Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows 7 64 - runs deathly slow after period of inactivity

Started by Cldanzer , Aug 31 2015 04:06 AM

  • Please log in to reply

#16
emeraldnzl
Posted 22 October 2015 - 03:36 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

I am thinking this is not malware caused but it has been a while since we last looked so let's run another FRST scan and see if it finds anything.

 

If you still have FRST on your machine please run another scan with the Addition.txt box ticked and post back the two logs generated - FRST.txt and Addition.txt.

 

If you do not have FRST on your machine please follow these instructions:
 
Important - We ask that the tools we use be downloaded to your computers desktop.

If you are unsure about how to do that, please press the Show button beside Spoiler below to see guides for the most popular browsers:

Spoiler

Next

Please download Farbar Recovery Scan Tool from here and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

 

 

 


  • 0

Advertisements

#17
Cldanzer
Posted 23 October 2015 - 10:54 PM

Cldanzer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Thank you for your continuing interest in solving my problem. Logs posted below:-

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-10-2015 01
Ran by Chris (administrator) on CHRIS-PC (24-10-2015 17:29:49)
Running from C:\Users\Chris\Desktop
Loaded Profiles: Chris (Available Profiles: Chris)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(GFI Software Development Ltd.) C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBAMTray.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBAMSvc.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office10\OUTLOOK.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office10\EXCEL.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe
(GFI Software Development Ltd.) C:\Program Files (x86)\GFI\LanGuard 11 Agent\mantle.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SBAMTray] => C:\Program Files (x86)\VIPRE\SBAMTray.exe [3216272 2013-09-05] (ThreatTrack Security, Inc.)
HKU\S-1-5-21-744311427-3613361683-2156192224-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [456224 2010-07-29] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2014-08-31]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FileZilla FTP Client [2015-09-20] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2015-10-20]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{9728E498-3658-414D-A4B4-02C5A6722050}: [NameServer] 203.152.107.67,203.152.107.68
Tcpip\..\Interfaces\{CA3A5A93-558D-4554-9CB4-C1797E6F05DA}: [DhcpNameServer] 192.168.1.160

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-744311427-3613361683-2156192224-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-744311427-3613361683-2156192224-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKU\S-1-5-21-744311427-3613361683-2156192224-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO-x32: No Name -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-30] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO-x32: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\VSGN.dll [2013-09-05] ()
BHO-x32: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15] ()
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-08] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-30] (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-08] (Microsoft Corporation.)
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSGN.dll [2013-09-05] ()
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15] ()
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler-x32: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll [2013-09-05] ()

FireFox:
========
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\o1dgxq9c.default-1394664919408
FF Session Restore: -> is enabled.
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-17] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-17] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-08] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-10-01] (Adobe Systems Inc.)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 CLKMSVC10_34E30CCC; C:\Program Files (x86)\Acer\clear.fi\Movie\NavFilter\kmsvc.exe [240112 2011-07-21] (CyberLink)
S4 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-05-22] (Ellora Assets Corp.) [File not signed]
R2 gfi_lanss11_attservice; C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe [133496 2012-11-23] (GFI Software Development Ltd.)
S4 HiSuiteOuc64.exe; C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe [137024 2014-04-09] ()
S4 HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe [218432 2014-04-09] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
S3 PrintNotify; C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll [2987520 2014-10-29] (Microsoft Corporation) [File not signed]
R2 SBAMSvc; C:\Program Files (x86)\VIPRE\SBAMSvc.exe [3937472 2013-09-05] (ThreatTrack Security, Inc.)
R2 SBPIMSvc; C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [176016 2013-09-05] (ThreatTrack Security, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 AVer7231_x64; C:\Windows\System32\DRIVERS\AVer7231_x64.sys [1757952 2010-04-08] (AVerMedia TECHNOLOGIES, Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-08] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [88928 2013-06-18] (ThreatTrack Security, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-24 17:29 - 2015-10-24 17:30 - 00012431 _____ C:\Users\Chris\Desktop\FRST.txt
2015-10-24 17:29 - 2015-10-24 17:29 - 00000000 ____D C:\Users\Chris\Desktop\FRST-OlderVersion
2015-10-24 17:29 - 2015-10-24 17:29 - 00000000 ____D C:\FRST
2015-10-24 17:28 - 2015-10-24 17:29 - 02196480 _____ (Farbar) C:\Users\Chris\Desktop\FRST64.exe
2015-10-24 13:16 - 2015-10-24 13:17 - 00000000 ____D C:\Users\Chris\AppData\Local\{871EB70C-3668-4771-9C45-3D4FC76A3B9C}
2015-10-22 11:59 - 2015-10-22 12:01 - 00000000 ____D C:\Converted
2015-10-16 10:28 - 2015-10-21 18:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-11 05:25 - 2015-10-11 05:25 - 00000000 ____D C:\Users\Chris\AppData\Local\{BA5F84A8-5ED2-41B3-BA64-C79C25BCAB2D}
2015-10-10 08:04 - 2015-10-10 08:05 - 00000000 ____D C:\Users\Chris\AppData\Local\{A9F3C217-D0DD-4D13-A86C-4760631BB6F1}
2015-10-08 22:10 - 2015-10-08 22:10 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free FLV Player
2015-10-08 22:10 - 2015-10-08 22:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FLV Player
2015-10-08 22:10 - 2015-10-08 22:10 - 00000000 ____D C:\Program Files\Free FLV Player
2015-10-07 09:46 - 2015-10-07 09:46 - 00000000 ____D C:\Users\Chris\AppData\Local\CEF
2015-10-07 09:43 - 2015-10-19 11:53 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-07 09:43 - 2015-10-07 09:43 - 00002051 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-10-03 18:12 - 2015-10-20 09:47 - 00000787 _____ C:\Windows\wininit.ini
2015-10-03 14:30 - 2015-10-03 14:31 - 00000000 ____D C:\Users\Chris\AppData\Local\{12DE4FD3-3FAE-445F-B535-3862A4806148}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-24 17:06 - 2012-11-26 11:07 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-24 16:45 - 2012-02-15 10:07 - 01965144 _____ C:\Windows\WindowsUpdate.log
2015-10-24 14:42 - 2012-10-05 22:30 - 00000000 ____D C:\Bank
2015-10-24 14:39 - 2009-07-14 18:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-24 14:16 - 2012-10-05 22:30 - 00000000 ____D C:\QA
2015-10-24 13:21 - 2012-10-05 22:57 - 00000000 ____D C:\Users\Chris\Documents\Democrats
2015-10-24 10:51 - 2012-10-05 22:44 - 00000000 ____D C:\Users\Chris\Documents\Dancing
2015-10-24 10:26 - 2015-09-10 17:23 - 04442624 _____ C:\Users\Public\Documents\Classes Register.xls
2015-10-23 20:52 - 2009-07-14 17:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-23 20:52 - 2009-07-14 17:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-22 21:47 - 2012-12-20 20:39 - 00725504 _____ C:\Users\Public\Documents\Private Lessons.xls
2015-10-22 11:04 - 2012-10-05 22:42 - 00000000 ____D C:\Users\Chris\Documents\Chris
2015-10-21 18:37 - 2012-10-05 19:23 - 00000000 ____D C:\ProgramData\clear.fi
2015-10-21 18:36 - 2012-10-05 21:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-21 18:36 - 2010-11-21 16:47 - 00307822 _____ C:\Windows\PFRO.log
2015-10-21 18:36 - 2009-07-14 18:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-21 18:36 - 2009-07-14 17:51 - 00109114 _____ C:\Windows\setupact.log
2015-10-21 10:23 - 2015-01-27 18:52 - 00000000 ____D C:\Users\Chris\Documents\Buildings
2015-10-20 13:48 - 2015-06-25 23:23 - 00002673 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Outlook.lnk
2015-10-20 13:48 - 2015-06-25 23:23 - 00002657 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
2015-10-20 13:48 - 2015-06-25 23:23 - 00002655 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
2015-10-20 13:48 - 2015-06-25 23:23 - 00002609 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Open Office Document.lnk
2015-10-20 13:48 - 2015-06-25 23:23 - 00002599 _____ C:\ProgramData\Microsoft\Windows\Start Menu\New Office Document.lnk
2015-10-20 13:48 - 2012-10-05 22:25 - 00000376 _____ C:\Windows\ODBC.INI
2015-10-20 13:48 - 2012-10-05 22:24 - 00002625 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint.lnk
2015-10-20 13:48 - 2012-10-05 22:24 - 00002623 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Access.lnk
2015-10-20 13:48 - 2012-10-05 22:24 - 00002611 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft FrontPage.lnk
2015-10-20 13:48 - 2012-10-05 22:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2015-10-20 13:48 - 2009-07-14 15:34 - 00000531 _____ C:\Windows\win.ini
2015-10-20 09:39 - 2012-10-06 18:53 - 00001065 _____ C:\Windows\winamp.ini
2015-10-20 09:10 - 2012-10-30 15:21 - 00000000 ____D C:\Windows\System32\Tasks\NCH Swift Sound
2015-10-17 11:31 - 2012-11-26 11:06 - 00000000 ____D C:\Windows\Patches
2015-10-17 11:30 - 2015-08-25 16:07 - 00001034 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-17 11:30 - 2015-08-25 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-17 11:30 - 2015-08-25 16:07 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-17 11:30 - 2012-11-26 11:07 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-17 11:30 - 2012-10-12 15:50 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-17 11:30 - 2011-10-19 17:59 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-15 11:38 - 2015-05-16 20:27 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-15 10:01 - 2015-03-30 08:09 - 00000000 ____D C:\Users\Chris\AppData\Local\CrashDumps
2015-10-09 21:52 - 2011-10-19 17:26 - 00000000 ____D C:\ProgramData\Skype
2015-10-07 09:46 - 2014-06-16 16:00 - 00000000 ____D C:\Users\Chris\AppData\Local\Adobe
2015-10-07 09:43 - 2011-10-19 17:58 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-10-07 09:42 - 2011-10-19 17:58 - 00000000 ____D C:\ProgramData\Adobe
2015-10-05 09:50 - 2015-08-25 16:07 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-05 09:50 - 2015-08-25 16:07 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-05 09:50 - 2015-08-25 16:07 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-09-30 23:32 - 2009-07-14 16:20 - 00000000 ____D C:\Windows\system32\NDF
2015-09-29 12:28 - 2012-10-28 21:54 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client

==================== Files in the root of some directories =======

2013-10-27 23:47 - 2013-10-27 23:48 - 0012067 _____ () C:\Users\Chris\AppData\Local\HWVendorDetection.log
2015-08-13 11:17 - 2015-08-13 11:26 - 0007605 _____ () C:\Users\Chris\AppData\Local\resmon.resmoncfg
2012-02-15 10:29 - 2012-02-15 10:30 - 0002678 _____ () C:\ProgramData\ArcadeDeluxe5.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-21 00:02

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-10-2015 01
Ran by Chris (2015-10-24 17:31:02)
Running from C:\Users\Chris\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-10-05 06:11:50)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-744311427-3613361683-2156192224-500 - Administrator - Disabled)
Chris (S-1-5-21-744311427-3613361683-2156192224-1001 - Administrator - Enabled) => C:\Users\Chris
Guest (S-1-5-21-744311427-3613361683-2156192224-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-744311427-3613361683-2156192224-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ThreatTrack Security VIPRE (Enabled - Up to date) {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ThreatTrack Security VIPRE (Enabled - Up to date) {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
FW: ThreatTrack Security VIPRE (Enabled) {C7D2BC33-B766-03DA-EC8C-2222CF65E72A}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3505 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3503 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0609.2011 - Acer Incorporated)
Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
Adobe Acrobat 6.0.1 Professional (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000001}) (Version: 006.000.001 - Adobe Systems)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20071 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe InDesign 2.0 (HKLM-x32\...\Adobe InDesign 2.0) (Version: 2.0 - Adobe Systems, Inc.)
Adobe Photoshop 6.0 (HKLM-x32\...\Adobe Photoshop 6.0) (Version: 6.0 - Adobe Systems, Inc.)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO64 Codecs (Version: 11.6.0.10405 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{112F562D-96D7-13A7-762F-AFDB7A7B4F5E}) (Version: 3.0.820.0 - ATI Technologies, Inc.)
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version:  - )
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{C28D96C0-6A90-459E-A077-A6706F4EC0FC}) (Version: 7.0.765.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bullzip PDF Printer 10.6.0.2267 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.6.0.2267 - Bullzip)
C5150n - C5200n  Series GDI Driver from OKI® Printing Solutions for Windows  (HKLM-x32\...\{2C52D6EB-EE7E-45C4-AFB8-1242164A4A44}) (Version: 210 - OKI® Printing Solutions)
clear.fi  (x32 Version: 1.5.1717_38186 - CyberLink Corp.) Hidden
clear.fi  (x32 Version: 9.0.8031 - CyberLink Corp.) Hidden
clear.fi (HKLM-x32\...\InstallShield_{37126D87-E4FD-4614-B908-A0BB7ECE3992}) (Version: 1.5.2212.35 - CyberLink Corp.)
clear.fi (x32 Version: 1.5.2212.35 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.05.3002 - Acer Incorporated)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Crazy Chicken Kart 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Etron USB3.0 Host Controller (x32 Version: 0.103 - Etron Technology) Hidden
Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)
FastStone Capture 5.3 (HKLM-x32\...\FastStone Capture) (Version: 5.3 - FastStone Soft)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
FileZilla Client 3.14.0 (HKLM-x32\...\FileZilla Client) (Version: 3.14.0 - Tim Kosse)
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.0.8 - FUHU, Inc.)
Fooz Kids (x32 Version: 3.0.8 - FUHU, Inc.) Hidden
Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free FLV Player (HKLM-x32\...\Free FLV Player) (Version:  - )
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.0 - Ellora Assets Corporation)
FreeOCR v4.2 (HKLM-x32\...\freeocr_is1) (Version:  - )
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 32.610.27.00.06 - Huawei Technologies Co.,Ltd)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3505 - Acer Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
imagePROGRAF Printer Driver Extra Kit (HKLM-x32\...\{A2FF9286-F7D9-43B9-8CA2-11D48A08810B}) (Version: 2.11.00 - Canon)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
iTunes (HKLM\...\{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}) (Version: 11.0.0.163 - Apple Inc.)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.9 - Kobo Inc.)
LibreOffice 3.6 (HKLM-x32\...\{1E85458A-9B00-443F-A187-2E06DBB15E43}) (Version: 3.6.2.2 - The Document Foundation)
LibreOffice 3.6 Help Pack (English (United Kingdom)) (HKLM-x32\...\{CEAC6936-6FFB-4DC1-926B-5C8E7CBDE7C9}) (Version: 3.6.2.2 - The Document Foundation)
Macromedia FreeHand MX (HKLM-x32\...\{8B4AE751-7055-4518-87B0-E148A8D50D0A}) (Version: 11 - Macromedia)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.3205.0) (Version: 4.0.3205.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{F9EC30D1-F688-4708-9850-CB5120074AAA}) (Version: 4.0.3205.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM-x32\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.25 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.25 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.15 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.15 - Egis Technology Inc.) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Nokia Connectivity Cable Driver (HKLM-x32\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Pavtube YouTube Converter version: 1.3.2.2376 (HKLM-x32\...\{93933456-3466-4F28-AE84-EF0042EC6936}_is1) (Version:  - )
PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6257 - Realtek Semiconductor Corp.)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14083.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14083.17 - Samsung Electronics Co., Ltd.) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
TempoPerfect Metronome Software (HKLM-x32\...\TempoPerfect) (Version:  - NCH Software)
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VIPRE Internet Security (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 7.0.6.2 - ThreatTrack Security, Inc.)
VIPRE Internet Security (x32 Version: 7.0.6.2 - ThreatTrack Security, Inc.) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Driver Package - Nokia Modem  (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows Driver Package - Nokia Modem  (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

21-09-2015 11:13:02 End of disinfection
21-09-2015 11:29:08 Removed Java 7 Update 80
29-09-2015 00:00:02 Scheduled Checkpoint
07-10-2015 00:00:02 Scheduled Checkpoint
14-10-2015 01:28:26 Scheduled Checkpoint
21-10-2015 19:21:18 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 15:34 - 2015-09-09 22:56 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {20D28428-224D-42E4-93A6-57A3B0FACF04} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-10-12] (CyberLink)
Task: {31EF03B4-5876-4AE5-8A54-530350AB6363} - System32\Tasks\{14DA682A-50F6-4ABD-AA37-95405AEB3449} => C:\QA2\QA1.EXE [1991-06-06] ()
Task: {3DF02248-8BCB-4756-9756-57B475FB4305} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-10-12] (Acer Incorporated)
Task: {3E03C7DA-002E-4D5F-9480-898440D7EC7A} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-10-12] (CyberLink Corp.)
Task: {4F68CFCF-360B-4148-AEF8-6901367485B9} - System32\Tasks\{FCE5F899-349E-478E-BB95-7AC583F61A8E} => C:\QA\QA1.EXE [1991-06-06] ()
Task: {552FF3AD-D521-4324-A07F-26C4127B56EF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-17] (Adobe Systems Incorporated)
Task: {5E00A274-7FB4-4325-9C5A-FE14EAE9B175} - System32\Tasks\{29DCE82C-1CEC-4012-BFEF-D36E8288FAE2} => C:\QA\QA1.EXE [1991-06-06] ()
Task: {9E39B6E6-DB73-4752-8996-B59BE4740AA0} - System32\Tasks\{21E34F7B-68D3-481F-908D-DA2B3A1037B5} => C:\QA\QA1.EXE [1991-06-06] ()
Task: {BCEC264D-63D6-45DD-B23F-6491B9F5B3C2} - System32\Tasks\{8485DC14-1B80-4D36-935A-36A85FB0E137} => C:\QA2\QA1.EXE [1991-06-06] ()
Task: {E0C6E7FD-04EC-413B-8596-1EEB6303D9DC} - System32\Tasks\{FCEC68F9-AB89-4E0C-B0EB-8B99DE6B3291} => C:\QA2\QA1.EXE [1991-06-06] ()
Task: {E816062F-5EA3-49DE-A5E5-5BE3FC6DC286} - System32\Tasks\NCH Swift Sound\tempoperfectShakeIcon => C:\Program Files (x86)\NCH Swift Sound\TempoPerfect\TempoPerfect.exe [2012-10-30] (NCH Software)
Task: {E8A5A714-7070-4DE8-B630-76A26456D9C4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {FB7B01E2-F069-4727-92C3-C914F8338A75} - System32\Tasks\VIPRE Upgrade Task => C:\PROGRAM FILES\COMMON FILES\AV\ThreatTrack Security VIPRE\Upgrade.exe [2015-08-14] (ThreatTrack Security Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2015-09-17 01:15 - 2015-09-17 01:15 - 00043480 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-04-06 19:16 - 2011-04-06 19:16 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-15 11:21 - 2011-03-15 11:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-11-23 09:53 - 2012-11-23 09:53 - 00329592 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\apistrings.dll
2012-11-23 09:56 - 2012-11-23 09:56 - 00159608 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\modlop.dll
2012-11-23 09:54 - 2012-11-23 09:54 - 00100728 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\httpserverattplugin.dll
2012-11-23 09:46 - 2012-11-23 09:46 - 02029600 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\crmimodule.dll
2012-11-23 09:58 - 2012-11-23 09:58 - 00208760 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\patchautodownload.dll
2009-07-14 10:03 - 2009-07-14 14:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2012-12-07 10:02 - 2012-12-07 10:02 - 00183160 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\scanmngsys.dll
2012-11-23 09:58 - 2012-11-23 09:58 - 00049528 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\schedcompactdb.dll
2012-11-23 09:58 - 2012-11-23 09:58 - 00054648 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\schedupdates.dll
2012-02-20 22:26 - 2012-02-20 22:26 - 00160768 _____ () C:\Program Files (x86)\VIPRE\unrar.dll
2014-01-30 23:53 - 2015-06-26 04:13 - 00184184 _____ () C:\Program Files (x86)\VIPRE\Definitions\libBase64.dll
2014-01-30 23:53 - 2015-06-26 04:13 - 00175992 _____ () C:\Program Files (x86)\VIPRE\Definitions\libMachoUniv.dll
2012-02-15 10:29 - 2011-10-12 23:22 - 00370984 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2014-11-24 14:12 - 2014-11-24 14:12 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll
2012-02-15 10:19 - 2010-11-06 20:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2003-11-04 11:46 - 2003-11-04 11:46 - 01425408 _____ () C:\Program Files (x86)\Adobe\Acrobat 6.0\PDFMaker\Common\AdobePDFMakerX.dll
2015-10-17 11:30 - 2015-10-17 11:30 - 17599688 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-744311427-3613361683-2156192224-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 203.152.107.67 - 203.152.107.68
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AppIDSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: aspnet_state => 3
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BBSvc => 3
MSCONFIG\Services: BBUpdate => 2
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: BITS => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: CertPropSvc => 3
MSCONFIG\Services: CLKMSVC10_34E30CCC => 2
MSCONFIG\Services: clr_optimization_v4.0.30319_32 => 2
MSCONFIG\Services: clr_optimization_v4.0.30319_64 => 2
MSCONFIG\Services: COMSysApp => 3
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: EFS => 3
MSCONFIG\Services: EgisTec Ticket Service => 3
MSCONFIG\Services: ehRecvr => 3
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: FontCache3.0.0.0 => 3
MSCONFIG\Services: FreemakeVideoCapture => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: HiSuiteOuc64.exe => 2
MSCONFIG\Services: hkmsvc => 3
MSCONFIG\Services: HuaweiHiSuiteService64.exe => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: wlidsvc => 3
MSCONFIG\Services: wmiApSrv => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: WwanSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acrobat Assistant.lnk => C:\Windows\pss\Acrobat Assistant.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk => C:\Windows\pss\Adobe Gamma Loader.exe.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcadeMovieService => "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
MSCONFIG\startupreg: EgisTecPMMUpdate => "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
MSCONFIG\startupreg: EgisUpdate => "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
MSCONFIG\startupreg: Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MSCONFIG\startupreg: iTunesHelper => "K:\iTunesHelper.exe"
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B1F5ED83-050F-4FEE-950D-D9E9E399605C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{BFEC7036-2468-4B89-80FD-E5567F91237A}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{F073B739-27DF-4C11-8313-9707FD109DD1}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{1874DF8B-56D6-45EB-B954-6533D82A2B5E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{CA2FF8AC-46EB-4494-A860-190BD9BBFB71}] => (Allow) LPort=2869
FirewallRules: [{7BCE7480-8324-4E12-A4BE-0439C5C9F6C2}] => (Allow) LPort=1900
FirewallRules: [{A8516239-47B1-42E2-B1EE-14F48BAA9183}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{16D95E50-8538-4BEE-85DF-BBE8FE568A47}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{712F9FDC-C5BE-4F3F-8302-FC85DF327B75}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{23A22EC7-029D-496C-922D-F7871882AC64}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{670E3C0C-8C76-49D5-9034-476E30C703CA}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{03671EF4-7814-4A24-9E0E-D9D4F787C870}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{6F96F3FF-44D9-4952-8BFD-A80CC07FC2ED}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{A1EB7128-C60B-41BE-8D12-68F55BC5400F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{22227165-E940-4477-B728-D3AE43334BCC}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{2CE327A1-32B4-49B4-AF45-000E9705D282}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
FirewallRules: [{C89CA1E7-8DF3-43D1-8C5C-EE2EAC41CC94}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\PlayMovie.exe
FirewallRules: [{0F4808BE-9BE3-4E0B-98E5-B966A928AE32}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{4E2C510C-41A3-4A4F-93AA-6DC6308C0685}] => (Allow) LPort=445
FirewallRules: [{EE4AFD2C-10D4-4A69-8937-3258C31E6D38}] => (Allow) LPort=5355
FirewallRules: [{53076430-F3A1-4D08-BA00-EF230167946B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{2243A8A9-545A-4536-8342-639D4A8CB191}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{75577A7E-0AB9-4FDC-AB5D-250E17124CF8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{59602166-1CFA-4353-B976-38DCCF9774A4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9B3FEBEB-92C6-4812-A7D0-F19911728D72}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{95D2D874-498D-4E56-9E61-1ABE6AB3C2AC}] => (Allow) K:\iTunes.exe
FirewallRules: [{02CD0C0D-73A5-4D49-AE42-B4F03F5591BB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{96890A7F-0B87-48CA-9055-32560A643BAD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============

Name: 802.11n Wireless LAN Card
Description: 802.11n Wireless LAN Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Ralink Technology, Corp.
Service: netr28x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/24/2015 01:16:40 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x80070422

Error: (10/21/2015 06:38:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/20/2015 01:34:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OUTLOOK.EXE version 10.0.6863.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: edc

Start Time: 01d10ac5fa82252d

Termination Time: 8

Application Path: C:\Program Files (x86)\Microsoft Office\Office10\OUTLOOK.EXE

Report Id: 6b56e606-76bf-11e5-bf49-386077ec3139

Error: (10/20/2015 12:23:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OUTLOOK.EXE version 10.0.6863.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1520

Start Time: 01d10ab0590b4c4c

Termination Time: 7

Application Path: C:\Program Files (x86)\Microsoft Office\Office10\OUTLOOK.EXE

Report Id: 646ad0fd-76b8-11e5-bf49-386077ec3139

Error: (10/20/2015 09:45:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program audacity.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: fc8

Start Time: 01d106d25e12a015

Termination Time: 34

Application Path: C:\Program Files (x86)\Audacity\audacity.exe

Report Id: 88440a25-769f-11e5-bf49-386077ec3139

Error: (10/19/2015 11:53:31 AM) (Source: MsiInstaller) (EventID: 1024) (User: Chris-PC)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F094E6700}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Error: (10/17/2015 12:31:38 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007041d, The service did not respond to the start or control request in a timely fashion.
.


Operation:
   Instantiating VSS server

Error: (10/17/2015 12:31:38 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x8007041d, The service did not respond to the start or control request in a timely fashion.
]


Operation:
   Instantiating VSS server

Error: (10/17/2015 12:21:38 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007041d, The service did not respond to the start or control request in a timely fashion.
.


Operation:
   Instantiating VSS server

Error: (10/17/2015 12:21:38 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x8007041d, The service did not respond to the start or control request in a timely fashion.
]


Operation:
   Instantiating VSS server


System errors:
=============
Error: (10/24/2015 04:43:08 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (10/21/2015 06:35:40 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Diagnostics Tracking Service service did not shut down properly after receiving a preshutdown control.

Error: (10/21/2015 06:35:07 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (10/21/2015 06:30:34 PM) (Source: srv) (EventID: 2017) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Error: (10/21/2015 06:27:33 PM) (Source: srv) (EventID: 2017) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Error: (10/21/2015 06:26:21 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (10/21/2015 06:18:33 PM) (Source: srv) (EventID: 2017) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Error: (10/21/2015 06:17:33 PM) (Source: srv) (EventID: 2017) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Error: (10/21/2015 06:16:33 PM) (Source: srv) (EventID: 2017) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Error: (10/21/2015 06:15:33 PM) (Source: srv) (EventID: 2017) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.


CodeIntegrity:
===================================
  Date: 2015-09-09 21:54:12.370
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-09 21:54:12.338
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 53%
Total physical RAM: 4076.26 MB
Available physical RAM: 1882.71 MB
Total Virtual: 8150.72 MB
Available Virtual: 5021.92 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:921.95 GB) (Free:820.04 GB) NTFS
Drive d: (Spare) (Fixed) (Total:531.34 GB) (Free:488.26 GB) NTFS
Drive k: (Music) (Fixed) (Total:390.62 GB) (Free:363.92 GB) NTFS
Drive l: (LEXAR) (Removable) (Total:7.46 GB) (Free:6.56 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 5F87C96F)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Not Active) - (Size=19 GB) - (Type=27)
Partition 3: (Active) - (Size=100 MB) - (Type=42)
Partition 4: (Not Active) - (Size=922 GB) - (Type=42)

========================================================
Disk: 6 (Size: 7.5 GB) (Disk ID: 4715723B)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0B)

==================== End of Addition.txt ============================


  • 0

#18
emeraldnzl
Posted 24 October 2015 - 01:57 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Firstly, it looks like you haven't followed the instructions at post #8 to remove ComboFix and the other tools we were using. Leaving old tools on a machine is not recommended. They outdate very quickly and are of little use. As far as ComboFix itself is concerned; it has an in built expiration limit which means that while it will still run it is in a limited functionality mode. There is no point in keeping it.

Now

  • Please go to VirSCAN.org FREE on-line scan service
  • - Note: Please use Internet Explorer for this one
  • Click on  "Choose file"box on the top of the page:
  • Navigate to Local Disk C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
  • Click on the Scan button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

Next

Download CKScanner from here

Important : Save it to your desktop.

  • Doubleclick (Vista and above - right click and run as Administrator) CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

  • 0

#19
Cldanzer
Posted 25 October 2015 - 02:35 AM

Cldanzer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Sorry - I had forgotten I had Combofix in a "Download " folder on Drive D. I copied it from there to the desktop to use, and subsequently did remove it as per your instructions, but forgot about the download folder. I have removed it from there now.

The "Copy to Clipboard" button did not work so I have copied the report below:-

File information File Name : PrintConfig.dll (File not down) File Size :2987520 byte File Type :application/x-dosexec MD5:e3514ce7cb4af80ecca383f065bc77c0 SHA1:85055037dc6dbdf92b6afdb2ba3ff318a64214c4
 
Scanner results Scanner results:0%Scanner(s) (0/39)found malware! Time: 2015-10-25 15:13:23 (CST)   arrow-up.gifarrow-down.gif Scanner Engine Ver Sig Ver Sig Date Scan result Time ahnlab 9.9.9 9.9.9 2013-05-28 Found nothing 60 antivir 1.9.2.0 1.9.159.0 7.12.20.194 Found nothing 17 antiy AVL SDK 3.0 2014112615531100 2014-11-26 Found nothing 60 arcavir 1.0 2011 2014-05-30 Found nothing 9 asquared 9.0.0.4157 9.0.0.4157 2014-07-30 Found nothing 60 avast 151024-0 4.7.4 2015-10-24 Found nothing 35 avg 2109/10379 10.0.1405 2015-10-24 Found nothing 1 baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 15 baidusd 1.0 1.0 2014-04-02 Found nothing 36 bitdefender 7.58879 7.90123 2015-01-16 Found nothing 1 clamav 21001 0.97.5 2015-10-23 Found nothing 3 comodo 15023 5.1 2015-08-01 Found nothing 60 ctch 4.6.5 5.3.14 2013-12-01 Found nothing 1 drweb 5.0.2.3300 5.0.1.1 2015-10-20 Found nothing 33 fortinet 28.950, 28.950, 28.950, 28.950 5.1.158 2015-10-24 Found nothing 1 fprot 4.6.2.117 6.5.1.5418 2015-10-24 Found nothing 1 fsecure 2015-08-01-02 9.13 2015-08-01 Found nothing 1 gdata 24.3819 24.3819 2014-08-29 Found nothing 60 hauri 2.73 2.73 2015-01-30 Found nothing 11 ikarus 1.06.01 V1.32.31.0 2015-10-24 Found nothing 16 jiangmin 16.0.100 1.0.0.0 2015-07-30 Found nothing 60 kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 20 kingsoft 2.1 2.1 2013-09-22 Found nothing 60 mcafee 7879 5400.1158 2015-07-31 Found nothing 8 nod32 1777 3.0.21 2015-06-12 Found nothing 1 panda 9.05.01 9.05.01 2014-06-15 Found nothing 60 pcc 12.106.07 9.500-1005 2015-10-24 Found nothing 1 qh360 1.0.1 1.0.1 1.0.1 Found nothing 60 qqphone 1.0.0.0 1.0.0.0 2015-10-25 Found nothing 2 quickheal 14.00 14.00 2014-06-14 Found nothing 60 rising 25.17.00.04 25.17.00.04 2014-06-02 Found nothing 60 sophos 5.17 3.60.0 2015-08-01 Found nothing 7 sunbelt 3.9.2589.2 3.9.2589.2 2014-06-13 Found nothing 60 symantec 20151023.005 1.3.0.24 2015-10-23 Found nothing 1 tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 60 thehacker 6.8.0.5 6.8.0.5 2014-06-12 Found nothing 60 tws 17.47.17308 1.0.2.2108 2014-06-16 Found nothing 60 vba 3.12.26.4 3.12.26.4 2015-10-23 Found nothing 4 virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing

15

Here's the CK Scanner File :-

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\acer\clear.fi\movie\navfilter\kmsvc.exe
scanner sequence 3.NA.11.FGAPNZ
 ----- EOF -----
 

Thanks.


  • 0

#20
emeraldnzl
Posted 25 October 2015 - 04:27 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Nothing leaping out there. :)

 

Moving on

 

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Windows 8 & 8.1 users may face another warning from the Windows SmartScreen Protection - please click More information and Run.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you may need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

Disable your security programs.

  • Click the blue Run ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
     then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow/install to install. If your firewall asks whether you want to allow installation, say yes. If asked, click yes to allow the program to run on your computer.
  • Check "Enable detection of potentially unwanted applications"
  • Click on Start and say yes to allow the program to proceed.
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed click "List of found threats" and click again on Copy to clipboard. Open notepad and past in the clipboard list. Save it as ESET log somewhere that you can find .
  • After that click the button "Back"
  • Select and check Uninstall application on close and Delete quarantined files.
  • Then click on: Finish
  • Copy and paste the ESET log back here and tell me how your machine is now.

 


  • 0

#21
Cldanzer
Posted 25 October 2015 - 09:48 PM

Cldanzer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Eset log below:-

 

C:\Program Files (x86)\NCH Swift Sound\TempoPerfect\tempoperfect.exe    a variant of Win32/Toolbar.Conduit.K potentially unwanted application    cleaned by deleting - quarantined
C:\Program Files (x86)\NCH Swift Sound\TempoPerfect\tpsetup_v2.02.exe    a variant of Win32/Toolbar.Conduit.K potentially unwanted application    deleted - quarantined
C:\Program Files (x86)\NCH Swift Sound\TempoPerfect\uninst.exe    a variant of Win32/Toolbar.Conduit.K potentially unwanted application    cleaned by deleting - quarantined
D:\Downloads\isobuster_all_lang.exe    a variant of Win32/Toolbar.Conduit.AI potentially unwanted application    deleted - quarantined
D:\Downloads\tpsetup.exe    a variant of Win32/Toolbar.Conduit.K potentially unwanted application    deleted - quarantined
D:\Downloads\YouTubeDownloaderSetup33.exe    a variant of Win32/Toolbar.Widgi potentially unwanted application    deleted - quarantined
 

I will give the computer a run for a few days and see what happens, but I get the feeling that what shows in the log file is not sufficient to be causing my problem.

 

I do appreciate your continuing efforts to solve the problem.


  • 0

#22
emeraldnzl
Posted 27 October 2015 - 12:56 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

 

I will give the computer a run for a few days and see what happens, but I get the feeling that what shows in the log file is not sufficient to be causing my problem.

 

Look forward to hearing how it goes.


  • 0

#23
emeraldnzl
Posted 25 November 2015 - 05:47 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0

#24
emeraldnzl
Posted 10 December 2015 - 02:24 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Topic re-opened at users request.

 

Please run a fresh FRST scan with the Addition.txt box ticked and post back the two logs generated - FRST.txt and Addition.txt.


  • 0

#25
Cldanzer
Posted 23 December 2015 - 04:39 PM

Cldanzer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Thanks for taking another look at my issue.

 

There doesn't seem to be any pattern to the problem other than it often happens when I return to use the computer after a period of inactivity. I never turn it off other than an occasional restart and have it set not to go into sleep mode, so often have 5 or 6 programmes running - Outlook, Excel (with several files open), Word (with several files open), Acrobat Pro (with several files open), Firefox, Explorer, Freehand, Photoshop. I go to save a file and it takes minutes to do so. It can then take up to half an hour to save open files and close programmes so that I can restart the computer. It then runs fine for some time - often days at a time.

 

FRST files below:-

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-12-2015
Ran by Chris (administrator) on CHRIS-PC (24-12-2015 08:10:35)
Running from D:\Downloads
Loaded Profiles: Chris (Available Profiles: Chris)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(GFI Software Development Ltd.) C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBAMTray.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBAMSvc.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office10\EXCEL.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office10\OUTLOOK.EXE


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SBAMTray] => C:\Program Files (x86)\VIPRE\SBAMTray.exe [3216272 2013-09-05] (ThreatTrack Security, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
HKU\S-1-5-21-744311427-3613361683-2156192224-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [456224 2010-07-29] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2014-08-31]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FileZilla FTP Client [2015-10-25] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk %5 Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-24 08:10 - 2015-10-24 17:29 - 00000000 ____D C:\FRST
2015-12-24 08:06 - 2012-11-26 11:07 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-24 08:01 - 2012-10-05 22:42 - 00000000 ____D C:\Users\Chris\Documents\Chris
2015-12-24 07:40 - 2012-10-05 22:44 - 00000000 ____D C:\Users\Chris\Documents\Dancing
2015-12-24 07:35 - 2009-07-14 17:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-24 07:35 - 2009-07-14 17:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-24 07:32 - 2009-07-14 18:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-24 07:32 - 2009-07-14 16:20 - 00000000 ____D C:\Windows\inf
2015-12-24 07:28 - 2012-10-05 19:23 - 00000000 ____D C:\ProgramData\clear.fi
2015-12-24 07:27 - 2012-10-05 21:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-24 07:27 - 2009-07-14 18:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-24 07:21 - 2012-10-05 23:00 - 00000000 ____D C:\Users\Chris\Documents\Trade Me
2015-12-23 19:49 - 2012-11-26 11:07 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-23 19:49 - 2012-11-26 11:06 - 00000000 ____D C:\Windows\Patches
2015-12-23 19:49 - 2012-10-12 15:50 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-23 19:49 - 2011-10-19 17:59 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-23 19:49 - 2011-10-19 17:26 - 00000000 ____D C:\ProgramData\Skype
2015-12-23 19:00 - 2015-03-30 08:09 - 00000000 ____D C:\Users\Chris\AppData\Local\CrashDumps
2015-12-23 13:52 - 2015-09-10 17:23 - 03950592 _____ C:\Users\Public\Documents\Classes Register.xls
2015-12-20 09:51 - 2015-10-03 18:12 - 00001036 _____ C:\Windows\wininit.ini
2015-12-19 21:16 - 2009-07-14 16:20 - 00000000 ____D C:\Windows\rescache
2015-12-19 19:40 - 2009-07-14 17:45 - 00326448 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-19 19:32 - 2013-03-15 03:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-19 19:31 - 2013-03-15 03:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-19 19:31 - 2013-03-15 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-19 19:30 - 2013-08-14 17:51 - 00000000 ____D C:\Windows\system32\MRT
2015-12-19 19:26 - 2012-10-06 12:39 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-19 19:16 - 2012-10-05 22:30 - 00000000 ____D C:\Bank
2015-12-19 11:57 - 2012-12-20 20:39 - 00762880 _____ C:\Users\Public\Documents\Private Lessons.xls
2015-12-12 22:40 - 2012-10-06 18:53 - 00001065 _____ C:\Windows\winamp.ini
2015-12-08 11:34 - 2014-06-07 12:51 - 00000000 ____D C:\Program Files (x86)\Java
2015-12-06 14:04 - 2012-10-05 22:57 - 00000000 ____D C:\Users\Chris\Documents\Democrats
2015-12-06 10:19 - 2012-10-05 22:30 - 00000000 ____D C:\QA
2015-12-03 11:21 - 2012-10-05 20:56 - 00000000 ____D C:\Users\Chris\AppData\Local\ElevatedDiagnostics
2015-12-03 10:18 - 2009-07-14 16:20 - 00000000 ____D C:\Windows\system32\NDF
2015-12-03 09:29 - 2015-02-06 12:27 - 00766376 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-12-03 09:28 - 2010-11-21 20:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-26 02:25 - 2015-10-07 09:43 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2013-10-27 23:47 - 2013-10-27 23:48 - 0012067 _____ () C:\Users\Chris\AppData\Local\HWVendorDetection.log
2015-08-13 11:17 - 2015-08-13 11:26 - 0007605 _____ () C:\Users\Chris\AppData\Local\resmon.resmoncfg
2012-02-15 10:29 - 2012-02-15 10:30 - 0002678 _____ () C:\ProgramData\ArcadeDeluxe5.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-20 00:34

==================== End of FRST.txt ============================

 

 

*************************************************************************************************************************************************************************************

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-12-2015
Ran by Chris (2015-12-24 08:12:15)
Running from D:\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2012-10-05 06:11:50)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-744311427-3613361683-2156192224-500 - Administrator - Disabled)
Chris (S-1-5-21-744311427-3613361683-2156192224-1001 - Administrator - Enabled) => C:\Users\Chris
Guest (S-1-5-21-744311427-3613361683-2156192224-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-744311427-3613361683-2156192224-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ThreatTrack Security VIPRE (Enabled - Up to date) {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ThreatTrack Security VIPRE (Enabled - Up to date) {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
FW: ThreatTrack Security VIPRE (Enabled) {C7D2BC33-B766-03DA-EC8C-2222CF65E72A}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.12 (HKLM-x32\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3505 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3503 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0609.2011 - Acer Incorporated)
Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
Adobe Acrobat 6.0.1 Professional (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000001}) (Version: 006.000.001 - Adobe Systems)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.204 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe InDesign 2.0 (HKLM-x32\...\Adobe InDesign 2.0) (Version: 2.0 - Adobe Systems, Inc.)
Adobe Photoshop 6.0 (HKLM-x32\...\Adobe Photoshop 6.0) (Version: 6.0 - Adobe Systems, Inc.)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO64 Codecs (Version: 11.6.0.10405 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{112F562D-96D7-13A7-762F-AFDB7A7B4F5E}) (Version: 3.0.820.0 - ATI Technologies, Inc.)
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version:  - )
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{C28D96C0-6A90-459E-A077-A6706F4EC0FC}) (Version: 7.0.765.0 - Microsoft Corporation)
BlueGriffon version 1.8 (HKLM-x32\...\{A9015334-10BE-4D64-A776-203336EFE806}_is1) (Version: 1.8 - Disruptive Innovations SAS)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bullzip PDF Printer 10.6.0.2267 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.6.0.2267 - Bullzip)
C5150n - C5200n  Series GDI Driver from OKI® Printing Solutions for Windows  (HKLM-x32\...\{2C52D6EB-EE7E-45C4-AFB8-1242164A4A44}) (Version: 210 - OKI® Printing Solutions)
clear.fi  (x32 Version: 1.5.1717_38186 - CyberLink Corp.) Hidden
clear.fi  (x32 Version: 9.0.8031 - CyberLink Corp.) Hidden
clear.fi (HKLM-x32\...\InstallShield_{37126D87-E4FD-4614-B908-A0BB7ECE3992}) (Version: 1.5.2212.35 - CyberLink Corp.)
clear.fi (x32 Version: 1.5.2212.35 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.05.3002 - Acer Incorporated)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Crazy Chicken Kart 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Etron USB3.0 Host Controller (x32 Version: 0.103 - Etron Technology) Hidden
Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)
FastStone Capture 5.3 (HKLM-x32\...\FastStone Capture) (Version: 5.3 - FastStone Soft)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.0.8 - FUHU, Inc.)
Fooz Kids (x32 Version: 3.0.8 - FUHU, Inc.) Hidden
Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free FLV Player (HKLM-x32\...\Free FLV Player) (Version:  - )
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.0 - Ellora Assets Corporation)
FreeOCR v4.2 (HKLM-x32\...\freeocr_is1) (Version:  - )
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 32.610.27.00.06 - Huawei Technologies Co.,Ltd)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3505 - Acer Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
imagePROGRAF Printer Driver Extra Kit (HKLM-x32\...\{A2FF9286-F7D9-43B9-8CA2-11D48A08810B}) (Version: 2.11.00 - Canon)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
iTunes (HKLM\...\{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}) (Version: 11.0.0.163 - Apple Inc.)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.9 - Kobo Inc.)
LibreOffice 3.6 (HKLM-x32\...\{1E85458A-9B00-443F-A187-2E06DBB15E43}) (Version: 3.6.2.2 - The Document Foundation)
LibreOffice 3.6 Help Pack (English (United Kingdom)) (HKLM-x32\...\{CEAC6936-6FFB-4DC1-926B-5C8E7CBDE7C9}) (Version: 3.6.2.2 - The Document Foundation)
Macromedia FreeHand MX (HKLM-x32\...\{8B4AE751-7055-4518-87B0-E148A8D50D0A}) (Version: 11 - Macromedia)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.3205.0) (Version: 4.0.3205.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{F9EC30D1-F688-4708-9850-CB5120074AAA}) (Version: 4.0.3205.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM-x32\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.25 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.25 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.15 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.15 - Egis Technology Inc.) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Nokia Connectivity Cable Driver (HKLM-x32\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Pavtube YouTube Converter version: 1.3.2.2376 (HKLM-x32\...\{93933456-3466-4F28-AE84-EF0042EC6936}_is1) (Version:  - )
PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6257 - Realtek Semiconductor Corp.)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14083.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14083.17 - Samsung Electronics Co., Ltd.) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
TempoPerfect Metronome Software (HKLM-x32\...\TempoPerfect) (Version:  - NCH Software)
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VIPRE Internet Security (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 7.0.6.2 - ThreatTrack Security, Inc.)
VIPRE Internet Security (x32 Version: 7.0.6.2 - ThreatTrack Security, Inc.) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Driver Package - Nokia Modem  (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows Driver Package - Nokia Modem  (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

04-11-2015 11:57:15 Windows Update
12-11-2015 00:00:05 Scheduled Checkpoint
28-11-2015 19:30:10 Scheduled Checkpoint
03-12-2015 09:26:00 Windows Update
10-12-2015 10:32:38 Scheduled Checkpoint
18-12-2015 00:00:06 Scheduled Checkpoint
19-12-2015 19:24:27 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 15:34 - 2015-09-09 22:56 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {20D28428-224D-42E4-93A6-57A3B0FACF04} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-10-12] (CyberLink)
Task: {31EF03B4-5876-4AE5-8A54-530350AB6363} - System32\Tasks\{14DA682A-50F6-4ABD-AA37-95405AEB3449} => C:\QA2\QA1.EXE [1991-06-06] ()
Task: {3DF02248-8BCB-4756-9756-57B475FB4305} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-10-12] (Acer Incorporated)
Task: {3E03C7DA-002E-4D5F-9480-898440D7EC7A} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-10-12] (CyberLink Corp.)
Task: {4CFEFBC7-4EE5-4105-A941-7A34417D9B12} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {4F68CFCF-360B-4148-AEF8-6901367485B9} - System32\Tasks\{FCE5F899-349E-478E-BB95-7AC583F61A8E} => C:\QA\QA1.EXE [1991-06-06] ()
Task: {552FF3AD-D521-4324-A07F-26C4127B56EF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-23] (Adobe Systems Incorporated)
Task: {5E00A274-7FB4-4325-9C5A-FE14EAE9B175} - System32\Tasks\{29DCE82C-1CEC-4012-BFEF-D36E8288FAE2} => C:\QA\QA1.EXE [1991-06-06] ()
Task: {9E39B6E6-DB73-4752-8996-B59BE4740AA0} - System32\Tasks\{21E34F7B-68D3-481F-908D-DA2B3A1037B5} => C:\QA\QA1.EXE [1991-06-06] ()
Task: {BCEC264D-63D6-45DD-B23F-6491B9F5B3C2} - System32\Tasks\{8485DC14-1B80-4D36-935A-36A85FB0E137} => C:\QA2\QA1.EXE [1991-06-06] ()
Task: {BD093A1B-6439-4391-B339-AE71B0CAC5D2} - System32\Tasks\VIPRE Upgrade Task => C:\PROGRAM FILES\COMMON FILES\AV\ThreatTrack Security VIPRE\Upgrade.exe [2015-10-30] (ThreatTrack Security Inc.)
Task: {E0C6E7FD-04EC-413B-8596-1EEB6303D9DC} - System32\Tasks\{FCEC68F9-AB89-4E0C-B0EB-8B99DE6B3291} => C:\QA2\QA1.EXE [1991-06-06] ()
Task: {E816062F-5EA3-49DE-A5E5-5BE3FC6DC286} - System32\Tasks\NCH Swift Sound\tempoperfectShakeIcon => C:\Program Files (x86)\NCH Swift Sound\TempoPerfect\TempoPerfect.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-16 23:08 - 2015-10-16 23:08 - 00043480 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2009-01-22 12:45 - 2009-01-22 12:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2011-04-06 19:16 - 2011-04-06 19:16 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-15 11:21 - 2011-03-15 11:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-11-23 09:53 - 2012-11-23 09:53 - 00329592 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\apistrings.dll
2012-11-23 09:56 - 2012-11-23 09:56 - 00159608 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\modlop.dll
2012-11-23 09:54 - 2012-11-23 09:54 - 00100728 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\httpserverattplugin.dll
2012-11-23 09:46 - 2012-11-23 09:46 - 02029600 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\crmimodule.dll
2012-11-23 09:58 - 2012-11-23 09:58 - 00208760 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\patchautodownload.dll
2009-07-14 10:03 - 2009-07-14 14:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2012-12-07 10:02 - 2012-12-07 10:02 - 00183160 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\scanmngsys.dll
2012-11-23 09:58 - 2012-11-23 09:58 - 00049528 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\schedcompactdb.dll
2012-11-23 09:58 - 2012-11-23 09:58 - 00054648 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\schedupdates.dll
2012-02-20 22:26 - 2012-02-20 22:26 - 00160768 _____ () C:\Program Files (x86)\VIPRE\unrar.dll
2014-01-30 23:53 - 2015-06-26 04:13 - 00184184 _____ () C:\Program Files (x86)\VIPRE\Definitions\libBase64.dll
2014-01-30 23:53 - 2015-06-26 04:13 - 00175992 _____ () C:\Program Files (x86)\VIPRE\Definitions\libMachoUniv.dll
2012-02-15 10:29 - 2011-10-12 23:22 - 00370984 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2014-11-24 14:12 - 2014-11-24 14:12 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll
2012-02-15 10:19 - 2010-11-06 20:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2003-11-04 11:46 - 2003-11-04 11:46 - 01425408 _____ () C:\Program Files (x86)\Adobe\Acrobat 6.0\PDFMaker\Common\AdobePDFMakerX.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-744311427-3613361683-2156192224-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 203.152.107.67 - 203.152.107.68
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AppIDSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: aspnet_state => 3
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BBSvc => 3
MSCONFIG\Services: BBUpdate => 2
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: BITS => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: CertPropSvc => 3
MSCONFIG\Services: CLKMSVC10_34E30CCC => 2
MSCONFIG\Services: clr_optimization_v4.0.30319_32 => 2
MSCONFIG\Services: clr_optimization_v4.0.30319_64 => 2
MSCONFIG\Services: COMSysApp => 3
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: EFS => 3
MSCONFIG\Services: EgisTec Ticket Service => 3
MSCONFIG\Services: ehRecvr => 3
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: FontCache3.0.0.0 => 3
MSCONFIG\Services: FreemakeVideoCapture => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: HiSuiteOuc64.exe => 2
MSCONFIG\Services: hkmsvc => 3
MSCONFIG\Services: HuaweiHiSuiteService64.exe => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: wlidsvc => 3
MSCONFIG\Services: wmiApSrv => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: WwanSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acrobat Assistant.lnk => C:\Windows\pss\Acrobat Assistant.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk => C:\Windows\pss\Adobe Gamma Loader.exe.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcadeMovieService => "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
MSCONFIG\startupreg: EgisTecPMMUpdate => "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
MSCONFIG\startupreg: EgisUpdate => "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
MSCONFIG\startupreg: Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MSCONFIG\startupreg: iTunesHelper => "K:\iTunesHelper.exe"
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B1F5ED83-050F-4FEE-950D-D9E9E399605C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{BFEC7036-2468-4B89-80FD-E5567F91237A}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{F073B739-27DF-4C11-8313-9707FD109DD1}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{1874DF8B-56D6-45EB-B954-6533D82A2B5E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{CA2FF8AC-46EB-4494-A860-190BD9BBFB71}] => (Allow) LPort=2869
FirewallRules: [{7BCE7480-8324-4E12-A4BE-0439C5C9F6C2}] => (Allow) LPort=1900
FirewallRules: [{A8516239-47B1-42E2-B1EE-14F48BAA9183}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{16D95E50-8538-4BEE-85DF-BBE8FE568A47}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{712F9FDC-C5BE-4F3F-8302-FC85DF327B75}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{23A22EC7-029D-496C-922D-F7871882AC64}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{670E3C0C-8C76-49D5-9034-476E30C703CA}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{03671EF4-7814-4A24-9E0E-D9D4F787C870}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{6F96F3FF-44D9-4952-8BFD-A80CC07FC2ED}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{A1EB7128-C60B-41BE-8D12-68F55BC5400F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{22227165-E940-4477-B728-D3AE43334BCC}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{2CE327A1-32B4-49B4-AF45-000E9705D282}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
FirewallRules: [{C89CA1E7-8DF3-43D1-8C5C-EE2EAC41CC94}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\PlayMovie.exe
FirewallRules: [{0F4808BE-9BE3-4E0B-98E5-B966A928AE32}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{4E2C510C-41A3-4A4F-93AA-6DC6308C0685}] => (Allow) LPort=445
FirewallRules: [{EE4AFD2C-10D4-4A69-8937-3258C31E6D38}] => (Allow) LPort=5355
FirewallRules: [{53076430-F3A1-4D08-BA00-EF230167946B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{2243A8A9-545A-4536-8342-639D4A8CB191}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{75577A7E-0AB9-4FDC-AB5D-250E17124CF8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{59602166-1CFA-4353-B976-38DCCF9774A4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9B3FEBEB-92C6-4812-A7D0-F19911728D72}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{95D2D874-498D-4E56-9E61-1ABE6AB3C2AC}] => (Allow) K:\iTunes.exe
FirewallRules: [{02CD0C0D-73A5-4D49-AE42-B4F03F5591BB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{96890A7F-0B87-48CA-9055-32560A643BAD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EA198730-1C20-461D-821D-69FEF3C41013}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F29A37DD-A51F-4D68-BE54-A16A24D09AA8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============

Name: 802.11n Wireless LAN Card
Description: 802.11n Wireless LAN Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Ralink Technology, Corp.
Service: netr28x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/24/2015 08:10:09 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (12/24/2015 07:29:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2015 07:00:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 43.0.1.5828, time stamp: 0x56723a12
Faulting module name: mozglue.dll, version: 43.0.1.5828, time stamp: 0x56722c0b
Exception code: 0x80000003
Fault offset: 0x0000ed63
Faulting process id: 0xc88
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (12/19/2015 07:41:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/19/2015 12:03:16 PM) (Source: SideBySide) (EvenB2015-10-20]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{9728E498-3658-414D-A4B4-02C5A6722050}: [NameServer] 203.152.107.67,203.152.107.68
Tcpip\..\Interfaces\{CA3A5A93-558D-4554-9CB4-C1797E6F05DA}: [DhcpNameServer] 192.168.1.160

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-744311427-3613361683-2156192224-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-744311427-3613361683-2156192224-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKU\S-1-5-21-744311427-3613361683-2156192224-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO-x32: No Name -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-08] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO-x32: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\VSGN.dll [2013-09-05] ()
BHO-x32: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15] ()
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-08] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-08] (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-08] (Microsoft Corporation.)
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSGN.dll [2013-09-05] ()
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15] ()
Toolbar: HKU\S-1-5-21-744311427-3613361683-2156192224-1001 -> No Name - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler-x32: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll [2013-09-05] ()

FireFox:
========
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\o1dgxq9c.default-1394664919408
FF Session Restore: -> is enabled.
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-23] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-23] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-08] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-10-01] (Adobe Systems Inc.)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 CLKMSVC10_34E30CCC; C:\Program Files (x86)\Acer\clear.fi\Movie\NavFilter\kmsvc.exe [240112 2011-07-21] (CyberLink)
S4 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-05-22] (Ellora Assets Corp.) [File not signed]
R2 gfi_lanss11_attservice; C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe [133496 2012-11-23] (GFI Software Development Ltd.)
S4 HiSuiteOuc64.exe; C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe [137024 2014-04-09] ()
S4 HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe [218432 2014-04-09] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
S3 PrintNotify; C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll [2987520 2014-10-29] (Microsoft Corporation) [File not signed]
R2 SBAMSvc; C:\Program Files (x86)\VIPRE\SBAMSvc.exe [3937472 2013-09-05] (ThreatTrack Security, Inc.)
R2 SBPIMSvc; C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [176016 2013-09-05] (ThreatTrack Security, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 AVer7231_x64; C:\Windows\System32\DRIVERS\AVer7231_x64.sys [1757952 2010-04-08] (AVerMedia TECHNOLOGIES, Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [40584 2015-08-27] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-08] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [88928 2013-06-18] (ThreatTrack Security, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-19 10:33 - 2015-12-24 07:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-09 16:36 - 2015-11-21 07:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-09 16:36 - 2015-11-21 07:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-09 16:36 - 2015-11-21 07:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-09 16:36 - 2015-11-21 07:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-09 16:36 - 2015-11-21 07:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-09 16:36 - 2015-11-21 07:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-09 16:36 - 2015-11-21 07:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-09 16:36 - 2015-11-21 07:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-09 16:36 - 2015-11-21 07:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-09 16:36 - 2015-11-21 07:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-09 16:36 - 2015-11-21 07:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-09 16:36 - 2015-11-21 07:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-09 16:36 - 2015-11-21 07:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-09 16:36 - 2015-11-21 07:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-09 16:36 - 2015-11-21 07:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-09 16:36 - 2015-11-21 07:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-09 16:36 - 2015-11-12 07:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-09 16:36 - 2015-11-12 07:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-09 16:36 - 2015-11-12 07:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-09 16:36 - 2015-11-12 07:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-09 16:36 - 2015-11-11 07:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-09 16:36 - 2015-11-11 07:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-09 16:36 - 2015-11-11 07:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-09 16:36 - 2015-11-11 07:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-09 16:36 - 2015-11-11 07:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-09 16:36 - 2015-11-11 06:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-09 16:36 - 2015-11-07 04:04 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-09 16:36 - 2015-11-07 04:03 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-09 16:36 - 2015-11-07 04:03 - 01408512 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-09 16:36 - 2015-11-07 04:03 - 00592384 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-09 16:36 - 2015-11-07 04:02 - 19350528 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-09 16:36 - 2015-11-07 04:02 - 15422976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-09 16:36 - 2015-11-07 04:02 - 03806208 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-09 16:36 - 2015-11-07 04:02 - 02657280 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-09 16:36 - 2015-11-07 04:02 - 00857600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-09 16:36 - 2015-11-07 04:02 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-09 16:36 - 2015-11-07 04:02 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-09 16:36 - 2015-11-07 04:02 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-09 16:36 - 2015-11-07 04:02 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-09 16:36 - 2015-11-07 04:02 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-09 16:36 - 2015-11-07 04:02 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-09 16:36 - 2015-11-07 04:02 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-12-09 16:36 - 2015-11-07 04:02 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-09 16:36 - 2015-11-07 04:02 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-09 16:36 - 2015-11-07 04:02 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-09 16:36 - 2015-11-07 04:02 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-09 16:36 - 2015-11-07 04:01 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-09 16:36 - 2015-11-07 00:53 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-09 16:36 - 2015-11-07 00:53 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-09 16:36 - 2015-11-07 00:53 - 00513536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-09 16:36 - 2015-11-07 00:52 - 14269952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-09 16:36 - 2015-11-07 00:52 - 13723648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-09 16:36 - 2015-11-07 00:52 - 02793984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-09 16:36 - 2015-11-07 00:52 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-09 16:36 - 2015-11-07 00:52 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-09 16:36 - 2015-11-07 00:52 - 00715776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-09 16:36 - 2015-11-07 00:52 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-09 16:36 - 2015-11-07 00:52 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-09 16:36 - 2015-11-07 00:52 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-09 16:36 - 2015-11-07 00:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-09 16:36 - 2015-11-07 00:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-09 16:36 - 2015-11-07 00:52 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-09 16:36 - 2015-11-07 00:52 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-12-09 16:36 - 2015-11-07 00:52 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-09 16:36 - 2015-11-07 00:52 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-09 16:36 - 2015-11-07 00:52 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-09 16:36 - 2015-11-07 00:52 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-09 16:36 - 2015-11-06 23:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-09 16:36 - 2015-11-06 23:13 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-09 16:36 - 2015-11-06 22:47 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-09 16:36 - 2015-11-06 22:42 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-09 16:36 - 2015-11-06 22:20 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-12-09 16:36 - 2015-11-06 22:16 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-12-09 16:36 - 2015-11-06 08:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-09 16:36 - 2015-11-06 08:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-09 16:36 - 2015-11-05 22:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-09 16:36 - 2015-11-04 08:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-09 16:36 - 2015-11-04 08:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-09 16:36 - 2015-11-04 07:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-09 16:36 - 2015-11-04 07:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-08 11:34 - 2015-12-08 11:34 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-12-08 11:34 - 2015-12-08 11:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-12-05 10:19 - 2015-12-05 10:19 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-05 10:19 - 2015-12-05 10:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

==================== One MonthtID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_mi


  • 0

Advertisements

#26
emeraldnzl
Posted 23 December 2015 - 05:00 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

I never turn it off other than an occasional restart and have it set not to go into sleep mode, so often have 5 or 6 programmes running


Did I mention before the possibility of overheating? If not maybe that is an issue.

Go to the link below for some information about symptoms of overheating.

http://www.ehow.com/...g-symptoms.html

Go to the link below for some actions you can take to reduce overheating

http://www.ehow.com/...-computers.html

Moving on

I am not sure that this is a malware problem but let's do a bit of a clean up just to be sure.

Now

Open notepad.

Please copy the contents of the code box below.

To do this highlight (click in the box and press Ctrl + A) the contents of the box and right click on it. Paste this into the open notepad. Save it to the Desktop as fixlist.txt.

Alternatively type the contents of the box into notepad and save it to your desktop as fixlist.txt.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
 

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-744311427-3613361683-2156192224-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-744311427-3613361683-2156192224-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKU\S-1-5-21-744311427-3613361683-2156192224-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-744311427-3613361683-2156192224-1001 -> No Name - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
EmptyTemp:

This script is specifically written for the infection on this person's computer. It should NOT to be used on another machine. It may cause serious damage even to the point of rendering the computer unusable.

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Next

Please download Junkware Removal Tool to your desktop.



  • Shut down your protection software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

After that

Please download : ADWCleaner to your desktop  (use the Download Now @ BleepingComputer button)..

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon. AdwCleaner will update itself and then open.

AdwCleaner.jpg

Click on Scan  and follow the prompts. It may appear not to be doing anything, please be patient and let it run unhindered. When the "Please uncheck elements you don't want to remove" appears just go ahead and click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy and paste back here. If a report doesn't appear, press the report button and Copy & Paste the contents on your next reply.

A copy of the report is also saved in the C:\AdwCleaner folder.

So when you return please post

  • Fixlog.txt
  • JRT.txt
  • AdwCleaner log

  • 0

#27
Cldanzer
Posted 23 December 2015 - 06:24 PM

Cldanzer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Thanks for the prompt response. The logs are below.

 

Fixlist Log

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-744311427-3613361683-2156192224-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-744311427-3613361683-2156192224-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKU\S-1-5-21-744311427-3613361683-2156192224-1001\Software\Microsoft\Internet Explorer\Main,Search
Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-744311427-3613361683-2156192224-1001 -> No Name - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
EmptyTemp:
 

*****************************************************************************

 

JRT Log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Home Premium x64
Ran by Chris (Administrator) on 24/12/15 at 12:42:49.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 6

Successfully deleted: C:\Users\Chris\AppData\Local\{12DE4FD3-3FAE-445F-B535-3862A4806148} (Empty Folder)
Successfully deleted: C:\Users\Chris\AppData\Local\{871EB70C-3668-4771-9C45-3D4FC76A3B9C} (Empty Folder)
Successfully deleted: C:\Users\Chris\AppData\Local\{A9F3C217-D0DD-4D13-A86C-4760631BB6F1} (Empty Folder)
Successfully deleted: C:\Users\Chris\AppData\Local\{BA5F84A8-5ED2-41B3-BA64-C79C25BCAB2D} (Empty Folder)
Successfully deleted: C:\Users\Chris\AppData\Local\{BDF228F5-0533-4555-8F27-10420A148E09} (Empty Folder)
Successfully deleted: C:\Windows\wininit.ini (File)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24/12/15 at 12:44:22.34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

*****************************************************************************

 

Adware Cleaner didn't produce a log, but reported there were no issues.

 

 


  • 0

#28
emeraldnzl
Posted 23 December 2015 - 08:24 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

That fix didn't work.

Let's try again.

Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Attached Files


  • 0

#29
Cldanzer
Posted 23 December 2015 - 10:27 PM

Cldanzer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Try this for size!  Thanks.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:23-12-2015
Ran by Chris (2015-12-24 15:28:49) Run:2
Running from D:\Downloads
Loaded Profiles: Chris (Available Profiles: Chris)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-744311427-3613361683-2156192224-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-744311427-3613361683-2156192224-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKU\S-1-5-21-744311427-3613361683-2156192224-1001\Software\Microsoft\Internet Explorer\Main,Search
Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-744311427-3613361683-2156192224-1001 -> No Name - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
EmptyTemp:
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-744311427-3613361683-2156192224-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value not found.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value not found.
HKU\S-1-5-21-744311427-3613361683-2156192224-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-744311427-3613361683-2156192224-1001\Software\Microsoft\Internet Explorer\Main\\HKU\S-1-5-21-744311427-3613361683-2156192224-1001\Software\Microsoft\Internet Explorer\Main,Search => value not found.
Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch => Error: No automatic fix found for this entry.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-744311427-3613361683-2156192224-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A924C17A-5E94-4E02-BED5-49720BA6F7FA} => value not found.
HKCR\CLSID\{A924C17A-5E94-4E02-BED5-49720BA6F7FA} => key not found.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-744311427-3613361683-2156192224-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-744311427-3613361683-2156192224-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 35 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 15:29:46 ====


  • 0

#30
emeraldnzl
Posted 23 December 2015 - 11:12 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Let's try running chkdsk again and when it is finished we will look at the report.

 

Now

 

Please run Chkdsk:
 

  • Right click on the Start > Open Windows Explorer.
  • Find the hard drive letter (usually local disk C)  for which you want to run the Chkdsk utility.
  • Right-click on the driver letter and select Properties > Tools.
  • Under the Error-Checking section of the window, click the Check Now button. If you have User Account Controls enabled, a window will pop up asking permission to continue. Click Continue.
  • Click to have Chkdsk Automatically fix file system errors and to Scan for and attempt recovery of bad sectors.
  • Click Start.
  • Chkdsk might take a very long time to run, depending on the number of files and folders, the size of the volume, disk performance, and available system resources (such as processor and memory).

Note: Chkdsk will not run if the drive you wish to check is in use. You will be requested to schedule Chkdsk. Click Schedule Check Disk, it then will run the next time you boot your computer.
 
Shut down your computer and then turn it back on, Chkdsk will run.
 

 

To access the chkdsk report on the C partition do this:

Go to Start > All Programs > Accessories > right-click Command Prompt, and then click Run as administrator

Type chkdsk and press Enter

A report will present.

Right click and select Mark

Highlight the text and click copy

Open Notepad > right click and paste

Copy and paste the report from notepad back here.

Note: If you want a report on a partition or drive other than C you need to go to that partition. For example to access D (where D is the required partition) you would type D: and press the ENTER key.

In Windows 7 you may need to use an Elevated Command Prompt.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP