Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HiJacked by Conduit - RegCleanPro - Systweak & I am stuck in safe mode


  • This topic is locked This topic is locked
358 replies to this topic

#1 Tiggy65

Tiggy65

  • Members
  • 254 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 30 August 2014 - 09:17 AM

Hi! I am repairing a laptop for a friend's friend. When she booted machine, after login, RegClean pro would appear and nothing else.  I have been in safe mode with networking, but it says there is no networking in safe mode when i tried to connect.  I am using a flash drive from safe computer for file transfers.  I already ran combofx but this was after I followed the same steps from various threads regarding these same type hijack.  Sorry!  I am stuck since I have no idea how to write the code to fix via FRST.  Junk Removal Tool, will not run, it sits there blinking at cmd prompt. Malwarebytes is not finding anything.  I ran all the scans you guys tell people in same situation.  Give or take a couple. The only fixes/cleans I used were through adwcleaner and ccleaner.  I have those logs.  And of course Combofx.  I have all the logs of all the scans. I ran rkill - negative.  ttds - negative.  Oh and roguekiller.

 

There has not been a restore point to use.

 

I would love some help fixing this, please! Thank you!

 

Here is DDS Log I ran just now.  I have the DDS log 8/28 I ran FIRST before i ran any other tools once in safe mode, in case you need to see that.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 10.0.9200.17054
Run by User at 6:49:47 on 2014-08-30
Microsoft Windows 8 Pro  6.2.9200.0.1252.1.1033.18.1526.976 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\User\Desktop\FRST64.exe
C:\Windows\SYSTEM32\notepad.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect"
StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: Interfaces\{AE683A42-81A7-4E43-9DEF-186F65A42FB0} : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{AE683A42-81A7-4E43-9DEF-186F65A42FB0}\3416D6072656C6C645962756D27657563747 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{AE683A42-81A7-4E43-9DEF-186F65A42FB0}\3416E697F6E6341666566427565675966496 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{AE683A42-81A7-4E43-9DEF-186F65A42FB0}\84F4D454D244731424D223E243 : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
SSODL: WebCheck - <orphaned>
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-mPolicies-Explorer: NoDrives = dword:0
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\New Version\mbamscheduler.exe [2014-8-28 1809720]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\New Version\mbamservice.exe [2014-8-28 860472]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\Drivers\ssadadb.sys [2011-5-13 36328]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2014-8-28 25816]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\Drivers\MBAMSwissArmy.sys [2014-8-28 122584]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\Drivers\mwac.sys [2014-8-28 64216]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2014-1-23 178760]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\Drivers\VSTAZL6.SYS [2012-7-25 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\Drivers\VSTDPV6.SYS [2012-7-25 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\Drivers\VSTCNXT6.SYS [2012-7-25 740864]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\Drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\Drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\Drivers\ssadmdm.sys [2011-5-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\Drivers\ssadserd.sys [2011-5-13 146920]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\Drivers\taphss6.sys [2013-1-19 42184]
S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-25 117248]
S3 WSDScan;WSD Scan Support;C:\Windows\System32\Drivers\WSDScan.sys [2013-3-16 23552]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
.
=============== Created Last 30 ================
.
2014-08-30 13:19:01    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-08-29 21:15:51    --------    d-----w-    C:\Users\User\AppData\Local\temp
2014-08-29 14:15:18    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-29 02:27:34    --------    d-----w-    C:\ProgramData\HitmanPro
2014-08-29 02:26:41    --------    d-----w-    C:\Program Files (x86)\ESET
2014-08-29 01:56:56    98816    ----a-w-    C:\Windows\sed.exe
2014-08-29 01:56:56    256000    ----a-w-    C:\Windows\PEV.exe
2014-08-29 01:56:56    208896    ----a-w-    C:\Windows\MBR.exe
2014-08-28 22:21:57    --------    d-----w-    C:\FRST
2014-08-28 22:20:13    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-28 22:19:57    92888    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-08-28 22:19:57    64216    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-08-28 22:19:57    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-08-28 22:19:57    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-08-28 22:19:57    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-28 18:24:15    --------    d-----w-    C:\Program Files\CCleaner
2014-08-28 18:23:14    --------    d-----w-    C:\Users\User\AppData\Local\CrashDumps
2014-08-28 15:03:39    33512    ----a-w-    C:\Windows\SysWow64\drivers\TrueSight.sys
2014-08-28 15:03:38    --------    d-----w-    C:\ProgramData\RogueKiller
2014-08-27 22:28:14    --------    d-----w-    C:\AdwCleaner
2014-08-27 21:20:19    --------    d-----w-    C:\Users\User\AppData\Local\ElevatedDiagnostics
2014-08-20 21:41:02    105440    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-20 21:41:01    704480    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-08-17 16:05:46    71168    ----a-w-    C:\Windows\System32\drivers\hdaudbus.sys
2014-08-17 15:48:42    35480    ----a-w-    C:\Windows\System32\TsWpfWrp.exe
2014-08-17 15:48:41    35480    ----a-w-    C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-17 03:18:49    6974808    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2014-08-17 03:18:47    1023488    ----a-w-    C:\Windows\System32\localspl.dll
2014-08-17 03:18:46    1824808    ----a-w-    C:\Windows\System32\ntdll.dll
2014-08-17 03:18:45    1408976    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2014-08-17 03:18:44    693760    ----a-w-    C:\Windows\System32\WSShared.dll
2014-08-17 03:18:44    126464    ----a-w-    C:\Windows\System32\Robocopy.exe
2014-08-17 03:18:43    566784    ----a-w-    C:\Windows\SysWow64\WSShared.dll
2014-08-17 03:18:43    106496    ----a-w-    C:\Windows\SysWow64\Robocopy.exe
2014-08-17 03:18:42    163840    ----a-w-    C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-17 03:18:42    124928    ----a-w-    C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-17 03:16:58    94552    ----a-w-    C:\Windows\System32\drivers\mountmgr.sys
2014-08-17 03:16:57    328024    ----a-w-    C:\Windows\System32\drivers\Classpnp.sys
2014-08-17 03:16:34    199680    ----a-w-    C:\Windows\System32\cdd.dll
2014-08-17 03:16:34    1453400    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
.
==================== Find3M  ====================
.
2014-08-06 08:07:30    232896    ----a-w-    C:\Windows\apppatch\apppatch64\SPVCLdr64.dll
2014-07-24 12:10:54    2240000    ----a-w-    C:\Windows\System32\wininet.dll
2014-07-24 12:10:46    915968    ----a-w-    C:\Windows\System32\uxtheme.dll
2014-07-24 12:10:46    53760    ----a-w-    C:\Windows\System32\UXInit.dll
2014-07-24 12:09:37    3959296    ----a-w-    C:\Windows\System32\jscript9.dll
2014-07-24 12:09:33    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2014-07-24 12:09:33    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2014-07-24 12:09:00    1508864    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-07-24 10:52:27    1766400    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-07-24 10:52:20    44032    ----a-w-    C:\Windows\SysWow64\UXInit.dll
2014-07-24 10:51:27    2861568    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-07-24 10:51:22    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-07-24 10:51:22    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2014-07-24 10:51:02    1440768    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-07-24 10:33:52    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-07-24 10:29:20    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-07-24 08:03:01    534528    ----a-w-    C:\Windows\SysWow64\uxtheme.dll
2014-06-19 23:35:37    1312768    ----a-w-    C:\Windows\System32\rpcrt4.dll
2014-06-19 22:24:17    694272    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2014-06-19 18:21:41    687    ----a-w-    C:\awh9B1A.tmp
2014-06-17 23:27:37    1440256    ----a-w-    C:\Windows\SysWow64\osk.exe
2014-06-17 23:24:48    1557504    ----a-w-    C:\Windows\System32\osk.exe
2014-06-15 21:45:54    108544    ----a-w-    C:\Windows\SysWow64\hfnapi.dll
2014-06-11 04:18:14    4038144    ----a-w-    C:\Windows\System32\win32k.sys
2014-06-06 14:06:38    596480    ----a-w-    C:\Windows\System32\qedit.dll
2014-06-06 10:17:56    497152    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-06-05 17:56:51    112984    ----a-w-    C:\Windows\System32\consent.exe
2014-06-05 17:30:38    10116608    ----a-w-    C:\Windows\System32\twinui.dll
2014-06-05 17:29:42    393216    ----a-w-    C:\Windows\System32\msihnd.dll
2014-06-05 17:29:42    2885632    ----a-w-    C:\Windows\System32\msi.dll
2014-06-05 17:28:30    2306560    ----a-w-    C:\Windows\System32\authui.dll
2014-06-05 17:28:25    2146304    ----a-w-    C:\Windows\System32\actxprxy.dll
2014-06-05 13:12:09    8857600    ----a-w-    C:\Windows\SysWow64\twinui.dll
2014-06-05 13:11:28    295424    ----a-w-    C:\Windows\SysWow64\msihnd.dll
2014-06-05 13:11:27    2416128    ----a-w-    C:\Windows\SysWow64\msi.dll
2014-06-05 13:10:41    2037760    ----a-w-    C:\Windows\SysWow64\authui.dll
2014-06-05 13:10:36    754176    ----a-w-    C:\Windows\SysWow64\actxprxy.dll
2014-06-02 22:33:45    265216    ----a-w-    C:\Windows\System32\InkEd.dll
.
============= FINISH:  6:52:02.85 ===============
 

 

 



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,619 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:51 AM

Posted 04 September 2014 - 08:10 AM

Greetings Tiggy65 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me. Continue to use the clean computer to download and transfer the files.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Edited by Oh My!, 04 September 2014 - 08:12 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Tiggy65

Tiggy65
  • Topic Starter

  • Members
  • 254 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 05 September 2014 - 10:28 AM

Hi Gary, nice to meet you, I am Robyn. Thank you so much for your assistance!  Our modem was zapped two nights ago by lightening, I am now live again.  Thanks for your patience. Please forgive anything I have done wrong in advance.  >_<    These scans were already ran, I believe it is one of the last things I did. I won't run anything else until told.

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Pro
Boot Device: \Device\HarddiskVolume1
Install Date: 2/25/2013 12:01:15 AM
System Uptime: 8/30/2014 6:16:14 AM (0 hours ago)
.
Motherboard: Dell Inc. |  | 0XW739
Processor: Intel® Core™2 CPU         U7600  @ 1.20GHz | Microprocessor | 1197/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 56 GiB total, 15.837 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Reader XI (11.0.08)
Adobe Shockwave Player 12.0
Better Surf Plus
CCleaner
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition
Google Toolbar for Internet Explorer
Google Update Helper
Internet Explorer Toolbar 4.7 by SweetPacks
Java Auto Updater
Java™ 6 Update 22
Malwarebytes Anti-Malware version 2.0.2.1012
Media Buzz
Media Player
Media View
Media Viewer
Media Watch
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64)
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Groove MUI (English) 2013
Microsoft InfoPath MUI (English) 2013
Microsoft Lync MUI (English) 2013
Microsoft Office 32-bit Components 2013
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Professional Plus 2013
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared 32-bit MUI (English) 2013
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft PowerPoint MUI (English) 2013
Microsoft Publisher MUI (English) 2013
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Word MUI (English) 2013
MP3 Rocket Toolbar
Network System Driver
Outils de vérification linguistique 2013 de Microsoft Office - Français
Rich Media View
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition
swMSM
Update for Microsoft Excel 2013 (KB2883061) 64-Bit Edition
Update for Microsoft Lync 2013 (KB2881070) 64-Bit Edition
Update for Microsoft Lync 2013 (KB2881083) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760249) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition
Update for Microsoft Office 2013 (KB2826040) 64-Bit Edition
Update for Microsoft Office 2013 (KB2837644) 64-Bit Edition
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition
Update for Microsoft Office 2013 (KB2880457) 64-Bit Edition
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881009) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition
Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition
Update for Microsoft Office 2013 (KB2883049) 64-Bit Edition
Update for Microsoft Office 2013 (KB2883052) 64-Bit Edition
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition
Update for Microsoft Office 2013 (KB2883062) 64-Bit Edition
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2883051) 64-Bit Edition
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition
Update for Microsoft Visio 2013 (KB2837632) 64-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition
Update for Microsoft Word 2013 (KB2883058) 64-Bit Edition
Video Player
VLC media player 2.0.0
.
==== Event Viewer Messages From Past Week ========
.
8/30/2014 6:50:01 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/30/2014 6:49:47 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/30/2014 6:39:14 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service defragsvc with arguments "Unavailable" in order to run the server: {D20A3293-3341-4AE8-9AAF-8E397CB63C34}
8/30/2014 6:19:42 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/30/2014 6:18:55 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/29/2014 8:07:03 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server: {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}
8/29/2014 2:13:30 PM, Error: Service Control Manager [7001]  - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:  The dependency service or group failed to start.
8/29/2014 2:10:56 PM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
8/29/2014 2:00:21 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service VSS with arguments "Unavailable" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
8/29/2014 12:13:51 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the DHCP Client service which failed to start because of the following error:  The dependency service or group failed to start.
8/29/2014 12:13:51 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
8/29/2014 12:13:51 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "Unavailable" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/28/2014 7:48:18 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
8/28/2014 7:48:18 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
8/28/2014 7:48:18 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub System service which failed to start because of the following error:  A device attached to the system is not functioning.
8/28/2014 7:48:18 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
8/28/2014 7:48:18 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
8/28/2014 7:48:18 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI Proxy Service Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
8/28/2014 7:48:18 PM, Error: Service Control Manager [7001]  - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
8/28/2014 7:48:18 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
8/28/2014 7:48:18 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
8/28/2014 7:48:18 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
8/28/2014 7:34:07 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
8/28/2014 7:11:02 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff802ccbbf526, 0xfffff88005d33180, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 082814-47424-01.
8/28/2014 5:54:23 PM, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for Start with the following error:  Access is denied.
8/28/2014 5:54:23 PM, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for Description with the following error:  Access is denied.
8/28/2014 5:54:23 PM, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for DelayedAutostart with the following error:  Access is denied.
8/28/2014 11:27:20 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
8/28/2014 10:57:16 AM, Error: Microsoft-Windows-Kernel-General [6]  - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
8/27/2014 8:33:10 PM, Error: Microsoft-Windows-HAL [12]  - The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.
8/27/2014 8:19:23 PM, Error: volsnap [36]  -
8/27/2014 2:23:14 PM, Error: Service Control Manager [7000]  - The avast! HardwareID service failed to start due to the following error:  avast! HardwareID is not a valid Win32 application.
8/27/2014 2:23:05 PM, Error: Service Control Manager [7000]  - The avast! Antivirus service failed to start due to the following error:  The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the command-line sxstrace.exe tool for more detail.
8/27/2014 12:10:30 PM, Error: Service Control Manager [7024]  - The Background Intelligent Transfer Service service terminated with the following service-specific error:  A system shutdown is in progress.
8/27/2014 12:10:30 PM, Error: Microsoft-Windows-Bits-Client [16392]  - The BITS service failed to start.  Error 0x8007045B.
8/27/2014 12:07:44 PM, Error: Service Control Manager [7023]  - The Software Protection service terminated with the following error:  The media is write protected.
8/27/2014 1:34:44 PM, Error: Service Control Manager [7022]  - The Windows Search service hung on starting.
8/26/2014 5:58:41 PM, Error: Service Control Manager [7001]  - The Search Protect Service service depends on the Remote Desktop Services service which failed to start because of the following error:  After starting, the service hung in a start-pending state.
8/26/2014 5:58:39 PM, Error: Service Control Manager [7022]  - The Remote Desktop Services service hung on starting.
.
==== End Of File ===========================
 

 

The addition file....

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-08-2014
Ran by User at 2014-08-28 15:23:48
Running from C:\Users\User\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.6.0.5970 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
Better Surf Plus (HKLM-x32\...\Better Surf Plus) (Version: 1.1 - Better Surf) <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8E17BF11-A72D-4DA8-BFAA-DD262C17C2DE}) (Version:  - Microsoft)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Internet Explorer Toolbar 4.7 by SweetPacks (HKLM-x32\...\{80F3F10B-A177-4494-93CE-98090D819093}) (Version: 4.7.0008 - SweetIM Technologies Ltd.) <==== ATTENTION
Java Auto Updater (x32 Version: 2.0.2.4 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Media Buzz (HKLM-x32\...\MediaBuzzV1mode8994) (Version: 1.1 - Media Buzz) <==== ATTENTION
Media Player (HKLM-x32\...\MediaPlayerV1alpha237) (Version: 1.1 - Media Player) <==== ATTENTION
Media View (HKLM-x32\...\MediaViewV1alpha133) (Version: 1.1 - Media View) <==== ATTENTION
Media View (HKLM-x32\...\MediaViewV1alpha469) (Version: 1.1 - Media View) <==== ATTENTION
Media Viewer (HKLM-x32\...\MediaViewerV1alpha1092) (Version: 1.1 - Media Viewer) <==== ATTENTION
Media Watch (HKLM-x32\...\MediaWatchV1home3161) (Version: 1.1 - Media Watch) <==== ATTENTION
Microsoft Access MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Word MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
MP3 Rocket Toolbar (HKLM-x32\...\{4D503352-5636-006A-76A7-A758B70C0F05}) (Version: 12.15.5.1012 - APN, LLC)
Network System Driver (HKLM-x32\...\inethnfd) (Version: 1.0.0.3001 - ) <==== ATTENTION
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Rich Media View (HKLM-x32\...\RichMediaViewV1release815) (Version: 1.1 - Rich Media View) <==== ATTENTION
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for Microsoft Excel 2013 (KB2883061) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{B74255AD-6736-4648-A35E-CCB2D38D3818}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2883061) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{B74255AD-6736-4648-A35E-CCB2D38D3818}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2883061) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUS_{B74255AD-6736-4648-A35E-CCB2D38D3818}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2883061) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{B74255AD-6736-4648-A35E-CCB2D38D3818}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2881070) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{2B0BC4FE-4936-4EC6-8521-526CF31B3DC4}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2881070) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{2B0BC4FE-4936-4EC6-8521-526CF31B3DC4}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2881070) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{2B0BC4FE-4936-4EC6-8521-526CF31B3DC4}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2881083) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{8260F0BF-F234-41FC-AB11-218A9925F77B}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760249) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{7A4AB8E1-C091-4BD3-B308-844BA6EE752A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{EF77B4A6-DFEC-4010-A87D-9B6BF87FABEC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{62857CDD-2985-4939-91BA-19ED0B0031A5}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{0814662C-FD28-4DE0-ACE5-EE50D1D6C8FB}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2826040) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C4AEA56A-0759-4D08-9FAB-31A92137D0B8}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D692E9FF-84BF-4F44-A0EA-D58ECE0D538E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{290D80DE-03AB-47EC-9402-108AF4CE4F66}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880457) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{EC2AF602-2730-4B05-9438-06CDE43153F2}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8116ED50-F1E7-49E1-9D8D-421497D34B0F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881009) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3033838D-15E0-4199-8CBD-A7F2057AE653}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0090-0409-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E919ACF4-A1D7-4CAA-A103-5EB115563721}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883049) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{39D9DAC1-16A7-430A-B2F3-4D3D000454D0}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883052) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{FA74B1B8-D3F4-4B4A-88DE-41CB8CEDAC3F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883052) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{FA74B1B8-D3F4-4B4A-88DE-41CB8CEDAC3F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883052) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{FA74B1B8-D3F4-4B4A-88DE-41CB8CEDAC3F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUS_{F9C35D99-CA8E-4D17-B785-66AC654D5664}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUS_{18C53DCB-FA98-4A7B-BC2E-6DA30D4E4901}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}_Office15.PROPLUS_{6E2862B8-C10A-4FD0-9B82-8D9761301AAA}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883062) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{4A0B4ED7-3652-42C9-9D7E-42686986F69A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883062) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{4A0B4ED7-3652-42C9-9D7E-42686986F69A}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-00BA-0409-1000-0000000FF1CE}_Office15.PROPLUS_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-00C1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00A1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2883051) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E2C51083-2E10-4E61-8F36-E6308DD0FA94}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2883051) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUS_{E2C51083-2E10-4E61-8F36-E6308DD0FA94}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0019-0409-1000-0000000FF1CE}_Office15.PROPLUS_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version:  - Microsoft)
Update for Microsoft Visio 2013 (KB2837632) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{97183E08-6B06-40F1-80A9-585C4AEF98F1}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BC51FE30-3A56-4802-8D9E-E9BC05B56B49}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2883058) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{650D4F00-56F1-4E8F-ABFD-7C842253C96A}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2883058) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{650D4F00-56F1-4E8F-ABFD-7C842253C96A}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2883058) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{650D4F00-56F1-4E8F-ABFD-7C842253C96A}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2883058) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{650D4F00-56F1-4E8F-ABFD-7C842253C96A}) (Version:  - Microsoft)
Video Player (HKLM-x32\...\Video Player) (Version: 1.1 - Video Player) <==== ATTENTION
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-25 22:26 - 2012-07-25 22:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2C3A9362-257F-4874-9817-9F31DE62953A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {4D4E34D3-BC2A-468D-95ED-9416B6DCA590} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {70901007-4A89-4559-8CA3-87E5890250A1} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {8EF2CA64-08C0-4DAF-B59F-02C9BE7BB95E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-08-17] (Microsoft Corporation)
Task: {965CD4E3-0C2E-457F-A676-070734A23147} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A8E3DCD4-1D92-48F4-A677-2F91F80991CA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-23] (Google Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D64211E3-7F0D-4473-BC0D-9F9A0C987024} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-23] (Google Inc.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F8B52D62-6FDE-4E70-B2BD-F5511A476D03} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-27 11:41 - 2014-07-27 11:41 - 08892576 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-07-27 11:41 - 2014-07-27 11:41 - 08892576 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "AvastUI.exe"

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/28/2014 00:06:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x660
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (08/28/2014 00:06:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x734
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (08/28/2014 00:05:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x720
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (08/28/2014 00:04:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x744
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (08/28/2014 00:03:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x55c
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (08/28/2014 00:03:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x7cc
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (08/28/2014 00:02:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x604
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (08/28/2014 00:02:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x5bc
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (08/28/2014 11:50:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x27c
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (08/28/2014 11:25:41 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\AVAST Software\Avast\Setup\Instup.exe Files\AVAST Software\Avast\Setup\Instup.exe" /control_panel /instop:uninstall; Description = avast! antivirus system restore point; Error = 0x8007043c).


System errors:
=============
Error: (08/28/2014 03:23:42 PM) (Source: DCOM) (EventID: 10005) (User: PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/28/2014 03:21:02 PM) (Source: DCOM) (EventID: 10005) (User: PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/28/2014 03:20:57 PM) (Source: DCOM) (EventID: 10005) (User: PC)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (08/28/2014 03:20:56 PM) (Source: DCOM) (EventID: 10005) (User: PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/28/2014 03:20:51 PM) (Source: DCOM) (EventID: 10005) (User: PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/28/2014 03:20:49 PM) (Source: DCOM) (EventID: 10005) (User: PC)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (08/28/2014 03:20:49 PM) (Source: DCOM) (EventID: 10005) (User: PC)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (08/28/2014 03:20:49 PM) (Source: DCOM) (EventID: 10005) (User: PC)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (08/28/2014 03:20:49 PM) (Source: DCOM) (EventID: 10005) (User: PC)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (08/28/2014 03:20:46 PM) (Source: DCOM) (EventID: 10005) (User: PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}


Microsoft Office Sessions:
=========================
Error: (08/28/2014 00:06:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd66001cfc2f32141436dC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll5f18a744-2ee6-11e4-bfcd-001c23096d22

Error: (08/28/2014 00:06:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd73401cfc2f31dd2e5ceC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll5baa49a5-2ee6-11e4-bfcd-001c23096d22

Error: (08/28/2014 00:05:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd72001cfc2f31963731fC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll573f99a4-2ee6-11e4-bfcd-001c23096d22

Error: (08/28/2014 00:04:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd74401cfc2f2f4852f04C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll32b70755-2ee6-11e4-bfcd-001c23096d22

Error: (08/28/2014 00:03:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd55c01cfc2f2d0f42c58C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll0ec92ecb-2ee6-11e4-bfcd-001c23096d22

Error: (08/28/2014 00:03:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd7cc01cfc2f2c2c61241C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll009b14a3-2ee6-11e4-bfcd-001c23096d22

Error: (08/28/2014 00:02:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd60401cfc2f2a75586abC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dlle52827a9-2ee5-11e4-bfcd-001c23096d22

Error: (08/28/2014 00:02:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd5bc01cfc2f29cf03e9dC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dlldac540ff-2ee5-11e4-bfcd-001c23096d22

Error: (08/28/2014 11:50:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd27c01cfc2f0f76c2eeeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll354392cd-2ee4-11e4-bfcd-001c23096d22

Error: (08/28/2014 11:25:41 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files\AVAST Software\Avast\Setup\Instup.exe Files\AVAST Software\Avast\Setup\Instup.exe" /control_panel /instop:uninstallavast! antivirus system restore point0x8007043c


CodeIntegrity Errors:
===================================
  Date: 2014-03-25 16:44:55.737
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-25 16:44:55.478
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-25 16:44:55.213
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-25 16:44:54.948
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-25 16:44:54.694
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-25 16:44:54.444
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-25 16:44:54.185
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-25 16:44:53.920
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-25 16:44:53.655
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-25 16:44:53.402
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 CPU U7600 @ 1.20GHz
Percentage of memory in use: 43%
Total physical RAM: 1526.12 MB
Available physical RAM: 866.96 MB
Total Pagefile: 5878.12 MB
Available Pagefile: 5260 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:55.55 GB) (Free:11.13 GB) NTFS
Drive d: (HITMANPRO) (Removable) (Total:0.97 GB) (Free:0.9 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: 911F4B54)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1000 MB) (Disk ID: 1C3AA1CE)
Partition 1: (Active) - (Size=996 MB) - (Type=0B)

==================== End Of Log ============================

 

 



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,619 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:51 AM

Posted 05 September 2014 - 10:41 AM

Hy Robyn, nice to meet you as well. I think you mistakenly provided a copy of the DDS log rather than the FRST report. Can you check your desktop and see if there is a FRST notepad document? If so, please copy and paste the contents in your reply. If you are unable to find that report simply run it again.

Thanks.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Tiggy65

Tiggy65
  • Topic Starter

  • Members
  • 254 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 05 September 2014 - 11:36 AM

Whoops!

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2014
Ran by User (administrator) on PC on 30-08-2014 06:39:28
Running from C:\Users\User\Desktop
Platform: Windows 8 Pro (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Users\User\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x912476A72E70CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {E2DDD734-A6BA-4233-90A6-E4EB9600CBC9} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
SearchScopes: HKCU - {0DC956A5-47A5-422F-9EBC-2A44C4DD4F0F} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
SearchScopes: HKCU - {A9875869-4FED-432A-9ED7-C91CCBA5645F} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3279141&CUI=UN20362749333170717
SearchScopes: HKCU - {C6E2D6B9-A925-4C44-B724-9C2A54F6357A} URL = http://asksearch.ask.com/redirect?client=ie&src=kw&tb=MP3RV6&itbv=11.7.1.64&o=APN10719&locale=en_US&apn_uid=C8CB0365-93F6-4E32-A437-B225137600D2&apn_ptnrs=^AT0&apn_dtid=^YYYYYY^YY^US&apn_dbr=iexplore.exe_6_10.0.9200.16518&doi=2013-03-29&q={searchTerms}&
SearchScopes: HKCU - {DF990943-3659-4BE7-932A-88C7B50380DD} URL = http://tuvaro.com/ws/?source=5bdb504d&tbp=rbox&toolbarid=base&u=e65dcc05000000000000001c2604fbb2&q={searchTerms}
SearchScopes: HKCU - {E2DDD734-A6BA-4233-90A6-E4EB9600CBC9} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - No Name - {4D503352-5636-006A-76A7-7A786E7484D7} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [ext@RichMediaViewV1release815.net] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release815\ff

Chrome:
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\default
CHR HKLM-x32\...\Chrome\Extension: [abpbmeegdadkgffbmpckdbocaaalebai] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home3161\ch\MediaWatchV1home3161.crx []
CHR HKLM-x32\...\Chrome\Extension: [bilacamkigiklpildhmiakhccicocdfc] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha111\ch\WebexpEnhancedV1alpha111.crx []
CHR HKLM-x32\...\Chrome\Extension: [bllmpbameimkejgpbfiebmbnmeejilma] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release815\ch\RichMediaViewV1release815.crx []
CHR HKLM-x32\...\Chrome\Extension: [coinagljmebjolhdnepmdgflnolbkbba] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode8994\ch\MediaBuzzV1mode8994.crx []
CHR HKLM-x32\...\Chrome\Extension: [ddaodjipkbaiephebjjogakgpafhghag] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1092\ch\MediaViewerV1alpha1092.crx []
CHR HKLM-x32\...\Chrome\Extension: [fcijfcieakkghmljlnholodemnekfhbk] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha133\ch\MediaViewV1alpha133.crx []
CHR HKLM-x32\...\Chrome\Extension: [ggejjckcjldihnldhlganahmdihlpnda] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha469\ch\MediaViewV1alpha469.crx []
CHR HKLM-x32\...\Chrome\Extension: [hdkmiiiieaenednehndkjbbhcdhpboab] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta329\ch\VideoPlayerV3beta329.crx []
CHR HKLM-x32\...\Chrome\Extension: [mmifolfpllfdhilecpdpmemhelmanajl] - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx []
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\New Version\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\New Version\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
R3 guardian2; C:\Windows\System32\Drivers\oz776x64.sys [85280 2009-09-09] (O2Micro)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-30] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-01-19] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2014-08-28] ()
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-29 14:15 - 2014-08-29 14:15 - 00014023 _____ () C:\ComboFix.txt
2014-08-29 07:15 - 2014-08-29 07:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-29 07:14 - 2014-08-29 07:45 - 00000000 ____D () C:\Users\User\Desktop\mbar
2014-08-28 20:08 - 2014-08-29 12:49 - 00044736 _____ () C:\Users\User\Desktop\Extras.Txt
2014-08-28 20:06 - 2014-08-29 12:45 - 00128438 _____ () C:\Users\User\Desktop\OTL.Txt
2014-08-28 19:51 - 2014-08-28 22:39 - 00602112 _____ (OldTimer Tools) C:\Users\User\Desktop\OTL.exe
2014-08-28 19:28 - 2014-08-28 11:01 - 04851288 _____ () C:\Users\User\Desktop\RogueKiller.exe
2014-08-28 19:27 - 2014-08-29 12:22 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-28 19:26 - 2014-08-28 19:26 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-28 18:56 - 2014-08-29 14:15 - 00000000 ____D () C:\Qoobox
2014-08-28 18:56 - 2014-08-28 21:52 - 05574834 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe
2014-08-28 18:56 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-28 18:56 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-28 18:56 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-28 18:56 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-28 18:56 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-28 18:56 - 2000-08-30 17:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2014-08-28 18:56 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-28 18:56 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-28 18:56 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-28 18:55 - 2014-08-28 19:09 - 00000000 ____D () C:\Windows\erdnt
2014-08-28 15:51 - 2014-08-28 15:51 - 00000000 ____D () C:\Users\User\Desktop\mbam-chameleon-3.1.4.0
2014-08-28 15:50 - 2014-08-28 18:47 - 04872677 _____ () C:\Users\User\Desktop\mbam-chameleon-3.1.4.0.zip
2014-08-28 15:43 - 2014-08-28 18:41 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\User\Desktop\tdsskiller.exe
2014-08-28 15:23 - 2014-08-28 15:45 - 00036951 _____ () C:\Users\User\Desktop\Addition.txt
2014-08-28 15:22 - 2014-08-30 06:39 - 00000000 _____ () C:\Users\User\Desktop\FRST.txt
2014-08-28 15:21 - 2014-08-30 06:39 - 00000000 ____D () C:\FRST
2014-08-28 15:20 - 2014-08-30 06:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-28 15:20 - 2014-08-28 18:15 - 02103296 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-08-28 15:20 - 2014-08-28 15:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-28 15:19 - 2014-08-29 07:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-28 15:19 - 2014-08-28 15:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-28 15:19 - 2014-08-28 15:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-28 15:19 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-28 15:19 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-28 12:04 - 2014-08-28 13:26 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-28 11:24 - 2014-08-28 11:25 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-28 11:24 - 2014-08-28 11:25 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-28 11:24 - 2014-08-28 11:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-28 11:23 - 2014-08-28 13:08 - 04901352 _____ (Piriform Ltd) C:\Users\User\Desktop\ccsetup417.exe
2014-08-28 11:23 - 2014-08-28 12:06 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-08-28 11:22 - 2014-08-28 11:21 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\rkill64.exe
2014-08-28 11:08 - 2014-08-28 13:53 - 00854417 _____ () C:\Users\User\Desktop\SecurityCheck.exe
2014-08-28 10:54 - 2014-08-28 10:54 - 00007511 _____ () C:\DETECTION.txt
2014-08-28 10:36 - 2014-08-28 13:32 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\iExplore(1).exe
2014-08-28 10:11 - 2014-08-28 10:11 - 00013562 _____ () C:\Users\User\Desktop\dds.txt
2014-08-28 10:11 - 2014-08-28 10:11 - 00012189 _____ () C:\Users\User\Desktop\attach.txt
2014-08-28 10:07 - 2014-08-28 13:06 - 00688992 ____R (Swearware) C:\Users\User\Desktop\dds.com
2014-08-28 09:58 - 2014-08-28 12:08 - 01016261 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2014-08-28 08:03 - 2014-08-28 19:28 - 00033512 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-08-28 08:03 - 2014-08-28 08:03 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-28 07:34 - 2014-08-27 17:41 - 01364531 _____ () C:\Users\User\Desktop\AdwCleaner.exe
2014-08-28 07:10 - 2014-08-28 07:11 - 00280408 _____ () C:\Windows\Minidump\082814-47424-01.dmp
2014-08-28 07:10 - 2014-08-28 07:10 - 239079621 _____ () C:\Windows\MEMORY.DMP
2014-08-28 07:10 - 2014-08-28 07:10 - 00000000 ____D () C:\Windows\Minidump
2014-08-27 18:00 - 2014-08-27 18:00 - 00000000 _____ () C:\Recovery.txt
2014-08-27 15:28 - 2014-08-28 19:34 - 00000000 ____D () C:\AdwCleaner
2014-08-27 14:03 - 2014-08-29 13:58 - 00004582 _____ () C:\Users\User\Desktop\Rkill.txt
2014-08-20 14:41 - 2014-08-01 17:15 - 00704480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-20 14:41 - 2014-08-01 17:15 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-17 09:05 - 2014-07-15 15:51 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-08-17 08:48 - 2014-06-10 15:44 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-17 08:48 - 2014-06-10 15:43 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-16 20:18 - 2014-05-02 23:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-08-16 20:18 - 2014-05-02 23:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-08-16 20:18 - 2014-05-02 21:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-08-16 20:18 - 2014-05-01 15:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-08-16 20:18 - 2014-04-29 15:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-08-16 20:18 - 2014-04-29 15:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-08-16 20:18 - 2014-04-23 16:51 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-08-16 20:18 - 2014-04-23 16:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-16 20:18 - 2014-04-23 16:38 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-08-16 20:18 - 2014-04-23 16:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-16 20:17 - 2014-06-19 16:35 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-16 20:17 - 2014-06-19 15:24 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-16 20:17 - 2014-06-05 10:56 - 00112984 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-16 20:17 - 2014-06-05 10:30 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-08-16 20:17 - 2014-06-05 10:29 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-16 20:17 - 2014-06-05 10:29 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-16 20:17 - 2014-06-05 10:28 - 02306560 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-16 20:17 - 2014-06-05 10:28 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-08-16 20:17 - 2014-06-05 06:12 - 08857600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-08-16 20:17 - 2014-06-05 06:11 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-16 20:17 - 2014-06-05 06:11 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-16 20:17 - 2014-06-05 06:10 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-16 20:17 - 2014-06-05 06:10 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-08-16 20:16 - 2014-06-12 18:57 - 01453400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-16 20:16 - 2014-06-12 18:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-16 20:16 - 2014-05-28 21:04 - 00094552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2014-08-16 20:16 - 2014-05-07 18:34 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-08-16 20:15 - 2014-07-24 05:09 - 19279872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-16 20:14 - 2014-07-24 05:11 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-16 20:14 - 2014-07-24 05:10 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-16 20:14 - 2014-07-24 05:10 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-16 20:14 - 2014-07-24 05:10 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-08-16 20:14 - 2014-07-24 05:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-08-16 20:14 - 2014-07-24 05:09 - 15399936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-16 20:14 - 2014-07-24 05:09 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-16 20:14 - 2014-07-24 05:09 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-16 20:14 - 2014-07-24 05:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-16 20:14 - 2014-07-24 05:09 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-16 20:14 - 2014-07-24 05:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-16 20:14 - 2014-07-24 05:09 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-16 20:14 - 2014-07-24 05:09 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-16 20:14 - 2014-07-24 05:09 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-16 20:14 - 2014-07-24 05:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-16 20:14 - 2014-07-24 05:09 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-16 20:14 - 2014-07-24 05:09 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-16 20:14 - 2014-07-24 05:09 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-16 20:14 - 2014-07-24 05:09 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-16 20:14 - 2014-07-24 05:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-16 20:14 - 2014-07-24 03:52 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-16 20:14 - 2014-07-24 03:52 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-16 20:14 - 2014-07-24 03:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-08-16 20:14 - 2014-07-24 03:51 - 14371328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-16 20:14 - 2014-07-24 03:51 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-16 20:14 - 2014-07-24 03:51 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-16 20:14 - 2014-07-24 03:51 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-16 20:14 - 2014-07-24 03:51 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-16 20:14 - 2014-07-24 03:51 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-16 20:14 - 2014-07-24 03:51 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-16 20:14 - 2014-07-24 03:51 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-16 20:14 - 2014-07-24 03:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-16 20:14 - 2014-07-24 03:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-16 20:14 - 2014-07-24 03:51 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-16 20:14 - 2014-07-24 03:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-16 20:14 - 2014-07-24 03:51 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-16 20:14 - 2014-07-24 03:51 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-16 20:14 - 2014-07-24 03:51 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-16 20:14 - 2014-07-24 03:51 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-16 20:14 - 2014-07-24 03:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-16 20:14 - 2014-07-24 03:29 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-16 20:14 - 2014-07-24 01:03 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-08-01 05:26 - 2014-08-01 05:26 - 00422160 _____ () C:\Windows\system32\FNTCACHE.DAT

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-30 06:39 - 2014-08-28 15:22 - 00000000 _____ () C:\Users\User\Desktop\FRST.txt
2014-08-30 06:39 - 2014-08-28 15:21 - 00000000 ____D () C:\FRST
2014-08-30 06:07 - 2014-08-28 15:20 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-30 06:07 - 2014-06-23 18:16 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-30 06:05 - 2012-07-26 00:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-30 06:04 - 2013-02-25 00:49 - 00736914 _____ () C:\Windows\PFRO.log
2014-08-29 14:15 - 2014-08-29 14:15 - 00014023 _____ () C:\ComboFix.txt
2014-08-29 14:15 - 2014-08-28 18:56 - 00000000 ____D () C:\Qoobox
2014-08-29 14:10 - 2012-07-25 22:26 - 00000215 _____ () C:\Windows\system.ini
2014-08-29 13:58 - 2014-08-27 14:03 - 00004582 _____ () C:\Users\User\Desktop\Rkill.txt
2014-08-29 12:49 - 2014-08-28 20:08 - 00044736 _____ () C:\Users\User\Desktop\Extras.Txt
2014-08-29 12:45 - 2014-08-28 20:06 - 00128438 _____ () C:\Users\User\Desktop\OTL.Txt
2014-08-29 12:22 - 2014-08-28 19:27 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-29 07:45 - 2014-08-29 07:15 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-29 07:45 - 2014-08-29 07:14 - 00000000 ____D () C:\Users\User\Desktop\mbar
2014-08-29 07:15 - 2014-08-28 15:19 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-28 22:39 - 2014-08-28 19:51 - 00602112 _____ (OldTimer Tools) C:\Users\User\Desktop\OTL.exe
2014-08-28 21:52 - 2014-08-28 18:56 - 05574834 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe
2014-08-28 19:39 - 2013-02-25 01:01 - 01093528 _____ () C:\Windows\WindowsUpdate.log
2014-08-28 19:34 - 2014-08-27 15:28 - 00000000 ____D () C:\AdwCleaner
2014-08-28 19:28 - 2014-08-28 08:03 - 00033512 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-08-28 19:26 - 2014-08-28 19:26 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-28 19:09 - 2014-08-28 18:55 - 00000000 ____D () C:\Windows\erdnt
2014-08-28 18:47 - 2014-08-28 15:50 - 04872677 _____ () C:\Users\User\Desktop\mbam-chameleon-3.1.4.0.zip
2014-08-28 18:41 - 2014-08-28 15:43 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\User\Desktop\tdsskiller.exe
2014-08-28 18:15 - 2014-08-28 15:20 - 02103296 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-08-28 15:51 - 2014-08-28 15:51 - 00000000 ____D () C:\Users\User\Desktop\mbam-chameleon-3.1.4.0
2014-08-28 15:45 - 2014-08-28 15:23 - 00036951 _____ () C:\Users\User\Desktop\Addition.txt
2014-08-28 15:20 - 2014-08-28 15:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-28 15:19 - 2014-08-28 15:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-28 15:19 - 2014-08-28 15:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-28 14:45 - 2014-06-23 18:49 - 00000000 ____D () C:\Program Files\Google
2014-08-28 14:45 - 2014-06-23 18:16 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-28 14:45 - 2014-06-23 17:55 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-28 13:53 - 2014-08-28 11:08 - 00854417 _____ () C:\Users\User\Desktop\SecurityCheck.exe
2014-08-28 13:32 - 2014-08-28 10:36 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\iExplore(1).exe
2014-08-28 13:26 - 2014-08-28 12:04 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-28 13:08 - 2014-08-28 11:23 - 04901352 _____ (Piriform Ltd) C:\Users\User\Desktop\ccsetup417.exe
2014-08-28 13:06 - 2014-08-28 10:07 - 00688992 ____R (Swearware) C:\Users\User\Desktop\dds.com
2014-08-28 12:08 - 2014-08-28 09:58 - 01016261 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2014-08-28 12:06 - 2014-08-28 11:23 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-08-28 11:25 - 2014-08-28 11:24 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-28 11:25 - 2014-08-28 11:24 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-28 11:24 - 2014-08-28 11:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-28 11:21 - 2014-08-28 11:22 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\rkill64.exe
2014-08-28 11:01 - 2014-08-28 19:28 - 04851288 _____ () C:\Users\User\Desktop\RogueKiller.exe
2014-08-28 10:57 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\WinStore
2014-08-28 10:54 - 2014-08-28 10:54 - 00007511 _____ () C:\DETECTION.txt
2014-08-28 10:11 - 2014-08-28 10:11 - 00013562 _____ () C:\Users\User\Desktop\dds.txt
2014-08-28 10:11 - 2014-08-28 10:11 - 00012189 _____ () C:\Users\User\Desktop\attach.txt
2014-08-28 08:03 - 2014-08-28 08:03 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-28 07:43 - 2014-06-23 18:16 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-28 07:43 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\sru
2014-08-28 07:11 - 2014-08-28 07:10 - 00280408 _____ () C:\Windows\Minidump\082814-47424-01.dmp
2014-08-28 07:10 - 2014-08-28 07:10 - 239079621 _____ () C:\Windows\MEMORY.DMP
2014-08-28 07:10 - 2014-08-28 07:10 - 00000000 ____D () C:\Windows\Minidump
2014-08-27 22:11 - 2014-07-18 08:17 - 00001350 _____ () C:\Users\User\Desktop\Clean Registry for Free!.lnk
2014-08-27 20:01 - 2012-07-25 22:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-08-27 18:00 - 2014-08-27 18:00 - 00000000 _____ () C:\Recovery.txt
2014-08-27 17:41 - 2014-08-28 07:34 - 01364531 _____ () C:\Users\User\Desktop\AdwCleaner.exe
2014-08-27 16:57 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\registration
2014-08-27 16:34 - 2012-07-26 00:28 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-27 16:29 - 2014-06-23 18:50 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-27 14:24 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\rescache
2014-08-27 14:24 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-27 14:19 - 2012-07-25 22:38 - 00000000 ____D () C:\Windows\system32\Sysprep
2014-08-27 13:36 - 2012-07-26 00:21 - 00034236 _____ () C:\Windows\setupact.log
2014-08-27 08:18 - 2012-07-26 00:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-26 17:27 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-08-20 20:05 - 2013-08-26 20:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-20 20:02 - 2013-08-26 20:58 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-08-20 14:31 - 2012-07-26 01:12 - 00000000 ___RD () C:\Windows\ToastData
2014-08-17 09:55 - 2013-08-14 04:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-17 09:51 - 2013-03-12 18:37 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-01 17:15 - 2014-08-20 14:41 - 00704480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-01 17:15 - 2014-08-20 14:41 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-01 05:26 - 2014-08-01 05:26 - 00422160 _____ () C:\Windows\system32\FNTCACHE.DAT

Files to move or delete:
====================
C:\ProgramData\wavav0bdtzbtb43b.reg


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-27 16:41

==================== End Of Log ============================



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,619 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:51 AM

Posted 05 September 2014 - 12:38 PM

Greetings Robyn,

Whoops!

:)

I will want to look at the previous Combofix log. Please do the following, obviously continue to use your USB on your clean computer to create and transfer as necessary.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
C:\ProgramData\wavav0bdtzbtb43b.reg
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Obtaining Current ComboFix.txt

--------------------

Please copy and paste the contents of the following file in your reply.
 

C:\ComboFix.txt


===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Combofix.txt
  • Any change in computer behavior?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Tiggy65

Tiggy65
  • Topic Starter

  • Members
  • 254 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 05 September 2014 - 01:19 PM

Thank you. :)   It restarted after the fix into normal mode but was still stalled getting into windows or rather at a black screen.  No change, really.   I have to trick it with the USB drive and F12 to get into safe mode each time.  It tries to do a repair after I hit safe mode with networking.  I'm thinking because the trick is due to hitmanpro kickstart.  Bottom line, it takes light years to get back to a desktop.  Combofix and FRST log incoming. Oh, and the FRST is now 11 days old, it warned me.  I can download the updated version and transfer if you need me to.

 

 

ComboFix 14-08-28.01 - User 08/29/2014  14:02:32.2.2 - x64 MINIMAL
Microsoft Windows 8 Pro  6.2.9200.0.1252.1.1033.18.1526.830 [GMT -7:00]
Running from: c:\users\User\Desktop\ComboFix.exe
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-28 to 2014-08-29  )))))))))))))))))))))))))))))))
.
.
2014-08-29 21:10 . 2014-08-29 21:10    --------    d-----w-    c:\users\User\AppData\Local\temp
2014-08-29 21:10 . 2014-08-29 21:10    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-08-29 14:15 . 2014-08-29 14:45    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-08-29 02:27 . 2014-08-29 19:22    --------    d-----w-    c:\programdata\HitmanPro
2014-08-29 02:26 . 2014-08-29 02:26    --------    d-----w-    c:\program files (x86)\ESET
2014-08-28 22:21 . 2014-08-28 22:24    --------    d-----w-    C:\FRST
2014-08-28 22:20 . 2014-08-29 14:15    128728    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-28 22:19 . 2014-08-29 14:15    92888    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-08-28 22:19 . 2014-08-28 22:19    --------    d-----w-    c:\programdata\Malwarebytes
2014-08-28 22:19 . 2014-08-28 22:19    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-08-28 22:19 . 2014-05-12 14:26    64216    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-08-28 22:19 . 2014-05-12 14:25    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-08-28 18:24 . 2014-08-28 18:25    --------    d-----w-    c:\program files\CCleaner
2014-08-28 18:23 . 2014-08-28 19:06    --------    d-----w-    c:\users\User\AppData\Local\CrashDumps
2014-08-28 15:03 . 2014-08-29 02:28    33512    ----a-w-    c:\windows\SysWow64\drivers\TrueSight.sys
2014-08-28 15:03 . 2014-08-28 15:03    --------    d-----w-    c:\programdata\RogueKiller
2014-08-27 22:28 . 2014-08-29 02:34    --------    d-----w-    C:\AdwCleaner
2014-08-27 21:20 . 2014-08-27 21:20    --------    d-----w-    c:\users\User\AppData\Local\ElevatedDiagnostics
2014-08-20 21:41 . 2014-08-02 00:15    105440    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-20 21:41 . 2014-08-02 00:15    704480    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-17 16:05 . 2014-07-15 22:51    71168    ----a-w-    c:\windows\system32\drivers\hdaudbus.sys
2014-08-17 15:48 . 2014-06-10 22:44    35480    ----a-w-    c:\windows\system32\TsWpfWrp.exe
2014-08-17 15:48 . 2014-06-10 22:43    35480    ----a-w-    c:\windows\SysWow64\TsWpfWrp.exe
2014-08-17 03:18 . 2014-05-03 06:34    6974808    ----a-w-    c:\windows\system32\ntoskrnl.exe
2014-08-17 03:18 . 2014-05-01 22:37    1023488    ----a-w-    c:\windows\system32\localspl.dll
2014-08-17 03:18 . 2014-05-03 06:33    1824808    ----a-w-    c:\windows\system32\ntdll.dll
2014-08-17 03:18 . 2014-05-03 04:51    1408976    ----a-w-    c:\windows\SysWow64\ntdll.dll
2014-08-17 03:18 . 2014-04-29 22:32    126464    ----a-w-    c:\windows\system32\Robocopy.exe
2014-08-17 03:18 . 2014-04-23 23:38    693760    ----a-w-    c:\windows\system32\WSShared.dll
2014-08-17 03:18 . 2014-04-29 22:32    106496    ----a-w-    c:\windows\SysWow64\Robocopy.exe
2014-08-17 03:18 . 2014-04-23 23:51    566784    ----a-w-    c:\windows\SysWow64\WSShared.dll
2014-08-17 03:18 . 2014-04-23 23:51    124928    ----a-w-    c:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-17 03:18 . 2014-04-23 23:38    163840    ----a-w-    c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-17 03:16 . 2014-05-29 04:04    94552    ----a-w-    c:\windows\system32\drivers\mountmgr.sys
2014-08-17 03:16 . 2014-05-08 01:34    328024    ----a-w-    c:\windows\system32\drivers\Classpnp.sys
2014-08-17 03:16 . 2014-06-13 01:57    1453400    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2014-08-17 03:16 . 2014-06-13 01:55    199680    ----a-w-    c:\windows\system32\cdd.dll
2014-08-17 03:15 . 2014-07-24 12:09    19279872    ----a-w-    c:\windows\system32\mshtml.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-17 16:51 . 2013-03-13 01:37    99218768    ----a-w-    c:\windows\system32\MRT.exe
2014-08-10 02:28 . 2012-07-26 08:13    23256    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-06 08:07 . 2014-08-06 08:07    232896    ----a-w-    c:\windows\apppatch\apppatch64\SPVCLdr64.dll
2014-06-19 18:21 . 2014-06-19 18:21    687    ----a-w-    C:\awh9B1A.tmp
2014-06-17 23:27 . 2014-07-18 19:17    1440256    ----a-w-    c:\windows\SysWow64\osk.exe
2014-06-17 23:24 . 2014-07-18 19:17    1557504    ----a-w-    c:\windows\system32\osk.exe
2014-06-15 21:45 . 2014-06-15 21:45    108544    ----a-w-    c:\windows\SysWow64\hfnapi.dll
2014-06-11 04:18 . 2014-07-18 19:17    4038144    ----a-w-    c:\windows\system32\win32k.sys
2014-06-06 14:06 . 2014-07-18 19:16    596480    ----a-w-    c:\windows\system32\qedit.dll
2014-06-06 10:17 . 2014-07-18 19:16    497152    ----a-w-    c:\windows\SysWow64\qedit.dll
2014-06-05 10:54 . 2014-06-23 22:55    10779000    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{B74279CC-D788-412A-BEDE-B1C6D3E56C43}\mpengine.dll
2014-06-02 22:33 . 2014-07-18 19:17    265216    ----a-w-    c:\windows\system32\InkEd.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-07-27 18:45    1730256    ----a-w-    c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-07-27 18:45    1730256    ----a-w-    c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-07-27 18:45    1730256    ----a-w-    c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Send to OneNote.lnk - c:\program files\Microsoft Office\Office15\ONENOTEM.EXE /tsr [2014-6-10 222384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\New Version\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\New Version\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\New Version\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\New Version\mbamservice.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\System32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 SPPD;SPPD;c:\windows\system32\drivers\SPPD.sys;c:\windows\SYSNATIVE\drivers\SPPD.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\System32\drivers\ssadbus.sys;c:\windows\SYSNATIVE\drivers\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 WSDScan;WSD Scan Support;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2013-09-05 14:04    215416    ----a-w-    c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-06-24 01:16]
.
2014-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-06-24 01:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-07-27 18:41    2335960    ----a-w-    c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-07-27 18:41    2335960    ----a-w-    c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-07-27 18:41    2335960    ----a-w-    c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{4D503352-5636-006A-76A7-7A786E7484D7} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-Better Surf Plus - c:\program files (x86)\BetterSurf\BetterSurfPlus\uninstall.exe
AddRemove-inethnfd - c:\program files (x86)\Common Files\Config\uninstinethnfd.exe
AddRemove-MediaBuzzV1mode8994 - c:\program files (x86)\MediaBuzzV1\MediaBuzzV1mode8994\uninstall.exe
AddRemove-MediaPlayerV1alpha237 - c:\program files (x86)\MediaPlayerV1\MediaPlayerV1alpha237\uninstall.exe
AddRemove-MediaViewerV1alpha1092 - c:\program files (x86)\MediaViewerV1\MediaViewerV1alpha1092\uninstall.exe
AddRemove-MediaViewV1alpha133 - c:\program files (x86)\MediaViewV1\MediaViewV1alpha133\uninstall.exe
AddRemove-MediaViewV1alpha469 - c:\program files (x86)\MediaViewV1\MediaViewV1alpha469\uninstall.exe
AddRemove-MediaWatchV1home3161 - c:\program files (x86)\MediaWatchV1\MediaWatchV1home3161\uninstall.exe
AddRemove-RichMediaViewV1release815 - c:\program files (x86)\RichMediaViewV1\RichMediaViewV1release815\uninstall.exe
AddRemove-Video Player - c:\program files (x86)\VideoPlayerV3\VideoPlayerV3beta329\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2014-08-29  14:15:47
ComboFix-quarantined-files.txt  2014-08-29 21:15
ComboFix2.txt  2014-08-29 02:12
.
Pre-Run: 16,574,545,920 bytes free
Post-Run: 16,519,954,432 bytes free
.
- - End Of File - - E7FC51D7F30BD4140524071BE71E3380
A36C5E4F47E84449FF07ED3517B43A31
 

 

 

FRST

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-08-2014
Ran by User at 2014-09-05 11:03:16 Run:1
Running from C:\Users\User\Desktop
Boot Mode: Safe Mode (with Networking)
==============================================

Content of fixlist:
*****************
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
C:\ProgramData\wavav0bdtzbtb43b.reg

*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
"HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => Key not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
SPPD => Service deleted successfully.
C:\ProgramData\wavav0bdtzbtb43b.reg => Moved successfully.


The system needed a reboot.

==== End of Fixlog ====



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,619 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:51 AM

Posted 05 September 2014 - 02:10 PM

Yes, please download a new version. In addition, please do this.

===================================================

Virustotal Online Virus Scanner

--------------------
  • Please go to Virustotal
  • Select Choose File
  • Navigate to the following file (if multiple files then one at a time), double click on it so the file name is populated, then click Scan it!
  • IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.

C:\awh9B1A.tmp

  • Once completed, highlight the information in the address bar and copy then paste the link in your reply
virustotal.jpg

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST logs (2)
  • Virustotal link

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Tiggy65

Tiggy65
  • Topic Starter

  • Members
  • 254 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 05 September 2014 - 02:20 PM

Okay, I downloaded new version of FRST but to clarify, am I running a new scan or rerunning the fix?  I assume a scan.  Also, the tmp file, I have placed on the flash to have it scanned via Virustotal, I assume that is safe for my clean computer since it is on the usb flash drive?



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,619 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:51 AM

Posted 05 September 2014 - 02:59 PM

Yes, we want to run a scan and not a fix. The previous fix was successful.

I forgot the USB thing and I don't want to take a chance. Please upload that file here and I will scan it.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Tiggy65

Tiggy65
  • Topic Starter

  • Members
  • 254 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 05 September 2014 - 03:11 PM

I went ahead, and did both the way I understood it.  :)   I knew i should have downloaded FRST newest version once I saw the 11 days old, I do apologize for creating more work!

 

https://www.virustotal.com/en/file/ba88acc58b812a5e32bd59aa909b64ddf641f45790ff0a4531db8510c8f304aa/analysis/1409947195/

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02
Ran by User (administrator) on PC on 05-09-2014 12:57:42
Running from C:\Users\User\Desktop
Platform: Windows 8 Pro (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\User\Desktop\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x912476A72E70CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {E2DDD734-A6BA-4233-90A6-E4EB9600CBC9} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
SearchScopes: HKCU - {0DC956A5-47A5-422F-9EBC-2A44C4DD4F0F} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
SearchScopes: HKCU - {A9875869-4FED-432A-9ED7-C91CCBA5645F} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3279141&CUI=UN20362749333170717
SearchScopes: HKCU - {C6E2D6B9-A925-4C44-B724-9C2A54F6357A} URL = http://asksearch.ask.com/redirect?client=ie&src=kw&tb=MP3RV6&itbv=11.7.1.64&o=APN10719&locale=en_US&apn_uid=C8CB0365-93F6-4E32-A437-B225137600D2&apn_ptnrs=^AT0&apn_dtid=^YYYYYY^YY^US&apn_dbr=iexplore.exe_6_10.0.9200.16518&doi=2013-03-29&q={searchTerms}&
SearchScopes: HKCU - {DF990943-3659-4BE7-932A-88C7B50380DD} URL = http://tuvaro.com/ws/?source=5bdb504d&tbp=rbox&toolbarid=base&u=e65dcc05000000000000001c2604fbb2&q={searchTerms}
SearchScopes: HKCU - {E2DDD734-A6BA-4233-90A6-E4EB9600CBC9} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - No Name - {4D503352-5636-006A-76A7-7A786E7484D7} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [ext@RichMediaViewV1release815.net] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release815\ff

Chrome:
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\default
CHR HKLM-x32\...\Chrome\Extension: [abpbmeegdadkgffbmpckdbocaaalebai] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home3161\ch\MediaWatchV1home3161.crx []
CHR HKLM-x32\...\Chrome\Extension: [bilacamkigiklpildhmiakhccicocdfc] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha111\ch\WebexpEnhancedV1alpha111.crx []
CHR HKLM-x32\...\Chrome\Extension: [bllmpbameimkejgpbfiebmbnmeejilma] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release815\ch\RichMediaViewV1release815.crx []
CHR HKLM-x32\...\Chrome\Extension: [coinagljmebjolhdnepmdgflnolbkbba] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode8994\ch\MediaBuzzV1mode8994.crx []
CHR HKLM-x32\...\Chrome\Extension: [ddaodjipkbaiephebjjogakgpafhghag] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1092\ch\MediaViewerV1alpha1092.crx []
CHR HKLM-x32\...\Chrome\Extension: [fcijfcieakkghmljlnholodemnekfhbk] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha133\ch\MediaViewV1alpha133.crx []
CHR HKLM-x32\...\Chrome\Extension: [ggejjckcjldihnldhlganahmdihlpnda] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha469\ch\MediaViewV1alpha469.crx []
CHR HKLM-x32\...\Chrome\Extension: [hdkmiiiieaenednehndkjbbhcdhpboab] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta329\ch\VideoPlayerV3beta329.crx []
CHR HKLM-x32\...\Chrome\Extension: [mmifolfpllfdhilecpdpmemhelmanajl] - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx []
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\New Version\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\New Version\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
R3 guardian2; C:\Windows\System32\Drivers\oz776x64.sys [85280 2009-09-09] (O2Micro)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-30] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-01-19] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2014-08-28] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-05 12:51 - 2014-09-05 12:57 - 00010114 _____ () C:\Users\User\Desktop\FRST.txt
2014-09-05 12:17 - 2014-09-05 15:13 - 02104832 _____ (Farbar) C:\Users\User\Desktop\FRST64(1).exe
2014-08-30 07:10 - 2014-08-30 07:10 - 00012709 _____ () C:\Users\User\Documents\DDS.txt
2014-08-29 14:15 - 2014-08-29 14:15 - 00014023 _____ () C:\ComboFix.txt
2014-08-29 07:15 - 2014-08-29 07:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-29 07:14 - 2014-08-29 07:45 - 00000000 ____D () C:\Users\User\Desktop\mbar
2014-08-28 20:08 - 2014-08-29 12:49 - 00044736 _____ () C:\Users\User\Desktop\Extras.Txt
2014-08-28 20:06 - 2014-08-29 12:45 - 00128438 _____ () C:\Users\User\Desktop\OTL.Txt
2014-08-28 19:51 - 2014-08-28 22:39 - 00602112 _____ (OldTimer Tools) C:\Users\User\Desktop\OTL.exe
2014-08-28 19:28 - 2014-08-28 11:01 - 04851288 _____ () C:\Users\User\Desktop\RogueKiller.exe
2014-08-28 19:27 - 2014-08-29 12:22 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-28 19:26 - 2014-08-28 19:26 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-28 18:56 - 2014-08-29 14:15 - 00000000 ____D () C:\Qoobox
2014-08-28 18:56 - 2014-08-28 21:52 - 05574834 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe
2014-08-28 18:56 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-28 18:56 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-28 18:56 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-28 18:56 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-28 18:56 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-28 18:56 - 2000-08-30 17:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2014-08-28 18:56 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-28 18:56 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-28 18:56 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-28 18:55 - 2014-08-28 19:09 - 00000000 ____D () C:\Windows\erdnt
2014-08-28 15:51 - 2014-08-28 15:51 - 00000000 ____D () C:\Users\User\Desktop\mbam-chameleon-3.1.4.0
2014-08-28 15:50 - 2014-08-28 18:47 - 04872677 _____ () C:\Users\User\Desktop\mbam-chameleon-3.1.4.0.zip
2014-08-28 15:43 - 2014-08-28 18:41 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\User\Desktop\tdsskiller.exe
2014-08-28 15:23 - 2014-09-05 12:55 - 00037297 _____ () C:\Users\User\Desktop\Addition.txt
2014-08-28 15:21 - 2014-09-05 12:57 - 00000000 ____D () C:\FRST
2014-08-28 15:20 - 2014-08-30 06:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-28 15:20 - 2014-08-28 15:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-28 15:19 - 2014-08-29 07:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-28 15:19 - 2014-08-28 15:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-28 15:19 - 2014-08-28 15:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-28 15:19 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-28 15:19 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-28 12:04 - 2014-08-28 13:26 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-28 11:24 - 2014-08-28 11:25 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-28 11:24 - 2014-08-28 11:25 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-28 11:24 - 2014-08-28 11:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-28 11:23 - 2014-08-28 13:08 - 04901352 _____ (Piriform Ltd) C:\Users\User\Desktop\ccsetup417.exe
2014-08-28 11:23 - 2014-08-28 12:06 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-08-28 11:22 - 2014-08-28 11:21 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\rkill64.exe
2014-08-28 11:08 - 2014-08-28 13:53 - 00854417 _____ () C:\Users\User\Desktop\SecurityCheck.exe
2014-08-28 10:54 - 2014-08-28 10:54 - 00007511 _____ () C:\DETECTION.txt
2014-08-28 10:36 - 2014-08-28 13:32 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\iExplore(1).exe
2014-08-28 10:11 - 2014-08-30 06:52 - 00013371 _____ () C:\Users\User\Desktop\attach.txt
2014-08-28 10:11 - 2014-08-30 06:52 - 00012709 _____ () C:\Users\User\Desktop\dds.txt
2014-08-28 10:07 - 2014-08-28 13:06 - 00688992 ____R (Swearware) C:\Users\User\Desktop\dds.com
2014-08-28 09:58 - 2014-08-28 12:08 - 01016261 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2014-08-28 08:03 - 2014-08-28 19:28 - 00033512 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-08-28 08:03 - 2014-08-28 08:03 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-28 07:34 - 2014-08-27 17:41 - 01364531 _____ () C:\Users\User\Desktop\AdwCleaner.exe
2014-08-28 07:10 - 2014-08-28 07:11 - 00280408 _____ () C:\Windows\Minidump\082814-47424-01.dmp
2014-08-28 07:10 - 2014-08-28 07:10 - 239079621 _____ () C:\Windows\MEMORY.DMP
2014-08-28 07:10 - 2014-08-28 07:10 - 00000000 ____D () C:\Windows\Minidump
2014-08-27 18:00 - 2014-08-27 18:00 - 00000000 _____ () C:\Recovery.txt
2014-08-27 15:28 - 2014-08-30 07:37 - 00000000 ____D () C:\AdwCleaner
2014-08-27 14:03 - 2014-08-29 13:58 - 00004582 _____ () C:\Users\User\Desktop\Rkill.txt
2014-08-20 14:41 - 2014-08-01 17:15 - 00704480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-20 14:41 - 2014-08-01 17:15 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-17 09:05 - 2014-07-15 15:51 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-08-17 08:48 - 2014-06-10 15:44 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-17 08:48 - 2014-06-10 15:43 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-16 20:18 - 2014-05-02 23:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-08-16 20:18 - 2014-05-02 23:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-08-16 20:18 - 2014-05-02 21:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-08-16 20:18 - 2014-05-01 15:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-08-16 20:18 - 2014-04-29 15:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-08-16 20:18 - 2014-04-29 15:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-08-16 20:18 - 2014-04-23 16:51 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-08-16 20:18 - 2014-04-23 16:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-16 20:18 - 2014-04-23 16:38 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-08-16 20:18 - 2014-04-23 16:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-16 20:17 - 2014-06-19 16:35 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-16 20:17 - 2014-06-19 15:24 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-16 20:17 - 2014-06-05 10:56 - 00112984 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-16 20:17 - 2014-06-05 10:30 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-08-16 20:17 - 2014-06-05 10:29 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-16 20:17 - 2014-06-05 10:29 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-16 20:17 - 2014-06-05 10:28 - 02306560 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-16 20:17 - 2014-06-05 10:28 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-08-16 20:17 - 2014-06-05 06:12 - 08857600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-08-16 20:17 - 2014-06-05 06:11 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-16 20:17 - 2014-06-05 06:11 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-16 20:17 - 2014-06-05 06:10 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-16 20:17 - 2014-06-05 06:10 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-08-16 20:16 - 2014-06-12 18:57 - 01453400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-16 20:16 - 2014-06-12 18:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-16 20:16 - 2014-05-28 21:04 - 00094552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2014-08-16 20:16 - 2014-05-07 18:34 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-08-16 20:15 - 2014-07-24 05:09 - 19279872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-16 20:14 - 2014-07-24 05:11 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-16 20:14 - 2014-07-24 05:10 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-16 20:14 - 2014-07-24 05:10 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-16 20:14 - 2014-07-24 05:10 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-08-16 20:14 - 2014-07-24 05:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-08-16 20:14 - 2014-07-24 05:09 - 15399936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-16 20:14 - 2014-07-24 05:09 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-16 20:14 - 2014-07-24 05:09 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-16 20:14 - 2014-07-24 05:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-16 20:14 - 2014-07-24 05:09 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-16 20:14 - 2014-07-24 05:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-16 20:14 - 2014-07-24 05:09 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-16 20:14 - 2014-07-24 05:09 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-16 20:14 - 2014-07-24 05:09 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-16 20:14 - 2014-07-24 05:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-16 20:14 - 2014-07-24 05:09 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-16 20:14 - 2014-07-24 05:09 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-16 20:14 - 2014-07-24 05:09 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-16 20:14 - 2014-07-24 05:09 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-16 20:14 - 2014-07-24 05:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-16 20:14 - 2014-07-24 03:52 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-16 20:14 - 2014-07-24 03:52 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-16 20:14 - 2014-07-24 03:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-08-16 20:14 - 2014-07-24 03:51 - 14371328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-16 20:14 - 2014-07-24 03:51 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-16 20:14 - 2014-07-24 03:51 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-16 20:14 - 2014-07-24 03:51 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-16 20:14 - 2014-07-24 03:51 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-16 20:14 - 2014-07-24 03:51 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-16 20:14 - 2014-07-24 03:51 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-16 20:14 - 2014-07-24 03:51 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-16 20:14 - 2014-07-24 03:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-16 20:14 - 2014-07-24 03:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-16 20:14 - 2014-07-24 03:51 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-16 20:14 - 2014-07-24 03:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-16 20:14 - 2014-07-24 03:51 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-16 20:14 - 2014-07-24 03:51 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-16 20:14 - 2014-07-24 03:51 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-16 20:14 - 2014-07-24 03:51 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-16 20:14 - 2014-07-24 03:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-16 20:14 - 2014-07-24 03:29 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-16 20:14 - 2014-07-24 01:03 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-05 15:13 - 2014-09-05 12:17 - 02104832 _____ (Farbar) C:\Users\User\Desktop\FRST64(1).exe
2014-09-05 12:57 - 2014-09-05 12:51 - 00010114 _____ () C:\Users\User\Desktop\FRST.txt
2014-09-05 12:57 - 2014-08-28 15:21 - 00000000 ____D () C:\FRST
2014-09-05 12:55 - 2014-08-28 15:23 - 00037297 _____ () C:\Users\User\Desktop\Addition.txt
2014-09-05 11:03 - 2012-07-26 01:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-05 11:03 - 2012-07-25 22:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-08-30 07:37 - 2014-08-27 15:28 - 00000000 ____D () C:\AdwCleaner
2014-08-30 07:10 - 2014-08-30 07:10 - 00012709 _____ () C:\Users\User\Documents\DDS.txt
2014-08-30 06:52 - 2014-08-28 10:11 - 00013371 _____ () C:\Users\User\Desktop\attach.txt
2014-08-30 06:52 - 2014-08-28 10:11 - 00012709 _____ () C:\Users\User\Desktop\dds.txt
2014-08-30 06:08 - 2013-02-25 01:01 - 01093528 _____ () C:\Windows\WindowsUpdate.log
2014-08-30 06:07 - 2014-08-28 15:20 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-30 06:07 - 2014-06-23 18:16 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-30 06:05 - 2012-07-26 00:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-30 06:04 - 2013-02-25 00:49 - 00736914 _____ () C:\Windows\PFRO.log
2014-08-29 14:15 - 2014-08-29 14:15 - 00014023 _____ () C:\ComboFix.txt
2014-08-29 14:15 - 2014-08-28 18:56 - 00000000 ____D () C:\Qoobox
2014-08-29 14:10 - 2012-07-25 22:26 - 00000215 _____ () C:\Windows\system.ini
2014-08-29 13:58 - 2014-08-27 14:03 - 00004582 _____ () C:\Users\User\Desktop\Rkill.txt
2014-08-29 12:49 - 2014-08-28 20:08 - 00044736 _____ () C:\Users\User\Desktop\Extras.Txt
2014-08-29 12:45 - 2014-08-28 20:06 - 00128438 _____ () C:\Users\User\Desktop\OTL.Txt
2014-08-29 12:22 - 2014-08-28 19:27 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-29 07:45 - 2014-08-29 07:15 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-29 07:45 - 2014-08-29 07:14 - 00000000 ____D () C:\Users\User\Desktop\mbar
2014-08-29 07:15 - 2014-08-28 15:19 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-28 22:39 - 2014-08-28 19:51 - 00602112 _____ (OldTimer Tools) C:\Users\User\Desktop\OTL.exe
2014-08-28 21:52 - 2014-08-28 18:56 - 05574834 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe
2014-08-28 19:28 - 2014-08-28 08:03 - 00033512 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-08-28 19:26 - 2014-08-28 19:26 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-28 19:09 - 2014-08-28 18:55 - 00000000 ____D () C:\Windows\erdnt
2014-08-28 18:47 - 2014-08-28 15:50 - 04872677 _____ () C:\Users\User\Desktop\mbam-chameleon-3.1.4.0.zip
2014-08-28 18:41 - 2014-08-28 15:43 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\User\Desktop\tdsskiller.exe
2014-08-28 15:51 - 2014-08-28 15:51 - 00000000 ____D () C:\Users\User\Desktop\mbam-chameleon-3.1.4.0
2014-08-28 15:20 - 2014-08-28 15:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-28 15:19 - 2014-08-28 15:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-28 15:19 - 2014-08-28 15:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-28 14:45 - 2014-06-23 18:49 - 00000000 ____D () C:\Program Files\Google
2014-08-28 14:45 - 2014-06-23 18:16 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-28 14:45 - 2014-06-23 17:55 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-28 13:53 - 2014-08-28 11:08 - 00854417 _____ () C:\Users\User\Desktop\SecurityCheck.exe
2014-08-28 13:32 - 2014-08-28 10:36 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\iExplore(1).exe
2014-08-28 13:26 - 2014-08-28 12:04 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-28 13:08 - 2014-08-28 11:23 - 04901352 _____ (Piriform Ltd) C:\Users\User\Desktop\ccsetup417.exe
2014-08-28 13:06 - 2014-08-28 10:07 - 00688992 ____R (Swearware) C:\Users\User\Desktop\dds.com
2014-08-28 12:08 - 2014-08-28 09:58 - 01016261 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2014-08-28 12:06 - 2014-08-28 11:23 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-08-28 11:25 - 2014-08-28 11:24 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-28 11:25 - 2014-08-28 11:24 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-28 11:24 - 2014-08-28 11:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-28 11:21 - 2014-08-28 11:22 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\rkill64.exe
2014-08-28 11:01 - 2014-08-28 19:28 - 04851288 _____ () C:\Users\User\Desktop\RogueKiller.exe
2014-08-28 10:57 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\WinStore
2014-08-28 10:54 - 2014-08-28 10:54 - 00007511 _____ () C:\DETECTION.txt
2014-08-28 08:03 - 2014-08-28 08:03 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-28 07:43 - 2014-06-23 18:16 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-28 07:43 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\sru
2014-08-28 07:11 - 2014-08-28 07:10 - 00280408 _____ () C:\Windows\Minidump\082814-47424-01.dmp
2014-08-28 07:10 - 2014-08-28 07:10 - 239079621 _____ () C:\Windows\MEMORY.DMP
2014-08-28 07:10 - 2014-08-28 07:10 - 00000000 ____D () C:\Windows\Minidump
2014-08-27 22:11 - 2014-07-18 08:17 - 00001350 _____ () C:\Users\User\Desktop\Clean Registry for Free!.lnk
2014-08-27 18:00 - 2014-08-27 18:00 - 00000000 _____ () C:\Recovery.txt
2014-08-27 17:41 - 2014-08-28 07:34 - 01364531 _____ () C:\Users\User\Desktop\AdwCleaner.exe
2014-08-27 16:57 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\registration
2014-08-27 16:34 - 2012-07-26 00:28 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-27 16:29 - 2014-06-23 18:50 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-27 14:24 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\rescache
2014-08-27 14:24 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-27 14:19 - 2012-07-25 22:38 - 00000000 ____D () C:\Windows\system32\Sysprep
2014-08-27 13:36 - 2012-07-26 00:21 - 00034236 _____ () C:\Windows\setupact.log
2014-08-27 08:18 - 2012-07-26 00:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-26 17:27 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-08-20 20:05 - 2013-08-26 20:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-20 20:02 - 2013-08-26 20:58 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-08-20 14:31 - 2012-07-26 01:12 - 00000000 ___RD () C:\Windows\ToastData
2014-08-17 09:55 - 2013-08-14 04:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-17 09:51 - 2013-03-12 18:37 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\User\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

TDL4: custom:26000022 <===== ATTENTION!


LastRegBack: 2014-08-27 16:41

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014 02
Ran by User at 2014-09-05 12:58:33
Running from C:\Users\User\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.6.0.5970 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
Better Surf Plus (HKLM-x32\...\Better Surf Plus) (Version: 1.1 - Better Surf) <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8E17BF11-A72D-4DA8-BFAA-DD262C17C2DE}) (Version:  - Microsoft)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Internet Explorer Toolbar 4.7 by SweetPacks (HKLM-x32\...\{80F3F10B-A177-4494-93CE-98090D819093}) (Version: 4.7.0008 - SweetIM Technologies Ltd.) <==== ATTENTION
Java Auto Updater (x32 Version: 2.0.2.4 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Media Buzz (HKLM-x32\...\MediaBuzzV1mode8994) (Version: 1.1 - Media Buzz) <==== ATTENTION
Media Player (HKLM-x32\...\MediaPlayerV1alpha237) (Version: 1.1 - Media Player) <==== ATTENTION
Media View (HKLM-x32\...\MediaViewV1alpha133) (Version: 1.1 - Media View) <==== ATTENTION
Media View (HKLM-x32\...\MediaViewV1alpha469) (Version: 1.1 - Media View) <==== ATTENTION
Media Viewer (HKLM-x32\...\MediaViewerV1alpha1092) (Version: 1.1 - Media Viewer) <==== ATTENTION
Media Watch (HKLM-x32\...\MediaWatchV1home3161) (Version: 1.1 - Media Watch) <==== ATTENTION
Microsoft Access MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Word MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
MP3 Rocket Toolbar (HKLM-x32\...\{4D503352-5636-006A-76A7-A758B70C0F05}) (Version: 12.15.5.1012 - APN, LLC)
Network System Driver (HKLM-x32\...\inethnfd) (Version: 1.0.0.3001 - ) <==== ATTENTION
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Rich Media View (HKLM-x32\...\RichMediaViewV1release815) (Version: 1.1 - Rich Media View) <==== ATTENTION
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for Microsoft Excel 2013 (KB2883061) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{B74255AD-6736-4648-A35E-CCB2D38D3818}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2883061) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{B74255AD-6736-4648-A35E-CCB2D38D3818}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2883061) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUS_{B74255AD-6736-4648-A35E-CCB2D38D3818}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2883061) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{B74255AD-6736-4648-A35E-CCB2D38D3818}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2881070) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{2B0BC4FE-4936-4EC6-8521-526CF31B3DC4}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2881070) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{2B0BC4FE-4936-4EC6-8521-526CF31B3DC4}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2881070) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{2B0BC4FE-4936-4EC6-8521-526CF31B3DC4}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2881083) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{8260F0BF-F234-41FC-AB11-218A9925F77B}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760249) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{7A4AB8E1-C091-4BD3-B308-844BA6EE752A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{EF77B4A6-DFEC-4010-A87D-9B6BF87FABEC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{62857CDD-2985-4939-91BA-19ED0B0031A5}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{0814662C-FD28-4DE0-ACE5-EE50D1D6C8FB}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2826040) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C4AEA56A-0759-4D08-9FAB-31A92137D0B8}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D692E9FF-84BF-4F44-A0EA-D58ECE0D538E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{290D80DE-03AB-47EC-9402-108AF4CE4F66}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880457) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{EC2AF602-2730-4B05-9438-06CDE43153F2}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8116ED50-F1E7-49E1-9D8D-421497D34B0F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881009) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3033838D-15E0-4199-8CBD-A7F2057AE653}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0090-0409-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E919ACF4-A1D7-4CAA-A103-5EB115563721}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883049) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{39D9DAC1-16A7-430A-B2F3-4D3D000454D0}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883052) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{FA74B1B8-D3F4-4B4A-88DE-41CB8CEDAC3F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883052) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{FA74B1B8-D3F4-4B4A-88DE-41CB8CEDAC3F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883052) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{FA74B1B8-D3F4-4B4A-88DE-41CB8CEDAC3F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUS_{F9C35D99-CA8E-4D17-B785-66AC654D5664}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUS_{18C53DCB-FA98-4A7B-BC2E-6DA30D4E4901}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}_Office15.PROPLUS_{6E2862B8-C10A-4FD0-9B82-8D9761301AAA}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883062) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{4A0B4ED7-3652-42C9-9D7E-42686986F69A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883062) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{4A0B4ED7-3652-42C9-9D7E-42686986F69A}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-00BA-0409-1000-0000000FF1CE}_Office15.PROPLUS_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-00C1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00A1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2883051) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E2C51083-2E10-4E61-8F36-E6308DD0FA94}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2883051) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUS_{E2C51083-2E10-4E61-8F36-E6308DD0FA94}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0019-0409-1000-0000000FF1CE}_Office15.PROPLUS_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version:  - Microsoft)
Update for Microsoft Visio 2013 (KB2837632) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{97183E08-6B06-40F1-80A9-585C4AEF98F1}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BC51FE30-3A56-4802-8D9E-E9BC05B56B49}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2883058) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{650D4F00-56F1-4E8F-ABFD-7C842253C96A}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2883058) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{650D4F00-56F1-4E8F-ABFD-7C842253C96A}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2883058) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{650D4F00-56F1-4E8F-ABFD-7C842253C96A}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2883058) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{650D4F00-56F1-4E8F-ABFD-7C842253C96A}) (Version:  - Microsoft)
Video Player (HKLM-x32\...\Video Player) (Version: 1.1 - Video Player) <==== ATTENTION
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-25 22:26 - 2012-07-25 22:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2C3A9362-257F-4874-9817-9F31DE62953A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {4D4E34D3-BC2A-468D-95ED-9416B6DCA590} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {70901007-4A89-4559-8CA3-87E5890250A1} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {8EF2CA64-08C0-4DAF-B59F-02C9BE7BB95E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-08-17] (Microsoft Corporation)
Task: {965CD4E3-0C2E-457F-A676-070734A23147} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A8E3DCD4-1D92-48F4-A677-2F91F80991CA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-23] (Google Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D64211E3-7F0D-4473-BC0D-9F9A0C987024} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-23] (Google Inc.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F8B52D62-6FDE-4E70-B2BD-F5511A476D03} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-27 11:41 - 2014-07-27 11:41 - 08892576 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "AvastUI.exe"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKCU\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/05/2014 11:14:23 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (09/05/2014 08:10:14 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (08/30/2014 06:25:33 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (08/29/2014 02:00:21 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x80042302).

Error: (08/29/2014 02:00:21 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043c, This service cannot be started in Safe Mode
.


Operation:
   Instantiating VSS server

Error: (08/29/2014 02:00:21 PM) (Source: VSS) (EventID: 18) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]


Operation:
   Instantiating VSS server

Error: (08/29/2014 02:00:20 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043c, This service cannot be started in Safe Mode
.


Operation:
   Instantiating VSS server

Error: (08/29/2014 02:00:20 PM) (Source: VSS) (EventID: 18) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]


Operation:
   Instantiating VSS server

Error: (08/28/2014 07:50:44 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (08/28/2014 07:26:36 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.


System errors:
=============
Error: (09/05/2014 00:58:37 PM) (Source: DCOM) (EventID: 10005) (User: PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (09/05/2014 00:58:18 PM) (Source: DCOM) (EventID: 10005) (User: PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (09/05/2014 00:58:12 PM) (Source: DCOM) (EventID: 10005) (User: PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (09/05/2014 00:58:11 PM) (Source: DCOM) (EventID: 10005) (User: PC)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (09/05/2014 00:58:07 PM) (Source: DCOM) (EventID: 10005) (User: PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (09/05/2014 00:58:01 PM) (Source: DCOM) (EventID: 10005) (User: PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (09/05/2014 00:57:54 PM) (Source: DCOM) (EventID: 10005) (User: PC)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (09/05/2014 00:57:54 PM) (Source: DCOM) (EventID: 10005) (User: PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (09/05/2014 00:57:48 PM) (Source: DCOM) (EventID: 10005) (User: PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (09/05/2014 00:57:36 PM) (Source: DCOM) (EventID: 10005) (User: PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}


Microsoft Office Sessions:
=========================
Error: (09/05/2014 11:14:23 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestD:\esetsmartinstaller_enu.exe

Error: (09/05/2014 08:10:14 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestD:\esetsmartinstaller_enu.exe

Error: (08/30/2014 06:25:33 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestD:\esetsmartinstaller_enu.exe

Error: (08/29/2014 02:00:21 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x80042302

Error: (08/29/2014 02:00:21 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode


Operation:
   Instantiating VSS server

Error: (08/29/2014 02:00:21 PM) (Source: VSS) (EventID: 18) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode


Operation:
   Instantiating VSS server

Error: (08/29/2014 02:00:20 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode


Operation:
   Instantiating VSS server

Error: (08/29/2014 02:00:20 PM) (Source: VSS) (EventID: 18) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode


Operation:
   Instantiating VSS server

Error: (08/28/2014 07:50:44 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestD:\esetsmartinstaller_enu.exe

Error: (08/28/2014 07:26:36 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestD:\esetsmartinstaller_enu.exe


CodeIntegrity Errors:
===================================
  Date: 2014-03-25 16:44:55.737
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-25 16:44:55.478
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-25 16:44:55.213
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-25 16:44:54.948
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-25 16:44:54.694
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-25 16:44:54.444
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-25 16:44:54.185
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-25 16:44:53.920
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-25 16:44:53.655
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-25 16:44:53.402
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 CPU U7600 @ 1.20GHz
Percentage of memory in use: 32%
Total physical RAM: 1526.12 MB
Available physical RAM: 1025.23 MB
Total Pagefile: 5622.12 MB
Available Pagefile: 5164.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:55.55 GB) (Free:15.84 GB) NTFS
Drive d: (HITMANPRO) (Removable) (Total:0.97 GB) (Free:0.85 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: 911F4B54)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1000 MB) (Disk ID: 1C3AA1CE)
Partition 1: (Active) - (Size=996 MB) - (Type=0B)

==================== End Of Log ============================



#12 Tiggy65

Tiggy65
  • Topic Starter

  • Members
  • 254 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 05 September 2014 - 03:14 PM

Yes, we want to run a scan and not a fix. The previous fix was successful.

I forgot the USB thing and I don't want to take a chance. Please upload that file here and I will scan it.

 

LOL, another whoops!  I decided it was okay to do. haha



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,619 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:51 AM

Posted 05 September 2014 - 04:16 PM

Greetings Robyn,

There was one entry in a previous log that was of concern to me but I wanted to seek confirmation before giving you the troublesome news. My suspicions have been confirmed, therefore I must advise you of the following before providing the next set of instructions.

===================================================

BACKDOOR WARNING!

--------------------

One or more of the identified infections is a Backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Please let me know if you have already noticed evidences of financial institution irregularities. Those accounts should be monitored from this point forward.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
 

Here are some thoughts I have put together for people who ask what they should do in light of the infection. Ultimately each user must decide for themselves what to do and the below are things you might want to consider.

It is necessary for us to at least make you aware of the worse case scenario. This is because of the potential Backdoor Trojans bring with them, but it is not a determination on our part that your situation currently falls within this worse case scenario.

Ultimately it is a personal decision whether to reformat or not. What decision should you make to let you sleep well at night? It is different for different people. I will say whether rightly or wrongly most people decide to clean and not reformat, at least initially.

The only insight I can offer is how I evaluate the issue personally even though I have never had a Backdoor Trojan on my computer. One of the primary purposes for malicious software is to somehow separate you from your money. It seems reasonable to assume that a thief trying to take your money via a Backdoor Trojan will hit you hard, and quickly. Once your computer starts to act up and you become suspicious you have the opportunity to eliminate access to your computer and change the information taken, namely account and password information. The key to this, in my opinion, is whether or not you have noticed any irregularities in your banking or other financial institutions, or things like email and social network accounts (i.e. Facebook). If you have not seen any evidence of that then you may question whether your information has truly been stolen. If it seems it hasn't, and your critical information has been changed, it is reasonable to be more confident you are safe but you must stop short of claiming an absolute guarantee.

If, after careful consideration you decide not to reformat your computer it would be wise to continue monitoring your sensitive data and don't wait to address future symptoms on your computer which seem to be malware related.

The bottom line, the only way to be absolutely sure to be rid of a Backdoor Trojan is to reformat. The decision is yours.

Oh My


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
SearchScopes: HKCU - DefaultScope {E2DDD734-A6BA-4233-90A6-E4EB9600CBC9} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
SearchScopes: HKCU - DefaultScope {E2DDD734-A6BA-4233-90A6-E4EB9600CBC9} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
SearchScopes: HKCU - {0DC956A5-47A5-422F-9EBC-2A44C4DD4F0F} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
SearchScopes: HKCU - {A9875869-4FED-432A-9ED7-C91CCBA5645F} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3279141&CUI=UN20362749333170717
SearchScopes: HKCU - {C6E2D6B9-A925-4C44-B724-9C2A54F6357A} URL = http://asksearch.ask.com/redirect?client=ie&src=kw&tb=MP3RV6&itbv=11.7.1.64&o=APN10719&locale=en_US&apn_uid=C8CB0365-93F6-4E32-A437-B225137600D2&apn_ptnrs=^AT0&apn_dtid=^YYYYYY^YY^US&apn_dbr=iexplore.exe_6_10.0.9200.16518&doi=2013-03-29&q={searchTerms}&
SearchScopes: HKCU - {DF990943-3659-4BE7-932A-88C7B50380DD} URL = http://tuvaro.com/ws/?source=5bdb504d&tbp=rbox&toolbarid=base&u=e65dcc05000000000000001c2604fbb2&q={searchTerms}
Toolbar: HKLM-x32 - No Name - {4D503352-5636-006A-76A7-7A786E7484D7} -  No File
C:\Users\User\AppData\Local\temp\Quarantine.exe
TDL4: custom:26000022 <===== ATTENTION!
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Attempt to boot into Normal Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Are you able to boot into Normal Mode?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Tiggy65

Tiggy65
  • Topic Starter

  • Members
  • 254 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 05 September 2014 - 05:07 PM

Hi Gary, Thank you.  I thought it was a backdoor at first, then I started questioning myself.  I told the owner it was a backdoor virus last week and about the reformat. I informed her of usernames and passwords, etc.  Then I started to doubt my finds because I could really never pinpoint the actual NAME of the backdoor, so I came here for help hoping it was something easy to fix.  I will go ahead and do that fix and contact them to see what they want to do.  The problem I have is, apparently she bought this used a year ago and I do not have access to Windows 8 disks, and never desire to.  I guess I or she can contact Dell to see if they can give her a copy of the Windows 8 since it would be registered to her Dell model number. She is a college student and thankfully most of her school work was on a flash drive. Anyway!

 

Question:  Is the file that I loaded on flash drive and scanned via my computer/flash to Virustotal an infected file?  It didn't seem so, clarifying.

 

Thanks again for the help, I will get the fix logs back to you.  I will NOT be connecting to the internet via her laptop, my router, if it ever gets to normal mode Windows, if she chooses not to reformat. 



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,619 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:51 AM

Posted 05 September 2014 - 05:17 PM

The file we checked via Virustotal was clean. 

 

If she is not doing any banking and has not experienced any irregularities with login or password information she may be OK if you can't get an installation disk.   


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users