Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • Please log in to reply
2 replies to this topic

#1 larral

larral

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:00 PM

Posted 31 August 2014 - 06:20 AM

Please kindly check this log :

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:15:19, on 31/08/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16521)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Seagate\Basics\Basics Status

\MaxMenuMgrBasics.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Citrix\Receiver\Receiver.exe
C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash

\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\system32\Macromed\Flash

\FlashPlayerPlugin_12_0_0_77.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash

\FlashUtil32_14_0_0_145_ActiveX.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar

= Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page

=
R1 - HKLM\Software\Microsoft\Internet Explorer

\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?

LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer

\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?

LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page

= http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer

\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer

\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer

\Toolbar,LinksFolderName =
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-

D17F00898D06} - C:\Program Files\AVAST Software\Avast

\aswWebRepIE.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST

Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam

Software\LWS.exe -hide
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix

\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate

\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files

\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google

\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [SlimCleaner Plus] "C:\Program Files

\SlimCleaner Plus\SlimCleanerPlus.exe" /minimize
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files

\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated

graphics
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} -

http://content.systemrequirementslab.com/bin/srldetect_intel_4.

5.22.0.cab
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-

893888A236BC} - C:\Program Files\Citrix\ICA Client

\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-

CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA

Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 -

{CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files

\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-

CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA

Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-

CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA

Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-

CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA

Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-

CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA

Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85

-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client

\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-

CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA

Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 -

{CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files

\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85

-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client

\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85

-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client

\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85

-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client

\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85

-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client

\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-

4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client

\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-

893888A236BC} - C:\Program Files\Citrix\ICA Client

\IcaMimeFilter.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll
O23 - Service: Acronis OS Selector Reinstall Service

(AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files

\Common Files\Acronis\Acronis Disk Director

\oss_reinstall_svc.exe (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) -

Adobe Systems Incorporated - C:\Program Files\Common Files

\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:

\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program

Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:

\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:

\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies

- C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 6550 bytes
 



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:00 PM

Posted 31 August 2014 - 01:44 PM

larral,

If you still need help do this:

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Right-click FRST then click "Run as administrator"
    When the tool opens click Yes to disclaimer.
    Press the Scan button.
    When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.


How Can I Reduce My Risk to Malware?


#3 larral

larral
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:00 PM

Posted 01 September 2014 - 02:50 PM

Hi

 

hanks so much

 

Here are the two logs as requested:

 

FIRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2014 02
Ran by Jeremy (administrator) on JEREMY-PC on 01-09-2014 20:42:56
Running from C:\Users\Jeremy\Downloads
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Maxtor Corporation) C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-03] (AVAST Software)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.)
HKLM\...\Run: [ATIModeChange] => C:\Windows\system32\Ati2mdxx.exe [26112 2011-10-26] (ATI Technologies, Inc.)
HKLM\...\Run: [basicsmssmenu] => C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe [169328 2007-10-09] (Maxtor Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKU\S-1-5-21-483800741-281416662-422344708-1001\...\Run: [GoogleDriveSync] => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-483800741-281416662-422344708-1001\...\Run: [SlimCleaner Plus] => "C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe" /minimize
HKU\S-1-5-21-483800741-281416662-422344708-1001\...\MountPoints2: {df5f8e69-b671-11e3-b247-0011431a6b87} - H:\DTVP_Launcher.exe
HKU\S-1-5-21-483800741-281416662-422344708-1001\...\MountPoints2: {df5f8e76-b671-11e3-b247-0011431a6b87} - H:\DTLplus_Launcher.exe
AppInit_DLLs: C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll => C:\Program Files\Citrix\ICA Client\RSHook.dll [256568 2012-12-14] (Citrix Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute:

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x034A958A19C6CF01
SearchScopes: HKCU - {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\vy5d4sct.default
FF Homepage: hxxp://uk.msn.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Citrix.com/npican -> C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-06]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-15]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-15] (AVAST Software)
S4 Basics Service; C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe [124280 2007-10-09] (Seagate Technology LLC)
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 AcronisOSSReinstallSvc; "C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-15] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-07-15] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-07-15] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-15] ()
R3 IntelC51; C:\Windows\System32\DRIVERS\IntelC51.sys [1339776 2005-05-06] (Intel Corporation)
R3 IntelC52; C:\Windows\System32\DRIVERS\IntelC52.sys [618880 2006-03-02] (Intel Corporation)
R3 IntelC53; C:\Windows\System32\DRIVERS\IntelC53.sys [47360 2005-05-06] (Intel Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R3 mohfilt; C:\Windows\System32\DRIVERS\mohfilt.sys [36880 2005-05-06] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-01 20:42 - 2014-09-01 20:43 - 00011407 _____ () C:\Users\Jeremy\Downloads\FRST.txt
2014-09-01 20:42 - 2014-09-01 20:42 - 00000000 ____D () C:\FRST
2014-09-01 20:41 - 2014-09-01 20:41 - 01096704 _____ (Farbar) C:\Users\Jeremy\Downloads\FRST.exe
2014-08-31 19:52 - 2014-08-31 19:52 - 00001843 _____ () C:\Users\Jeremy\Desktop\WORK - Shortcut.lnk
2014-08-31 12:15 - 2014-08-31 12:15 - 00006551 _____ () C:\Users\Jeremy\Desktop\hijackthis.log
2014-08-31 12:07 - 2014-08-31 12:07 - 00002969 _____ () C:\Users\Jeremy\Desktop\HiJackThis.lnk
2014-08-31 12:07 - 2014-08-31 12:07 - 00000000 ____D () C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-08-31 12:07 - 2014-08-31 12:07 - 00000000 ____D () C:\Program Files\Trend Micro
2014-08-31 12:05 - 2014-08-31 12:05 - 01402880 _____ () C:\Users\Jeremy\Downloads\HiJackThis.msi
2014-08-31 12:04 - 2014-08-31 14:27 - 00000152 _____ () C:\Users\Jeremy\Desktop\Hijackthis.txt
2014-08-31 11:45 - 2014-08-31 13:28 - 00000000 ____D () C:\ProgramData\BoostSoftware
2014-08-30 12:47 - 2014-08-30 12:49 - 00002310 _____ () C:\Users\Jeremy\Desktop\POF Valencia.txt
2014-08-30 10:57 - 2014-08-30 10:57 - 00425964 _____ () C:\Users\Jeremy\Desktop\Cologne.zip
2014-08-29 10:21 - 2014-08-29 10:21 - 00127718 _____ () C:\Users\Jeremy\Desktop\Norway flight options.xlsx
2014-08-28 21:29 - 2014-08-28 21:39 - 00078880 _____ () C:\Users\Jeremy\Desktop\Norway trip.xlsx
2014-08-27 10:14 - 2014-08-27 10:14 - 00000000 ____D () C:\Users\Jeremy\AppData\Roaming\PeerNetworking
2014-08-25 16:33 - 2014-08-25 16:33 - 00122787 _____ () C:\Users\Jeremy\Cherry LB AC3..jpeg
2014-08-25 16:32 - 2014-08-25 16:32 - 00060520 _____ () C:\Users\Jeremy\Cheey LB AC2..jpeg
2014-08-14 20:39 - 2014-08-30 11:59 - 00000000 ____D () C:\Users\Jeremy\Desktop\Pic
2014-08-14 19:51 - 2014-08-14 19:58 - 00032324 _____ () C:\Users\Jeremy\Desktop\August 8 2014 Quality.xlsx
2014-08-14 19:43 - 2014-08-14 20:15 - 00032476 _____ () C:\Users\Jeremy\Desktop\August 8 2014 P-8.xlsx
2014-08-11 20:20 - 2014-08-11 20:21 - 00007597 _____ () C:\Users\Jeremy\AppData\Local\resmon.resmoncfg
2014-08-11 17:57 - 2014-08-31 13:28 - 00000650 _____ () C:\Windows\PFRO.log
2014-08-11 17:52 - 2014-08-11 17:56 - 00000000 ____D () C:\AdwCleaner
2014-08-10 10:02 - 2014-08-10 10:02 - 00002503 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-10 10:02 - 2014-08-10 10:02 - 00000000 ___RD () C:\Program Files\Skype
2014-08-10 10:02 - 2014-08-10 10:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-10 10:02 - 2014-08-10 10:02 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-08-09 10:59 - 2014-08-09 11:02 - 00000082 _____ () C:\Users\Jeremy\Desktop\flowers.txt
2014-08-03 11:22 - 2014-08-03 11:25 - 00000000 ____D () C:\Users\Jeremy\Car Insurance 2014_2015
2014-08-03 09:38 - 2014-08-03 10:28 - 00000000 ___RD () C:\Users\Jeremy\Google Drive
2014-08-03 09:36 - 2014-08-03 09:36 - 00895120 _____ (Google Inc.) C:\Users\Jeremy\Downloads\googledrivesync.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-01 20:43 - 2014-09-01 20:42 - 00011407 _____ () C:\Users\Jeremy\Downloads\FRST.txt
2014-09-01 20:42 - 2014-09-01 20:42 - 00000000 ____D () C:\FRST
2014-09-01 20:41 - 2014-09-01 20:41 - 01096704 _____ (Farbar) C:\Users\Jeremy\Downloads\FRST.exe
2014-09-01 20:23 - 2009-07-14 05:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-01 20:23 - 2009-07-14 05:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-01 20:19 - 2014-03-06 21:00 - 01921411 _____ () C:\Windows\WindowsUpdate.log
2014-09-01 20:16 - 2014-03-28 19:46 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-01 20:14 - 2014-07-19 09:29 - 00007218 _____ () C:\Windows\setupact.log
2014-09-01 20:14 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-31 19:52 - 2014-08-31 19:52 - 00001843 _____ () C:\Users\Jeremy\Desktop\WORK - Shortcut.lnk
2014-08-31 19:52 - 2014-03-06 21:07 - 00000000 ____D () C:\Users\Jeremy
2014-08-31 14:27 - 2014-08-31 12:04 - 00000152 _____ () C:\Users\Jeremy\Desktop\Hijackthis.txt
2014-08-31 13:28 - 2014-08-31 11:45 - 00000000 ____D () C:\ProgramData\BoostSoftware
2014-08-31 13:28 - 2014-08-11 17:57 - 00000650 _____ () C:\Windows\PFRO.log
2014-08-31 12:15 - 2014-08-31 12:15 - 00006551 _____ () C:\Users\Jeremy\Desktop\hijackthis.log
2014-08-31 12:10 - 2014-03-06 21:07 - 00000000 ____D () C:\Users\Jeremy\AppData\Local\VirtualStore
2014-08-31 12:07 - 2014-08-31 12:07 - 00002969 _____ () C:\Users\Jeremy\Desktop\HiJackThis.lnk
2014-08-31 12:07 - 2014-08-31 12:07 - 00000000 ____D () C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-08-31 12:07 - 2014-08-31 12:07 - 00000000 ____D () C:\Program Files\Trend Micro
2014-08-31 12:05 - 2014-08-31 12:05 - 01402880 _____ () C:\Users\Jeremy\Downloads\HiJackThis.msi
2014-08-31 11:36 - 2014-03-14 17:27 - 00000000 ____D () C:\Users\Jeremy\WORK
2014-08-31 11:33 - 2010-11-20 22:01 - 00726316 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-30 18:07 - 2014-04-04 21:54 - 00000000 ____D () C:\Users\Jeremy\AppData\Roaming\Skype
2014-08-30 17:12 - 2014-06-06 15:25 - 00000000 ____D () C:\Users\Jeremy\AppData\Roaming\PrimoPDF
2014-08-30 12:49 - 2014-08-30 12:47 - 00002310 _____ () C:\Users\Jeremy\Desktop\POF Valencia.txt
2014-08-30 11:59 - 2014-08-14 20:39 - 00000000 ____D () C:\Users\Jeremy\Desktop\Pic
2014-08-30 10:57 - 2014-08-30 10:57 - 00425964 _____ () C:\Users\Jeremy\Desktop\Cologne.zip
2014-08-29 15:04 - 2014-03-31 20:04 - 00000000 ___RD () C:\Users\Jeremy\Dropbox
2014-08-29 11:19 - 2014-03-31 20:02 - 00000000 ____D () C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-29 11:19 - 2014-03-31 20:01 - 00000000 ____D () C:\Users\Jeremy\AppData\Roaming\Dropbox
2014-08-29 10:21 - 2014-08-29 10:21 - 00127718 _____ () C:\Users\Jeremy\Desktop\Norway flight options.xlsx
2014-08-28 21:39 - 2014-08-28 21:29 - 00078880 _____ () C:\Users\Jeremy\Desktop\Norway trip.xlsx
2014-08-27 10:14 - 2014-08-27 10:14 - 00000000 ____D () C:\Users\Jeremy\AppData\Roaming\PeerNetworking
2014-08-25 16:33 - 2014-08-25 16:33 - 00122787 _____ () C:\Users\Jeremy\Cherry LB AC3..jpeg
2014-08-25 16:32 - 2014-08-25 16:32 - 00060520 _____ () C:\Users\Jeremy\Cheey LB AC2..jpeg
2014-08-14 20:15 - 2014-08-14 19:43 - 00032476 _____ () C:\Users\Jeremy\Desktop\August 8 2014 P-8.xlsx
2014-08-14 19:58 - 2014-08-14 19:51 - 00032324 _____ () C:\Users\Jeremy\Desktop\August 8 2014 Quality.xlsx
2014-08-14 19:12 - 2014-06-02 09:25 - 00009510 _____ () C:\Users\Jeremy\Desktop\Platinium.xlsx
2014-08-11 20:21 - 2014-08-11 20:20 - 00007597 _____ () C:\Users\Jeremy\AppData\Local\resmon.resmoncfg
2014-08-11 18:18 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-11 17:59 - 2014-03-30 19:53 - 00000000 ____D () C:\Program Files\NeoSmart Technologies
2014-08-11 17:56 - 2014-08-11 17:52 - 00000000 ____D () C:\AdwCleaner
2014-08-11 17:28 - 2014-06-04 17:40 - 00000000 ____D () C:\Windows\pss
2014-08-10 10:02 - 2014-08-10 10:02 - 00002503 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-10 10:02 - 2014-08-10 10:02 - 00000000 ___RD () C:\Program Files\Skype
2014-08-10 10:02 - 2014-08-10 10:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-10 10:02 - 2014-08-10 10:02 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-08-10 10:02 - 2014-04-04 21:53 - 00000000 ____D () C:\ProgramData\Skype
2014-08-09 11:02 - 2014-08-09 10:59 - 00000082 _____ () C:\Users\Jeremy\Desktop\flowers.txt
2014-08-03 11:25 - 2014-08-03 11:22 - 00000000 ____D () C:\Users\Jeremy\Car Insurance 2014_2015
2014-08-03 10:28 - 2014-08-03 09:38 - 00000000 ___RD () C:\Users\Jeremy\Google Drive
2014-08-03 09:43 - 2014-05-12 16:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-03 09:37 - 2014-03-08 11:12 - 00000000 ____D () C:\Program Files\Google
2014-08-03 09:37 - 2014-03-08 11:10 - 00000000 ____D () C:\Users\Jeremy\AppData\Local\Google
2014-08-03 09:36 - 2014-08-03 09:36 - 00895120 _____ (Google Inc.) C:\Users\Jeremy\Downloads\googledrivesync.exe
2014-08-03 07:39 - 2014-06-04 17:22 - 00000432 _____ () C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Jeremy).job

Files to move or delete:
====================
C:\Users\Jeremy\cc_20140602_171551.reg

Some content of TEMP:
====================
C:\Users\Jeremy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpn8ixam.dll
C:\Users\Jeremy\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-03 10:28

==================== End Of Log ============================

 

 

ADDITION.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-08-2014 02
Ran by Jeremy at 2014-09-01 20:43:57
Running from C:\Users\Jeremy\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.30740 - BitTorrent Inc.)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
CameraHelperMsi (Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Citrix Authentication Manager (Version: 4.0.0.53726 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HDX Flash Redirection) (Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 13.4.0.25 - Citrix Systems, Inc.)
Citrix Receiver Inside (Version: 3.4.0.29585 - Citrix Systems, Inc.) Hidden
Citrix Receiver Updater (Version: 3.4.0.29577 - Citrix Systems, Inc.) Hidden
Citrix Receiver(Aero) (Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Citrix Receiver(DV) (Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Citrix Receiver(USB) (Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Drive Manager (HKLM\...\InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}) (Version: 1.00.0012 - Seagate Technology)
Drive Manager (Version: 1.00.0012 - Seagate Technology) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Intel® 537EP V9x DF PCI Modem (HKLM\...\Intel® 537EP V9x DF PCI Modem) (Version:  - )
LWS Facebook (Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (Version: 13.51.828.0 - Logitech) Hidden
LWS Motion Detection (Version: 13.51.815.0 - Logitech) Hidden
LWS Pictures And Video (Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (Version: 13.31.1038.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Professional 2007 (HKLM\...\PROR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-GB) (HKLM\...\Mozilla Firefox 31.0 (x86 en-GB)) (Version: 31.0 - Mozilla)
Online Plug-in (Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
PrimoPDF -- brought to you by Nitro PDF Software (HKLM\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Self-service Plug-in (Version: 3.4.0.33684 - Citrix Systems, Inc.) Hidden
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-483800741-281416662-422344708-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jeremy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-483800741-281416662-422344708-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-483800741-281416662-422344708-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-483800741-281416662-422344708-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-483800741-281416662-422344708-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-483800741-281416662-422344708-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-483800741-281416662-422344708-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-483800741-281416662-422344708-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-483800741-281416662-422344708-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

28-03-2014 18:04:05 Working system after shrink
28-03-2014 22:38:17 Latest after Video Driver Update
30-03-2014 17:20:13 Windows Update
01-04-2014 15:27:30 Windows Backup
01-04-2014 16:31:53 Installed Drive Manager
01-04-2014 17:13:21 avast! antivirus system restore point
01-04-2014 17:22:20 Windows Backup
04-04-2014 20:26:22 Pre Explorer 7 Install
04-04-2014 20:30:31 Windows Update
06-04-2014 18:22:47 Windows Update
07-04-2014 16:20:25 Windows Update
09-04-2014 14:58:05 Before updating HDMI Driver
09-04-2014 15:45:55 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
13-04-2014 18:02:32 Windows Backup
21-04-2014 09:16:09 Windows Update
09-05-2014 18:15:33 avast! antivirus system restore point
04-06-2014 16:29:10 Removed SlimCleaner Plus
14-06-2014 15:54:35 Removed Skype™ 6.14
14-06-2014 15:56:16 Removed System Requirements Lab for Intel
06-07-2014 10:05:43 Removed Microsoft Silverlight
15-07-2014 10:05:20 avast! antivirus system restore point
19-07-2014 08:38:51 Removed Microsoft Silverlight
20-07-2014 15:50:43 Before Vidoe Card Install
20-07-2014 16:02:56 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
21-07-2014 17:45:25 Revo Uninstaller's restore point - Opera Stable 22.0.1471.70
03-08-2014 09:42:35 Removed Google Drive
11-08-2014 16:59:44 Removed Acronis Disk Director Suite
31-08-2014 11:06:07 Installed HiJackThis

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0EDB15EE-F5CF-4623-8F0F-8024EA1ADBB4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {15EEF6B4-CACF-400D-9563-24BFD16193DE} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Jeremy) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: {245F409F-D698-453F-A10A-C743515EFB34} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-15] (AVAST Software)
Task: {D55A12D7-65B8-4296-A8BC-31E302FDF980} - System32\Tasks\Opera scheduled Autoupdate 1405757809 => C:\Program Files\Opera\launcher.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Jeremy).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe

==================== Loaded Modules (whitelisted) =============

2014-07-15 11:07 - 2014-07-15 11:07 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-31 18:05 - 2014-08-31 18:05 - 02805248 _____ () C:\Program Files\AVAST Software\Avast\defs\14083101\algo.dll
2014-09-01 20:17 - 2014-09-01 20:17 - 02806272 _____ () C:\Program Files\AVAST Software\Avast\defs\14090102\algo.dll
2014-06-06 15:24 - 2011-02-28 23:37 - 00180624 _____ () C:\Windows\System32\Primomonnt.dll
2014-07-15 11:07 - 2014-07-15 11:07 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 02144104 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 07955304 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00341352 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00028008 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00127336 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Jeremy\Downloads\launch (4).ica:icasource

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/01/2014 08:16:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/31/2014 06:06:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/31/2014 04:29:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/31/2014 01:30:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/31/2014 10:45:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/30/2014 04:47:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/30/2014 10:24:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/29/2014 09:39:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/29/2014 05:31:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/29/2014 03:25:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (09/01/2014 08:15:07 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (09/01/2014 08:14:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Acronis OS Selector Reinstall Service service failed to start due to the following error:
%%2

Error: (09/01/2014 08:14:17 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (08/31/2014 06:37:31 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 51. The internal error state is 900.

Error: (08/31/2014 06:37:31 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 51. The internal error state is 900.

Error: (08/31/2014 06:37:31 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 51. The internal error state is 900.

Error: (08/31/2014 06:37:31 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 51. The internal error state is 900.

Error: (08/31/2014 06:37:30 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 51. The internal error state is 900.

Error: (08/31/2014 06:37:30 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 51. The internal error state is 900.

Error: (08/31/2014 06:04:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Acronis OS Selector Reinstall Service service failed to start due to the following error:
%%2

Microsoft Office Sessions:
=========================
Error: (08/12/2014 09:05:07 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3468 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/13/2014 08:58:24 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1487 seconds with 300 seconds of active time.  This session ended with a crash.

==================== Memory info ===========================

Processor: Intel® Pentium® 4 CPU 2.80GHz
Percentage of memory in use: 32%
Total physical RAM: 3070.15 MB
Available physical RAM: 2069.11 MB
Total Pagefile: 3066.38 MB
Available Pagefile: 2087.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 1910.64 MB

==================== Drives ================================

Drive c: (Windows 7) (Fixed) (Total:157.11 GB) (Free:48.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Backup) (Fixed) (Total:29.19 GB) (Free:29.07 GB) NTFS
Drive g: (Win 7 Backup) (Fixed) (Total:74.5 GB) (Free:74.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 186.3 GB) (Disk ID: F1F3F1F3)
Partition 1: (Not Active) - (Size=29.2 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=157.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: D0F4738C)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users