Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dllhost.exe*32 is making my computer unusable- please help!


  • This topic is locked This topic is locked
19 replies to this topic

#1 cmwalker16

cmwalker16

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 29 October 2014 - 07:54 PM

This started showing up in my tasks a couple days ago, and as other posts have said, it duplicates in the task menu until all system resources are used up.

 

I tried following the guide to download DDS and post my logs, but when I try to download it, I get a security alert saying that my current security settings will not allow the file to be downloaded.  I've never had an issue downloading things before, so not sure if that may be related to this dllhost issue or not, but in any case, I can't get DDS to download...

 

I'm running Windows 7.

 

Any help in getting DDS to download and/or getting this dllhost thing under control would be much appreciated!

 

 

I've also tried starting in safe mode, and it's better, but the dllhost.exe*32 still shows up there and eventually bogs things down.

 

I've run Avast virus scan, MalWare Bytes, and Spybot S&D, and none of them found or got rid of the problem.

 

Thanks!



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:04 PM

Posted 31 October 2014 - 12:47 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 cmwalker16

cmwalker16
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 02 November 2014 - 02:53 PM

I tried to download Farbar, but I'm getting the same "security alert" message that I got when I tried to download DDS the other day.  It is telling me that my security settings will not allow the download.

 

I've never had any download issues before, so again, I don't know what security settings would be causing a problem...



#4 cmwalker16

cmwalker16
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 02 November 2014 - 02:55 PM

I'm going to try to download Farbar on my wife's laptop and transfer it via flash drive...will post back shortly if I'm able to get it that way.



#5 cmwalker16

cmwalker16
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 02 November 2014 - 03:17 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by Chris (administrator) on CHRIS-PC on 02-11-2014 15:13:46
Running from C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FTCK124T
Loaded Profile: Chris (Available profiles: Chris)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1298219009\ee\aolsoftware.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1813288 2009-08-16] (Synaptics Incorporated)
HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-07-13] ()
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6937216 2009-10-09] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe [237693 2008-12-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1298219009\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [298376 2012-09-28] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4085896 2014-10-24] (AVAST Software)
HKU\S-1-5-21-4133182616-3398888968-2444091820-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\S-1-5-21-4133182616-3398888968-2444091820-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1937600 2014-08-13] (Valve Corporation)
HKU\S-1-5-21-4133182616-3398888968-2444091820-1000\...\Run: [Google Update] => C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-07-03] (Google Inc.)
HKU\S-1-5-21-4133182616-3398888968-2444091820-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Online plug-in.lnk
ShortcutTarget: Online plug-in.lnk -> C:\Windows\Installer\{913778D3-E1D8-4B55-9246-3308C54D3162}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe ()
Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\McAfee PC Security.lnk
ShortcutTarget: McAfee PC Security.lnk -> C:\ProgramData\McAfeeSecurePC\mcafeesecurepc.dll (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll ()
ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4133182616-3398888968-2444091820-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKCU - DefaultScope {CD067257-AAE6-4C6F-9CFC-359398C4581D} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {CD067257-AAE6-4C6F-9CFC-359398C4581D} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://attwm.webex.com/client/T27L10NSP25EP3-attwm/webex/ieatgpc1.cab
DPF: HKLM-x32 {EAC4DA12-B6EA-4A51-B455-1B506043C718} http://www.docedge.com/dtviewer.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.252.0.12

FireFox:
========
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\alxvsv8x.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: google.com/WidevineMediaOptimizer -> C:\Users\Chris\AppData\Roaming\IDM\bin\npwidevinemediaoptimizer.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-05-29]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-10-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ADSMService; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.) [File not signed]
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-10-07] (AVAST Software)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2009-12-23] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2009-12-23] (Creative Labs) [File not signed]
R2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1019328 2012-08-21] (Enigma Software Group USA, LLC.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-07] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-10-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-10-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-07] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-10-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-10-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-10-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-10-07] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-04-09] (DT Soft Ltd)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2011-11-12] (LeapFrog)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-05-20] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows ® Server 2003 DDK provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S0 SMR322; System32\drivers\SMR322.SYS [X]
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 15:13 - 2014-11-02 15:13 - 00000000 ____D () C:\FRST
2014-10-29 19:36 - 2014-11-02 14:46 - 00003170 _____ () C:\Windows\System32\Tasks\P4GIntlCtrl
2014-10-28 23:22 - 2013-06-10 21:58 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.20141029-002209.backup
2014-10-28 19:14 - 2014-10-28 19:14 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-28 19:13 - 2014-10-28 19:13 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-28 19:13 - 2014-10-28 19:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-28 19:13 - 2014-10-28 19:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-28 19:13 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-28 19:13 - 2014-10-01 10:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-24 19:24 - 2014-10-24 19:24 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\AVAST Software
2014-10-16 21:57 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 21:57 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 21:57 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 21:57 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 21:57 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 21:57 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 21:57 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 21:57 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 21:57 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 21:57 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 21:57 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 21:57 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 21:57 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 21:57 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 21:57 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 21:57 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 21:57 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 21:57 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 21:57 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 21:57 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 21:57 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 21:57 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 21:57 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 21:57 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 21:57 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 21:57 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 21:57 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 21:57 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 21:57 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 21:57 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 21:57 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 21:57 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 21:57 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 21:57 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 21:57 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 21:57 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 21:57 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 21:57 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 21:57 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 21:57 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 21:57 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 21:57 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 21:56 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 21:56 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 21:56 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 21:56 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 21:56 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 21:56 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 21:56 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 21:56 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 21:56 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 21:56 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 21:56 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 21:56 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 21:56 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 21:56 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 21:56 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 21:56 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 21:56 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 21:56 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 21:56 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 21:56 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 21:56 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 21:56 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 21:56 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 21:56 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 21:56 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 21:56 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 21:55 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 21:55 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 21:55 - 2014-07-16 21:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 21:55 - 2014-07-16 21:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 21:55 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 21:55 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 21:55 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 21:55 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 21:55 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 21:55 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 21:55 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 21:55 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 21:55 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-16 21:55 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-16 21:55 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 21:55 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 21:55 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 21:55 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 21:54 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 21:54 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-07 00:23 - 2014-10-07 00:23 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-10-07 00:23 - 2014-10-07 00:23 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-10-07 00:23 - 2014-10-07 00:23 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-10-07 00:17 - 2014-10-07 00:17 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-10-06 05:50 - 2014-10-07 00:23 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-10-06 05:50 - 2014-10-07 00:23 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 15:12 - 2010-05-08 23:15 - 00000000 ____D () C:\Users\Chris
2014-11-02 15:07 - 2009-07-14 00:13 - 00786578 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-02 14:54 - 2009-07-13 23:45 - 00019056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-02 14:54 - 2009-07-13 23:45 - 00019056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-02 14:52 - 2009-12-23 14:54 - 02088734 _____ () C:\Windows\WindowsUpdate.log
2014-11-02 14:46 - 2013-03-31 13:33 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-02 14:44 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-02 14:44 - 2009-07-13 23:51 - 00062785 _____ () C:\Windows\setupact.log
2014-10-29 19:37 - 2012-11-09 01:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-28 22:33 - 2009-12-23 15:12 - 00421768 _____ () C:\Windows\PFRO.log
2014-10-28 22:20 - 2013-06-10 22:00 - 00000000 ____D () C:\Users\Chris\AppData\Local\CrashDumps
2014-10-28 22:12 - 2013-07-03 20:58 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4133182616-3398888968-2444091820-1000UA.job
2014-10-28 22:12 - 2011-08-25 10:56 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-10-28 19:13 - 2013-06-09 23:50 - 00000000 ____D () C:\Malwarebytes' Anti-Malware
2014-10-28 19:13 - 2011-12-11 15:16 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Malwarebytes
2014-10-28 19:13 - 2011-12-11 15:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-27 20:17 - 2013-06-10 21:52 - 00000000 ____D () C:\Qoobox
2014-10-27 19:19 - 2013-07-03 20:58 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4133182616-3398888968-2444091820-1000Core.job
2014-10-26 13:59 - 2014-09-08 19:50 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-10-26 08:28 - 2013-07-03 20:58 - 00003882 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4133182616-3398888968-2444091820-1000UA
2014-10-26 08:28 - 2013-07-03 20:58 - 00003486 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4133182616-3398888968-2444091820-1000Core
2014-10-24 19:34 - 2010-09-27 18:00 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-10-24 19:21 - 2009-12-23 15:17 - 00001860 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-10-24 19:21 - 2009-07-13 23:45 - 04975784 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-24 19:17 - 2014-05-07 09:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-21 22:15 - 2009-12-23 14:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-19 13:06 - 2013-08-16 19:26 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 21:51 - 2010-05-22 20:21 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-07 00:24 - 2010-09-27 18:00 - 00001979 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-10-07 00:23 - 2014-09-11 22:18 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-10-07 00:23 - 2011-05-29 07:08 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-10-07 00:23 - 2011-05-29 07:08 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-10-07 00:23 - 2010-09-27 18:00 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-10-06 05:50 - 2010-09-27 18:00 - 00000000 _____ () C:\Windows\SysWOW64\config.nt

Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\Users\Chris\-636404408.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-01 16:56

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014
Ran by Chris at 2014-11-02 15:14:58
Running from C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FTCK124T
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version:  - AOL Inc.)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.7 - ASUS)
ASUS Data Security Manager (HKLM-x32\...\{FA2092C5-7979-412D-A962-6485274AE1EE}) (Version: 1.00.0013 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.22 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0007 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.17 - asus)
ASUS_ScreenSaver_GSeries (HKLM-x32\...\ASUS_ScreenSaver_GSeries) (Version:  - )
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.7 - Atheros Communications Inc.)
ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0054 - ASUS)
ATK Media (HKLM-x32\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0006 - ASUS)
ATKOSD2 (HKLM-x32\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0007 - ASUS)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.1.2 - EA Digital Illusions CE AB)
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.2.1 - )
BlackBerry Desktop Software 6.0 (HKLM-x32\...\BlackBerry_Desktop) (Version: 6.0.0.43 - Research In Motion Ltd.)
BlackBerry Desktop Software 6.0 (x32 Version: 6.0.0.43 - Research In Motion Ltd.) Hidden
Canon MF4200 Series (HKLM\...\{0ABC556A-5A27-4708-9021-B72FB0F8B1F6}) (Version:  - )
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Citrix online plug-in (HKLM-x32\...\CitrixOnlinePluginFull) (Version: 12.3.0.8 - Citrix Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.4 - ASUS)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - Creative Technology Limited)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Express Gate (HKLM-x32\...\{B5A5627C-0173-4DB2-ADA8-740479370F67}) (Version: 1.2.13.34 - DeviceVM, Inc.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.4 - ASUS)
GSAK 7.7.3.53 (Final) (HKLM-x32\...\GSAK_is1) (Version:  - CWE computer services)
HP Officejet 7110 series Basic Device Software (HKLM\...\{F52CCB46-A0AE-4DAE-9197-3645879B0BEF}) (Version: 29.1.971.39251 - Hewlett-Packard Co.)
HP Officejet 7110 series Help (HKLM-x32\...\{53036DC6-EB27-47D3-A286-B74CF21E8480}) (Version: 29.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Keynote Connector (HKLM-x32\...\KeynoteConnector) (Version:  - )
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 4.2.9.15649 - LeapFrog)
LeapFrog Connect (x32 Version: 4.2.9.15649 - LeapFrog) Hidden
LeapFrog Tag Junior Plugin (x32 Version: 4.2.9.15649 - LeapFrog) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Live Add-in 1.3 (HKLM-x32\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visio Premium 2010 (HKLM-x32\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.9 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{B83FC356-B7C0-441F-8A4D-D71E088E7974}) (Version: 9.09.0428 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 8.3.7.3619 - Electronic Arts, Inc.)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PoxNora (HKLM-x32\...\Steam App 201210) (Version:  - Sony Online Entertainment)
Product Improvement Study for HP Officejet 7110 series (HKLM\...\{FC8B0C45-FC9E-439B-8B68-0D5E65BE36EC}) (Version: 29.1.971.39251 - Hewlett-Packard Co.)
Puzzle Pirates (HKLM-x32\...\Steam App 99910) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5983 - Realtek Semiconductor Corp.)
RICOH R5U230 Media Driver ver.2.05.02.02 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.05.02.02 - RICOH)
ROSE Online (HKLM-x32\...\Steam App 215120) (Version:  - )
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.2 - Roxio)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version:  - Microsoft)
SolForge (HKLM-x32\...\Steam App 232450) (Version:  - Stone Blade Entertainment)
Sound Blaster Audigy HD (HKLM-x32\...\{38F8D823-008D-4E5A-BBCE-867A86C2BF2B}) (Version: 1.0 - Creative Technology Limited)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
SpeedyPC Pro (HKLM-x32\...\{604CD5A1-4520-4844-B064-A3D884B77E91}) (Version: 3.1.5.0 - SpeedyPC Software) <==== ATTENTION
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SpyHunter (HKLM\...\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}) (Version: 4.10.5.4085 - Enigma Software Group USA, LLC)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.1.1 - Synaptics Incorporated)
USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version:  - )
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin) (HKLM-x32\...\TagJuniorPlugin) (Version:  - LeapFrog)
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version:  - )
WebEx (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Widevine Media Optimizer IE 6.0.0 (HKCU\...\optimizer_ie) (Version: 6.0.0.12757 - Widevine Technologies)
Windows Driver Package - LeapFrog (FlyUsb) USB  (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.29.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.14 - ASUS)
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: 4.3.0.15050 - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4133182616-3398888968-2444091820-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4133182616-3398888968-2444091820-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4133182616-3398888968-2444091820-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4133182616-3398888968-2444091820-1000_Classes\CLSID\{5b55a44a-d008-49aa-9234-86fb7709bc0a}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4133182616-3398888968-2444091820-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4133182616-3398888968-2444091820-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-4133182616-3398888968-2444091820-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4133182616-3398888968-2444091820-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

29-08-2014 23:22:52 Windows Modules Installer
13-09-2014 04:14:10 Windows Modules Installer
13-09-2014 04:15:09 Windows Modules Installer
27-09-2014 02:23:17 Windows Modules Installer
03-10-2014 00:49:32 Windows Modules Installer
07-10-2014 05:17:31 avast! antivirus system restore point
22-10-2014 03:08:00 Windows Modules Installer
22-10-2014 03:08:52 Windows Modules Installer

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-10-28 23:22 - 00418700 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1041D5D1-7554-4829-864D-838D35BF29C0} - System32\Tasks\HPCustParticipation HP Officejet 7110 series => C:\Program Files\HP\HP Officejet 7110 series\Bin\HPCustPartic.exe [2012-10-21] (Hewlett-Packard Co.)
Task: {13D54DDD-A03B-4474-A095-101CFABDC141} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-10-07] (AVAST Software)
Task: {158E85F4-14B1-4755-9B0F-539F11FBCD07} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: {1B0FBE01-BFF1-4DBA-A20E-A6B841E2DB90} - System32\Tasks\P4G Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {1D4E4136-55F0-45AF-832C-9D2DC3E6DA1B} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {2D5B2270-659B-4457-A27F-24B7CF70DB39} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {3B418C31-A201-480D-BEF5-147D3ABBF828} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2009-08-28] (ATK)
Task: {50DF89F0-0346-4F95-91C9-AA3B50E1A656} - System32\Tasks\AdobeAAMUpdater-1.0-Chris-PC-Chris => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15] (Adobe Systems Incorporated)
Task: {57EF6E75-8E7C-4784-8DD6-FD64CED69A1F} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-09-24] ()
Task: {7A754CE5-AA10-4E7A-A6BA-297A4D6925BA} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2009-11-12] ()
Task: {8E19B0BA-FCE5-4283-A0EF-A94A7E9450A6} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-05-18] (ASUS)
Task: {DA26ECBA-2C52-4D15-8F90-3880A497EDD4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4133182616-3398888968-2444091820-1000UA => C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-03] (Google Inc.)
Task: {EF98EA4F-B2F1-4AD3-A4E3-E156348B4656} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4133182616-3398888968-2444091820-1000Core => C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-03] (Google Inc.)
Task: {F2D9974F-4009-433C-B732-FAF3EA1CA7EF} - System32\Tasks\P4GIntlCtrl => C:\Program Files\P4G\IntlCtrl.exe [2009-08-11] (TODO: <Company name>)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4133182616-3398888968-2444091820-1000Core.job => C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4133182616-3398888968-2444091820-1000UA.job => C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SpeedyPC Pro.job => C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe
Task: C:\Windows\Tasks\SpeedyPC Registration3.job => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\UUS3.dll
Task: C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe
Task: C:\Windows\Tasks\SpeedyPC Update Version3.job => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe

==================== Loaded Modules (whitelisted) =============

2009-12-23 15:16 - 2007-08-08 03:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2007-06-15 13:28 - 2007-06-15 13:28 - 00104960 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll
2007-06-01 19:52 - 2007-06-01 19:52 - 00159744 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2009-08-28 18:00 - 2009-08-28 18:00 - 00041984 _____ () C:\Program Files\P4G\DevMng.dll
2009-08-19 14:57 - 2009-08-19 14:57 - 00029184 _____ () C:\Program Files\P4G\OvrClk.dll
2009-12-23 15:16 - 2007-03-09 21:58 - 00124416 _____ () C:\Program Files\ATKGFNEX\AGFNEX64.dll
2009-12-23 15:17 - 2007-11-30 14:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2008-10-01 02:02 - 2008-10-01 02:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2009-09-24 16:50 - 2009-09-24 16:50 - 00053888 _____ () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
2009-11-12 13:10 - 2009-11-12 13:10 - 01597440 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2012-01-18 00:30 - 2012-01-18 00:30 - 00006144 _____ () C:\Users\Chris\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.5.gadget\CoreTempReader.dll
2012-01-18 00:30 - 2012-01-18 00:30 - 00008704 _____ () C:\Users\Chris\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.5.gadget\GetCoreTempInfoNET.dll
2012-01-18 00:30 - 2012-01-18 00:30 - 00007680 _____ () C:\Users\Chris\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.5.gadget\SystemInfo.dll
2009-07-13 01:35 - 2009-07-13 01:35 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2009-07-13 01:36 - 2009-07-13 01:36 - 01141232 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
2014-10-07 00:22 - 2014-10-07 00:22 - 00301152 _____ () C:\Program Files\Alwil Software\Avast5\aswProperty.dll
2014-10-29 19:37 - 2014-10-29 19:37 - 02897920 _____ () C:\Program Files\Alwil Software\Avast5\defs\14102902\algo.dll
2014-11-02 14:49 - 2014-11-02 14:49 - 02898944 _____ () C:\Program Files\Alwil Software\Avast5\defs\14110201\algo.dll
2009-12-23 15:14 - 2009-02-06 21:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2009-12-23 15:14 - 2009-03-26 17:46 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2014-10-07 00:22 - 2014-10-07 00:22 - 19329904 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2009-07-13 01:35 - 2009-07-13 01:35 - 00588272 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\BBEngineAS.dll
2009-04-25 12:03 - 2009-04-25 12:03 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2014-06-13 15:32 - 2014-08-04 14:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-55.dll
2014-04-23 13:21 - 2014-08-04 14:15 - 00441856 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll
2014-01-12 18:19 - 2014-08-04 14:15 - 00332288 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2013-03-25 13:23 - 2014-08-04 14:15 - 00769024 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-07-03 00:27 - 2014-08-13 17:31 - 02144448 _____ () C:\Program Files (x86)\Steam\video.dll
2014-06-13 15:32 - 2014-08-04 14:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-55.dll
2014-06-13 15:32 - 2014-07-30 22:47 - 00519168 _____ () C:\Program Files (x86)\Steam\libswscale-2.dll
2013-03-25 20:54 - 2014-08-13 17:30 - 00677056 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-03-26 15:16 - 2014-08-13 01:27 - 34587328 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Chris\Desktop\launch.ica.5t5i2qg.partial:icasource
AlternateDataStreams: C:\Users\Chris\Downloads\launch.ica.qmg4kil.partial:icasource

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR322 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR322.SYS => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: ADSMTray => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

========================= Accounts: ==========================

Administrator (S-1-5-21-4133182616-3398888968-2444091820-500 - Administrator - Disabled)
Chris (S-1-5-21-4133182616-3398888968-2444091820-1000 - Administrator - Enabled) => C:\Users\Chris
Guest (S-1-5-21-4133182616-3398888968-2444091820-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4133182616-3398888968-2444091820-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR
Problem: : Windows cannot use this hardware device because it has been prepared for safe removal, but it has not been removed from the computer. (Code 47)
Resolution: Unplug the device, and then plug it in again. Alternately, restart the computer to make the device available.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/29/2014 00:07:42 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1216.

Error: (10/29/2014 00:07:41 AM) (Source: ESENT) (EventID: 454) (User: )
Description: Catalog Database (1204) Catalog Database: Database recovery/restore failed with unexpected error -1216.

Error: (10/29/2014 00:07:41 AM) (Source: ESENT) (EventID: 494) (User: )
Description: Catalog Database (1204) Catalog Database: Database recovery failed with error -1216 because it encountered references to a database, 'C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.

Error: (10/28/2014 10:20:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x0039f634
Faulting process id: 0x1ab8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (10/28/2014 10:12:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x002201e2
Faulting process id: 0x1724
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3

Error: (10/28/2014 07:57:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x001b01e2
Faulting process id: 0xc68
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3

Error: (10/28/2014 07:52:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x001401e2
Faulting process id: 0xca0
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3

Error: (10/28/2014 07:46:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x001201e2
Faulting process id: 0xea4
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3

Error: (10/28/2014 07:41:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x001201e2
Faulting process id: 0x16cc
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3

Error: (10/28/2014 07:36:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x002501e2
Faulting process id: 0x17e4
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3

System errors:
=============
Error: (11/02/2014 03:05:18 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (11/02/2014 02:47:39 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/02/2014 02:45:51 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SMR322

Error: (11/02/2014 02:44:21 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:54:48 PM on ‎10/‎29/‎2014 was unexpected.

Error: (10/29/2014 07:41:37 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (10/29/2014 07:37:35 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/29/2014 07:35:35 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SMR322

Error: (10/29/2014 07:34:10 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:14:53 AM on ‎10/‎29/‎2014 was unexpected.

Error: (10/29/2014 00:09:11 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/29/2014 00:07:34 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SMR322

Microsoft Office Sessions:
=========================
Error: (10/29/2014 00:07:42 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -1216

Error: (10/29/2014 00:07:41 AM) (Source: ESENT) (EventID: 454) (User: )
Description: Catalog Database1204Catalog Database: -1216

Error: (10/29/2014 00:07:41 AM) (Source: ESENT) (EventID: 494) (User: )
Description: Catalog Database1204Catalog Database: -1216C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb

Error: (10/28/2014 10:20:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd0039f6341ab801cff32646f451f2C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll892af872-5f1a-11e4-9e64-00038a000015

Error: (10/28/2014 10:12:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dllhost.exe6.1.7600.163854a5bc6b7unknown0.0.0.000000000c0000005002201e2172401cff32616e08f20C:\Windows\syswow64\dllhost.exeunknown5b9bce70-5f19-11e4-9e64-00038a000015

Error: (10/28/2014 07:57:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dllhost.exe6.1.7600.163854a5bc6b7unknown0.0.0.000000000c0000005001b01e2c6801cff3134eb06e85C:\Windows\syswow64\dllhost.exeunknown8d783d26-5f06-11e4-9e64-00038a000015

Error: (10/28/2014 07:52:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dllhost.exe6.1.7600.163854a5bc6b7unknown0.0.0.000000000c0000005001401e2ca001cff312910a4c30C:\Windows\syswow64\dllhost.exeunknowncfe06313-5f05-11e4-9e64-00038a000015

Error: (10/28/2014 07:46:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dllhost.exe6.1.7600.163854a5bc6b7unknown0.0.0.000000000c0000005001201e2ea401cff311d153b85fC:\Windows\syswow64\dllhost.exeunknown113deee1-5f05-11e4-9e64-00038a000015

Error: (10/28/2014 07:41:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dllhost.exe6.1.7600.163854a5bc6b7unknown0.0.0.000000000c0000005001201e216cc01cff3111b061523C:\Windows\syswow64\dllhost.exeunknown59678898-5f04-11e4-9e64-00038a000015

Error: (10/28/2014 07:36:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dllhost.exe6.1.7600.163854a5bc6b7unknown0.0.0.000000000c0000005002501e217e401cff3105c71e933C:\Windows\syswow64\dllhost.exeunknown9be2b987-5f03-11e4-9e64-00038a000015

CodeIntegrity Errors:
===================================
  Date: 2013-06-10 22:57:47.056
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-10 22:57:46.994
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-08-29 01:03:53.310
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\2f8ce9ea.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-08-29 01:03:53.218
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\2f8ce9ea.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 43%
Total physical RAM: 3957.19 MB
Available physical RAM: 2216.98 MB
Total Pagefile: 7912.56 MB
Available Pagefile: 5876.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:446.23 GB) (Free:311.2 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: () (CDROM) (Total:0.08 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 76692CA8)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=446.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:04 PM

Posted 02 November 2014 - 03:26 PM

Hi,

warning.gif Malware Warning

All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER.

Step 1

Please download combofix.pngCombofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 cmwalker16

cmwalker16
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 02 November 2014 - 05:20 PM

Combo Fix Log:

 

ComboFix 14-10-29.01 - Chris 11/02/2014  16:28:45.3.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3957.2188 [GMT -5:00]
Running from: c:\users\Chris\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-10-02 to 2014-11-02  )))))))))))))))))))))))))))))))
.
.
2014-11-02 21:39 . 2014-11-02 21:39 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-11-02 21:39 . 2014-11-02 21:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-02 20:13 . 2014-11-02 20:16 -------- d-----w- C:\FRST
2014-10-29 00:14 . 2014-10-29 00:14 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-29 00:13 . 2014-10-01 15:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-29 00:13 . 2014-10-01 15:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-29 00:13 . 2014-10-29 00:13 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-10-25 00:24 . 2014-10-25 00:24 -------- d-----w- c:\users\Chris\AppData\Roaming\AVAST Software
2014-10-17 02:56 . 2014-09-19 01:25 4201472 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-10-17 02:55 . 2014-09-04 05:23 424448 ----a-w- c:\windows\system32\rastls.dll
2014-10-17 02:54 . 2014-09-13 01:58 77312 ----a-w- c:\windows\system32\packager.dll
2014-10-17 02:54 . 2014-09-13 01:40 67072 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-07 05:23 . 2014-10-07 05:23 92008 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-10-07 05:23 . 2014-10-07 05:23 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-10-07 05:23 . 2014-10-07 05:23 43152 ----a-w- c:\windows\avastSS.scr
2014-10-07 05:17 . 2014-10-07 05:17 -------- d-----w- c:\programdata\AVAST Software
2014-10-06 10:50 . 2014-10-07 05:23 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-10-06 10:50 . 2014-10-07 05:23 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-29 03:12 . 2011-08-25 15:56 45056 ----a-w- c:\windows\system32\acovcnt.exe
2014-10-25 00:34 . 2010-09-27 23:00 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-10-17 02:51 . 2010-05-23 01:21 103265616 ----a-w- c:\windows\system32\MRT.exe
2014-10-07 05:23 . 2014-09-12 03:18 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-10-07 05:23 . 2011-05-29 12:08 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-10-07 05:23 . 2011-05-29 12:08 1041168 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-10-07 05:23 . 2010-09-27 23:00 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-10-01 15:11 . 2011-12-11 20:15 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-26 00:56 . 2012-11-08 06:23 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-26 00:56 . 2011-10-22 13:43 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-25 02:08 . 2014-10-01 03:26 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 03:26 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-24 05:58 . 2014-09-24 05:58 3675824 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-09-09 22:11 . 2014-09-26 03:18 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-26 03:18 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-23 02:07 . 2014-08-29 03:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-29 03:07 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2014-08-13 1937600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-07-13 498160]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-10-09 6937216]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"VolPanel"="c:\program files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" [2008-12-30 237693]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"HostManager"="c:\program files (x86)\Common Files\AOL\1298219009\ee\AOLSoftware.exe" [2010-03-08 41800]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2012-09-28 298376]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-03-28 309184]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2014-10-25 4085896]
.
c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee PC Security.lnk - c:\windows\system32\rundll32.exe "c:\programdata\McAfeeSecurePC\mcafeesecurepc.dll",#2 [2009-7-13 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R0 SMR322;Symantec SMR Utility Service 3.2.2;c:\windows\System32\drivers\SMR322.SYS;c:\windows\SYSNATIVE\drivers\SMR322.SYS [x]
R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys;c:\windows\SYSNATIVE\DRIVERS\FlyUsb.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys;c:\program files\ATKGFNEX\ASMMAP64.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\rixdpe64.sys [x]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-08 22:37]
.
2014-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4133182616-3398888968-2444091820-1000Core.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-04 01:58]
.
2014-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4133182616-3398888968-2444091820-1000UA.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-04 01:58]
.
2012-10-12 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-10-04 20:42]
.
2012-10-12 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-10-12 c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job
- c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-10-04 20:42]
.
2012-10-12 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-10-04 20:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-10-07 05:23 634872 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 16395880]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: localhost
Trusted Zone: servicelinkfnf.com\portal
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
DPF: {EAC4DA12-B6EA-4A51-B455-1B506043C718} - hxxp://www.docedge.com/dtviewer.cab
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\alxvsv8x.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Online plug-in.lnk - c:\windows\Installer\{913778D3-E1D8-4B55-9246-3308C54D3162}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe /startup
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-ASUS_ScreenSaver_GSeries - c:\windows\system32\ASUS_ScreenSaver_GSeries.scr
AddRemove-{FBBC4667-2521-4E78-B1BD-8706F774549B} - c:\programdata\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\Best Buy Software Installer Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-11-02  16:52:18
ComboFix-quarantined-files.txt  2014-11-02 21:52
ComboFix2.txt  2013-06-11 03:01
.
Pre-Run: 336,956,444,672 bytes free
Post-Run: 337,046,167,552 bytes free
.
- - End Of File - - 532ADEB76B16E9A8C4BCA46B3F056655
 



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:04 PM

Posted 02 November 2014 - 05:22 PM

Step 1


frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 cmwalker16

cmwalker16
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 02 November 2014 - 07:20 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-04-2013 (ATTENTION: FRST version is 570 days old)
Ran by Chris at 02-11-2014 19:18:30
Running from C:\Users\Chris\Downloads
  Service Pack 1 (X64) OS Language: English(US)
Attention: Could not load system hive.
The operation completed successfully.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.

==================== One Month Created Files and Folders ========

2014-11-02 16:52 - 2014-11-02 16:52 - 00020454 ____A C:\ComboFix.txt
2014-11-02 16:26 - 2014-11-02 16:26 - 05591672 ____R (Swearware) C:\Users\Chris\Desktop\ComboFix.exe
2014-11-02 15:58 - 2011-06-26 01:45 - 00256000 ____A C:\Windows\PEV.exe
2014-11-02 15:58 - 2010-11-07 12:20 - 00208896 ____A C:\Windows\MBR.exe
2014-11-02 15:58 - 2009-04-19 23:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2014-11-02 15:58 - 2000-08-30 19:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2014-11-02 15:58 - 2000-08-30 19:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2014-11-02 15:58 - 2000-08-30 19:00 - 00098816 ____A C:\Windows\sed.exe
2014-11-02 15:58 - 2000-08-30 19:00 - 00080412 ____A C:\Windows\grep.exe
2014-11-02 15:58 - 2000-08-30 19:00 - 00068096 ____A C:\Windows\zip.exe
2014-11-02 15:13 - 2014-11-02 19:18 - 00000000 ____D C:\FRST
2014-10-28 23:22 - 2013-06-10 21:58 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts.20141029-002209.backup
2014-10-28 19:13 - 2014-10-28 19:13 - 00001108 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-28 19:13 - 2014-10-28 19:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-24 19:24 - 2014-10-24 19:24 - 00000000 ____D C:\Users\Chris\AppData\Roaming\AVAST Software
2014-10-16 21:57 - 2014-10-06 21:04 - 00331448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 21:57 - 2014-10-06 21:04 - 00331448 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-10-16 21:57 - 2014-09-25 17:46 - 00365056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 21:57 - 2014-09-25 17:46 - 00365056 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-10-16 21:57 - 2014-09-25 17:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 21:57 - 2014-09-25 17:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-10-16 21:57 - 2014-09-25 17:46 - 00069632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 21:57 - 2014-09-25 17:46 - 00069632 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-10-16 21:57 - 2014-09-25 17:43 - 11807232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 21:57 - 2014-09-25 17:43 - 11807232 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-10-16 21:57 - 2014-09-25 17:32 - 02017280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 21:57 - 2014-09-25 17:32 - 02017280 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-10-16 21:57 - 2014-09-18 20:44 - 17484800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 21:57 - 2014-09-18 20:44 - 17484800 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-10-16 21:57 - 2014-09-18 20:14 - 02724864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 21:57 - 2014-09-18 20:14 - 02724864 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-10-16 21:57 - 2014-09-18 20:01 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 21:57 - 2014-09-18 20:01 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-10-16 21:57 - 2014-09-18 20:01 - 00051200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 21:57 - 2014-09-18 20:01 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-10-16 21:57 - 2014-09-18 19:55 - 02187264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 21:57 - 2014-09-18 19:55 - 02187264 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-10-16 21:57 - 2014-09-18 19:54 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 21:57 - 2014-09-18 19:54 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-10-16 21:57 - 2014-09-18 19:53 - 00032768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 21:57 - 2014-09-18 19:53 - 00032768 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-10-16 21:57 - 2014-09-18 19:51 - 00440320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 21:57 - 2014-09-18 19:51 - 00440320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-10-16 21:57 - 2014-09-18 19:49 - 00597504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 21:57 - 2014-09-18 19:49 - 00597504 ____A (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-10-16 21:57 - 2014-09-18 19:36 - 00060416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 21:57 - 2014-09-18 19:36 - 00060416 ____A (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-10-16 21:57 - 2014-09-18 19:20 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 21:57 - 2014-09-18 19:20 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-10-16 21:57 - 2014-09-18 18:53 - 01190400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 21:57 - 2014-09-18 18:53 - 01190400 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-10-16 21:57 - 2014-06-18 17:23 - 01131664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 21:57 - 2014-06-18 17:23 - 01131664 ____A (Microsoft Corporation) C:\Windows\System32\dfshim.dll
2014-10-16 21:57 - 2014-06-18 17:23 - 00156824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 21:57 - 2014-06-18 17:23 - 00156824 ____A (Microsoft Corporation) C:\Windows\System32\mscorier.dll
2014-10-16 21:57 - 2014-06-18 17:23 - 00081560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 21:57 - 2014-06-18 17:23 - 00081560 ____A (Microsoft Corporation) C:\Windows\System32\mscories.dll
2014-10-16 21:56 - 2014-09-18 20:25 - 04201472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 21:56 - 2014-09-18 20:25 - 04201472 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-10-16 21:56 - 2014-09-18 20:02 - 00454656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 21:56 - 2014-09-18 20:02 - 00454656 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-10-16 21:56 - 2014-09-18 19:59 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 21:56 - 2014-09-18 19:59 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-10-16 21:56 - 2014-09-18 19:50 - 00112128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 21:56 - 2014-09-18 19:50 - 00112128 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-10-16 21:56 - 2014-09-18 19:32 - 00164864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 21:56 - 2014-09-18 19:32 - 00164864 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-10-16 21:56 - 2014-09-18 19:18 - 01068032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 21:56 - 2014-09-18 19:18 - 01068032 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-10-16 21:56 - 2014-09-18 18:59 - 01810944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 21:56 - 2014-09-18 18:59 - 01810944 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-10-16 21:56 - 2014-09-18 18:52 - 00678400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 21:56 - 2014-09-18 18:52 - 00678400 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-10-16 21:56 - 2014-09-17 20:32 - 02363904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 21:56 - 2014-09-17 20:32 - 02363904 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2014-10-16 21:55 - 2014-09-04 00:04 - 00372736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 21:55 - 2014-09-04 00:04 - 00372736 ____A (Microsoft Corporation) C:\Windows\System32\rastls.dll
2014-10-16 21:55 - 2014-07-16 20:40 - 00157696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 21:55 - 2014-07-16 20:40 - 00157696 ____A (Microsoft Corporation) C:\Windows\System32\winsta.dll
2014-10-16 21:55 - 2014-07-16 20:39 - 03221504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 21:55 - 2014-07-16 20:39 - 03221504 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2014-10-16 21:55 - 2014-07-16 20:39 - 01051136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-16 21:55 - 2014-07-16 20:39 - 01051136 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2014-10-16 21:55 - 2014-07-16 20:39 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-16 21:55 - 2014-07-16 20:39 - 00131584 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2014-10-16 21:55 - 2014-07-16 20:39 - 00065536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 21:55 - 2014-07-16 20:39 - 00065536 ____A (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2014-10-16 21:55 - 2014-07-16 20:39 - 00017408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 21:55 - 2014-07-16 20:39 - 00017408 ____A (Microsoft Corporation) C:\Windows\System32\credssp.dll
2014-10-16 21:54 - 2014-09-12 20:40 - 00067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 21:54 - 2014-09-12 20:40 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2014-10-07 00:23 - 2014-10-07 00:23 - 00043152 ____A (AVAST Software) C:\Windows\avastSS.scr
2014-10-07 00:17 - 2014-10-07 00:17 - 00000000 ____D C:\ProgramData\AVAST Software

==================== One Month Modified Files and Folders ========

2014-11-02 19:18 - 2014-11-02 15:13 - 00000000 ____D C:\FRST
2014-11-02 19:16 - 2013-07-03 20:58 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4133182616-3398888968-2444091820-1000UA.job
2014-11-02 19:16 - 2012-11-09 01:02 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-02 17:18 - 2009-12-23 14:54 - 02091126 ____A C:\Windows\WindowsUpdate.log
2014-11-02 17:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Microsoft.NET
2014-11-02 16:52 - 2014-11-02 16:52 - 00020454 ____A C:\ComboFix.txt
2014-11-02 16:52 - 2013-06-10 21:52 - 00000000 ____D C:\Qoobox
2014-11-02 16:46 - 2009-07-13 21:34 - 00000215 ____A C:\Windows\system.ini
2014-11-02 16:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64
2014-11-02 16:26 - 2014-11-02 16:26 - 05591672 ____R (Swearware) C:\Users\Chris\Desktop\ComboFix.exe
2014-11-02 15:12 - 2010-05-08 23:15 - 00000000 ____D C:\users\Chris
2014-11-02 14:46 - 2013-03-31 13:33 - 00000000 ____D C:\Program Files (x86)\Steam
2014-11-02 14:44 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2014-11-02 14:44 - 2009-07-13 23:51 - 00062785 ____A C:\Windows\setupact.log
2014-10-28 22:33 - 2009-12-23 15:12 - 00421768 ____A C:\Windows\PFRO.log
2014-10-28 22:20 - 2013-06-10 22:00 - 00000000 ____D C:\Users\Chris\AppData\Local\CrashDumps
2014-10-28 19:13 - 2014-10-28 19:13 - 00001108 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-28 19:13 - 2014-10-28 19:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-28 19:13 - 2013-06-09 23:50 - 00000000 ____D C:\Malwarebytes' Anti-Malware
2014-10-28 19:13 - 2011-12-11 15:16 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Malwarebytes
2014-10-28 19:13 - 2011-12-11 15:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-10-28 19:13 - 2009-07-13 22:20 - 00000000 ___RD C:\Program Files (x86)
2014-10-27 19:19 - 2013-07-03 20:58 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4133182616-3398888968-2444091820-1000Core.job
2014-10-24 19:24 - 2014-10-24 19:24 - 00000000 ____D C:\Users\Chris\AppData\Roaming\AVAST Software
2014-10-21 22:15 - 2009-12-23 14:51 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-10-07 00:24 - 2010-09-27 18:00 - 00001979 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-10-07 00:23 - 2014-10-07 00:23 - 00043152 ____A (AVAST Software) C:\Windows\avastSS.scr
2014-10-07 00:17 - 2014-10-07 00:17 - 00000000 ____D C:\ProgramData\AVAST Software
2014-10-06 21:04 - 2014-10-16 21:57 - 00331448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-06 21:04 - 2014-10-16 21:57 - 00331448 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-10-06 05:50 - 2010-09-27 18:00 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2014-10-06 05:50 - 2010-09-27 18:00 - 00000000 ____A C:\Windows\System32\config.nt

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2011-04-27 17:14] - [2011-02-25 01:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3

C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll
[2011-04-04 18:48] - [2010-11-20 07:08] - 0833024 ____A (Microsoft Corporation) 5E0DB2D8B2750543CD2EBB9EA8E6CDD3

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.
c:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.
C:\Windows\System32\winsrv.dll IS MISSING <==== ATTENTION!.

==================== Memory info ===========================

Percentage of memory in use: 47%
Total physical RAM: 3957.19 MB
Available physical RAM: 2094.13 MB
Total Pagefile: 7912.56 MB
Available Pagefile: 5935.6 MB
Total Virtual: 4095.88 MB
Available Virtual: 3974.27 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:446.23 GB) (Free:313.62 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: () (CDROM) (Total:0.08 GB) (Free:0 GB) CDFS

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          465 GB      0 B        

Partitions of Disk 0:
===============

Disk ID: 76692CA8

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary             19 GB  1024 KB
  Partition 2    Primary            446 GB    19 GB

=========================================================

Disk: 0
Partition 1
Type  : 1C
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C   OS           NTFS   Partition    446 GB  Healthy    System (partition with boot components) 

=========================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 76692CA8

Partition 1:
=========
Hex: 002021001CFEFFFF00080000760E7102
Active: NO
Type: 1C
Size: 20 GB

Partition 2:
=========
Hex: 80FEFFFF07FEFFFF76167102BA41C737
Active: YES
Type: 07 (NTFS)
Size: 446 GB

==================== End Of Log ============================



#10 cmwalker16

cmwalker16
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 02 November 2014 - 07:22 PM

oops, ignore that last post-- apparently had an old version of FABAR on my computer.  Lemme run the current version real quick...



#11 cmwalker16

cmwalker16
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 02 November 2014 - 07:37 PM

Here's the correct logs:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by Chris (administrator) on CHRIS-PC on 02-11-2014 19:34:06
Running from C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U1RN1MBW
Loaded Profile: Chris (Available profiles: Chris)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1298219009\ee\aolsoftware.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1813288 2009-08-16] (Synaptics Incorporated)
HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-07-13] ()
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6937216 2009-10-09] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe [237693 2008-12-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1298219009\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [298376 2012-09-28] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4085896 2014-10-24] (AVAST Software)
HKU\S-1-5-21-4133182616-3398888968-2444091820-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\S-1-5-21-4133182616-3398888968-2444091820-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1937600 2014-08-13] (Valve Corporation)
Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\McAfee PC Security.lnk
ShortcutTarget: McAfee PC Security.lnk -> C:\ProgramData\McAfeeSecurePC\mcafeesecurepc.dll (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll ()
ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4133182616-3398888968-2444091820-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {CD067257-AAE6-4C6F-9CFC-359398C4581D} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {CD067257-AAE6-4C6F-9CFC-359398C4581D} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://attwm.webex.com/client/T27L10NSP25EP3-attwm/webex/ieatgpc1.cab
DPF: HKLM-x32 {EAC4DA12-B6EA-4A51-B455-1B506043C718} http://www.docedge.com/dtviewer.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.252.0.12

FireFox:
========
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\alxvsv8x.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: google.com/WidevineMediaOptimizer -> C:\Users\Chris\AppData\Roaming\IDM\bin\npwidevinemediaoptimizer.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-05-29]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-10-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ADSMService; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.) [File not signed]
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-10-07] (AVAST Software)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2009-12-23] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2009-12-23] (Creative Labs) [File not signed]
R2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1019328 2012-08-21] (Enigma Software Group USA, LLC.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-07] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-10-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-10-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-07] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-10-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-10-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-10-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-10-07] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-04-09] (DT Soft Ltd)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2011-11-12] (LeapFrog)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-05-20] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows ® Server 2003 DDK provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S0 SMR322; System32\drivers\SMR322.SYS [X]
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 19:18 - 2014-11-02 19:19 - 00016227 _____ () C:\Users\Chris\Downloads\FRST.txt
2014-11-02 16:52 - 2014-11-02 16:52 - 00020454 _____ () C:\ComboFix.txt
2014-11-02 16:26 - 2014-11-02 16:26 - 05591672 ____R (Swearware) C:\Users\Chris\Desktop\ComboFix.exe
2014-11-02 15:58 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-02 15:58 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-02 15:58 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-02 15:58 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-02 15:58 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-02 15:58 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-02 15:58 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-02 15:58 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-02 15:13 - 2014-11-02 19:34 - 00000000 ____D () C:\FRST
2014-10-29 19:36 - 2014-11-02 19:30 - 00003170 _____ () C:\Windows\System32\Tasks\P4GIntlCtrl
2014-10-28 23:22 - 2013-06-10 21:58 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.20141029-002209.backup
2014-10-28 19:14 - 2014-10-28 19:14 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-28 19:13 - 2014-10-28 19:13 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-28 19:13 - 2014-10-28 19:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-28 19:13 - 2014-10-28 19:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-28 19:13 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-28 19:13 - 2014-10-01 10:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-24 19:24 - 2014-10-24 19:24 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\AVAST Software
2014-10-16 21:57 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 21:57 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 21:57 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 21:57 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 21:57 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 21:57 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 21:57 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 21:57 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 21:57 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 21:57 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 21:57 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 21:57 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 21:57 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 21:57 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 21:57 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 21:57 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 21:57 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 21:57 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 21:57 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 21:57 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 21:57 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 21:57 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 21:57 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 21:57 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 21:57 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 21:57 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 21:57 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 21:57 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 21:57 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 21:57 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 21:57 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 21:57 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 21:57 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 21:57 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 21:57 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 21:57 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 21:57 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 21:57 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 21:57 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 21:57 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 21:57 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 21:57 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 21:56 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 21:56 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 21:56 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 21:56 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 21:56 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 21:56 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 21:56 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 21:56 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 21:56 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 21:56 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 21:56 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 21:56 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 21:56 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 21:56 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 21:56 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 21:56 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 21:56 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 21:56 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 21:56 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 21:56 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 21:56 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 21:56 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 21:56 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 21:56 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 21:56 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 21:56 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 21:55 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 21:55 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 21:55 - 2014-07-16 21:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 21:55 - 2014-07-16 21:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 21:55 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 21:55 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 21:55 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 21:55 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 21:55 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 21:55 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 21:55 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 21:55 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 21:55 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-16 21:55 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-16 21:55 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 21:55 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 21:55 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 21:55 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 21:54 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 21:54 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-07 00:23 - 2014-10-07 00:23 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-10-07 00:23 - 2014-10-07 00:23 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-10-07 00:23 - 2014-10-07 00:23 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-10-07 00:17 - 2014-10-07 00:17 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-10-06 05:50 - 2014-10-07 00:23 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-10-06 05:50 - 2014-10-07 00:23 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 19:33 - 2013-07-03 20:58 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4133182616-3398888968-2444091820-1000UA.job
2014-11-02 19:33 - 2009-12-23 14:54 - 02094481 _____ () C:\Windows\WindowsUpdate.log
2014-11-02 19:29 - 2013-03-31 13:33 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-02 19:29 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-02 19:28 - 2009-07-13 23:51 - 00062841 _____ () C:\Windows\setupact.log
2014-11-02 19:27 - 2009-12-23 15:12 - 00422766 _____ () C:\Windows\PFRO.log
2014-11-02 19:18 - 2009-07-14 00:13 - 00786578 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-02 19:16 - 2012-11-09 01:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-02 16:52 - 2013-06-10 21:52 - 00000000 ____D () C:\Qoobox
2014-11-02 16:46 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-02 15:12 - 2010-05-08 23:15 - 00000000 ____D () C:\Users\Chris
2014-11-02 14:54 - 2009-07-13 23:45 - 00019056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-02 14:54 - 2009-07-13 23:45 - 00019056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-28 22:20 - 2013-06-10 22:00 - 00000000 ____D () C:\Users\Chris\AppData\Local\CrashDumps
2014-10-28 22:12 - 2011-08-25 10:56 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-10-28 19:13 - 2013-06-09 23:50 - 00000000 ____D () C:\Malwarebytes' Anti-Malware
2014-10-28 19:13 - 2011-12-11 15:16 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Malwarebytes
2014-10-28 19:13 - 2011-12-11 15:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-27 19:19 - 2013-07-03 20:58 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4133182616-3398888968-2444091820-1000Core.job
2014-10-26 13:59 - 2014-09-08 19:50 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-10-26 08:28 - 2013-07-03 20:58 - 00003882 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4133182616-3398888968-2444091820-1000UA
2014-10-26 08:28 - 2013-07-03 20:58 - 00003486 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4133182616-3398888968-2444091820-1000Core
2014-10-24 19:34 - 2010-09-27 18:00 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-10-24 19:21 - 2009-12-23 15:17 - 00001860 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-10-24 19:21 - 2009-07-13 23:45 - 04975784 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-24 19:17 - 2014-05-07 09:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-21 22:15 - 2009-12-23 14:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-19 13:06 - 2013-08-16 19:26 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 21:51 - 2010-05-22 20:21 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-07 00:24 - 2010-09-27 18:00 - 00001979 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-10-07 00:23 - 2014-09-11 22:18 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-10-07 00:23 - 2011-05-29 07:08 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-10-07 00:23 - 2011-05-29 07:08 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-10-07 00:23 - 2010-09-27 18:00 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-10-06 05:50 - 2010-09-27 18:00 - 00000000 _____ () C:\Windows\SysWOW64\config.nt

Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\Users\Chris\-636404408.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-01 16:56

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014

 

Ran by Chris at 2014-11-02 19:35:29

 

Running from C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U1RN1MBW

 

Boot Mode: Normal

 

==========================================================

 

 

 

==================== Security Center ========================

 

 

(If an entry is included in the fixlist, it will be removed.)

 

 

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

 

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

 

 

==================== Installed Programs ======================

 

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

 

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)

 

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)

 

Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)

 

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)

 

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)

 

Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)

 

Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)

 

AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version:  - AOL Inc.)

 

ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.7 - ASUS)

 

ASUS Data Security Manager (HKLM-x32\...\{FA2092C5-7979-412D-A962-6485274AE1EE}) (Version: 1.00.0013 - ASUS)

 

ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)

 

ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)

 

ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.22 - ASUS)

 

ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0007 - ASUS)

 

ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)

 

ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.17 - asus)

 

ASUS_ScreenSaver_GSeries (HKLM-x32\...\ASUS_ScreenSaver_GSeries) (Version:  - )

 

Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)

 

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.7 - Atheros Communications Inc.)

 

ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)

 

ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0054 - ASUS)

 

ATK Media (HKLM-x32\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0006 - ASUS)

 

ATKOSD2 (HKLM-x32\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0007 - ASUS)

 

avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)

 

Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.1.2 - EA Digital Illusions CE AB)

 

Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)

 

BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.2.1 - )

 

BlackBerry Desktop Software 6.0 (HKLM-x32\...\BlackBerry_Desktop) (Version: 6.0.0.43 - Research In Motion Ltd.)

 

BlackBerry Desktop Software 6.0 (x32 Version: 6.0.0.43 - Research In Motion Ltd.) Hidden

 

Canon MF4200 Series (HKLM\...\{0ABC556A-5A27-4708-9021-B72FB0F8B1F6}) (Version:  - )

 

Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden

 

Citrix online plug-in (HKLM-x32\...\CitrixOnlinePluginFull) (Version: 12.3.0.8 - Citrix Systems, Inc.)

 

Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

 

ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.4 - ASUS)

 

Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)

 

Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - Creative Technology Limited)

 

DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)

 

ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)

 

Express Gate (HKLM-x32\...\{B5A5627C-0173-4DB2-ADA8-740479370F67}) (Version: 1.2.13.34 - DeviceVM, Inc.)

 

Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.4 - ASUS)

 

GSAK 7.7.3.53 (Final) (HKLM-x32\...\GSAK_is1) (Version:  - CWE computer services)

 

HP Officejet 7110 series Basic Device Software (HKLM\...\{F52CCB46-A0AE-4DAE-9197-3645879B0BEF}) (Version: 29.1.971.39251 - Hewlett-Packard Co.)

 

HP Officejet 7110 series Help (HKLM-x32\...\{53036DC6-EB27-47D3-A286-B74CF21E8480}) (Version: 29.0.0 - Hewlett Packard)

 

HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)

 

HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)

 

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)

 

Intel® Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)

 

Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle)

 

Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden

 

Keynote Connector (HKLM-x32\...\KeynoteConnector) (Version:  - )

 

LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 4.2.9.15649 - LeapFrog)

 

LeapFrog Connect (x32 Version: 4.2.9.15649 - LeapFrog) Hidden

 

LeapFrog Tag Junior Plugin (x32 Version: 4.2.9.15649 - LeapFrog) Hidden

 

Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)

 

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

 

Microsoft Office Live Add-in 1.3 (HKLM-x32\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)

 

Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

 

Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)

 

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

 

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

 

Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)

 

Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)

 

Microsoft Visio Premium 2010 (HKLM-x32\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)

 

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

 

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

 

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

 

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

 

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

 

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

 

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

 

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)

 

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)

 

Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)

 

Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)

 

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.9 - NVIDIA Corporation)

 

NVIDIA PhysX (HKLM-x32\...\{B83FC356-B7C0-441F-8A4D-D71E088E7974}) (Version: 9.09.0428 - NVIDIA Corporation)

 

Origin (HKLM-x32\...\Origin) (Version: 8.3.7.3619 - Electronic Arts, Inc.)

 

PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden

 

Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)

 

PoxNora (HKLM-x32\...\Steam App 201210) (Version:  - Sony Online Entertainment)

 

Product Improvement Study for HP Officejet 7110 series (HKLM\...\{FC8B0C45-FC9E-439B-8B68-0D5E65BE36EC}) (Version: 29.1.971.39251 - Hewlett-Packard Co.)

 

Puzzle Pirates (HKLM-x32\...\Steam App 99910) (Version:  - )

 

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5983 - Realtek Semiconductor Corp.)

 

RICOH R5U230 Media Driver ver.2.05.02.02 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.05.02.02 - RICOH)

 

ROSE Online (HKLM-x32\...\Steam App 215120) (Version:  - )

 

Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.2 - Roxio)

 

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

 

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version:  - Microsoft)

 

SolForge (HKLM-x32\...\Steam App 232450) (Version:  - Stone Blade Entertainment)

 

Sound Blaster Audigy HD (HKLM-x32\...\{38F8D823-008D-4E5A-BBCE-867A86C2BF2B}) (Version: 1.0 - Creative Technology Limited)

 

SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )

 

SpeedyPC Pro (HKLM-x32\...\{604CD5A1-4520-4844-B064-A3D884B77E91}) (Version: 3.1.5.0 - SpeedyPC Software) <==== ATTENTION

 

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)

 

SpyHunter (HKLM\...\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}) (Version: 4.10.5.4085 - Enigma Software Group USA, LLC)

 

Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)

 

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

 

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.1.1 - Synaptics Incorporated)

 

USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version:  - )

 

Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin) (HKLM-x32\...\TagJuniorPlugin) (Version:  - LeapFrog)

 

Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version:  - )

 

WebEx (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)

 

Widevine Media Optimizer IE 6.0.0 (HKCU\...\optimizer_ie) (Version: 6.0.0.12757 - Widevine Technologies)

 

Windows Driver Package - LeapFrog (FlyUsb) USB  (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)

 

Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)

 

Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)

 

Windows Live Sign-in Assistant (HKLM-x32\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)

 

Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)

 

Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

 

WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.29.0 - ASUS)

 

Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.14 - ASUS)

 

Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)

 

World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: 4.3.0.15050 - Blizzard Entertainment)

 

 

==================== Custom CLSID (selected items): ==========================

 

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

 

CustomCLSID: HKU\S-1-5-21-4133182616-3398888968-2444091820-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)

 

CustomCLSID: HKU\S-1-5-21-4133182616-3398888968-2444091820-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File

 

CustomCLSID: HKU\S-1-5-21-4133182616-3398888968-2444091820-1000_Classes\CLSID\{5b55a44a-d008-49aa-9234-86fb7709bc0a}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

 

CustomCLSID: HKU\S-1-5-21-4133182616-3398888968-2444091820-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File

 

CustomCLSID: HKU\S-1-5-21-4133182616-3398888968-2444091820-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)

 

CustomCLSID: HKU\S-1-5-21-4133182616-3398888968-2444091820-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

 

 

==================== Restore Points  =========================

 

 

13-09-2014 04:14:10 Windows Modules Installer

 

13-09-2014 04:15:09 Windows Modules Installer

 

27-09-2014 02:23:17 Windows Modules Installer

 

03-10-2014 00:49:32 Windows Modules Installer

 

07-10-2014 05:17:31 avast! antivirus system restore point

 

22-10-2014 03:08:00 Windows Modules Installer

 

22-10-2014 03:08:52 Windows Modules Installer

 

02-11-2014 20:58:31 ComboFix created restore point

 

 

==================== Hosts content: ==========================

 

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

 

2009-07-13 21:34 - 2014-10-28 23:22 - 00418700 ____R C:\Windows\system32\Drivers\etc\hosts

 

127.0.0.1       localhost

 

127.0.0.1 www.007guard.com

 

127.0.0.1 007guard.com

 

127.0.0.1 008i.com

 

127.0.0.1 www.008k.com

 

127.0.0.1 008k.com

 

127.0.0.1 www.00hq.com

 

127.0.0.1 00hq.com

 

127.0.0.1 010402.com

 

127.0.0.1 www.032439.com

 

127.0.0.1 032439.com

 

127.0.0.1 www.0scan.com

 

127.0.0.1 0scan.com

 

127.0.0.1 1000gratisproben.com

 

127.0.0.1 www.1000gratisproben.com

 

127.0.0.1 1001namen.com

 

127.0.0.1 www.1001namen.com

 

127.0.0.1 100888290cs.com

 

127.0.0.1 www.100888290cs.com

 

127.0.0.1 www.100sexlinks.com

 

127.0.0.1 100sexlinks.com

 

127.0.0.1 10sek.com

 

127.0.0.1 www.10sek.com

 

127.0.0.1 www.1-2005-search.com

 

127.0.0.1 1-2005-search.com

 

127.0.0.1 123fporn.info

 

127.0.0.1 www.123fporn.info

 

127.0.0.1 123haustiereundmehr.com

 

127.0.0.1 www.123haustiereundmehr.com

 

 

There are 1000 more lines.

 

 

 

==================== Scheduled Tasks (whitelisted) =============

 

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

 

Task: {1041D5D1-7554-4829-864D-838D35BF29C0} - System32\Tasks\HPCustParticipation HP Officejet 7110 series => C:\Program Files\HP\HP Officejet 7110 series\Bin\HPCustPartic.exe [2012-10-21] (Hewlett-Packard Co.)

 

Task: {13D54DDD-A03B-4474-A095-101CFABDC141} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-10-07] (AVAST Software)

 

Task: {158E85F4-14B1-4755-9B0F-539F11FBCD07} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)

 

Task: {1B0FBE01-BFF1-4DBA-A20E-A6B841E2DB90} - System32\Tasks\P4G Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)

 

Task: {1D4E4136-55F0-45AF-832C-9D2DC3E6DA1B} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()

 

Task: {2D5B2270-659B-4457-A27F-24B7CF70DB39} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)

 

Task: {3B418C31-A201-480D-BEF5-147D3ABBF828} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2009-08-28] (ATK)

 

Task: {50DF89F0-0346-4F95-91C9-AA3B50E1A656} - System32\Tasks\AdobeAAMUpdater-1.0-Chris-PC-Chris => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15] (Adobe Systems Incorporated)

 

Task: {57EF6E75-8E7C-4784-8DD6-FD64CED69A1F} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-09-24] ()

 

Task: {607645EB-53D2-429A-8259-402D75459059} - System32\Tasks\P4GIntlCtrl => C:\Program Files\P4G\IntlCtrl.exe [2009-08-11] (TODO: <Company name>)

 

Task: {7A754CE5-AA10-4E7A-A6BA-297A4D6925BA} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2009-11-12] ()

 

Task: {8E19B0BA-FCE5-4283-A0EF-A94A7E9450A6} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-05-18] (ASUS)

 

Task: {DA26ECBA-2C52-4D15-8F90-3880A497EDD4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4133182616-3398888968-2444091820-1000UA => C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-03] (Google Inc.)

 

Task: {EF98EA4F-B2F1-4AD3-A4E3-E156348B4656} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4133182616-3398888968-2444091820-1000Core => C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-03] (Google Inc.)

 

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

 

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4133182616-3398888968-2444091820-1000Core.job => C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe

 

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4133182616-3398888968-2444091820-1000UA.job => C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe

 

Task: C:\Windows\Tasks\SpeedyPC Pro.job => C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe

 

Task: C:\Windows\Tasks\SpeedyPC Registration3.job => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\UUS3.dll

 

Task: C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe

 

Task: C:\Windows\Tasks\SpeedyPC Update Version3.job => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe

 

 

==================== Loaded Modules (whitelisted) =============

 

 

2009-12-23 15:16 - 2007-08-08 03:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe

 

2007-06-15 13:28 - 2007-06-15 13:28 - 00104960 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll

 

2007-06-01 19:52 - 2007-06-01 19:52 - 00159744 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll

 

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

 

2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

 

2008-10-01 02:02 - 2008-10-01 02:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll

 

2009-08-28 18:00 - 2009-08-28 18:00 - 00041984 _____ () C:\Program Files\P4G\DevMng.dll

 

2009-08-19 14:57 - 2009-08-19 14:57 - 00029184 _____ () C:\Program Files\P4G\OvrClk.dll

 

2009-12-23 15:16 - 2007-03-09 21:58 - 00124416 _____ () C:\Program Files\ATKGFNEX\AGFNEX64.dll

 

2009-12-23 15:17 - 2007-11-30 14:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

 

2009-09-24 16:50 - 2009-09-24 16:50 - 00053888 _____ () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe

 

2009-11-12 13:10 - 2009-11-12 13:10 - 01597440 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

 

2009-07-13 01:35 - 2009-07-13 01:35 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

 

2009-07-13 01:36 - 2009-07-13 01:36 - 01141232 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe

 

2014-10-07 00:22 - 2014-10-07 00:22 - 00301152 _____ () C:\Program Files\Alwil Software\Avast5\aswProperty.dll

 

2014-11-02 14:49 - 2014-11-02 14:49 - 02898944 _____ () C:\Program Files\Alwil Software\Avast5\defs\14110201\algo.dll

 

2009-12-23 15:14 - 2009-02-06 21:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL

 

2009-12-23 15:14 - 2009-03-26 17:46 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL

 

2014-10-07 00:22 - 2014-10-07 00:22 - 19329904 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll

 

2009-07-13 01:35 - 2009-07-13 01:35 - 00588272 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\BBEngineAS.dll

 

2009-04-25 12:03 - 2009-04-25 12:03 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll

 

 

==================== Alternate Data Streams (whitelisted) =========

 

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

AlternateDataStreams: C:\Users\Chris\Desktop\launch.ica.5t5i2qg.partial:icasource

 

AlternateDataStreams: C:\Users\Chris\Downloads\launch.ica.qmg4kil.partial:icasource

 

 

==================== Safe Mode (whitelisted) ===================

 

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR322 => ""="Service"

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR322.SYS => ""="Driver"

 

 

==================== EXE Association (whitelisted) =============

 

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

 

(Currently there is no automatic fix for this section.)

 

 

MSCONFIG\startupreg: ADSMTray => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe

 

MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

 

 

========================= Accounts: ==========================

 

 

Administrator (S-1-5-21-4133182616-3398888968-2444091820-500 - Administrator - Disabled)

 

Chris (S-1-5-21-4133182616-3398888968-2444091820-1000 - Administrator - Enabled) => C:\Users\Chris

 

Guest (S-1-5-21-4133182616-3398888968-2444091820-501 - Limited - Disabled)

 

HomeGroupUser$ (S-1-5-21-4133182616-3398888968-2444091820-1002 - Limited - Enabled)

 

 

==================== Faulty Device Manager Devices =============

 

 

 

==================== Event log errors: =========================

 

 

Application errors:

 

==================

 

Error: (10/29/2014 00:07:42 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )

 

Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1216.

 

 

Error: (10/29/2014 00:07:41 AM) (Source: ESENT) (EventID: 454) (User: )

 

Description: Catalog Database (1204) Catalog Database: Database recovery/restore failed with unexpected error -1216.

 

 

Error: (10/29/2014 00:07:41 AM) (Source: ESENT) (EventID: 494) (User: )

 

Description: Catalog Database (1204) Catalog Database: Database recovery failed with error -1216 because it encountered references to a database, 'C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.

 

 

Error: (10/28/2014 10:20:31 PM) (Source: Application Error) (EventID: 1000) (User: )

 

Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7

 

Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22

 

Exception code: 0xc00000fd

 

Fault offset: 0x0039f634

 

Faulting process id: 0x1ab8

 

Faulting application start time: 0xiexplore.exe0

 

Faulting application path: iexplore.exe1

 

Faulting module path: iexplore.exe2

 

Report Id: iexplore.exe3

 

 

Error: (10/28/2014 10:12:05 PM) (Source: Application Error) (EventID: 1000) (User: )

 

Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7

 

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

 

Exception code: 0xc0000005

 

Fault offset: 0x002201e2

 

Faulting process id: 0x1724

 

Faulting application start time: 0xdllhost.exe0

 

Faulting application path: dllhost.exe1

 

Faulting module path: dllhost.exe2

 

Report Id: dllhost.exe3

 

 

Error: (10/28/2014 07:57:28 PM) (Source: Application Error) (EventID: 1000) (User: )

 

Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7

 

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

 

Exception code: 0xc0000005

 

Fault offset: 0x001b01e2

 

Faulting process id: 0xc68

 

Faulting application start time: 0xdllhost.exe0

 

Faulting application path: dllhost.exe1

 

Faulting module path: dllhost.exe2

 

Report Id: dllhost.exe3

 

 

Error: (10/28/2014 07:52:10 PM) (Source: Application Error) (EventID: 1000) (User: )

 

Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7

 

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

 

Exception code: 0xc0000005

 

Fault offset: 0x001401e2

 

Faulting process id: 0xca0

 

Faulting application start time: 0xdllhost.exe0

 

Faulting application path: dllhost.exe1

 

Faulting module path: dllhost.exe2

 

Report Id: dllhost.exe3

 

 

Error: (10/28/2014 07:46:50 PM) (Source: Application Error) (EventID: 1000) (User: )

 

Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7

 

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

 

Exception code: 0xc0000005

 

Fault offset: 0x001201e2

 

Faulting process id: 0xea4

 

Faulting application start time: 0xdllhost.exe0

 

Faulting application path: dllhost.exe1

 

Faulting module path: dllhost.exe2

 

Report Id: dllhost.exe3

 

 

Error: (10/28/2014 07:41:42 PM) (Source: Application Error) (EventID: 1000) (User: )

 

Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7

 

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

 

Exception code: 0xc0000005

 

Fault offset: 0x001201e2

 

Faulting process id: 0x16cc

 

Faulting application start time: 0xdllhost.exe0

 

Faulting application path: dllhost.exe1

 

Faulting module path: dllhost.exe2

 

Report Id: dllhost.exe3

 

 

Error: (10/28/2014 07:36:24 PM) (Source: Application Error) (EventID: 1000) (User: )

 

Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7

 

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

 

Exception code: 0xc0000005

 

Fault offset: 0x002501e2

 

Faulting process id: 0x17e4

 

Faulting application start time: 0xdllhost.exe0

 

Faulting application path: dllhost.exe1

 

Faulting module path: dllhost.exe2

 

Report Id: dllhost.exe3

 

 

 

System errors:

 

=============

 

Error: (11/02/2014 07:30:16 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

 

Description: The following boot-start or system-start driver(s) failed to load:

 

SMR322

 

 

Error: (11/02/2014 07:28:49 PM) (Source: EventLog) (EventID: 6008) (User: )

 

Description: The previous system shutdown at 7:26:03 PM on ‎11/‎2/‎2014 was unexpected.

 

 

Error: (11/02/2014 07:19:16 PM) (Source: cdrom) (EventID: 7) (User: )

 

Description: The device, \Device\CdRom0, has a bad block.

 

 

Error: (11/02/2014 05:20:40 PM) (Source: cdrom) (EventID: 7) (User: )

 

Description: The device, \Device\CdRom0, has a bad block.

 

 

Error: (11/02/2014 04:46:39 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

 

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

 

Error: (11/02/2014 04:34:09 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

 

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

 

Error: (11/02/2014 04:24:04 PM) (Source: cdrom) (EventID: 7) (User: )

 

Description: The device, \Device\CdRom0, has a bad block.

 

 

Error: (11/02/2014 04:18:56 PM) (Source: Application Popup) (EventID: 1060) (User: )

 

Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

 

 

Error: (11/02/2014 04:18:55 PM) (Source: Application Popup) (EventID: 1060) (User: )

 

Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

 

 

Error: (11/02/2014 04:12:19 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

 

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

 

 

Microsoft Office Sessions:

 

=========================

 

Error: (10/29/2014 00:07:42 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )

 

Description: -1216

 

 

Error: (10/29/2014 00:07:41 AM) (Source: ESENT) (EventID: 454) (User: )

 

Description: Catalog Database1204Catalog Database: -1216

 

 

Error: (10/29/2014 00:07:41 AM) (Source: ESENT) (EventID: 494) (User: )

 

Description: Catalog Database1204Catalog Database: -1216C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb

 

 

Error: (10/28/2014 10:20:31 PM) (Source: Application Error) (EventID: 1000) (User: )

 

Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd0039f6341ab801cff32646f451f2C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll892af872-5f1a-11e4-9e64-00038a000015

 

 

Error: (10/28/2014 10:12:05 PM) (Source: Application Error) (EventID: 1000) (User: )

 

Description: dllhost.exe6.1.7600.163854a5bc6b7unknown0.0.0.000000000c0000005002201e2172401cff32616e08f20C:\Windows\syswow64\dllhost.exeunknown5b9bce70-5f19-11e4-9e64-00038a000015

 

 

Error: (10/28/2014 07:57:28 PM) (Source: Application Error) (EventID: 1000) (User: )

 

Description: dllhost.exe6.1.7600.163854a5bc6b7unknown0.0.0.000000000c0000005001b01e2c6801cff3134eb06e85C:\Windows\syswow64\dllhost.exeunknown8d783d26-5f06-11e4-9e64-00038a000015

 

 

Error: (10/28/2014 07:52:10 PM) (Source: Application Error) (EventID: 1000) (User: )

 

Description: dllhost.exe6.1.7600.163854a5bc6b7unknown0.0.0.000000000c0000005001401e2ca001cff312910a4c30C:\Windows\syswow64\dllhost.exeunknowncfe06313-5f05-11e4-9e64-00038a000015

 

 

Error: (10/28/2014 07:46:50 PM) (Source: Application Error) (EventID: 1000) (User: )

 

Description: dllhost.exe6.1.7600.163854a5bc6b7unknown0.0.0.000000000c0000005001201e2ea401cff311d153b85fC:\Windows\syswow64\dllhost.exeunknown113deee1-5f05-11e4-9e64-00038a000015

 

 

Error: (10/28/2014 07:41:42 PM) (Source: Application Error) (EventID: 1000) (User: )

 

Description: dllhost.exe6.1.7600.163854a5bc6b7unknown0.0.0.000000000c0000005001201e216cc01cff3111b061523C:\Windows\syswow64\dllhost.exeunknown59678898-5f04-11e4-9e64-00038a000015

 

 

Error: (10/28/2014 07:36:24 PM) (Source: Application Error) (EventID: 1000) (User: )

 

Description: dllhost.exe6.1.7600.163854a5bc6b7unknown0.0.0.000000000c0000005002501e217e401cff3105c71e933C:\Windows\syswow64\dllhost.exeunknown9be2b987-5f03-11e4-9e64-00038a000015

 

 

 

CodeIntegrity Errors:

 

===================================

 

  Date: 2014-11-02 16:18:56.786

 

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

  Date: 2014-11-02 16:18:56.240

 

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

  Date: 2014-11-02 16:18:55.647

 

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

  Date: 2014-11-02 16:18:55.117

 

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

  Date: 2013-06-10 22:57:47.056

 

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

  Date: 2013-06-10 22:57:46.994

 

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

  Date: 2012-08-29 01:03:53.310

 

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\2f8ce9ea.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

  Date: 2012-08-29 01:03:53.218

 

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\2f8ce9ea.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

 

==================== Memory info ===========================

 

 

Processor: Intel® Core™ i5 CPU M 430 @ 2.27GHz

 

Percentage of memory in use: 40%

 

Total physical RAM: 3957.19 MB

 

Available physical RAM: 2348.25 MB

 

Total Pagefile: 7912.56 MB

 

Available Pagefile: 6149.64 MB

 

Total Virtual: 8192 MB

 

Available Virtual: 8191.84 MB

 

 

==================== Drives ================================

 

 

Drive c: (OS) (Fixed) (Total:446.23 GB) (Free:313.61 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

 

Drive e: () (CDROM) (Total:0.08 GB) (Free:0 GB) CDFS

 

Drive f: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS

 

Drive g: () (Removable) (Total:14.92 GB) (Free:14.81 GB) FAT32

 

 

==================== MBR & Partition Table ==================

 

 

========================================================

 

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 76692CA8)

 

Partition 1: (Not Active) - (Size=19.5 GB) - (Type=1C)

 

Partition 2: (Active) - (Size=446.2 GB) - (Type=07 NTFS)

 

 

========================================================

 

Disk: 1 (Size: 14.9 GB) (Disk ID: 00000000)

 

 

Partition: GPT Partition Type.

 

 

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014
Ran by Chris at 2014-11-02 19:35:29
Running from C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U1RN1MBW
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version:  - AOL Inc.)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.7 - ASUS)
ASUS Data Security Manager (HKLM-x32\...\{FA2092C5-7979-412D-A962-6485274AE1EE}) (Version: 1.00.0013 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.22 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0007 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.17 - asus)
ASUS_ScreenSaver_GSeries (HKLM-x32\...\ASUS_ScreenSaver_GSeries) (Version:  - )
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.7 - Atheros Communications Inc.)
ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0054 - ASUS)
ATK Media (HKLM-x32\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0006 - ASUS)
ATKOSD2 (HKLM-x32\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0007 - ASUS)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.1.2 - EA Digital Illusions CE AB)
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.2.1 - )
BlackBerry Desktop Software 6.0 (HKLM-x32\...\BlackBerry_Desktop) (Version: 6.0.0.43 - Research In Motion Ltd.)
BlackBerry Desktop Software 6.0 (x32 Version: 6.0.0.43 - Research In Motion Ltd.) Hidden
Canon MF4200 Series (HKLM\...\{0ABC556A-5A27-4708-9021-B72FB0F8B1F6}) (Version:  - )
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Citrix online plug-in (HKLM-x32\...\CitrixOnlinePluginFull) (Version: 12.3.0.8 - Citrix Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.4 - ASUS)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - Creative Technology Limited)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Express Gate (HKLM-x32\...\{B5A5627C-0173-4DB2-ADA8-740479370F67}) (Version: 1.2.13.34 - DeviceVM, Inc.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.4 - ASUS)
GSAK 7.7.3.53 (Final) (HKLM-x32\...\GSAK_is1) (Version:  - CWE computer services)
HP Officejet 7110 series Basic Device Software (HKLM\...\{F52CCB46-A0AE-4DAE-9197-3645879B0BEF}) (Version: 29.1.971.39251 - Hewlett-Packard Co.)
HP Officejet 7110 series Help (HKLM-x32\...\{53036DC6-EB27-47D3-A286-B74CF21E8480}) (Version: 29.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Keynote Connector (HKLM-x32\...\KeynoteConnector) (Version:  - )
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 4.2.9.15649 - LeapFrog)
LeapFrog Connect (x32 Version: 4.2.9.15649 - LeapFrog) Hidden
LeapFrog Tag Junior Plugin (x32 Version: 4.2.9.15649 - LeapFrog) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Live Add-in 1.3 (HKLM-x32\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visio Premium 2010 (HKLM-x32\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.9 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{B83FC356-B7C0-441F-8A4D-D71E088E7974}) (Version: 9.09.0428 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 8.3.7.3619 - Electronic Arts, Inc.)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PoxNora (HKLM-x32\...\Steam App 201210) (Version:  - Sony Online Entertainment)
Product Improvement Study for HP Officejet 7110 series (HKLM\...\{FC8B0C45-FC9E-439B-8B68-0D5E65BE36EC}) (Version: 29.1.971.39251 - Hewlett-Packard Co.)
Puzzle Pirates (HKLM-x32\...\Steam App 99910) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5983 - Realtek Semiconductor Corp.)
RICOH R5U230 Media Driver ver.2.05.02.02 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.05.02.02 - RICOH)
ROSE Online (HKLM-x32\...\Steam App 215120) (Version:  - )
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.2 - Roxio)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version:  - Microsoft)
SolForge (HKLM-x32\...\Steam App 232450) (Version:  - Stone Blade Entertainment)
Sound Blaster Audigy HD (HKLM-x32\...\{38F8D823-008D-4E5A-BBCE-867A86C2BF2B}) (Version: 1.0 - Creative Technology Limited)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
SpeedyPC Pro (HKLM-x32\...\{604CD5A1-4520-4844-B064-A3D884B77E91}) (Version: 3.1.5.0 - SpeedyPC Software) <==== ATTENTION
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SpyHunter (HKLM\...\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}) (Version: 4.10.5.4085 - Enigma Software Group USA, LLC)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.1.1 - Synaptics Incorporated)
USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version:  - )
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin) (HKLM-x32\...\TagJuniorPlugin) (Version:  - LeapFrog)
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version:  - )
WebEx (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Widevine Media Optimizer IE 6.0.0 (HKCU\...\optimizer_ie) (Version: 6.0.0.12757 - Widevine Technologies)
Windows Driver Package - LeapFrog (FlyUsb) USB  (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.29.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.14 - ASUS)
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: 4.3.0.15050 - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4133182616-3398888968-2444091820-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4133182616-3398888968-2444091820-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4133182616-3398888968-2444091820-1000_Classes\CLSID\{5b55a44a-d008-49aa-9234-86fb7709bc0a}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4133182616-3398888968-2444091820-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4133182616-3398888968-2444091820-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4133182616-3398888968-2444091820-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

13-09-2014 04:14:10 Windows Modules Installer
13-09-2014 04:15:09 Windows Modules Installer
27-09-2014 02:23:17 Windows Modules Installer
03-10-2014 00:49:32 Windows Modules Installer
07-10-2014 05:17:31 avast! antivirus system restore point
22-10-2014 03:08:00 Windows Modules Installer
22-10-2014 03:08:52 Windows Modules Installer
02-11-2014 20:58:31 ComboFix created restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-10-28 23:22 - 00418700 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1041D5D1-7554-4829-864D-838D35BF29C0} - System32\Tasks\HPCustParticipation HP Officejet 7110 series => C:\Program Files\HP\HP Officejet 7110 series\Bin\HPCustPartic.exe [2012-10-21] (Hewlett-Packard Co.)
Task: {13D54DDD-A03B-4474-A095-101CFABDC141} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-10-07] (AVAST Software)
Task: {158E85F4-14B1-4755-9B0F-539F11FBCD07} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: {1B0FBE01-BFF1-4DBA-A20E-A6B841E2DB90} - System32\Tasks\P4G Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {1D4E4136-55F0-45AF-832C-9D2DC3E6DA1B} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {2D5B2270-659B-4457-A27F-24B7CF70DB39} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {3B418C31-A201-480D-BEF5-147D3ABBF828} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2009-08-28] (ATK)
Task: {50DF89F0-0346-4F95-91C9-AA3B50E1A656} - System32\Tasks\AdobeAAMUpdater-1.0-Chris-PC-Chris => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15] (Adobe Systems Incorporated)
Task: {57EF6E75-8E7C-4784-8DD6-FD64CED69A1F} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-09-24] ()
Task: {607645EB-53D2-429A-8259-402D75459059} - System32\Tasks\P4GIntlCtrl => C:\Program Files\P4G\IntlCtrl.exe [2009-08-11] (TODO: <Company name>)
Task: {7A754CE5-AA10-4E7A-A6BA-297A4D6925BA} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2009-11-12] ()
Task: {8E19B0BA-FCE5-4283-A0EF-A94A7E9450A6} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-05-18] (ASUS)
Task: {DA26ECBA-2C52-4D15-8F90-3880A497EDD4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4133182616-3398888968-2444091820-1000UA => C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-03] (Google Inc.)
Task: {EF98EA4F-B2F1-4AD3-A4E3-E156348B4656} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4133182616-3398888968-2444091820-1000Core => C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-03] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4133182616-3398888968-2444091820-1000Core.job => C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4133182616-3398888968-2444091820-1000UA.job => C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SpeedyPC Pro.job => C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe
Task: C:\Windows\Tasks\SpeedyPC Registration3.job => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\UUS3.dll
Task: C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe
Task: C:\Windows\Tasks\SpeedyPC Update Version3.job => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe

==================== Loaded Modules (whitelisted) =============

2009-12-23 15:16 - 2007-08-08 03:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2007-06-15 13:28 - 2007-06-15 13:28 - 00104960 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll
2007-06-01 19:52 - 2007-06-01 19:52 - 00159744 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2008-10-01 02:02 - 2008-10-01 02:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2009-08-28 18:00 - 2009-08-28 18:00 - 00041984 _____ () C:\Program Files\P4G\DevMng.dll
2009-08-19 14:57 - 2009-08-19 14:57 - 00029184 _____ () C:\Program Files\P4G\OvrClk.dll
2009-12-23 15:16 - 2007-03-09 21:58 - 00124416 _____ () C:\Program Files\ATKGFNEX\AGFNEX64.dll
2009-12-23 15:17 - 2007-11-30 14:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2009-09-24 16:50 - 2009-09-24 16:50 - 00053888 _____ () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
2009-11-12 13:10 - 2009-11-12 13:10 - 01597440 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2009-07-13 01:35 - 2009-07-13 01:35 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2009-07-13 01:36 - 2009-07-13 01:36 - 01141232 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
2014-10-07 00:22 - 2014-10-07 00:22 - 00301152 _____ () C:\Program Files\Alwil Software\Avast5\aswProperty.dll
2014-11-02 14:49 - 2014-11-02 14:49 - 02898944 _____ () C:\Program Files\Alwil Software\Avast5\defs\14110201\algo.dll
2009-12-23 15:14 - 2009-02-06 21:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2009-12-23 15:14 - 2009-03-26 17:46 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2014-10-07 00:22 - 2014-10-07 00:22 - 19329904 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2009-07-13 01:35 - 2009-07-13 01:35 - 00588272 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\BBEngineAS.dll
2009-04-25 12:03 - 2009-04-25 12:03 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Chris\Desktop\launch.ica.5t5i2qg.partial:icasource
AlternateDataStreams: C:\Users\Chris\Downloads\launch.ica.qmg4kil.partial:icasource

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR322 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR322.SYS => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: ADSMTray => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

========================= Accounts: ==========================

Administrator (S-1-5-21-4133182616-3398888968-2444091820-500 - Administrator - Disabled)
Chris (S-1-5-21-4133182616-3398888968-2444091820-1000 - Administrator - Enabled) => C:\Users\Chris
Guest (S-1-5-21-4133182616-3398888968-2444091820-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4133182616-3398888968-2444091820-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/29/2014 00:07:42 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1216.

Error: (10/29/2014 00:07:41 AM) (Source: ESENT) (EventID: 454) (User: )
Description: Catalog Database (1204) Catalog Database: Database recovery/restore failed with unexpected error -1216.

Error: (10/29/2014 00:07:41 AM) (Source: ESENT) (EventID: 494) (User: )
Description: Catalog Database (1204) Catalog Database: Database recovery failed with error -1216 because it encountered references to a database, 'C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.

Error: (10/28/2014 10:20:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x0039f634
Faulting process id: 0x1ab8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (10/28/2014 10:12:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x002201e2
Faulting process id: 0x1724
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3

Error: (10/28/2014 07:57:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x001b01e2
Faulting process id: 0xc68
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3

Error: (10/28/2014 07:52:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x001401e2
Faulting process id: 0xca0
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3

Error: (10/28/2014 07:46:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x001201e2
Faulting process id: 0xea4
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3

Error: (10/28/2014 07:41:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x001201e2
Faulting process id: 0x16cc
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3

Error: (10/28/2014 07:36:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x002501e2
Faulting process id: 0x17e4
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3

System errors:
=============
Error: (11/02/2014 07:30:16 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SMR322

Error: (11/02/2014 07:28:49 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:26:03 PM on ‎11/‎2/‎2014 was unexpected.

Error: (11/02/2014 07:19:16 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (11/02/2014 05:20:40 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (11/02/2014 04:46:39 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (11/02/2014 04:34:09 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (11/02/2014 04:24:04 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (11/02/2014 04:18:56 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/02/2014 04:18:55 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/02/2014 04:12:19 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Microsoft Office Sessions:
=========================
Error: (10/29/2014 00:07:42 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -1216

Error: (10/29/2014 00:07:41 AM) (Source: ESENT) (EventID: 454) (User: )
Description: Catalog Database1204Catalog Database: -1216

Error: (10/29/2014 00:07:41 AM) (Source: ESENT) (EventID: 494) (User: )
Description: Catalog Database1204Catalog Database: -1216C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb

Error: (10/28/2014 10:20:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd0039f6341ab801cff32646f451f2C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll892af872-5f1a-11e4-9e64-00038a000015

Error: (10/28/2014 10:12:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dllhost.exe6.1.7600.163854a5bc6b7unknown0.0.0.000000000c0000005002201e2172401cff32616e08f20C:\Windows\syswow64\dllhost.exeunknown5b9bce70-5f19-11e4-9e64-00038a000015

Error: (10/28/2014 07:57:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dllhost.exe6.1.7600.163854a5bc6b7unknown0.0.0.000000000c0000005001b01e2c6801cff3134eb06e85C:\Windows\syswow64\dllhost.exeunknown8d783d26-5f06-11e4-9e64-00038a000015

Error: (10/28/2014 07:52:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dllhost.exe6.1.7600.163854a5bc6b7unknown0.0.0.000000000c0000005001401e2ca001cff312910a4c30C:\Windows\syswow64\dllhost.exeunknowncfe06313-5f05-11e4-9e64-00038a000015

Error: (10/28/2014 07:46:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dllhost.exe6.1.7600.163854a5bc6b7unknown0.0.0.000000000c0000005001201e2ea401cff311d153b85fC:\Windows\syswow64\dllhost.exeunknown113deee1-5f05-11e4-9e64-00038a000015

Error: (10/28/2014 07:41:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dllhost.exe6.1.7600.163854a5bc6b7unknown0.0.0.000000000c0000005001201e216cc01cff3111b061523C:\Windows\syswow64\dllhost.exeunknown59678898-5f04-11e4-9e64-00038a000015

Error: (10/28/2014 07:36:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dllhost.exe6.1.7600.163854a5bc6b7unknown0.0.0.000000000c0000005002501e217e401cff3105c71e933C:\Windows\syswow64\dllhost.exeunknown9be2b987-5f03-11e4-9e64-00038a000015

CodeIntegrity Errors:
===================================
  Date: 2014-11-02 16:18:56.786
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-02 16:18:56.240
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-02 16:18:55.647
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-02 16:18:55.117
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-10 22:57:47.056
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-10 22:57:46.994
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-08-29 01:03:53.310
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\2f8ce9ea.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-08-29 01:03:53.218
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\2f8ce9ea.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 40%
Total physical RAM: 3957.19 MB
Available physical RAM: 2348.25 MB
Total Pagefile: 7912.56 MB
Available Pagefile: 6149.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:446.23 GB) (Free:313.61 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: () (CDROM) (Total:0.08 GB) (Free:0 GB) CDFS
Drive f: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive g: () (Removable) (Total:14.92 GB) (Free:14.81 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 76692CA8)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=446.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================



#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:04 PM

Posted 03 November 2014 - 03:37 AM

Hi,
Step 1

Please uninstall some programs:
  • Windows 7w7.png: Click on the hidden2.png button, open Control Panel and click Uninstall a program.
  • Search and select the following programs one by one and click on Uninstall:
                                     SpeedyPC Pro
                                        SpyHunter
  • Reboot your computer.
Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 3
emsisoft_emergency_kit.pnglogo.png
  • Download EEK and extract the contents to C:\
  • Double-click the desktop-shortcut to start the tool.
  • Click in the following update-screen "Yes" to obtain the latest malware definitions.
  • Once the update is complete click "Scan".
  • Enable "PUPs" detection (1) and click on "Full Scan" (2).
  • If adware/malware was detected, make sure to check all the items and click "Quarantine selected" (1) and afterwards "view report" (2).
  • Please paste the content of the report in your next reply.
EKK.gif


Step 4
 

Running from C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U1RN1MBW


Please run FRST from Desktop! :)

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 cmwalker16

cmwalker16
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 03 November 2014 - 07:13 PM

# AdwCleaner v3.311 - Report created 03/11/2014 at 19:07:01
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Chris - CHRIS-PC
# Running from : C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UIO4Z7GQ\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\speedypc software
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Program Files (x86)\Viewpoint
Folder Deleted : C:\Users\Chris\AppData\Local\PackageAware
Folder Deleted : C:\Users\Chris\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Chris\AppData\Roaming\speedypc software

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKCU\Software\19f0eab2d4312cdd
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKCU\Software\speedypc software
Key Deleted : HKLM\SOFTWARE\DeviceVM
Key Deleted : HKLM\SOFTWARE\MetaStream
Key Deleted : HKLM\SOFTWARE\speedypc software
Key Deleted : HKLM\SOFTWARE\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.0
Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344

-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\alxvsv8x.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [2745 octets] - [03/11/2014 19:04:59]
AdwCleaner[S0].txt - [2663 octets] - [03/11/2014 19:07:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2723 octets] ##########



#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:04 PM

Posted 03 November 2014 - 07:57 PM

OK... :)

 

Please go ahead with step 3 and 4


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 cmwalker16

cmwalker16
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 03 November 2014 - 10:29 PM

Emsisoft Emergency Kit - Version 9.0
Last update: 11/3/2014 7:18:51 PM
User account: Chris-PC\Chris

Scan settings:

Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 11/3/2014 7:22:04 PM
C:\Program Files (x86)\coupons  detected: Application.AppInstall (A)
C:\Windows\couponprinter.ocx  detected: Application.AdCoup (A)
Key: HKEY_USERS\S-1-5-21-4133182616-3398888968-2444091820-1000\SOFTWARE\WIN_32  detected: Trojan.Win32.Androm (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\WIN_32  detected: Trojan.Win32.Androm (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS  detected: Setting.DisableRegistryTools (A)
C:\Qoobox\Quarantine\C\ProgramData\McAfeeSecurePC\mcafeesecurepc.dll.vir  detected: Gen:Variant.Symmi.24552 (B)

Scanned 265510
Found 6

Scan end: 11/3/2014 8:48:02 PM
Scan time: 1:25:58

C:\Qoobox\Quarantine\C\ProgramData\McAfeeSecurePC\mcafeesecurepc.dll.vir Quarantined Gen:Variant.Symmi.24552 (B)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\WIN_32 Quarantined Trojan.Win32.Androm (A)
Key: HKEY_USERS\S-1-5-21-4133182616-3398888968-2444091820-1000\SOFTWARE\WIN_32 Quarantined Trojan.Win32.Androm (A)
C:\Windows\couponprinter.ocx Quarantined Application.AdCoup (A)
C:\Program Files (x86)\coupons Quarantined Application.AppInstall (A)

Quarantined 6






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users