <==== ATTENTION
Task: {3FDFBEEF-8F6E-42CE-89FD-9A19136A7245} - System32\Tasks\task432902228
Task: {3FFE5F48-FAEE-4C27-A54E-9F1E080987FD} - System32\Tasks\{C154E818-EDC2-4ECC-89F8-10F33599A2B4} => pcalua.exe -a C:\Users\Kris\nesten-061b2pre.exe
Task: {4E36648C-4E9E-4CEE-B083-D896AFE34512} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {650F69E6-2E52-43B3-9904-096245C6B1FF} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {B5906F45-97AC-4A14-B4FD-CA71CE1480D1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-06] (AVAST Software)
Task: {C03D36FD-FC1B-49B9-A519-924ABEF8C52A} - System32\Tasks\{F39E13D9-1AC7-48FF-9C87-E9196BBC483C} => pcalua.exe -a C:\Users\Kris\9-4_vista64_win7_64_dd.exe -d C:\Users\Kris
Task: {D31EC254-4B82-4328-99D2-4BA7E1FE1804} - System32\Tasks\{AB2BCA31-D4A8-B05D-6BDA-F2CD77AC0341} => C:\Users\Sarah\AppData\Roaming\dvdmbtb.dll [2014-09-16] () <==== ATTENTION
Task: {F4123A61-6A81-41F9-B7E3-0C7924AE46C8} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2011-01-22 11:34 - 2011-01-22 11:34 - 00205064 _____ () C:\Program Files\Trend Micro\Internet Security\UfPack.dll
2009-01-15 17:42 - 2009-03-16 16:26 - 00120320 _____ () C:\Windows\system32\atitmm64.dll
2015-01-16 00:41 - 2014-12-08 02:27 - 06277952 _____ () C:\Users\Mitch\AppData\Local\Amazon Music\Amazon Music Helper.exe
2014-08-27 10:56 - 2014-08-27 10:56 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\8e096e2e926e5c3322b933ec71be999a\VistaBridgeLibrary.ni.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-31 11:05 - 2013-10-31 11:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2014-07-06 17:16 - 2014-07-06 17:16 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-07-06 17:16 - 2014-07-06 17:16 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:8B4F37E5

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3003745939-3766210737-3386188188-1004\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: dbWIMgmt => rundll32.exe "C:\Users\Kris\AppData\Local\SysMain64\dbWIMgmt.dll",Devobjmm msGL80

==================== Accounts: =============================

Administrator (S-1-5-21-3003745939-3766210737-3386188188-500 - Administrator - Disabled)
Guest (S-1-5-21-3003745939-3766210737-3386188188-501 - Limited - Enabled)
Mitch (S-1-5-21-3003745939-3766210737-3386188188-1004 - Administrator - Enabled) => C:\Users\Mitch
Sarah (S-1-5-21-3003745939-3766210737-3386188188-1005 - Limited - Enabled) => C:\Users\Sarah

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/31/2015 09:00:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application IEXPLORE.EXE, version 9.0.8112.16563, time stamp 0x53d14764, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e00, exception code 0xc0000005, fault offset 0x00030226,
process id 0x10f8, application start time 0xIEXPLORE.EXE0.

Error: (03/31/2015 08:55:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/30/2015 10:50:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16563 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 2460
Start Time: 01d06b5c9e4e4837
Termination Time: 0

Error: (03/30/2015 10:48:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16563, time stamp 0x4549b470, faulting module Flash32_16_0_0_305.ocx, version 16.0.0.305, time stamp 0x54cff11b, exception code 0xc0000005, fault offset 0x0065cd8c,
process id 0x1e98, application start time 0xiexplore.exe0.

Error: (03/30/2015 10:43:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 9.0.8112.16563 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1028
Start Time: 01d06b5ae18b0777
Termination Time: 0

Error: (03/30/2015 10:27:58 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SARAH\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\HELP_DECRYPT.URL> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (03/30/2015 10:27:58 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SARAH\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\HELP_DECRYPT.URL> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (03/30/2015 10:27:58 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SARAH\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\HELP_DECRYPT.TXT> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (03/30/2015 10:27:58 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SARAH\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\HELP_DECRYPT.TXT> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (03/30/2015 10:27:58 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SARAH\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\HELP_DECRYPT.PNG> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

System errors:
=============
Error: (03/31/2015 08:55:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: avast! AntivirusaswMonFlt%%193

Error: (03/31/2015 08:55:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: aswMonFlt%%193

Error: (03/31/2015 08:17:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: hpqcxs084

Error: (03/31/2015 09:11:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: hpqcxs083

Error: (03/30/2015 11:10:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: hpqcxs082

Error: (03/30/2015 11:09:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: HP CUE DeviceDiscovery Service1

Error: (03/30/2015 11:09:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: hpqcxs081

Error: (03/30/2015 10:14:51 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Windows Update

Error: (03/30/2015 10:11:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: avast! AntivirusaswMonFlt%%193

Error: (03/30/2015 10:11:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: aswMonFlt%%193

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2012-09-08 20:13:56.761
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Kris\TIS17.5pro_dell_en_setup\Setup\Engine\32bit\0x22000040\tmevtmgr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-08 20:13:56.612
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Kris\TIS17.5pro_dell_en_setup\Setup\Engine\32bit\0x22000040\tmevtmgr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-08 20:13:56.465
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Kris\TIS17.5pro_dell_en_setup\Setup\Engine\32bit\0x22000040\tmevtmgr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-08 20:13:56.291
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Kris\TIS17.5pro_dell_en_setup\Setup\Engine\32bit\0x22000040\tmevtmgr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-08 20:08:52.176
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Kris\en-US_TISDell_Download\Setup\Engine\32bit\0x22000040\tmevtmgr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-08 20:08:52.028
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Kris\en-US_TISDell_Download\Setup\Engine\32bit\0x22000040\tmevtmgr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-08 20:08:51.881
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Kris\en-US_TISDell_Download\Setup\Engine\32bit\0x22000040\tmevtmgr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-08 20:08:51.709
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Kris\en-US_TISDell_Download\Setup\Engine\32bit\0x22000040\tmevtmgr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-01 21:25:08.895
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\DisplayFusion\DisplayFusionHookx64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-01 21:25:08.741
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\DisplayFusion\DisplayFusionHookx64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q8300 @ 2.50GHz
Percentage of memory in use: 77%
Total physical RAM: 6077.03 MB
Available physical RAM: 1394.78 MB
Total Pagefile: 12365.08 MB
Available Pagefile: 10025.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:683.57 GB) (Free:391.87 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:8.39 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: 90000000)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=683.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#18
RKinner
Posted 02 April 2015 - 07:33 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Looks like you hit Scan instead of Fix.  I don't see the Fix log and it appears no changes were made.

 

Download the  fixlist.txt
 
 
save to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that.  

  • 0

#19
sarahb16
Posted 02 April 2015 - 09:36 PM

sarahb16

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

I know. I realized after I did posted them. But then after doing the fix, the computer rebooted and suddenly my ethernet port doesn't want to work. Having to get creative with getting the fix report to you. Sorry for the delay. You've been amazingly helpful.


  • 0

#20
RKinner
Posted 02 April 2015 - 10:38 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

1. Uninstall Trend Micro Internet Security I suspect its firewall is causing the problem.  You may need their uninstall tool:

http://esupport.trendmicro.com/en-us/home/pages/technical-support/1037161.aspx

Click on

Having Problems Removing Trend Micro?

 

2. (Start) Right click on My Computer, select Manage then Device Manager.  Find the Network Adapters and click on the + in front to open up the sub entries.  Right click on each sun-entry under Network Adapters and Uninstall.  (Doesn't hurt to write down the names in case you need to download the drivers from the PC Maker's website.  Normally you don't but with malware you never know.)  Reboot  and test.  If it still doesn't work: 

 

3. Start, All Programs, Accessories, Command Prompt.  Type with an Enter after each line in the code box: 
 
 
ipconfig /flushdns
 
netsh  winsock  reset catalog
 
netsh int ipv4 reset %userprofile%\Desktop\reset4.log 
 
NetSH WinHTTP reset proxy
 
(I use two spaces in the code box so you will be sure to see where 1 space goes.)
 
Reboot and test.  

  • 0

#21
sarahb16
Posted 03 April 2015 - 11:51 AM

sarahb16

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Ethernet to USB adapter to the rescue!

 

And I finally got MicroTrend off. Thank you for the link.

 

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Mitch at 2015-04-03 13:49:36 Run:3
Running from C:\Users\Mitch\Desktop
Loaded Profiles: Mitch (Available profiles: Mitch & Sarah)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.HTML ()
Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG ()
Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT ()
InternetURL: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://7oqnsnzwwnm6zb7y.icepaytor.com/4j730
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
URLSearchHook: HKLM-x32 - (No Name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - No File
SearchScopes: HKU\S-1-5-21-3003745939-3766210737-3386188188-1004 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL =
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: No Name -> {C56CB6B0-0D96-11D6-8C65-B2868B609932} ->  No File
BHO-x32: No Name -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} ->  No File
FF Plugin: @java.com/DTPlugin,version=10.6.2 -> C:\Windows\system32\npDeployJava1.dll [2012-08-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.6.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-08-23] (Oracle
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-20] (Oracle Corporation)
R2 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [563464 2011-01-22] (Trend Micro Inc.)
S3 TmPfw; C:\Program Files\Trend Micro\Internet Security\TmPfw.exe [587696 2011-01-22] (Trend Micro Inc.)
S3 tmproxy; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [854280 2011-01-22] (Trend Micro Inc.)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [192528 2011-01-22] (Trend Micro Inc.)
R2 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [42768 2011-07-12] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [80912 2011-01-22] (Trend Micro Inc.)
R2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [277008 2011-01-22] (Trend Micro Inc.)
R2 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [342288 2011-07-12] (Trend Micro Inc.)
R2 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [2077456 2011-07-12] (Trend Micro Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
2015-03-30 22:24 - 2015-03-30 22:24 - 00008546 _____ () C:\Users\Sarah\HELP_DECRYPT.HTML
2015-03-30 22:24 - 2015-03-30 22:24 - 00008546 _____ () C:\Users\Sarah\Downloads\HELP_DECRYPT.HTML
2015-03-30 22:24 - 2015-03-30 22:24 - 00004210 _____ () C:\Users\Sarah\HELP_DECRYPT.TXT
2015-03-30 22:24 - 2015-03-30 22:24 - 00004210 _____ () C:\Users\Sarah\Downloads\HELP_DECRYPT.TXT
2015-03-30 22:24 - 2015-03-30 22:24 - 00000272 _____ () C:\Users\Sarah\HELP_DECRYPT.URL
2015-03-30 22:24 - 2015-03-30 22:24 - 00000272 _____ () C:\Users\Sarah\Downloads\HELP_DECRYPT.URL
2015-03-30 22:16 - 2015-03-30 22:16 - 00000000 ____D () C:\ProgramData\LadjaLkovz
2015-03-26 23:47 - 2015-03-26 23:47 - 00002772 _____ () C:\Windows\System32\Tasks\task432902228
C:\Users\Mitch\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Mitch\AppData\Local\Temp\ose00000.exe
C:\Users\Mitch\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Sarah\AppData\Local\Temp\repfix.exe
Task: {3958734D-F6E2-449C-96FC-CF43A70D9EB3} - System32\Tasks\93c88880 => C:\Users\Kris\AppData\Local\Temp\\setup2290491264.exe <==== ATTENTION
Task: {3FDFBEEF-8F6E-42CE-89FD-9A19136A7245} - System32\Tasks\task432902228
Task: {3FFE5F48-FAEE-4C27-A54E-9F1E080987FD} - System32\Tasks\{C154E818-EDC2-4ECC-89F8-10F33599A2B4} => pcalua.exe -a C:\Users\Kris\nesten-061b2pre.exe
Task: {C03D36FD-FC1B-49B9-A519-924ABEF8C52A} - System32\Tasks\{F39E13D9-1AC7-48FF-9C87-E9196BBC483C} => pcalua.exe -a C:\Users\Kris\9-4_vista64_win7_64_dd.exe -d C:\Users\Kris
Task: {D31EC254-4B82-4328-99D2-4BA7E1FE1804} - System32\Tasks\{AB2BCA31-D4A8-B05D-6BDA-F2CD77AC0341} => C:\Users\Sarah\AppData\Roaming\dvdmbtb.dll [2014-09-16] () <==== ATTENTION
C:\Users\Kris\AppData\Local\SysMain64\dbWIMgmt.dll
C:\Users\Kris\AppData\Local\Temp\\setup2290491264.exe
C:\Users\Mitch\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Mitch\AppData\Local\Temp\ose00000.exe
C:\Users\Mitch\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Sarah\AppData\Local\Temp\repfix.exe
*****************

C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.HTML not found.
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG not found.
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT not found.
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} => Value not found.
HKU\S-1-5-21-3003745939-3766210737-3386188188-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C56CB6B0-0D96-11D6-8C65-B2868B609932} => Key not found.
HKCR\Wow6432Node\CLSID\{C56CB6B0-0D96-11D6-8C65-B2868B609932} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777} => Key not found.
HKCR\Wow6432Node\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777} => Key not found.
HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2 => Key not found.
"C:\Windows\system32\npDeployJava1.dll" => not found.
HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2 => Key not found.
"C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll" => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.67.2 => Key not found.
C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2 => Key not found.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found.
TMBMServer => Service not found.
TmPfw => Service not found.
tmproxy => Service not found.
tmlwf => Service not found.
tmpreflt => Service not found.
tmtdi => Service not found.
tmwfp => Service not found.
tmxpflt => Service not found.
vsapint => Service not found.
IpInIp => Service not found.
NwlnkFlt => Service not found.
NwlnkFwd => Service not found.
"C:\Users\Sarah\HELP_DECRYPT.HTML" => File/Directory not found.
"C:\Users\Sarah\Downloads\HELP_DECRYPT.HTML" => File/Directory not found.
"C:\Users\Sarah\HELP_DECRYPT.TXT" => File/Directory not found.
"C:\Users\Sarah\Downloads\HELP_DECRYPT.TXT" => File/Directory not found.
"C:\Users\Sarah\HELP_DECRYPT.URL" => File/Directory not found.
"C:\Users\Sarah\Downloads\HELP_DECRYPT.URL" => File/Directory not found.
"C:\ProgramData\LadjaLkovz" => File/Directory not found.
"C:\Windows\System32\Tasks\task432902228" => File/Directory not found.
"C:\Users\Mitch\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\Mitch\AppData\Local\Temp\ose00000.exe" => File/Directory not found.
"C:\Users\Mitch\AppData\Local\Temp\SkypeSetup.exe" => File/Directory not found.
"C:\Users\Sarah\AppData\Local\Temp\repfix.exe" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3958734D-F6E2-449C-96FC-CF43A70D9EB3} => Key not found.
C:\Windows\System32\Tasks\93c88880 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\93c88880 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FDFBEEF-8F6E-42CE-89FD-9A19136A7245} => Key not found.
C:\Windows\System32\Tasks\task432902228 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\task432902228 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FFE5F48-FAEE-4C27-A54E-9F1E080987FD} => Key not found.
C:\Windows\System32\Tasks\{C154E818-EDC2-4ECC-89F8-10F33599A2B4} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C154E818-EDC2-4ECC-89F8-10F33599A2B4} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C03D36FD-FC1B-49B9-A519-924ABEF8C52A} => Key not found.
C:\Windows\System32\Tasks\{F39E13D9-1AC7-48FF-9C87-E9196BBC483C} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F39E13D9-1AC7-48FF-9C87-E9196BBC483C} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D31EC254-4B82-4328-99D2-4BA7E1FE1804} => Key not found.
C:\Windows\System32\Tasks\{AB2BCA31-D4A8-B05D-6BDA-F2CD77AC0341} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AB2BCA31-D4A8-B05D-6BDA-F2CD77AC0341} => Key not found.
"C:\Users\Kris\AppData\Local\SysMain64\dbWIMgmt.dll" => File/Directory not found.
"C:\Users\Kris\AppData\Local\Temp\\setup2290491264.exe" => File/Directory not found.
"C:\Users\Mitch\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\Mitch\AppData\Local\Temp\ose00000.exe" => File/Directory not found.
"C:\Users\Mitch\AppData\Local\Temp\SkypeSetup.exe" => File/Directory not found.
"C:\Users\Sarah\AppData\Local\Temp\repfix.exe" => File/Directory not found.

==== End of Fixlog 13:49:37 ====


  • 0

#22
RKinner
Posted 03 April 2015 - 02:11 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Did you remember to right click and Run As Admin when you started FRST?  It doesn't appear to have found anything.

 

Can I see a new FRST scan log and addition.txt file?


  • 0

#23
sarahb16
Posted 03 April 2015 - 02:47 PM

sarahb16

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Mitch (administrator) on KRIS-PC on 03-04-2015 16:44:45
Running from C:\Users\Mitch\Desktop
Loaded Profiles: Mitch & Sarah (Available profiles: Mitch & Sarah)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_f86438be\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Primax Electronics Ltd.) C:\Windows\System32\ico.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Users\Mitch\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Primax Electronics Ltd.) C:\Windows\System32\ico.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [PMX Daemon] => C:\Windows\system32\ICO.EXE [91648 2006-11-08] (Primax Electronics Ltd.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-15] (Intel Corporation)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [443904 2008-06-26] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [WinampAgent] => "C:\Program Files (x86)\Winamp\winampa.exe"
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [417792 2010-02-15] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-3003745939-3766210737-3386188188-1004\...\Run: [Amazon Music] => C:\Users\Mitch\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()
HKU\S-1-5-21-3003745939-3766210737-3386188188-1004\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3003745939-3766210737-3386188188-1004\...\MountPoints2: {0beec27a-d9b2-11e4-a12f-0022191b542a} - J:\Windows\SETUP.exe
HKU\S-1-5-21-3003745939-3766210737-3386188188-1005\...\Run: [LadjaLkovz] => regsvr32.exe "C:\ProgramData\LadjaLkovz\GomajDuxec.rvm"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
HKU\S-1-5-21-3003745939-3766210737-3386188188-1004\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
HKU\S-1-5-21-3003745939-3766210737-3386188188-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
HKU\S-1-5-21-3003745939-3766210737-3386188188-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...t&type=avastbcl
HKU\S-1-5-21-3003745939-3766210737-3386188188-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKU\S-1-5-21-3003745939-3766210737-3386188188-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-08-23] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-07-06] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-08-23] (Oracle Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-03-26] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-20] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-07-06] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-20] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\aj64lc09.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2008-11-06] (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll [2008-12-10] (DivX, Inc)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-03-26] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009-02-06] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2012-03-26] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2010-03-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2010-03-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2010-03-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2010-03-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2010-03-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2010-03-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2010-03-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll [2010-02-15] (RealNetworks, Inc.)
FF Extension: Adblock Plus - C:\Users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\aj64lc09.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-03]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-11-14]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-06]

Chrome:
=======
CHR Profile: C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-06]
CHR Extension: (Google Drive) - C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-06]
CHR Extension: (YouTube) - C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-06]
CHR Extension: (Google Search) - C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-06]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-08]
CHR Extension: (Google Wallet) - C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-06]
CHR Extension: (Gmail) - C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-06]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-06]
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Kris\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-06] (AVAST Software)
R2 CTDevice_Srv; C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) [File not signed]
S3 CTUPnPSv; C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd) [File not signed]
S3 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S4 MSSQL$BWDATOOLSET; c:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_f86438be\STacSV64.exe [246272 2008-06-26] (IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
S3 DAUpdaterSvc; c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-06] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [0 2014-07-06] () <==== ATTENTION (zero size file/folder)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-07-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-06] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-07-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-06] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310728 2009-03-14] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2009-03-14] ()
S3 motport; C:\Windows\System32\DRIVERS\motport.sys [31744 2013-03-19] (Motorola Mobility Inc)
S3 Secdrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [14304 1999-07-28] () [File not signed]
R3 USB_Ethernet_Adaptor; C:\Windows\System32\DRIVERS\USB_Ethernet_Adaptor.sys [21504 2013-01-08] (Corechip Semiconductor, Inc. Co Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-03 16:44 - 2015-04-03 16:44 - 00022740 _____ () C:\Users\Mitch\Desktop\FRST.txt
2015-04-03 13:39 - 2015-04-03 13:39 - 00000000 ____D () C:\Users\Mitch\AppData\Local\Macromedia
2015-04-03 13:33 - 2013-01-08 02:03 - 00021504 _____ (Corechip Semiconductor, Inc. Co Ltd.) C:\Windows\system32\Drivers\USB_Ethernet_Adaptor.sys
2015-04-02 15:14 - 2015-03-29 21:04 - 02095616 _____ (Farbar) C:\Users\Mitch\Desktop\FRST64.exe
2015-03-31 20:51 - 2015-03-31 20:47 - 00221384 _____ (ESET) C:\Users\Sarah\Desktop\ESETPoweliksCleaner.exe
2015-03-31 20:18 - 2015-03-31 20:25 - 00000000 ___SD () C:\ComboFix
2015-03-31 20:13 - 2015-03-30 23:26 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Sarah\Desktop\TDSSKiller.exe
2015-03-30 23:09 - 2015-03-30 23:09 - 00000000 ____D () C:\Windows\erdnt
2015-03-30 23:09 - 2015-03-30 23:09 - 00000000 ____D () C:\Qoobox
2015-03-30 23:09 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-30 23:09 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-30 23:09 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-30 23:09 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-30 23:09 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-30 23:09 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-30 23:09 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-30 23:09 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-30 23:08 - 2015-03-30 23:05 - 05617067 ____R (Swearware) C:\Users\Sarah\Desktop\ComboFix.exe
2015-03-29 21:09 - 2015-04-03 16:44 - 00000000 ____D () C:\FRST
2015-03-29 21:08 - 2015-03-29 21:04 - 02095616 _____ (Farbar) C:\Users\Sarah\Desktop\FRST64.exe
2015-03-29 20:55 - 2015-03-29 20:55 - 00000732 _____ () C:\Users\Sarah\AppData\Local\d3d9caps64.dat
2015-03-22 17:08 - 2015-03-22 17:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-10 19:26 - 2015-03-10 19:26 - 14487928 _____ (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) C:\Users\Mitch\Downloads\R78500.EXE
2015-03-10 19:25 - 2015-03-10 19:25 - 08874624 _____ (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) C:\Users\Mitch\Downloads\R87461.EXE
2015-03-07 02:55 - 2015-03-08 14:03 - 00005120 _____ () C:\Users\Mitch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-03 16:44 - 2009-01-15 10:11 - 02032944 _____ () C:\Windows\WindowsUpdate.log
2015-04-03 16:25 - 2014-06-30 22:04 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-03 16:10 - 2012-06-16 21:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-03 15:45 - 2006-11-02 11:22 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-03 15:45 - 2006-11-02 11:22 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-03 13:54 - 2014-06-30 22:04 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-03 13:54 - 2009-04-13 21:20 - 00000000 ____D () C:\temp
2015-04-03 13:52 - 2006-11-02 08:46 - 00838784 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-03 13:46 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-03 13:45 - 2011-01-22 11:16 - 00087596 _____ () C:\Windows\PFRO.log
2015-04-03 13:43 - 2009-01-15 15:35 - 00000000 ____D () C:\ProgramData\Trend Micro
2015-04-03 13:43 - 2006-11-02 11:42 - 00032568 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-03 13:34 - 2014-01-24 11:15 - 00000000 ____D () C:\Users\Mitch
2015-04-02 19:57 - 2014-06-30 22:01 - 00000000 ____D () C:\Users\Sarah
2015-03-31 20:54 - 2014-07-14 19:40 - 00010280 _____ () C:\Windows\system32\spsys.log
2015-03-30 22:24 - 2015-02-18 14:43 - 00000000 ____D () C:\Users\Sarah\Downloads\comicpress
2015-03-30 22:01 - 2014-07-06 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2015-03-30 21:57 - 2014-10-08 21:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-27 09:04 - 2014-10-02 21:14 - 00000000 ____D () C:\Users\Mitch\AppData\Roaming\Skype
2015-03-27 00:32 - 2014-07-03 00:23 - 00000680 _____ () C:\Users\Sarah\AppData\Local\d3d9caps.dat
2015-03-26 23:49 - 2014-10-08 21:54 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Mozilla
2015-03-26 23:49 - 2014-07-01 21:56 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Skype
2015-03-26 23:49 - 2014-07-01 21:56 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Skype
2015-03-26 23:49 - 2014-06-30 22:02 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Adobe
2015-03-26 23:48 - 2014-07-01 23:46 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Apple Computer
2015-03-26 23:48 - 2014-06-30 22:03 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Google
2015-03-26 23:47 - 2012-08-28 18:22 - 00000000 ____D () C:\ProgramData\Battle.net
2015-03-26 23:47 - 2010-03-14 20:10 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-03-10 19:23 - 2006-11-02 11:27 - 00168974 _____ () C:\Windows\setupact.log
2015-03-08 10:18 - 2015-02-28 18:10 - 00000000 ____D () C:\Users\Mitch\Documents\red usb drive

==================== Files in the root of some directories =======

2014-01-24 16:23 - 2014-10-16 09:07 - 0000680 _____ () C:\Users\Mitch\AppData\Local\d3d9caps.dat
2015-03-07 02:55 - 2015-03-08 14:03 - 0005120 _____ () C:\Users\Mitch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-11-14 14:46 - 2014-01-23 16:28 - 0006754 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Mitch\AppData\Local\Temp\atl80.dll
C:\Users\Mitch\AppData\Local\Temp\mfc80.dll
C:\Users\Mitch\AppData\Local\Temp\mfc80u.dll
C:\Users\Mitch\AppData\Local\Temp\mfcm80.dll
C:\Users\Mitch\AppData\Local\Temp\mfcm80u.dll
C:\Users\Mitch\AppData\Local\Temp\msvcm80.dll
C:\Users\Mitch\AppData\Local\Temp\msvcp80.dll
C:\Users\Mitch\AppData\Local\Temp\msvcr80.dll
C:\Users\Mitch\AppData\Local\Temp\TmDbg32.dll
C:\Users\Mitch\AppData\Local\Temp\TmDbg64.dll


Some zero byte size files/folders:
==========================
C:\Windows\System32\Drivers\aswMonFlt.sys

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-03 13:52

==================== End Of Log ============================


  • 0

#24
sarahb16
Posted 03 April 2015 - 02:49 PM

sarahb16

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Mitch at 2015-04-03 16:45:16
Running from C:\Users\Mitch\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AAC Decoder (HKLM-x32\...\{AEF9DC35ADDF4825B049ACBFD1C6EB37}) (Version: 7.1.0 - DivX, Inc.)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader 9.5.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.1 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-3003745939-3766210737-3386188188-1004\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.008.0409.2230 - )
ATI Catalyst Install Manager (HKLM\...\{9C81B8DC-A1C2-56E3-A22B-FC00C0DE1454}) (Version: 3.0.719.0 - ATI Technologies, Inc.)
AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Browser Address Error Redirector (HKLM-x32\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version:  - )
Browser Address Error Redirector (HKLM-x32\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
ccc-core-static (x32 Version: 2008.0409.2231.38463 - ATI) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.74.00 - Conexant)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Copy (x32 Version: 130.0.366.000 - Hewlett-Packard) Hidden
Creative Centrale (x32 Version: 1.03.01 - Creative Technology Ltd.) Hidden
Creative Software Update (x32 Version: 1.01.02 - Creative Technology Ltd.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
Digital Line Detect (HKLM-x32\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
DivX Codec (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.8.5 - DivX, Inc.)
DivX Player (HKLM-x32\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.0.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM-x32\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Version Checker (HKLM-x32\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.0.0.19 - DivX, Inc.)
DivX Web Player (HKLM-x32\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.4.2 - DivX,Inc.)
DJ_AIO_05_F4400_Software_Min (x32 Version: 130.0.448.000 - Hewlett-Packard) Hidden
Dragon Age Toolset (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.01 - Electronic Arts, Inc.)
DVDx 2 (HKLM-x32\...\{4EC8B911-98AB-4819-B5EE-D32E8A0A8AAA}_is1) (Version: 2.20 - labDV®)
EDocs (HKLM-x32\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version:  - )
F4400 (x32 Version: 130.0.448.000 - Hewlett-Packard) Hidden
Feedback Tool (HKLM-x32\...\{90024193-9F13-4877-89D5-A1CDF0CBBF28}) (Version: 1.1.0 - Microsoft Corporation)
Game Elements PC Recoil Pad (HKLM-x32\...\Game Elements PC Recoil Pad) (Version:  - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
GTK+ Runtime 2.14.6 rev a (remove only) (HKLM-x32\...\GTK 2.0) (Version:  - )
H.264 Decoder (HKLM-x32\...\{A96E97134CA649888820BCDE5E300BBD}) (Version: 1.0.0 - DivX, Inc.)
Hauppauge MCE XP/Vista Software Encoder (2.0.25296) (HKLM-x32\...\Hauppauge MCE2005 Software Encoder) (Version: 2.0.25296 - Hauppauge Computer Works, Inc.)
Hauppauge TV Tuner Driver (x32 Version: 2.0.25312 - Hauppauge Computer Works) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet F4400 Printer Driver Software 13.0 Rel .5 (HKLM\...\{5AEBB4A3-6878-4CEE-AD34-0F6958A983F0}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 6 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417006FF}) (Version: 7.0.60 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java™ 6 Update 13 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216013F0}) (Version: 6.0.130 - Sun Microsystems, Inc.)
Java™ 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Java™ 6 Update 7 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
Juniper Networks Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 1.3.1.6 - Juniper Networks)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Media Player Classic - Home Cinema 1.6.0.4014 x64 (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.6.0.4014 - MPC-HC Team)
Memorex exPressit Label Design Studio (HKLM-x32\...\MVApplication1) (Version:  - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{86A4C6D9-29EE-4719-AFA1-BA3341862B83}) (Version: 3.4.54.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{1FDA5A37-B22D-43FF-B582-B8964050DC13}) (Version: 3.4.18.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Meeting 2005 (HKLM-x32\...\{AB6972B2-CF5D-4CC8-AF4F-B5D6888AB120}) (Version: 7.9.3812.0 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MKV Splitter (HKLM-x32\...\{AAC389499AEF40428987B3D30CFC76C9}) (Version: 1.0.0 - DivX, Inc.)
Modem Diagnostic Tool (HKLM\...\{0335701D-8E28-4A7F-B0EF-312974755BB2}) (Version: 1.0.24.0 - Dell)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
Mouse Suite for Desktop Computers (HKLM-x32\...\{448E2D77-E504-4221-B2C2-93646B344729}) (Version: 2.50.025 - Dell)
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
NetWaiting (HKLM-x32\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.53 - BVRP Software, Inc)
NVIDIA PhysX (HKLM-x32\...\{9530AE42-DAE1-4619-9594-B23487285D17}) (Version: 9.11.1107 - NVIDIA Corporation)
Paint Shop Pro 7 Try And Buy (HKLM-x32\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.4.0000 - Jasc Software Inc)
Philips Retractable PC Controller (HKLM-x32\...\Philips Retractable PC Controller) (Version:  - )
QuickTime (HKLM-x32\...\{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}) (Version: 7.65.17.80 - Apple Inc.)
Real Alternative 2.0.2 (HKLM-x32\...\RealAlt_is1) (Version: 2.0.2 - )
RiffTrax DVD Player (x32 Version: 1.9.8.8 - RiffTrax) Hidden
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
SDP Downloader (HKLM-x32\...\{B547CB8D-549A-436E-97B5-E79F911B11E2}) (Version: 2.3.0 - SDP Multimedia)
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skins (x32 Version: 2008.0409.2231.38463 - ATI) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Super Mario Bros. X (HKLM-x32\...\Super Mario Bros. X) (Version:  - )
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
uTorrentControl2 Toolbar (HKLM-x32\...\uTorrentControl2 Toolbar) (Version: 6.8.11.4 - uTorrentControl2) <==== ATTENTION
Vista Codec Package (HKLM-x32\...\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}) (Version: 5.1.3 - Shark007)
VistaCodecs x64 Components v1.7.0 (HKLM\...\VistaCodecs x64 Components_is1) (Version: 1.7.0 - Shark007)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Media Encoder 9 Series x64 Edition (HKLM\...\Windows Media Encoder 9) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

20-03-2015 23:20:22 Scheduled Checkpoint
23-03-2015 05:21:56 Scheduled Checkpoint
24-03-2015 01:59:07 Windows Update
25-03-2015 00:00:26 Scheduled Checkpoint
27-03-2015 04:02:24 Scheduled Checkpoint
29-03-2015 21:30:48 Windows Update
31-03-2015 22:10:16 Scheduled Checkpoint
02-04-2015 00:00:06 Scheduled Checkpoint
02-04-2015 21:04:31 Scheduled Checkpoint
02-04-2015 23:13:49 Windows Update
03-04-2015 13:33:39 Device Driver Package Install: Corechip Semiconductor, Inc. Network adapters

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 08:34 - 2009-09-08 06:32 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02ADC3D5-095C-48E9-B11A-2339776498CF} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
Task: {0A7C9C56-BCC7-4C52-BBDA-370E3619CF6C} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Kris => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)
Task: {1372F740-5389-4AC5-938D-F1EC737F64E3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-30] (Google Inc.)
Task: {26C5F298-465E-4F7F-9FDF-A9ECBC66A15C} - System32\Tasks\Leader Technologies\PowerRegister\Seagate NA0LH4H4 Product Registration (Kris) => C:\Users\Kris\AppData\Roaming\Leadertech\PowerRegister\Seagate NA0LH4H4 Product Registration.exe
Task: {2CE3C139-BCB0-42D3-829D-86EABB78AF18} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-30] (Google Inc.)
Task: {3858CBB8-7B4B-4FAE-914C-56BB9591A536} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {4E36648C-4E9E-4CEE-B083-D896AFE34512} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {650F69E6-2E52-43B3-9904-096245C6B1FF} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {B5906F45-97AC-4A14-B4FD-CA71CE1480D1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-06] (AVAST Software)
Task: {F4123A61-6A81-41F9-B7E3-0C7924AE46C8} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-01-16 00:41 - 2014-12-08 02:27 - 06277952 _____ () C:\Users\Mitch\AppData\Local\Amazon Music\Amazon Music Helper.exe
2009-01-15 17:42 - 2009-03-16 16:26 - 00120320 _____ () C:\Windows\system32\atitmm64.dll
2014-08-27 10:56 - 2014-08-27 10:56 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\8e096e2e926e5c3322b933ec71be999a\VistaBridgeLibrary.ni.dll
2008-02-21 12:55 - 2008-02-21 12:55 - 00846336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-31 11:05 - 2013-10-31 11:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2014-07-06 17:16 - 2014-07-06 17:16 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-07-06 17:16 - 2014-07-06 17:16 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:8B4F37E5

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3003745939-3766210737-3386188188-1004\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
HKU\S-1-5-21-3003745939-3766210737-3386188188-1005\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: dbWIMgmt => rundll32.exe "C:\Users\Kris\AppData\Local\SysMain64\dbWIMgmt.dll",Devobjmm msGL80

==================== Accounts: =============================

Administrator (S-1-5-21-3003745939-3766210737-3386188188-500 - Administrator - Disabled)
Guest (S-1-5-21-3003745939-3766210737-3386188188-501 - Limited - Enabled)
Mitch (S-1-5-21-3003745939-3766210737-3386188188-1004 - Administrator - Enabled) => C:\Users\Mitch
Sarah (S-1-5-21-3003745939-3766210737-3386188188-1005 - Limited - Enabled) => C:\Users\Sarah

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/03/2015 01:46:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/02/2015 11:34:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/02/2015 09:34:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/02/2015 08:04:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16563 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: cf4
Start Time: 01d06da125da6333
Termination Time: 0

Error: (04/02/2015 08:00:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/31/2015 09:00:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application IEXPLORE.EXE, version 9.0.8112.16563, time stamp 0x53d14764, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e00, exception code 0xc0000005, fault offset 0x00030226,
process id 0x10f8, application start time 0xIEXPLORE.EXE0.

Error: (03/31/2015 08:55:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/30/2015 10:50:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16563 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 2460
Start Time: 01d06b5c9e4e4837
Termination Time: 0

Error: (03/30/2015 10:48:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16563, time stamp 0x4549b470, faulting module Flash32_16_0_0_305.ocx, version 16.0.0.305, time stamp 0x54cff11b, exception code 0xc0000005, fault offset 0x0065cd8c,
process id 0x1e98, application start time 0xiexplore.exe0.

Error: (03/30/2015 10:43:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 9.0.8112.16563 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1028
Start Time: 01d06b5ae18b0777
Termination Time: 0


System errors:
=============
Error: (04/03/2015 03:04:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: avast! AntivirusaswMonFlt%%193

Error: (04/03/2015 03:04:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: aswMonFlt%%193

Error: (04/03/2015 01:46:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: avast! AntivirusaswMonFlt%%193

Error: (04/03/2015 01:46:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: aswMonFlt%%193

Error: (04/02/2015 11:34:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: avast! AntivirusaswMonFlt%%193

Error: (04/02/2015 11:34:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: aswMonFlt%%193

Error: (04/02/2015 11:19:10 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070663Security Update for Microsoft Office 2007 suites (KB2687499){5BD72FC8-8BDB-458A-95B8-4372212FE3CE}201

Error: (04/02/2015 11:19:10 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070663Security Update for Microsoft Office 2007 suites (KB2760585){E47BE4B1-5EF0-442F-995F-C000D5AFF062}201

Error: (04/02/2015 11:19:10 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070663Update for Microsoft Office 2007 suites (KB2767849){9293EC8F-E7E2-4072-BB3C-49CAA63DF364}200

Error: (04/02/2015 11:19:10 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070663Security Update for Microsoft Office 2007 suites (KB2760591){B3DD3F82-E43A-4F5F-819B-455A0AFBDF59}201


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2012-09-08 20:13:56.761
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Kris\TIS17.5pro_dell_en_setup\Setup\Engine\32bit\0x22000040\tmevtmgr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-08 20:13:56.612
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Kris\TIS17.5pro_dell_en_setup\Setup\Engine\32bit\0x22000040\tmevtmgr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-08 20:13:56.465
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Kris\TIS17.5pro_dell_en_setup\Setup\Engine\32bit\0x22000040\tmevtmgr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-08 20:13:56.291
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Kris\TIS17.5pro_dell_en_setup\Setup\Engine\32bit\0x22000040\tmevtmgr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-08 20:08:52.176
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Kris\en-US_TISDell_Download\Setup\Engine\32bit\0x22000040\tmevtmgr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-08 20:08:52.028
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Kris\en-US_TISDell_Download\Setup\Engine\32bit\0x22000040\tmevtmgr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-08 20:08:51.881
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Kris\en-US_TISDell_Download\Setup\Engine\32bit\0x22000040\tmevtmgr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-08 20:08:51.709
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Kris\en-US_TISDell_Download\Setup\Engine\32bit\0x22000040\tmevtmgr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-01 21:25:08.895
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\DisplayFusion\DisplayFusionHookx64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-01 21:25:08.741
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\DisplayFusion\DisplayFusionHookx64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q8300 @ 2.50GHz
Percentage of memory in use: 34%
Total physical RAM: 6077.03 MB
Available physical RAM: 3964.27 MB
Total Pagefile: 12349.08 MB
Available Pagefile: 9977.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:683.57 GB) (Free:390.87 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:8.39 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: 90000000)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=683.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#25
RKinner
Posted 03 April 2015 - 03:02 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

There is just the one entry in the Sarah login left.  Let's see if we can get it with FRST:

 

Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
 
See if you can now get aswMBR and Combofix to run.  Make sure you start them by right clicking and run as admin.  Also make sure you have them on your desktop and not on a CD.
 
 
 
Download aswMBR.exe  to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and  click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply
 
ComboFix
 
:!: It must be saved to your desktop, do not run it from your browser:!:
 
:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well.  See: http://www.bleepingc...opic114351.html
 
:!: Turn off your screen saver so you can see what is going on
 
Download and Save this file --  to your Desktop -- from either of these two sources:
 
Rightclick on ComboFix and select Run As Administrator to start the program.  
 
 
 
    * :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
    
    
    * A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.  
 
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
You should get a log when it finishes.  If not this may mean you have the new version of Zero Access malware so run Combofix a second time.
If you still don't get a log search for Combofix.txt.  It is usually at => C:\Combofix\Combofix.txt. I'll need to see that in your reply.
If you get an error about a registry value when you try to run a program, then just reboot to clear it.
 
 
 

 


  • 0

Advertisements

#26
sarahb16
Posted 03 April 2015 - 03:24 PM

sarahb16

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Mitch at 2015-04-03 17:24:11 Run:4
Running from C:\Users\Sarah\Desktop
Loaded Profiles: Mitch & Sarah (Available profiles: Mitch & Sarah)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-3003745939-3766210737-3386188188-1005\...\Run: [LadjaLkovz] => regsvr32.exe "C:\ProgramData\LadjaLkovz\GomajDuxec.rvm"
C:\ProgramData\LadjaLkovz\GomajDuxec.rvm
CMD: mkdir C:\ProgramData\LadjaLkovz\GomajDuxec.rvm
*****************

HKU\S-1-5-21-3003745939-3766210737-3386188188-1005\Software\Microsoft\Windows\CurrentVersion\Run\\LadjaLkovz => value deleted successfully.
"C:\ProgramData\LadjaLkovz\GomajDuxec.rvm" => File/Directory not found.

=========  mkdir C:\ProgramData\LadjaLkovz\GomajDuxec.rvm =========


========= End of CMD: =========


==== End of Fixlog 17:24:11 ====


  • 0

#27
sarahb16
Posted 03 April 2015 - 03:26 PM

sarahb16

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Mitch (administrator) on KRIS-PC on 03-04-2015 17:24:47
Running from C:\Users\Sarah\Desktop
Loaded Profiles: Mitch & Sarah (Available profiles: Mitch & Sarah)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_f86438be\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
Failed to access process -> WUDFHost.exe
(Primax Electronics Ltd.) C:\Windows\System32\ico.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Users\Mitch\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
Failed to access process -> WmiPrvSE.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
Failed to access process -> csrss.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Primax Electronics Ltd.) C:\Windows\System32\ico.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
Failed to access process -> hpqbam08.exe
Failed to access process -> hpqgpc01.exe
Failed to access process -> unsecapp.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [PMX Daemon] => C:\Windows\system32\ICO.EXE [91648 2006-11-08] (Primax Electronics Ltd.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-15] (Intel Corporation)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [443904 2008-06-26] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [WinampAgent] => "C:\Program Files (x86)\Winamp\winampa.exe"
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [417792 2010-02-15] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-3003745939-3766210737-3386188188-1004\...\Run: [Amazon Music] => C:\Users\Mitch\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()
HKU\S-1-5-21-3003745939-3766210737-3386188188-1004\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3003745939-3766210737-3386188188-1004\...\MountPoints2: {0beec27a-d9b2-11e4-a12f-0022191b542a} - J:\Windows\SETUP.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
HKU\S-1-5-21-3003745939-3766210737-3386188188-1004\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
HKU\S-1-5-21-3003745939-3766210737-3386188188-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
HKU\S-1-5-21-3003745939-3766210737-3386188188-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...t&type=avastbcl
HKU\S-1-5-21-3003745939-3766210737-3386188188-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKU\S-1-5-21-3003745939-3766210737-3386188188-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-08-23] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-07-06] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-08-23] (Oracle Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-03-26] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-20] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-07-06] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-20] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\aj64lc09.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2008-11-06] (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll [2008-12-10] (DivX, Inc)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-03-26] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009-02-06] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2012-03-26] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2010-03-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2010-03-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2010-03-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2010-03-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2010-03-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2010-03-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2010-03-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll [2010-02-15] (RealNetworks, Inc.)
FF Extension: Adblock Plus - C:\Users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\aj64lc09.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-03]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-11-14]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-06]

Chrome:
=======
CHR Profile: C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-06]
CHR Extension: (Google Drive) - C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-06]
CHR Extension: (YouTube) - C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-06]
CHR Extension: (Google Search) - C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-06]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-08]
CHR Extension: (Google Wallet) - C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-06]
CHR Extension: (Gmail) - C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-06]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-06]
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Kris\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-06] (AVAST Software)
R2 CTDevice_Srv; C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) [File not signed]
S3 CTUPnPSv; C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd) [File not signed]
S3 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S4 MSSQL$BWDATOOLSET; c:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_f86438be\STacSV64.exe [246272 2008-06-26] (IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
S3 DAUpdaterSvc; c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-06] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [0 2014-07-06] () <==== ATTENTION (zero size file/folder)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-07-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-06] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-07-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-06] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310728 2009-03-14] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2009-03-14] ()
S3 motport; C:\Windows\System32\DRIVERS\motport.sys [31744 2013-03-19] (Motorola Mobility Inc)
S3 Secdrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [14304 1999-07-28] () [File not signed]
R3 USB_Ethernet_Adaptor; C:\Windows\System32\DRIVERS\USB_Ethernet_Adaptor.sys [21504 2013-01-08] (Corechip Semiconductor, Inc. Co Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-03 17:24 - 2015-04-03 17:24 - 00022734 _____ () C:\Users\Sarah\Desktop\FRST.txt
2015-04-03 17:24 - 2015-04-03 17:24 - 00000000 ____D () C:\ProgramData\LadjaLkovz
2015-04-03 16:45 - 2015-04-03 16:45 - 00032046 _____ () C:\Users\Mitch\Desktop\Addition.txt
2015-04-03 16:44 - 2015-04-03 16:45 - 00030408 _____ () C:\Users\Mitch\Desktop\FRST.txt
2015-04-03 13:39 - 2015-04-03 13:39 - 00000000 ____D () C:\Users\Mitch\AppData\Local\Macromedia
2015-04-03 13:33 - 2013-01-08 02:03 - 00021504 _____ (Corechip Semiconductor, Inc. Co Ltd.) C:\Windows\system32\Drivers\USB_Ethernet_Adaptor.sys
2015-04-02 15:14 - 2015-03-29 21:04 - 02095616 _____ (Farbar) C:\Users\Mitch\Desktop\FRST64.exe
2015-03-31 20:51 - 2015-03-31 20:47 - 00221384 _____ (ESET) C:\Users\Sarah\Desktop\ESETPoweliksCleaner.exe
2015-03-31 20:18 - 2015-03-31 20:25 - 00000000 ___SD () C:\ComboFix
2015-03-31 20:13 - 2015-03-30 23:26 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Sarah\Desktop\TDSSKiller.exe
2015-03-30 23:09 - 2015-03-30 23:09 - 00000000 ____D () C:\Windows\erdnt
2015-03-30 23:09 - 2015-03-30 23:09 - 00000000 ____D () C:\Qoobox
2015-03-30 23:09 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-30 23:09 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-30 23:09 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-30 23:09 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-30 23:09 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-30 23:09 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-30 23:09 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-30 23:09 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-30 23:08 - 2015-03-30 23:05 - 05617067 ____R (Swearware) C:\Users\Sarah\Desktop\ComboFix.exe
2015-03-29 21:09 - 2015-04-03 17:24 - 00000000 ____D () C:\FRST
2015-03-29 21:08 - 2015-03-29 21:04 - 02095616 _____ (Farbar) C:\Users\Sarah\Desktop\FRST64.exe
2015-03-29 20:55 - 2015-03-29 20:55 - 00000732 _____ () C:\Users\Sarah\AppData\Local\d3d9caps64.dat
2015-03-22 17:08 - 2015-03-22 17:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-10 19:26 - 2015-03-10 19:26 - 14487928 _____ (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) C:\Users\Mitch\Downloads\R78500.EXE
2015-03-10 19:25 - 2015-03-10 19:25 - 08874624 _____ (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) C:\Users\Mitch\Downloads\R87461.EXE
2015-03-07 02:55 - 2015-03-08 14:03 - 00005120 _____ () C:\Users\Mitch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-03 17:25 - 2014-06-30 22:04 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-03 17:23 - 2009-01-15 10:11 - 02033562 _____ () C:\Windows\WindowsUpdate.log
2015-04-03 17:11 - 2012-06-16 21:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-03 16:46 - 2014-06-30 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-03 15:45 - 2006-11-02 11:22 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-03 15:45 - 2006-11-02 11:22 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-03 13:54 - 2014-06-30 22:04 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-03 13:54 - 2009-04-13 21:20 - 00000000 ____D () C:\temp
2015-04-03 13:52 - 2006-11-02 08:46 - 00838784 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-03 13:46 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-03 13:45 - 2011-01-22 11:16 - 00087596 _____ () C:\Windows\PFRO.log
2015-04-03 13:43 - 2009-01-15 15:35 - 00000000 ____D () C:\ProgramData\Trend Micro
2015-04-03 13:43 - 2006-11-02 11:42 - 00032568 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-03 13:34 - 2014-01-24 11:15 - 00000000 ____D () C:\Users\Mitch
2015-04-02 19:57 - 2014-06-30 22:01 - 00000000 ____D () C:\Users\Sarah
2015-03-31 20:54 - 2014-07-14 19:40 - 00010280 _____ () C:\Windows\system32\spsys.log
2015-03-30 22:24 - 2015-02-18 14:43 - 00000000 ____D () C:\Users\Sarah\Downloads\comicpress
2015-03-30 22:01 - 2014-07-06 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2015-03-30 21:57 - 2014-10-08 21:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-27 09:04 - 2014-10-02 21:14 - 00000000 ____D () C:\Users\Mitch\AppData\Roaming\Skype
2015-03-27 00:32 - 2014-07-03 00:23 - 00000680 _____ () C:\Users\Sarah\AppData\Local\d3d9caps.dat
2015-03-26 23:49 - 2014-10-08 21:54 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Mozilla
2015-03-26 23:49 - 2014-07-01 21:56 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Skype
2015-03-26 23:49 - 2014-07-01 21:56 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Skype
2015-03-26 23:49 - 2014-06-30 22:02 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Adobe
2015-03-26 23:48 - 2014-07-01 23:46 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Apple Computer
2015-03-26 23:48 - 2014-06-30 22:03 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Google
2015-03-26 23:47 - 2012-08-28 18:22 - 00000000 ____D () C:\ProgramData\Battle.net
2015-03-26 23:47 - 2010-03-14 20:10 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-03-10 19:23 - 2006-11-02 11:27 - 00168974 _____ () C:\Windows\setupact.log
2015-03-08 10:18 - 2015-02-28 18:10 - 00000000 ____D () C:\Users\Mitch\Documents\red usb drive

==================== Files in the root of some directories =======

2014-01-24 16:23 - 2014-10-16 09:07 - 0000680 _____ () C:\Users\Mitch\AppData\Local\d3d9caps.dat
2015-03-07 02:55 - 2015-03-08 14:03 - 0005120 _____ () C:\Users\Mitch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-11-14 14:46 - 2014-01-23 16:28 - 0006754 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Mitch\AppData\Local\Temp\atl80.dll
C:\Users\Mitch\AppData\Local\Temp\mfc80.dll
C:\Users\Mitch\AppData\Local\Temp\mfc80u.dll
C:\Users\Mitch\AppData\Local\Temp\mfcm80.dll
C:\Users\Mitch\AppData\Local\Temp\mfcm80u.dll
C:\Users\Mitch\AppData\Local\Temp\msvcm80.dll
C:\Users\Mitch\AppData\Local\Temp\msvcp80.dll
C:\Users\Mitch\AppData\Local\Temp\msvcr80.dll
C:\Users\Mitch\AppData\Local\Temp\TmDbg32.dll
C:\Users\Mitch\AppData\Local\Temp\TmDbg64.dll


Some zero byte size files/folders:
==========================
C:\Windows\System32\Drivers\aswMonFlt.sys

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-03 13:52

==================== End Of Log ============================


  • 0

#28
sarahb16
Posted 03 April 2015 - 03:27 PM

sarahb16

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Mitch at 2015-04-03 17:25:30
Running from C:\Users\Sarah\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AAC Decoder (HKLM-x32\...\{AEF9DC35ADDF4825B049ACBFD1C6EB37}) (Version: 7.1.0 - DivX, Inc.)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader 9.5.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.1 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-3003745939-3766210737-3386188188-1004\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.008.0409.2230 - )
ATI Catalyst Install Manager (HKLM\...\{9C81B8DC-A1C2-56E3-A22B-FC00C0DE1454}) (Version: 3.0.719.0 - ATI Technologies, Inc.)
AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Browser Address Error Redirector (HKLM-x32\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version:  - )
Browser Address Error Redirector (HKLM-x32\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
ccc-core-static (x32 Version: 2008.0409.2231.38463 - ATI) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.74.00 - Conexant)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Copy (x32 Version: 130.0.366.000 - Hewlett-Packard) Hidden
Creative Centrale (x32 Version: 1.03.01 - Creative Technology Ltd.) Hidden
Creative Software Update (x32 Version: 1.01.02 - Creative Technology Ltd.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
Digital Line Detect (HKLM-x32\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
DivX Codec (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.8.5 - DivX, Inc.)
DivX Player (HKLM-x32\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.0.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM-x32\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Version Checker (HKLM-x32\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.0.0.19 - DivX, Inc.)
DivX Web Player (HKLM-x32\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.4.2 - DivX,Inc.)
DJ_AIO_05_F4400_Software_Min (x32 Version: 130.0.448.000 - Hewlett-Packard) Hidden
Dragon Age Toolset (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.01 - Electronic Arts, Inc.)
DVDx 2 (HKLM-x32\...\{4EC8B911-98AB-4819-B5EE-D32E8A0A8AAA}_is1) (Version: 2.20 - labDV®)
EDocs (HKLM-x32\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version:  - )
F4400 (x32 Version: 130.0.448.000 - Hewlett-Packard) Hidden
Feedback Tool (HKLM-x32\...\{90024193-9F13-4877-89D5-A1CDF0CBBF28}) (Version: 1.1.0 - Microsoft Corporation)
Game Elements PC Recoil Pad (HKLM-x32\...\Game Elements PC Recoil Pad) (Version:  - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
GTK+ Runtime 2.14.6 rev a (remove only) (HKLM-x32\...\GTK 2.0) (Version:  - )
H.264 Decoder (HKLM-x32\...\{A96E97134CA649888820BCDE5E300BBD}) (Version: 1.0.0 - DivX, Inc.)
Hauppauge MCE XP/Vista Software Encoder (2.0.25296) (HKLM-x32\...\Hauppauge MCE2005 Software Encoder) (Version: 2.0.25296 - Hauppauge Computer Works, Inc.)
Hauppauge TV Tuner Driver (x32 Version: 2.0.25312 - Hauppauge Computer Works) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet F4400 Printer Driver Software 13.0 Rel .5 (HKLM\...\{5AEBB4A3-6878-4CEE-AD34-0F6958A983F0}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 6 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417006FF}) (Version: 7.0.60 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java™ 6 Update 13 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216013F0}) (Version: 6.0.130 - Sun Microsystems, Inc.)
Java™ 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Java™ 6 Update 7 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
Juniper Networks Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 1.3.1.6 - Juniper Networks)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Media Player Classic - Home Cinema 1.6.0.4014 x64 (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.6.0.4014 - MPC-HC Team)
Memorex exPressit Label Design Studio (HKLM-x32\...\MVApplication1) (Version:  - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{86A4C6D9-29EE-4719-AFA1-BA3341862B83}) (Version: 3.4.54.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{1FDA5A37-B22D-43FF-B582-B8964050DC13}) (Version: 3.4.18.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Meeting 2005 (HKLM-x32\...\{AB6972B2-CF5D-4CC8-AF4F-B5D6888AB120}) (Version: 7.9.3812.0 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MKV Splitter (HKLM-x32\...\{AAC389499AEF40428987B3D30CFC76C9}) (Version: 1.0.0 - DivX, Inc.)
Modem Diagnostic Tool (HKLM\...\{0335701D-8E28-4A7F-B0EF-312974755BB2}) (Version: 1.0.24.0 - Dell)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
Mouse Suite for Desktop Computers (HKLM-x32\...\{448E2D77-E504-4221-B2C2-93646B344729}) (Version: 2.50.025 - Dell)
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
NetWaiting (HKLM-x32\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.53 - BVRP Software, Inc)
NVIDIA PhysX (HKLM-x32\...\{9530AE42-DAE1-4619-9594-B23487285D17}) (Version: 9.11.1107 - NVIDIA Corporation)
Paint Shop Pro 7 Try And Buy (HKLM-x32\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.4.0000 - Jasc Software Inc)
Philips Retractable PC Controller (HKLM-x32\...\Philips Retractable PC Controller) (Version:  - )
QuickTime (HKLM-x32\...\{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}) (Version: 7.65.17.80 - Apple Inc.)
Real Alternative 2.0.2 (HKLM-x32\...\RealAlt_is1) (Version: 2.0.2 - )
RiffTrax DVD Player (x32 Version: 1.9.8.8 - RiffTrax) Hidden
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
SDP Downloader (HKLM-x32\...\{B547CB8D-549A-436E-97B5-E79F911B11E2}) (Version: 2.3.0 - SDP Multimedia)
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skins (x32 Version: 2008.0409.2231.38463 - ATI) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Super Mario Bros. X (HKLM-x32\...\Super Mario Bros. X) (Version:  - )
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
uTorrentControl2 Toolbar (HKLM-x32\...\uTorrentControl2 Toolbar) (Version: 6.8.11.4 - uTorrentControl2) <==== ATTENTION
Vista Codec Package (HKLM-x32\...\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}) (Version: 5.1.3 - Shark007)
VistaCodecs x64 Components v1.7.0 (HKLM\...\VistaCodecs x64 Components_is1) (Version: 1.7.0 - Shark007)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Media Encoder 9 Series x64 Edition (HKLM\...\Windows Media Encoder 9) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

20-03-2015 23:20:22 Scheduled Checkpoint
23-03-2015 05:21:56 Scheduled Checkpoint
24-03-2015 01:59:07 Windows Update
25-03-2015 00:00:26 Scheduled Checkpoint
27-03-2015 04:02:24 Scheduled Checkpoint
29-03-2015 21:30:48 Windows Update
31-03-2015 22:10:16 Scheduled Checkpoint
02-04-2015 00:00:06 Scheduled Checkpoint
02-04-2015 21:04:31 Scheduled Checkpoint
02-04-2015 23:13:49 Windows Update
03-04-2015 13:33:39 Device Driver Package Install: Corechip Semiconductor, Inc. Network adapters

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 08:34 - 2009-09-08 06:32 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02ADC3D5-095C-48E9-B11A-2339776498CF} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
Task: {0A7C9C56-BCC7-4C52-BBDA-370E3619CF6C} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Kris => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)
Task: {1372F740-5389-4AC5-938D-F1EC737F64E3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-30] (Google Inc.)
Task: {26C5F298-465E-4F7F-9FDF-A9ECBC66A15C} - System32\Tasks\Leader Technologies\PowerRegister\Seagate NA0LH4H4 Product Registration (Kris) => C:\Users\Kris\AppData\Roaming\Leadertech\PowerRegister\Seagate NA0LH4H4 Product Registration.exe
Task: {2CE3C139-BCB0-42D3-829D-86EABB78AF18} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-30] (Google Inc.)
Task: {3858CBB8-7B4B-4FAE-914C-56BB9591A536} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {4E36648C-4E9E-4CEE-B083-D896AFE34512} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {650F69E6-2E52-43B3-9904-096245C6B1FF} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {B5906F45-97AC-4A14-B4FD-CA71CE1480D1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-06] (AVAST Software)
Task: {F4123A61-6A81-41F9-B7E3-0C7924AE46C8} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-01-16 00:41 - 2014-12-08 02:27 - 06277952 _____ () C:\Users\Mitch\AppData\Local\Amazon Music\Amazon Music Helper.exe
2009-01-15 17:42 - 2009-03-16 16:26 - 00120320 _____ () C:\Windows\system32\atitmm64.dll
2014-08-27 10:56 - 2014-08-27 10:56 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\8e096e2e926e5c3322b933ec71be999a\VistaBridgeLibrary.ni.dll
2008-02-21 12:55 - 2008-02-21 12:55 - 00846336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-06 17:16 - 2014-07-06 17:16 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-07-06 17:16 - 2014-07-06 17:16 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:8B4F37E5

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3003745939-3766210737-3386188188-1004\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
HKU\S-1-5-21-3003745939-3766210737-3386188188-1005\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: dbWIMgmt => rundll32.exe "C:\Users\Kris\AppData\Local\SysMain64\dbWIMgmt.dll",Devobjmm msGL80

==================== Accounts: =============================

Administrator (S-1-5-21-3003745939-3766210737-3386188188-500 - Administrator - Disabled)
Guest (S-1-5-21-3003745939-3766210737-3386188188-501 - Limited - Enabled)
Mitch (S-1-5-21-3003745939-3766210737-3386188188-1004 - Administrator - Enabled) => C:\Users\Mitch
Sarah (S-1-5-21-3003745939-3766210737-3386188188-1005 - Limited - Enabled) => C:\Users\Sarah

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/03/2015 01:46:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/02/2015 11:34:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/02/2015 09:34:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/02/2015 08:04:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16563 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: cf4
Start Time: 01d06da125da6333
Termination Time: 0

Error: (04/02/2015 08:00:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/31/2015 09:00:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application IEXPLORE.EXE, version 9.0.8112.16563, time stamp 0x53d14764, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e00, exception code 0xc0000005, fault offset 0x00030226,
process id 0x10f8, application start time 0xIEXPLORE.EXE0.

Error: (03/31/2015 08:55:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/30/2015 10:50:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16563 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 2460
Start Time: 01d06b5c9e4e4837
Termination Time: 0

Error: (03/30/2015 10:48:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16563, time stamp 0x4549b470, faulting module Flash32_16_0_0_305.ocx, version 16.0.0.305, time stamp 0x54cff11b, exception code 0xc0000005, fault offset 0x0065cd8c,
process id 0x1e98, application start time 0xiexplore.exe0.

Error: (03/30/2015 10:43:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 9.0.8112.16563 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1028
Start Time: 01d06b5ae18b0777
Termination Time: 0


System errors:
=============
Error: (04/03/2015 03:04:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: avast! AntivirusaswMonFlt%%193

Error: (04/03/2015 03:04:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: aswMonFlt%%193

Error: (04/03/2015 01:46:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: avast! AntivirusaswMonFlt%%193

Error: (04/03/2015 01:46:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: aswMonFlt%%193

Error: (04/02/2015 11:34:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: avast! AntivirusaswMonFlt%%193

Error: (04/02/2015 11:34:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: aswMonFlt%%193

Error: (04/02/2015 11:19:10 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070663Security Update for Microsoft Office 2007 suites (KB2687499){5BD72FC8-8BDB-458A-95B8-4372212FE3CE}201

Error: (04/02/2015 11:19:10 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070663Security Update for Microsoft Office 2007 suites (KB2760585){E47BE4B1-5EF0-442F-995F-C000D5AFF062}201

Error: (04/02/2015 11:19:10 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070663Update for Microsoft Office 2007 suites (KB2767849){9293EC8F-E7E2-4072-BB3C-49CAA63DF364}200

Error: (04/02/2015 11:19:10 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070663Security Update for Microsoft Office 2007 suites (KB2760591){B3DD3F82-E43A-4F5F-819B-455A0AFBDF59}201


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2012-09-08 20:13:56.761
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Kris\TIS17.5pro_dell_en_setup\Setup\Engine\32bit\0x22000040\tmevtmgr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-08 20:13:56.612
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Kris\TIS17.5pro_dell_en_setup\Setup\Engine\32bit\0x22000040\tmevtmgr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-08 20:13:56.465
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Kris\TIS17.5pro_dell_en_setup\Setup\Engine\32bit\0x22000040\tmevtmgr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-08 20:13:56.291
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Kris\TIS17.5pro_dell_en_setup\Setup\Engine\32bit\0x22000040\tmevtmgr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-08 20:08:52.176
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Kris\en-US_TISDell_Download\Setup\Engine\32bit\0x22000040\tmevtmgr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-08 20:08:52.028
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Kris\en-US_TISDell_Download\Setup\Engine\32bit\0x22000040\tmevtmgr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-08 20:08:51.881
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Kris\en-US_TISDell_Download\Setup\Engine\32bit\0x22000040\tmevtmgr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-08 20:08:51.709
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Kris\en-US_TISDell_Download\Setup\Engine\32bit\0x22000040\tmevtmgr.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-01 21:25:08.895
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\DisplayFusion\DisplayFusionHookx64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-01 21:25:08.741
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\DisplayFusion\DisplayFusionHookx64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q8300 @ 2.50GHz
Percentage of memory in use: 39%
Total physical RAM: 6077.03 MB
Available physical RAM: 3672.36 MB
Total Pagefile: 12349.08 MB
Available Pagefile: 9669.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:683.57 GB) (Free:389.89 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:8.39 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: 90000000)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=683.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#29
sarahb16
Posted 03 April 2015 - 03:45 PM

sarahb16

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

I'm assuming it finished because it was idle for a while and there was no new updates.

 

 

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2015-04-03 17:29:02
-----------------------------
17:29:02.039    OS Version: Windows x64 6.0.6002 Service Pack 2
17:29:02.039    Number of processors: 4 586 0x170A
17:29:02.039    ComputerName: KRIS-PC  UserName: Mitch
17:29:07.656    Initialize success
17:29:07.715    VM: initialized successfully
17:29:07.716    VM: Intel CPU virtualization not supported
17:29:11.968    AVAST engine defs: 14082303
17:29:52.727    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:29:52.729    Disk 0 Vendor: ST375063 DE13 Size: 715404MB BusType: 3
17:29:52.837    Disk 0 MBR read successfully
17:29:52.839    Disk 0 MBR scan
17:29:53.278    Disk 0 Windows VISTA default MBR code
17:29:53.280    Disk 0 Partition 1 00     DE   Dell Utility Dell 8.0       62 MB offset 63
17:29:53.371    Disk 0 Partition 2 00     07      HPFS/NTFS NTFS        15360 MB offset 129024
17:29:53.455    Disk 0 Partition 3 80 (A) 07      HPFS/NTFS NTFS       699980 MB offset 31586304
17:29:53.608    Disk 0 scanning C:\Windows\system32\drivers
17:30:03.987    Service scanning
17:30:21.214    Modules scanning
17:30:23.558    AVAST engine scan C:\Windows
17:30:30.044    AVAST engine scan C:\Windows\system32
17:33:46.171    AVAST engine scan C:\Windows\system32\drivers
17:34:08.024    AVAST engine scan C:\Users\Mitch
17:42:33.539    Disk 0 MBR has been saved successfully to "C:\Users\Sarah\Desktop\MBR.dat"
17:42:33.544    The log file has been saved successfully to "C:\Users\Sarah\Desktop\aswMBRlog.txt"


  • 0

#30
sarahb16
Posted 03 April 2015 - 05:41 PM

sarahb16

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Not quite sure what's going on with ComboFix. Had the same error as the first time I tried to run it. It gets to stage 4, then stops entirely. I've made sure that nothing is running on either of the users. I've redownloaded it. Ran it as admin from both, but same thing happened. Is there an alternate to ComboFix?


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP