Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Virus/Malware, Explorer has no details, many windows wont open


  • This topic is locked This topic is locked
26 replies to this topic

#1 Max Lynn

Max Lynn

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Location:Denver, CO, USA
  • Local time:07:11 AM

Posted 19 January 2015 - 08:41 PM

ANYONE that recognizes these symptons please help me IDENTIFY this infection!

I plugged a friends Seagate Expansion drive (SRD00F1) into my machine's usb port and Windows Vista started to load the drivers and then stopped. I went to My Computer and the machine can't see the drive at all. After this I started to see the following occurring:

1) All the normal column names in Explorer are gone, Author is the only one showing. All of the common ones are unavailable when I try to choose details by right clicking the column header, Filename, Date Created/Created, Size etc...

2) Many windows won't open, specifically Control Panel windows like "Backup and Restore Center" and System.

3) Explorer shows no filenames or folder names.

4) The "Start Search" feature of the Start Bar returns nothing.

5) In My computer the sizes of the drives and free space are in bytes, not KB or MB.

 

It seems like some rootkit, but I can't figure out which one, the external drive that caused the infection hasn't been used in months, so it can't be something brand new.

Any assistance on identifying this infection and removing it would be greatly appreciated.

 

Here is the DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16592
Run by Shake at 17:09:02 on 2015-01-19
Microsoft® Windows Vista™ Ultimate   6.0.6002.2.1252.1.1033.18.6133.3253 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\ehome\ehRecvr.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\ehome\ehshell.exe
C:\Windows\ehome\ehRec.exe
C:\Windows\ehome\ehVid.exe
C:\Windows\System32\notepad.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uSearch Bar = Preserve
uDefault_Page_URL = hxxp://search.us.com/?guid={7D834389-C771-4037-A6AC-9B96BAD6DEEE}
mWinlogon: Userinit = userinit.exe,
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [LiveUpdate 5] "C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe" /reminder
mRun: [NCUpdateHelper] "C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe"
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{BDD833F9-552B-413B-A541-7C01A695658A} : DHCPNameServer = 192.168.1.1
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-mPolicies-System: SoftwareSASGeneration = dword:1
x64-STS: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
x64-mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - C:\Windows\System32\soundschemes.exe /AddRegistration
x64-mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - C:\Windows\System32\soundschemes2.exe /AddRegistration
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Shake\AppData\Roaming\Mozilla\Firefox\Profiles\bxglrmeu.default\
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll
FF - plugin: C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\npTNT2.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2015-1-18 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2015-1-18 267632]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2015-1-18 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2015-1-18 436624]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2015-1-18 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswmonflt.sys [2015-1-18 87912]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-1-18 50344]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2015-1-1 167424]
R3 hcw18bda;Hauppauge WinTV 418 Driver;C:\Windows\System32\drivers\hcw18bda.sys [2014-5-11 912896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2014-10-24 90776]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2012-12-7 36928]
S3 HtcVCom32;HTC Diagnostic Port;C:\Windows\System32\drivers\HtcVComV64.sys [2009-7-30 118872]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2014-5-11 14136]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-9-11 1012344]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
ShellExec: tonegen.exe: open="C:\Program Files (x86)\NCH Software\ToneGen\tonegen" "%L"
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2015-01-18 17:36:04    87912    ----a-w-    C:\Windows\System32\drivers\aswmonflt.sys
2015-01-18 17:36:02    1050432    ----a-w-    C:\Windows\System32\drivers\aswsnx.sys
2015-01-18 17:34:01    65264    ----a-w-    C:\Windows\System32\drivers\aswTdi.sys
2015-01-18 17:34:00    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2015-01-18 17:34:00    436624    ----a-w-    C:\Windows\System32\drivers\aswSP.sys
2015-01-18 17:34:00    364512    ----a-w-    C:\Windows\System32\aswBoot.exe
2015-01-18 17:34:00    29208    ----a-w-    C:\Windows\System32\drivers\aswHwid.sys
2015-01-18 17:34:00    267632    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2015-01-18 17:33:59    64752    ----a-w-    C:\Windows\System32\drivers\aswRdr.sys
2015-01-18 17:33:56    43152    ----a-w-    C:\Windows\avastSS.scr
2014-12-22 04:08:46    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-22 04:08:46    701616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-10-27 23:04:52    1852168    ----a-w-    C:\Users\Shake\AppData\Roaming\BeFrugal.com-Install.exe
2014-10-27 20:32:45    17870336    ----a-w-    C:\Windows\System32\mshtml.dll
2014-10-27 20:13:57    2339840    ----a-w-    C:\Windows\System32\jscript9.dll
2014-10-27 20:12:24    10921472    ----a-w-    C:\Windows\System32\ieframe.dll
2014-10-27 20:07:15    1388032    ----a-w-    C:\Windows\System32\urlmon.dll
2014-10-27 20:06:55    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2014-10-27 20:05:41    1494016    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-10-27 20:05:26    237056    ----a-w-    C:\Windows\System32\url.dll
2014-10-27 20:05:13    86016    ----a-w-    C:\Windows\System32\jsproxy.dll
2014-10-27 20:04:52    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-10-27 20:04:38    2157056    ----a-w-    C:\Windows\System32\iertutil.dll
2014-10-27 20:04:37    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2014-10-27 20:04:29    816640    ----a-w-    C:\Windows\System32\jscript.dll
2014-10-27 20:04:26    729088    ----a-w-    C:\Windows\System32\msfeeds.dll
2014-10-27 20:04:09    453120    ----a-w-    C:\Windows\System32\dxtmsft.dll
2014-10-27 20:03:59    282112    ----a-w-    C:\Windows\System32\dxtrans.dll
2014-10-27 20:03:57    55296    ----a-w-    C:\Windows\System32\msfeedsbs.dll
2014-10-27 20:03:54    11264    ----a-w-    C:\Windows\System32\msfeedssync.exe
2014-10-27 20:03:41    96768    ----a-w-    C:\Windows\System32\mshtmled.dll
2014-10-27 20:03:30    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-10-27 20:03:21    12800    ----a-w-    C:\Windows\System32\mshta.exe
2014-10-27 20:03:05    248320    ----a-w-    C:\Windows\System32\ieui.dll
2014-10-27 19:10:22    12366848    ----a-w-    C:\Windows\SysWow64\mshtml.dll
2014-10-27 19:05:44    1810944    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-10-27 19:02:37    9739776    ----a-w-    C:\Windows\SysWow64\ieframe.dll
2014-10-27 18:59:41    1139712    ----a-w-    C:\Windows\SysWow64\urlmon.dll
2014-10-27 18:59:06    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-10-27 18:58:19    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-10-27 18:57:36    231936    ----a-w-    C:\Windows\SysWow64\url.dll
2014-10-27 18:57:18    65536    ----a-w-    C:\Windows\SysWow64\jsproxy.dll
2014-10-27 18:56:58    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-10-27 18:56:40    421376    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-10-27 18:56:15    717824    ----a-w-    C:\Windows\SysWow64\jscript.dll
2014-10-27 18:56:10    607744    ----a-w-    C:\Windows\SysWow64\msfeeds.dll
2014-10-27 18:56:08    1802752    ----a-w-    C:\Windows\SysWow64\iertutil.dll
2014-10-27 18:55:50    41472    ----a-w-    C:\Windows\SysWow64\msfeedsbs.dll
2014-10-27 18:55:44    353792    ----a-w-    C:\Windows\SysWow64\dxtmsft.dll
2014-10-27 18:55:39    223232    ----a-w-    C:\Windows\SysWow64\dxtrans.dll
2014-10-27 18:55:32    10752    ----a-w-    C:\Windows\SysWow64\msfeedssync.exe
2014-10-27 18:55:28    73216    ----a-w-    C:\Windows\SysWow64\mshtmled.dll
2014-10-27 18:55:20    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-10-27 18:55:17    11776    ----a-w-    C:\Windows\SysWow64\mshta.exe
2014-10-27 18:54:43    176640    ----a-w-    C:\Windows\SysWow64\ieui.dll
2014-10-24 01:04:29    67072    ----a-w-    C:\Windows\SysWow64\packager.dll
2014-10-24 01:03:40    499200    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-10-24 00:39:49    77312    ----a-w-    C:\Windows\System32\packager.dll
2014-10-24 00:39:19    656384    ----a-w-    C:\Windows\System32\kerberos.dll
.
============= FINISH: 17:10:26.56 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 PM

Posted 20 January 2015 - 07:46 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
  
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.
 


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Max Lynn

Max Lynn
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Location:Denver, CO, USA
  • Local time:07:11 AM

Posted 20 January 2015 - 08:38 PM

Hi,

FRST Logs:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Shake (administrator) on MASTERSHAKE on 20-01-2015 18:09:53
Running from C:\Users\Shake\Downloads
Loaded Profiles: Shake (Available profiles: Shake)
Platform: Windows Vista ™ Ultimate Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehshell.exe
(Microsoft Corporation) C:\Windows\ehome\ehrec.exe
(Microsoft Corporation) C:\Windows\ehome\ehvid.exe
() C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
(Sysinternals - www.sysinternals.com) C:\Users\Shake\Downloads\ProcessExplorer\procexp.exe
(Sysinternals - www.sysinternals.com) C:\Users\Shake\AppData\Local\Temp\procexp64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) C:\Users\Shake\Desktop\mbar\mbar.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM-x32\...\Run: [LiveUpdate 5] => C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe [322544 2014-03-05] ()
HKLM-x32\...\Run: [NCUpdateHelper] => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe [526240 2014-05-14] (NCSOFT Corporation)
HKLM-x32\...\Run: [HTC Sync Loader] => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [659456 2013-09-03] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-18] (AVAST Software)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4997872 2014-12-31] (Emsisoft GmbH)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.us.com/?guid={7D834389-C771-4037-A6AC-9B96BAD6DEEE}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-1027772261-2917165354-2662933974-1000 -> {32CB207D-1B68-45D4-9C71-7794F8A99EFD} URL = http://search.us.com/serp?guid={7D834389-C771-4037-A6AC-9B96BAD6DEEE}&k={searchTerms}
SearchScopes: HKU\S-1-5-21-1027772261-2917165354-2662933974-1000 -> {85157EC9-F09F-46DE-86FC-D2093E74E663} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11075
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - No Name - {6E4293AD-DA06-4ABE-A098-DF6843B2BEC1} -  No File
Toolbar: HKLM-x32 - No Name - {6E4293AD-DA06-4ABE-A098-DF6843B2BEC1} -  No File
Toolbar: HKU\S-1-5-21-1027772261-2917165354-2662933974-1000 -> No Name - {6E4293AD-DA06-4ABE-A098-DF6843B2BEC1} -  No File
Toolbar: HKU\S-1-5-21-1027772261-2917165354-2662933974-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Shake\AppData\Roaming\Mozilla\Firefox\Profiles\bxglrmeu.default
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Simon Bünzli)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-18]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4920104 2014-12-31] (Emsisoft GmbH)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-18] (AVAST Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3071632 2014-05-06] (INCA Internet Co., Ltd.)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-18] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-01-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2015-01-18] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-18] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-18] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-18] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2015-01-18] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-18] ()
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R3 hcw18bda; C:\Windows\System32\drivers\hcw18bda.sys [912896 2010-09-20] (Hauppauge Computer Works, Inc)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [118872 2009-07-30] (QUALCOMM Incorporated)
R3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [97496 2015-01-20] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-20] (Malwarebytes Corporation)
U3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
S3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MFE_RR; \??\C:\Users\Shake\AppData\Local\Temp\mfe_rr.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U3 aswMBR; \??\C:\Users\Shake\AppData\Local\Temp\aswMBR.sys [X]
U3 uftcaaow; \??\C:\Users\Shake\AppData\Local\Temp\uftcaaow.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 18:09 - 2015-01-20 18:10 - 00011354 _____ () C:\Users\Shake\Downloads\FRST.txt
2015-01-20 18:06 - 2015-01-20 18:06 - 02126848 _____ (Farbar) C:\Users\Shake\Downloads\FRST64.exe
2015-01-20 17:59 - 2015-01-20 17:59 - 00000000 ____D () C:\ProgramData\Sophos
2015-01-20 17:57 - 2015-01-20 17:57 - 00001990 _____ () C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2015-01-20 17:57 - 2015-01-20 17:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-01-20 17:57 - 2015-01-20 17:57 - 00000000 ____D () C:\Program Files (x86)\Sophos
2015-01-20 17:55 - 2015-01-20 17:55 - 00464491 _____ () C:\Users\Shake\Downloads\RootRepeal.zip
2015-01-20 17:54 - 2015-01-20 17:54 - 08656400 _____ (Trend Micro Inc.) C:\Users\Shake\Downloads\RootkitBuster_v5_1061.exe
2015-01-20 17:52 - 2015-01-20 17:52 - 109552400 _____ (Sophos Limited) C:\Users\Shake\Downloads\Sophos Virus Removal Tool.exe
2015-01-20 17:03 - 2015-01-20 17:03 - 00000310 _____ () C:\Users\Shake\Downloads\RootkitRemover_20150120_170319.log
2015-01-20 09:57 - 2015-01-20 04:43 - 02604933 _____ () C:\Users\Shake\Downloads\CBS.log
2015-01-20 03:54 - 2015-01-20 03:54 - 00007422 _____ () C:\Users\Shake\Downloads\ESET SCAN 2015012003.txt
2015-01-20 01:35 - 2015-01-20 01:35 - 00000941 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-20 01:35 - 2015-01-20 01:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-20 01:35 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-20 01:35 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-20 01:34 - 2015-01-20 01:34 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Shake\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-20 01:26 - 2015-01-20 01:26 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-20 01:25 - 2015-01-20 01:25 - 02347384 _____ (ESET) C:\Users\Shake\Downloads\esetsmartinstaller_enu.exe
2015-01-20 00:35 - 2015-01-20 00:35 - 00380416 _____ () C:\Users\Shake\Downloads\3sbxw3jl.exe
2015-01-20 00:29 - 2015-01-20 00:29 - 00002412 _____ () C:\Users\Shake\Downloads\aswMBRScan201501192330.txt
2015-01-20 00:29 - 2015-01-20 00:29 - 00000512 _____ () C:\Users\Shake\Downloads\MBR.dat
2015-01-19 23:37 - 2015-01-19 23:38 - 05198336 _____ (AVAST Software) C:\Users\Shake\Downloads\aswMBR.exe
2015-01-19 23:35 - 2015-01-20 17:02 - 00000000 ____D () C:\Users\Shake\Pavark
2015-01-19 23:34 - 2015-01-19 23:34 - 00783120 _____ (McAfee, Inc.) C:\Users\Shake\Downloads\rootkitremover.exe
2015-01-19 23:34 - 2015-01-19 23:34 - 00000310 _____ () C:\Users\Shake\Downloads\RootkitRemover_20150119_233412.log
2015-01-19 23:30 - 2015-01-19 23:30 - 01472131 _____ () C:\Users\Shake\Downloads\vba32arkit.zip
2015-01-19 23:30 - 2015-01-19 23:30 - 00000000 ____D () C:\Users\Shake\Downloads\vba32arkit
2015-01-19 23:18 - 2015-01-19 23:22 - 00010818 _____ () C:\Users\Shake\Downloads\Result.txt
2015-01-19 23:18 - 2015-01-19 23:18 - 00957952 _____ (Farbar) C:\Users\Shake\Downloads\ListParts64.exe
2015-01-19 23:01 - 2015-01-19 23:01 - 00000000 ____D () C:\Users\Shake\Downloads\ProcessExplorer
2015-01-19 21:30 - 2015-01-19 21:30 - 00001960 _____ () C:\Users\Shake\Desktop\HiJackThis.lnk
2015-01-19 21:30 - 2015-01-19 21:30 - 00000000 ____D () C:\Users\Shake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2015-01-19 21:29 - 2015-01-19 21:29 - 01402880 _____ () C:\Users\Shake\Downloads\HiJackThis.msi
2015-01-19 21:26 - 2015-01-19 21:26 - 00037888 _____ (Soeperman Enterprises Ltd.) C:\Users\Shake\Downloads\ADSSpy.exe
2015-01-19 19:34 - 2015-01-19 19:34 - 00000627 _____ () C:\Users\Shake\Desktop\Reports - Shortcut.lnk
2015-01-19 19:33 - 2015-01-19 19:33 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-01-19 19:24 - 2015-01-20 10:58 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-01-19 19:24 - 2015-01-19 19:24 - 00000930 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2015-01-19 19:24 - 2015-01-19 19:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-01-19 18:49 - 2015-01-19 18:51 - 172997016 _____ (Emsisoft Ltd. ) C:\Users\Shake\Downloads\EmsisoftAntiMalwareSetup.exe
2015-01-19 18:43 - 2015-01-19 18:44 - 00002458 _____ () C:\Users\Shake\Desktop\Rkill.txt
2015-01-19 18:42 - 2015-01-19 18:42 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Shake\Downloads\rkill.exe
2015-01-19 18:25 - 2015-01-19 18:25 - 00012757 _____ () C:\Users\Shake\Downloads\DDS.txt
2015-01-19 18:25 - 2015-01-19 18:25 - 00010792 _____ () C:\Users\Shake\Downloads\Attach.txt
2015-01-19 17:37 - 2015-01-19 17:37 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Shake\Downloads\tdsskiller(1).exe
2015-01-19 17:36 - 2015-01-20 17:06 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-19 17:36 - 2015-01-20 10:53 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-19 17:35 - 2015-01-19 17:35 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Shake\Downloads\mbar-1.08.3.1004.exe
2015-01-19 17:14 - 2015-01-19 17:15 - 00000000 ____D () C:\Users\Shake\AppData\Roaming\Google
2015-01-19 17:10 - 2015-01-19 17:10 - 00012757 _____ () C:\Users\Shake\Desktop\dds.txt
2015-01-19 17:10 - 2015-01-19 17:10 - 00010802 _____ () C:\Users\Shake\Desktop\attach.txt
2015-01-19 17:05 - 2015-01-19 17:05 - 00688992 ____R (Swearware) C:\Users\Shake\Downloads\dds.com
2015-01-18 10:38 - 2015-01-18 10:38 - 00003180 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-1027772261-2917165354-2662933974-1000
2015-01-18 10:37 - 2015-01-18 10:37 - 00000000 ____D () C:\Users\Shake\AppData\Roaming\AVAST Software
2015-01-18 10:36 - 2015-01-18 10:36 - 00001827 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-18 10:36 - 2015-01-18 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-18 10:35 - 2015-01-20 10:53 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-18 10:35 - 2015-01-20 04:15 - 00000000 ____D () C:\Program Files\Google
2015-01-18 10:34 - 2015-01-20 04:15 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-18 10:34 - 2015-01-19 22:43 - 00000000 ____D () C:\Users\Shake\AppData\Local\Google
2015-01-18 10:34 - 2015-01-18 10:36 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-18 10:34 - 2015-01-18 10:36 - 00087912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-01-18 10:34 - 2015-01-18 10:34 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-01-18 10:34 - 2015-01-18 10:34 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-18 10:34 - 2015-01-18 10:34 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-18 10:34 - 2015-01-18 10:34 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-18 10:34 - 2015-01-18 10:34 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2015-01-18 10:34 - 2015-01-18 10:34 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-18 10:34 - 2015-01-18 10:33 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2015-01-18 10:33 - 2015-01-18 10:33 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-18 10:32 - 2015-01-18 10:32 - 00000000 ____D () C:\Program Files\AVAST Software
2015-01-18 10:29 - 2015-01-18 10:32 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-18 10:29 - 2015-01-18 10:29 - 05006864 _____ (AVAST Software) C:\Users\Shake\Downloads\avast_free_antivirus_setup_online.exe
2015-01-17 20:31 - 2015-01-17 20:31 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MASTERSHAKE-Microsoft®-Windows-Vista™-Ultimate-(64-bit).dat
2015-01-17 20:30 - 2015-01-17 20:30 - 00001994 _____ () C:\Users\Shake\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2015-01-17 20:30 - 2015-01-17 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-01-17 20:29 - 2015-01-17 20:29 - 09842552 _____ () C:\Users\Shake\Downloads\tweaking.com_windows_repair_aio_setup.exe
2015-01-17 20:17 - 2015-01-17 20:17 - 00243416 _____ () C:\Users\Shake\Downloads\Firefox Setup Stub 35.0.exe
2015-01-17 17:51 - 2015-01-17 17:51 - 00000000 ____D () C:\RegBackup
2015-01-17 16:47 - 2015-01-17 16:47 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-01-17 03:48 - 2015-01-17 03:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox(1)
2015-01-16 14:05 - 2015-01-17 12:55 - 00024280 _____ () C:\Users\Shake\Downloads\Addition201501161402.txt
2015-01-16 14:04 - 2015-01-17 12:54 - 00021393 _____ () C:\Users\Shake\Downloads\FRST201501161404.txt
2015-01-16 14:01 - 2015-01-20 18:09 - 00000000 ____D () C:\FRST
2015-01-16 13:16 - 2015-01-20 01:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-16 12:47 - 2015-01-16 12:47 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-16 12:32 - 2015-01-16 12:32 - 00465298 _____ () C:\Users\Shake\Downloads\RootRepeal.rar
2015-01-15 21:59 - 2015-01-15 21:59 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2015-01-15 21:46 - 2015-01-15 21:46 - 00013576 _____ () C:\ComboFix.txt
2015-01-15 21:46 - 2015-01-15 21:46 - 00000000 ____D () C:\$RECYCLE(0).BIN
2015-01-15 21:38 - 2015-01-15 21:46 - 00000000 ____D () C:\Qoobox
2015-01-15 21:16 - 2015-01-19 17:52 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-15 21:16 - 2015-01-16 13:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-15 21:15 - 2015-01-19 17:52 - 00000000 ____D () C:\Users\Shake\Desktop\mbar
2015-01-15 21:08 - 2015-01-15 21:08 - 00000000 ____D () C:\Users\Shake\AppData\Roaming\WinPatrol
2015-01-15 21:08 - 2015-01-15 21:08 - 00000000 ____D () C:\ProgramData\InstallMate
2015-01-15 21:08 - 2015-01-15 21:08 - 00000000 ____D () C:\Program Files (x86)\Ruiware
2015-01-13 11:31 - 2015-01-13 11:31 - 00000000 ____D () C:\Users\Shake\AppData\Roaming\JAM Software
2015-01-07 14:56 - 2015-01-07 15:44 - 00000000 ____D () C:\Users\Shake\AppData\Local\Microsoft Games
2015-01-01 03:43 - 2015-01-01 03:43 - 00000000 ____D () C:\Users\Shake\Documents\My Photos
2015-01-01 03:29 - 2015-01-01 03:29 - 00000000 ____D () C:\Users\Shake\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
2015-01-01 03:24 - 2015-01-20 10:53 - 00000000 ____D () C:\Users\Shake\AppData\Local\Htc
2015-01-01 03:23 - 2015-01-01 03:43 - 00000000 ____D () C:\Users\Shake\AppData\Roaming\HTC
2015-01-01 03:23 - 2015-01-01 03:23 - 00003534 _____ () C:\Windows\System32\Tasks\Launch HTC Sync Loader
2015-01-01 03:23 - 2015-01-01 03:23 - 00000989 _____ () C:\Users\Public\Desktop\HTC Sync.lnk
2015-01-01 03:22 - 2015-01-01 03:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync
2015-01-01 03:16 - 2015-01-01 03:16 - 00000000 ____D () C:\Users\Shake\AppData\Local\Downloaded Installations
2015-01-01 03:15 - 2015-01-01 03:20 - 00010544 _____ () C:\Windows\DPINST.LOG
2015-01-01 03:15 - 2015-01-01 03:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
2015-01-01 03:15 - 2015-01-01 03:15 - 00000000 ____D () C:\Program Files (x86)\Spirent Communications
2015-01-01 03:12 - 2015-01-01 03:22 - 00000000 ____D () C:\Program Files (x86)\HTC
2015-01-01 03:12 - 2015-01-01 03:12 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-01 03:12 - 2015-01-01 03:12 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-01 03:12 - 2015-01-01 03:12 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-01 03:12 - 2015-01-01 03:12 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2015-01-01 03:12 - 2015-01-01 03:12 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-01 03:04 - 2015-01-01 03:06 - 165708080 _____ (HTC Corporation ) C:\Users\Shake\Downloads\setup_3.3.63.exe
2015-01-01 03:00 - 2015-01-01 03:01 - 95270347 _____ (HTC_WWE ) C:\Users\Shake\Downloads\AQUA_Cingular_US_634526440942972924_01_131968_Commercial.exe
2014-12-21 21:09 - 2014-12-21 21:09 - 00000000 ____D () C:\Users\Shake\AppData\Local\Macromedia

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 17:51 - 2008-01-20 18:53 - 01730391 _____ () C:\Windows\WindowsUpdate.log
2015-01-20 16:51 - 2006-11-02 08:06 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-20 16:50 - 2006-11-02 08:21 - 00003760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-20 16:50 - 2006-11-02 08:21 - 00003760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-20 10:55 - 2008-02-06 02:04 - 01599190 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-20 10:55 - 2008-02-06 02:03 - 00690954 _____ () C:\Windows\system32\perfh019.dat
2015-01-20 10:55 - 2008-02-06 02:03 - 00143506 _____ () C:\Windows\system32\perfc019.dat
2015-01-20 10:51 - 2006-11-02 08:40 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-20 10:50 - 2006-11-02 08:39 - 00057038 _____ () C:\Windows\PFRO.log
2015-01-20 10:48 - 2006-11-02 08:40 - 00022852 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-20 04:11 - 2014-08-16 10:27 - 00000000 ____D () C:\Users\Shake\AppData\Local\CrashDumps
2015-01-19 23:35 - 2014-05-11 05:20 - 00000000 ____D () C:\Users\Shake
2015-01-19 22:08 - 2014-10-08 11:47 - 00000000 ____D () C:\Users\Shake\AppData\Roaming\Awesomium
2015-01-17 21:00 - 2014-05-11 05:23 - 00049168 _____ () C:\Users\Shake\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-17 20:58 - 2014-12-08 15:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-17 20:58 - 2006-11-02 08:21 - 00236768 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-17 20:49 - 2006-11-02 05:34 - 00000180 _____ () C:\Windows\win.ini
2015-01-17 20:43 - 2014-05-13 04:59 - 01599190 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-17 20:18 - 2014-12-08 15:20 - 00000900 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-17 20:18 - 2014-12-08 15:20 - 00000888 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-17 20:18 - 2014-12-08 15:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-17 19:57 - 2006-11-02 06:34 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-01-17 19:55 - 2014-11-24 19:22 - 00000000 ____D () C:\Users\Shake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2015-01-17 19:55 - 2014-09-30 14:21 - 00000000 ____D () C:\Users\Shake\Downloads\Sin.City.A.Dame.to.Kill.2014.WEBRip.CAMAUDIO.XviD-AQOS
2015-01-17 19:55 - 2014-09-30 01:51 - 00000000 ____D () C:\Users\Shake\Downloads\Good.People.2014.HDRip.XViD-juggs[ETRG]
2015-01-17 19:55 - 2014-09-30 01:50 - 00000000 ____D () C:\Users\Shake\Downloads\What.If.2013.HDRip.XviD-SaM[ETRG]
2015-01-17 19:55 - 2014-09-30 01:46 - 00000000 ____D () C:\Users\Shake\Downloads\Sin.City.A.Dame.to.Kill.For.2014.HDRip.XviD-SaM[ETRG]
2015-01-17 19:55 - 2014-09-30 01:46 - 00000000 ____D () C:\Users\Shake\Downloads\Kite.2014.BRRip.XViD-juggs[ETRG]
2015-01-17 19:55 - 2014-09-30 01:27 - 00000000 ____D () C:\Users\Shake\Downloads\Falcon.Rising.2014.HDRip.XViD-juggs[ETRG]
2015-01-17 19:55 - 2014-09-30 01:25 - 00000000 ____D () C:\Users\Shake\Downloads\White.Bird.in.a.Blizzard.2014.HDRip.XViD-juggs[ETRG]
2015-01-17 19:55 - 2014-09-30 01:25 - 00000000 ____D () C:\Users\Shake\Downloads\Run.Like.Hell.2014.HDRip.XViD-juggs[ETRG]
2015-01-17 19:55 - 2014-09-30 01:25 - 00000000 ____D () C:\Users\Shake\Downloads\Are.You.Here.2013.HDRip.XViD.AC3-juggs[ETRG]
2015-01-17 19:55 - 2014-09-23 01:33 - 00000000 ____D () C:\Users\Shake\Downloads\Transformers.Age.of.Extinction.2014.HDRip.XViD.AC3-juggs[ETRG]
2015-01-17 19:55 - 2014-09-23 01:12 - 00000000 ____D () C:\Users\Shake\Downloads\The.Giver.2014.REPACK.HDRip.XviD-SaM[ETRG]
2015-01-17 19:55 - 2014-09-23 01:04 - 00000000 ____D () C:\Users\Shake\Downloads\American.Muscle.2014.DVDRip.XViD-juggs[ETRG]
2015-01-17 19:55 - 2014-09-23 01:03 - 00000000 ____D () C:\Users\Shake\Downloads\7500.2014.BRRip.XViD-juggs[ETRG]
2015-01-17 19:55 - 2014-09-23 01:00 - 00000000 ____D () C:\Users\Shake\Downloads\Honeymoon.2014.HDRip.XViD-juggs[ETRG]
2015-01-17 19:55 - 2014-09-23 00:56 - 00000000 ____D () C:\Users\Shake\Downloads\Life.of.Crime.2013.HDRip.XViD.AC3-juggs[ETRG]
2015-01-17 19:55 - 2014-09-23 00:52 - 00000000 ____D () C:\Users\Shake\Downloads\Operation.Rogue.2014.DVDRip.XViD-juggs[ETRG]
2015-01-17 19:55 - 2014-09-23 00:49 - 00000000 ____D () C:\Users\Shake\Downloads\The.Raid.2.2014.BDRip.x264-GECKOS[rarbg]
2015-01-17 19:55 - 2014-09-23 00:34 - 00000000 ____D () C:\Users\Shake\Downloads\Edge.of.Tomorrow.2014.HDRip.XViD-juggs[ETRG]
2015-01-17 19:55 - 2014-09-23 00:31 - 00000000 ____D () C:\Users\Shake\Downloads\The.Rover.2014.HDRip.XviD-SaM[ETRG]
2015-01-17 19:55 - 2014-09-23 00:29 - 00000000 ____D () C:\Users\Shake\Downloads\bp-towdvds
2015-01-17 19:55 - 2014-09-23 00:28 - 00000000 ____D () C:\Users\Shake\Downloads\Tammy 2014 READNFO WEBRIP SUB XVID AC3 ACAB
2015-01-17 19:55 - 2014-09-23 00:25 - 00000000 ____D () C:\Users\Shake\Downloads\The.Longest.Week.2014.HDRip.XviD.AC3-EVO
2015-01-17 19:55 - 2014-09-23 00:24 - 00000000 ____D () C:\Users\Shake\Downloads\Live.Nude.Girls.2014.HDRip.XviD.AC3-EVO
2015-01-17 19:55 - 2014-09-23 00:17 - 00000000 ____D () C:\Users\Shake\Downloads\RoboCop (2014) DVDRip XviD-MAXSPEED
2015-01-17 19:55 - 2014-09-23 00:03 - 00000000 ____D () C:\Users\Shake\Downloads\Chef.2014.HDRip.XViD.AC3-juggs[ETRG]
2015-01-17 19:55 - 2014-09-22 23:50 - 00000000 ____D () C:\Users\Shake\Downloads\Batman.Assault.on.Arkham.2014.HDRip.XviD.AC3-EVO
2015-01-17 19:55 - 2014-09-22 23:48 - 00000000 ____D () C:\Users\Shake\Downloads\Third.Person.2013.BRRip.XviD-SaM[ETRG]
2015-01-17 19:55 - 2014-09-22 23:48 - 00000000 ____D () C:\Users\Shake\Downloads\The.Hornet's.Nest.2014.HDRip.XViD-juggs[ETRG]
2015-01-17 19:55 - 2014-09-22 23:47 - 00000000 ____D () C:\Users\Shake\Downloads\The Lego Movie (2014) DVDRip XviD-MAXSPEED
2015-01-17 19:55 - 2014-09-22 23:47 - 00000000 ____D () C:\Users\Shake\Downloads\Oculus [2013] HDRip XViD juggs[ETRG]
2015-01-17 19:55 - 2014-09-22 23:47 - 00000000 ____D () C:\Users\Shake\Downloads\Into.The.Storm.2014.FIRST.CAM.XviD.MP3-RARBG
2015-01-17 19:55 - 2014-09-22 23:47 - 00000000 ____D () C:\Users\Shake\Downloads\Boyhood.2014.720p.WEBRip.HC.XviD.MP3-RARBG
2015-01-17 19:55 - 2014-09-22 23:25 - 00000000 ____D () C:\Users\Shake\Downloads\The.Expendables.3.2014.DVDSCR.Xvid-DiNGO
2015-01-17 19:55 - 2014-09-22 23:09 - 00000000 ____D () C:\Users\Shake\Downloads\The.November.Man.2014.HC.WEBRip.XviD.MP3-RARBG
2015-01-17 19:55 - 2014-09-22 23:04 - 00000000 ____D () C:\Users\Shake\Downloads\Reclaim.2014.HDRip.XViD-juggs[ETRG]
2015-01-17 19:55 - 2014-09-22 23:04 - 00000000 ____D () C:\Users\Shake\Downloads\Lost.Time.2014.HDRip.XviD.AC3-EVO
2015-01-17 19:55 - 2014-09-22 23:04 - 00000000 ____D () C:\Users\Shake\Downloads\Dawn.Of.The.Planet.Of.The.Apes.2014.TS.XviD.MP3-RARBG
2015-01-17 19:55 - 2014-09-22 23:00 - 00000000 ____D () C:\Users\Shake\Downloads\Edge.of.Tomorrow.2014.1080p.WEBRip.HC.XviD.MP3-RARBG
2015-01-17 19:55 - 2014-09-22 22:22 - 00000000 ____D () C:\Users\Shake\Downloads\The.Signal.2014.HDRip.XViD-juggs[ETRG]
2015-01-17 19:55 - 2014-09-22 22:21 - 00000000 ____D () C:\Users\Shake\Downloads\The.Captive.2014.DVDRip.XviD-EVO
2015-01-17 19:55 - 2014-09-22 22:05 - 00000000 ____D () C:\Users\Shake\Downloads\The.Prince.2014.HDRip.XviD-AQOS
2015-01-17 19:55 - 2014-09-22 22:04 - 00000000 ____D () C:\Users\Shake\Downloads\No.Good.Deed.2014.FIRST.CAM.XviD.MP3-RARBG
2015-01-17 19:55 - 2014-09-22 21:51 - 00000000 ____D () C:\Users\Shake\Downloads\Transcendence (2014) DVDRip XviD-MAXSPEED
2015-01-17 19:55 - 2014-09-22 21:51 - 00000000 ____D () C:\Users\Shake\Downloads\The.Inbetweeners.2.2014.HDRip.XviD.MP3-RARBG
2015-01-17 19:55 - 2014-09-22 21:51 - 00000000 ____D () C:\Users\Shake\Downloads\Moms.Night.Out.2014.HDRip.XviD-SaM[ETRG]
2015-01-17 19:55 - 2014-09-22 21:51 - 00000000 ____D () C:\Users\Shake\Downloads\Lets.Be.Cops.2014.CAM.CLEAN.NOSUBS.X264.AAC-RARBG
2015-01-17 19:55 - 2014-09-02 03:51 - 00000000 ____D () C:\Users\Shake\Downloads\Begin.Again.2013.HDRip.XviD.AC3-EVO
2015-01-17 19:55 - 2014-06-30 16:40 - 00000000 ____D () C:\Users\Shake\Downloads\Under.the.Skin.2013.HDRip.XViD.juggs[ETRG]
2015-01-17 19:55 - 2014-06-30 16:37 - 00000000 ____D () C:\Users\Shake\Downloads\They.Came.Together.2014.HDRip.XViD.juggs[ETRG]
2015-01-17 19:55 - 2014-06-23 21:10 - 00000000 ____D () C:\Users\Shake\AppData\Roaming\dvdcss
2015-01-17 19:55 - 2014-06-23 20:58 - 00000000 ____D () C:\Users\Shake\Downloads\Swelter.2014.BRRip.XViD-juggs[ETRG]
2015-01-17 19:55 - 2014-06-23 20:57 - 00000000 ____D () C:\Users\Shake\Downloads\The Fault In Our Stars 2014 CAM READNFO XViD-BL4CKP34RL
2015-01-17 19:55 - 2014-06-23 20:57 - 00000000 ____D () C:\Users\Shake\Downloads\bp-bmwsa
2015-01-17 19:55 - 2014-06-18 07:49 - 00000000 ____D () C:\Users\Shake\Downloads\X-Men.Days.Of.Future.Past.2014.HD-TS.XVID.AC3.HQ.Hive-CM8
2015-01-17 19:55 - 2014-06-18 07:13 - 00000000 ____D () C:\Users\Shake\Downloads\A.Fighting.Man.2014.HDRip.XviD-SaM[ETRG]
2015-01-17 19:55 - 2014-06-18 07:05 - 00000000 ____D () C:\Users\Shake\Downloads\The Immigrant [2014] BDRip XviD-SaM[ETG]
2015-01-17 19:55 - 2014-06-18 07:00 - 00000000 ____D () C:\Users\Shake\Downloads\Mr. Peabody & Sherman[2014] HC HDRip XViD juggs[ETRG]
2015-01-17 19:55 - 2014-06-18 06:50 - 00000000 ____D () C:\Users\Shake\Downloads\Enemy.2013.LIMITED.BRRip.XviD-SaM[ETRG]
2015-01-17 19:55 - 2014-06-18 06:50 - 00000000 ____D () C:\Users\Shake\Downloads\Anchorman 2 The Legend Continues [2013] HDRip XViD juggs[ETRG]
2015-01-17 19:55 - 2014-06-17 00:39 - 00000000 ____D () C:\Users\Shake\Downloads\Edge of Tomorrow 2014 TS x264 AC3 TiTAN
2015-01-17 19:55 - 2014-06-12 06:22 - 00000000 ____D () C:\Users\Shake\Downloads\Louie.S04E03.720p.HDTV.x264-KILLERS[rarbg]
2015-01-17 19:55 - 2014-06-11 14:04 - 00000000 ____D () C:\Users\Shake\Downloads\Louie Season 2 Complete 720p
2015-01-17 19:55 - 2014-05-14 23:40 - 00000000 ____D () C:\Users\Shake\AppData\Roaming\vlc
2015-01-17 19:55 - 2014-05-11 05:20 - 00000000 ___RD () C:\Users\Shake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-17 19:55 - 2014-05-11 05:20 - 00000000 ___RD () C:\Users\Shake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-17 19:55 - 2006-11-02 08:06 - 00000000 ____D () C:\Program Files\Windows Journal
2015-01-17 19:55 - 2006-11-02 06:34 - 00000000 ____D () C:\Windows\system32\spool
2015-01-17 19:55 - 2006-11-02 05:33 - 64225280 _____ () C:\Windows\system32\config\software_previous
2015-01-17 19:55 - 2006-11-02 05:33 - 64225280 _____ () C:\Windows\system32\config\components_previous
2015-01-17 19:55 - 2006-11-02 05:33 - 19922944 _____ () C:\Windows\system32\config\system_previous
2015-01-17 19:55 - 2006-11-02 05:33 - 01572864 _____ () C:\Windows\system32\config\default_previous
2015-01-17 19:55 - 2006-11-02 05:33 - 00262144 _____ () C:\Windows\system32\config\security_previous
2015-01-17 19:55 - 2006-11-02 05:33 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2015-01-17 19:54 - 2006-11-02 06:33 - 00000000 __RHD () C:\Users\Default
2015-01-17 19:54 - 2006-11-02 06:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-17 19:54 - 2006-11-02 06:33 - 00000000 ____D () C:\Windows\registration
2015-01-16 13:52 - 2006-11-02 08:15 - 00000000 ____D () C:\Windows\WindowsMobile
2015-01-15 22:23 - 2014-05-23 16:43 - 00000010 _____ () C:\Users\Shake\AppData\Local\sponge.last.runtime.cache
2015-01-15 14:05 - 2014-05-14 15:40 - 00007578 _____ () C:\Users\Shake\Documents\Bills Paid.txt
2015-01-15 01:15 - 2014-05-23 16:47 - 00324667 _____ () C:\Users\Shake\AppData\Local\census.cache
2015-01-15 01:15 - 2014-05-23 16:47 - 00198589 _____ () C:\Users\Shake\AppData\Local\ars.cache
2015-01-13 10:48 - 2014-05-11 14:39 - 00020569 _____ () C:\Windows\DirectX.log
2015-01-01 03:34 - 2006-11-02 08:26 - 00074418 _____ () C:\Windows\setupact.log
2015-01-01 03:12 - 2014-05-12 02:43 - 00000000 ____D () C:\Users\Shake\AppData\Roaming\Adobe
2015-01-01 03:12 - 2014-05-12 02:42 - 00000000 ____D () C:\Users\Shake\AppData\Local\Adobe
2014-12-31 18:53 - 2014-11-24 18:48 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-12-21 21:08 - 2014-05-12 02:43 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-21 21:08 - 2014-05-12 02:43 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======
2014-11-12 06:24 - 2014-10-27 16:04 - 1852168 _____ (BeFrugal.com                                                ) C:\Users\Shake\AppData\Roaming\BeFrugal.com-Install.exe
2014-05-23 16:47 - 2015-01-15 01:15 - 0198589 _____ () C:\Users\Shake\AppData\Local\ars.cache
2014-05-23 16:47 - 2015-01-15 01:15 - 0324667 _____ () C:\Users\Shake\AppData\Local\census.cache
2014-05-11 05:22 - 2014-05-11 05:38 - 0000732 _____ () C:\Users\Shake\AppData\Local\d3d9caps64.dat
2014-05-11 05:41 - 2014-07-01 00:34 - 0025600 _____ () C:\Users\Shake\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-30 20:07 - 2014-10-30 20:07 - 0966992 _____ () C:\Users\Shake\AppData\Local\dd_ADONETEntityFrameworkTools_enu_MSI04E5.txt
2014-10-30 19:57 - 2014-10-30 20:03 - 0129226 _____ () C:\Users\Shake\AppData\Local\dd_depcheck_VCS_EXP_100.txt
2014-10-30 20:02 - 2014-10-30 20:02 - 0350996 _____ () C:\Users\Shake\AppData\Local\dd_dw20shared_x86_msi0135.txt
2014-10-30 19:57 - 2014-10-30 19:57 - 0000002 _____ () C:\Users\Shake\AppData\Local\dd_error_vcs_xcor_100.txt
2014-10-30 20:07 - 2014-10-30 20:07 - 0339476 _____ () C:\Users\Shake\AppData\Local\dd_HelpSetup_MSI0519.txt
2014-10-30 19:57 - 2014-10-30 20:08 - 0564352 _____ () C:\Users\Shake\AppData\Local\dd_install_vcs_xcor_100.txt
2014-10-30 20:03 - 2014-10-30 20:03 - 1540754 _____ () C:\Users\Shake\AppData\Local\dd_netfx_dtp0220.txt
2014-10-30 20:06 - 2014-10-30 20:07 - 1632638 _____ () C:\Users\Shake\AppData\Local\dd_SharedManagementObjects_MSI047D.txt
2014-10-30 20:06 - 2014-10-30 20:06 - 0213308 _____ () C:\Users\Shake\AppData\Local\dd_SQLCEToolsForVS2007_MSI043B.txt
2014-10-30 20:06 - 2014-10-30 20:06 - 0500828 _____ () C:\Users\Shake\AppData\Local\dd_SQLSysClrTypes_msi044C.txt
2014-10-30 20:05 - 2014-10-30 20:06 - 0688896 _____ () C:\Users\Shake\AppData\Local\dd_SSCERuntime_64_MSI0407.txt
2014-10-30 20:05 - 2014-10-30 20:05 - 0712880 _____ () C:\Users\Shake\AppData\Local\dd_SSCERuntime_MSI03C9.txt
2014-06-15 19:04 - 2014-06-15 19:05 - 0436724 _____ () C:\Users\Shake\AppData\Local\dd_vcredistMSI04CA.txt
2014-06-15 19:04 - 2014-06-15 19:05 - 0015590 _____ () C:\Users\Shake\AppData\Local\dd_vcredistUI04CA.txt
2014-10-30 20:02 - 2014-10-30 20:03 - 0467036 _____ () C:\Users\Shake\AppData\Local\dd_VC_Red_MSI0187.txt
2014-10-30 20:02 - 2014-10-30 20:02 - 0340340 _____ () C:\Users\Shake\AppData\Local\dd_vc_runtime_x64_msi016D.txt
2014-10-30 20:03 - 2014-10-30 20:03 - 1291236 _____ () C:\Users\Shake\AppData\Local\dd_vsexpbsln64_10001EF.txt
2014-10-30 20:03 - 2014-10-30 20:05 - 13196158 _____ () C:\Users\Shake\AppData\Local\dd_VSMsiLog0279.txt
2014-05-23 16:21 - 2014-05-23 16:21 - 0000036 _____ () C:\Users\Shake\AppData\Local\housecall.guid.cache
2014-05-23 16:43 - 2015-01-15 22:23 - 0000010 _____ () C:\Users\Shake\AppData\Local\sponge.last.runtime.cache
2014-10-30 19:57 - 2014-10-30 20:08 - 0005278 _____ () C:\Users\Shake\AppData\Local\uxeventlog.txt
2014-05-14 05:09 - 2014-05-14 05:09 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Shake\AppData\Local\Temp\2k5e2yop.dll
C:\Users\Shake\AppData\Local\Temp\gm5qjzgr.dll
C:\Users\Shake\AppData\Local\Temp\hcwclear.exe
C:\Users\Shake\AppData\Local\Temp\procexp64.exe
C:\Users\Shake\AppData\Local\Temp\Quarantine.exe
C:\Users\Shake\AppData\Local\Temp\vcredist_x64.exe


Some zero byte size files/folders:
==========================
C:\Windows\System32\atiumdag.dll
C:\Windows\System32\atiumdva.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-20 10:57

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Shake at 2015-01-20 18:10:34
Running from C:\Users\Shake\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Disabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Disabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.5.0.001 - HTC Corporation)
HTC Sync (HKLM-x32\...\{CBDAE89D-8ABD-4DC5-9309-C2C58696B371}) (Version: 3.3.63 - HTC Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Lineage II (HKLM-x32\...\{23664DA8-8872-4CF4-A2F2-327CC539823B}) (Version: 4.0.0.2 - NC Interactive, LLC)
Live Update 5 (HKLM-x32\...\{E8BAA541-D161-4C9B-85BF-01F05A56BD7F}}_is1) (Version: 5.0.115 - MSI)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{2A2F3AE8-246A-4252-BB26-1BEB45627074}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft Visual C# 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C# 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
NCH Tone Generator (HKLM-x32\...\ToneGen) (Version: 3.12 - NCH Software)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
PDFlite 1.0.0.0 (HKLM-x32\...\PDFlite) (Version: 1.0.0.0 - Amnis Technology Ltd)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 6.252.1109.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7111 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.3 - Tweaking.com)
Ultimate Extras sounds from Microsoft® Tinker™ (HKLM\...\UltSounds2) (Version:  - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 6.02 - NCH Software)
Windows Sound Schemes (HKLM\...\UltSounds) (Version:  - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1027772261-2917165354-2662933974-1000_Classes\CLSID\{554EBE31-AEC1-4E34-BCE3-606467760D88}\localserver32 -> "C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\TNT2User.exe" No File

==================== Restore Points  =========================

01-05-2014 02:56:28 Scheduled Checkpoint
01-05-2014 23:00:08 Scheduled Checkpoint
03-05-2014 03:30:55 Scheduled Checkpoint
03-05-2014 23:14:55 Scheduled Checkpoint
04-05-2014 23:00:05 Scheduled Checkpoint
06-05-2014 22:41:46 Scheduled Checkpoint
08-05-2014 04:43:03 Scheduled Checkpoint
08-05-2014 23:01:05 Scheduled Checkpoint
10-05-2014 05:40:18 Scheduled Checkpoint
23-12-2014 00:21:09 Scheduled Checkpoint
24-12-2014 00:19:47 Scheduled Checkpoint
25-12-2014 00:00:12 Scheduled Checkpoint
26-12-2014 04:12:32 Scheduled Checkpoint
27-12-2014 08:23:10 Scheduled Checkpoint
29-12-2014 03:00:42 Scheduled Checkpoint
30-12-2014 00:00:32 Scheduled Checkpoint
31-12-2014 00:23:56 Scheduled Checkpoint
01-01-2015 00:24:23 Scheduled Checkpoint
01-01-2015 03:12:51 Device Driver Package Install: HTC Corporation Ports (COM & LPT)
01-01-2015 03:13:26 Device Driver Package Install: HTC Corporation Modems
01-01-2015 03:15:36 Device Driver Package Install: HTC, Corporation
01-01-2015 03:16:46 Device Driver Package Install: HTC Corporation Network adapters
01-01-2015 03:16:46 Device Driver Package Install: HTC Network Protocol
01-01-2015 03:19:25 Device Driver Package Install: HTC Corporation Portable Devices
01-01-2015 03:21:29 Installed HTC Sync.
02-01-2015 00:00:32 Scheduled Checkpoint
03-01-2015 06:49:36 Scheduled Checkpoint
04-01-2015 06:47:08 Scheduled Checkpoint
05-01-2015 10:04:45 Scheduled Checkpoint
06-01-2015 00:00:22 Scheduled Checkpoint
07-01-2015 00:32:08 Scheduled Checkpoint
08-01-2015 00:31:55 Scheduled Checkpoint
09-01-2015 01:49:00 Scheduled Checkpoint
10-01-2015 00:25:01 Scheduled Checkpoint
11-01-2015 00:41:43 Scheduled Checkpoint
12-01-2015 04:03:36 Scheduled Checkpoint
13-01-2015 00:00:27 Scheduled Checkpoint
14-01-2015 00:00:23 Scheduled Checkpoint
15-01-2015 00:19:08 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
15-01-2015 21:58:55 Installed HiJackThis
16-01-2015 15:28:46 Scheduled Checkpoint
17-01-2015 17:52:16 Tweaking.com - Windows Repair
17-01-2015 19:46:31 Restore Operation
17-01-2015 20:31:45 Tweaking.com - Windows Repair
18-01-2015 10:31:46 avast! antivirus system restore point
19-01-2015 04:56:40 Scheduled Checkpoint
19-01-2015 21:30:10 Installed HiJackThis
20-01-2015 13:39:53 Scheduled Checkpoint
20-01-2015 17:56:48 Installed Sophos Virus Removal Tool.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:34 - 2015-01-17 20:49 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0BC4EB4F-626F-4DB9-9895-761249E8144F} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2013-09-03] ()
Task: {497B36FE-60A8-45A7-A1F2-D80E909FD9B0} - System32\Tasks\FileAssociationManagerUpdater => C:\Program Files (x86)\FileAssociationManager\Updater.exe
Task: {5AE132D7-E995-449C-8C1B-75A40AC5DED1} - \Search-Protect No Task File <==== ATTENTION
Task: {5EF69DC2-D525-489E-A524-2089CC814281} - System32\Tasks\avastBCLRestartS-1-5-21-1027772261-2917165354-2662933974-1000 => Firefox.exe
Task: {66DBF1DB-CACD-4CB1-BADF-FF1499AC9FF8} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-18] (AVAST Software)

==================== Loaded Modules (whitelisted) =============

2008-06-03 02:35 - 2008-06-03 02:35 - 00116736 _____ () C:\Windows\system32\atitmm64.dll
2014-05-14 23:01 - 2013-08-26 05:12 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2015-01-01 03:16 - 2012-12-07 17:26 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2015-01-20 01:26 - 2014-06-26 07:44 - 00358144 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
2015-01-20 04:19 - 2015-01-20 04:19 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15012000\algo.dll
2015-01-18 10:33 - 2015-01-18 10:33 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-08 15:20 - 2015-01-09 02:05 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-12-21 21:04 - 2014-12-21 21:08 - 16843952 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\60070219.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\60070219.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1027772261-2917165354-2662933974-500 - Administrator - Disabled)
Guest (S-1-5-21-1027772261-2917165354-2662933974-501 - Limited - Disabled)
Shake (S-1-5-21-1027772261-2917165354-2662933974-1000 - Administrator - Enabled) => C:\Users\Shake

==================== Faulty Device Manager Devices =============

Name: Video Controller
Description: Video Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/20/2015 10:56:52 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (01/20/2015 10:56:50 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (01/20/2015 10:56:50 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (01/20/2015 10:46:59 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (01/20/2015 10:36:39 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (01/20/2015 10:15:30 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (01/20/2015 04:11:57 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (01/20/2015 04:11:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16592, time stamp 0x544e95a7, faulting module Dxtrans.dll, version 9.0.8112.16592, time stamp 0x544e952a, exception code 0xc0000005, fault offset 0x000098f8,
process id 0x18f8, application start time 0xiexplore.exe0.

Error: (01/20/2015 04:11:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16592, time stamp 0x544e95a7, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x24448b30,
process id 0x23ec, application start time 0xiexplore.exe0.

Error: (01/20/2015 04:11:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16592, time stamp 0x544e95a7, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e00, exception code 0xc0000005, fault offset 0x00030226,
process id 0x300c, application start time 0xiexplore.exe0.


System errors:
=============
Error: (01/20/2015 05:50:50 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.3 for the Network Card with network address 00242151589A has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Error: (01/20/2015 04:09:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Ati External Event Utility1

Error: (01/20/2015 03:04:23 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\syqqyy2i.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (01/20/2015 10:58:13 AM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.3.
The computer with the IP address 192.168.1.2 did not allow the name to be claimed by
this computer.

Error: (01/20/2015 10:52:54 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Superfetch%%197

Error: (01/20/2015 10:50:26 AM) (Source: volmgr) (EventID: 49) (User: )
Description: Configuring the Page file for crash dump failed. Make sure there is a page
file on the boot partition and that is large enough to contain all physical
memory.

Error: (01/20/2015 10:50:13 AM) (Source: volmgr) (EventID: 49) (User: )
Description: Configuring the Page file for crash dump failed. Make sure there is a page
file on the boot partition and that is large enough to contain all physical
memory.

Error: (01/20/2015 10:26:51 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\qnamxk43.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (01/20/2015 10:22:45 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Superfetch%%197

Error: (01/20/2015 10:20:45 AM) (Source: volmgr) (EventID: 49) (User: )
Description: Configuring the Page file for crash dump failed. Make sure there is a page
file on the boot partition and that is large enough to contain all physical
memory.


Microsoft Office Sessions:
=========================
Error: (01/20/2015 10:56:52 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Users\Shake\Downloads\esetsmartinstaller_enu.exe

Error: (01/20/2015 10:56:50 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Users\Shake\Downloads\esetsmartinstaller_enu.exe

Error: (01/20/2015 10:56:50 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Users\Shake\Downloads\esetsmartinstaller_enu.exe

Error: (01/20/2015 10:46:59 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (01/20/2015 10:36:39 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Users\Shake\Downloads\esetsmartinstaller_enu.exe

Error: (01/20/2015 10:15:30 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (01/20/2015 04:11:57 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (01/20/2015 04:11:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.16592544e95a7Dxtrans.dll9.0.8112.16592544e952ac0000005000098f818f801d03446935d5175

Error: (01/20/2015 04:11:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.16592544e95a7unknown0.0.0.000000000c000000524448b3023ec01d03446935165b3

Error: (01/20/2015 04:11:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.16592544e95a7ntdll.dll6.0.6002.1888151da3e00c000000500030226300c01d034469347dc4b


CodeIntegrity Errors:
===================================
  Date: 2015-01-20 18:10:28.500
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-20 18:10:28.346
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-20 18:10:28.205
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-20 18:10:28.046
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-20 18:10:27.832
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-20 18:10:27.690
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-20 18:10:27.548
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-20 18:10:27.407
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-20 18:10:06.041
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-20 18:10:05.899
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU 920 @ 2.67GHz
Percentage of memory in use: 84%
Total physical RAM: 6133.2 MB
Available physical RAM: 968.41 MB
Total Pagefile: 10440.74 MB
Available Pagefile: 5213.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:2048 GB) (Free:95.94 GB) NTFS
Drive d: () (Fixed) (Total:1397.26 GB) (Free:34.34 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Fixed) (Total:149.05 GB) (Free:11.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 2794.5 GB) (Disk ID: 70177B72)
Partition 1: (Not Active) - (Size=2048 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 1BE2A512)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 1397.3 GB) (Disk ID: 4E3F0AC9)
Partition 1: (Active) - (Size=1397.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 Max Lynn

Max Lynn
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Location:Denver, CO, USA
  • Local time:07:11 AM

Posted 20 January 2015 - 09:10 PM

GMER will not allow me to save the log. Clicking save does nothing. I downloaded it 3 times, ran it both as Administrator and myself, it will not allow me to save.



#5 Max Lynn

Max Lynn
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Location:Denver, CO, USA
  • Local time:07:11 AM

Posted 20 January 2015 - 09:29 PM

Sorry, I did not use code boxes, I will in the future.

Here is the Attached TDSKiller log

Attached Files



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 PM

Posted 21 January 2015 - 06:28 AM

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 Max Lynn

Max Lynn
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Location:Denver, CO, USA
  • Local time:07:11 AM

Posted 21 January 2015 - 04:44 PM

Hello again,

Fixlist successful, scan found nothing. The issues still continue.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by Shake at 2015-01-21 14:09:29 Run:2
Running from C:\Users\Shake\Downloads
Loaded Profiles: Shake (Available profiles: Shake)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {5AE132D7-E995-449C-8C1B-75A40AC5DED1} - \Search-Protect No Task File <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1027772261-2917165354-2662933974-1000_Classes\CLSID\{554EBE31-AEC1-4E34-BCE3-606467760D88}\localserver32 -> "C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\TNT2User.exe" No File
SearchScopes: HKU\S-1-5-21-1027772261-2917165354-2662933974-1000 -> {32CB207D-1B68-45D4-9C71-7794F8A99EFD} URL = http://search.us.com/serp?guid={7D834389-C771-4037-A6AC-9B96BAD6DEEE}&k={searchTerms}
HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.us.com/?guid={7D834389-C771-4037-A6AC-9B96BAD6DEEE}
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

2014-11-12 06:24 - 2014-10-27 16:04 - 1852168 _____ (BeFrugal.com                                                ) C:\Users\Shake\AppData\Roaming\BeFrugal.com-Install.exe

EmptyTemp:

*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5AE132D7-E995-449C-8C1B-75A40AC5DED1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5AE132D7-E995-449C-8C1B-75A40AC5DED1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Search-Protect" => Key deleted successfully.
"HKU\S-1-5-21-1027772261-2917165354-2662933974-1000_Classes\CLSID\{554EBE31-AEC1-4E34-BCE3-606467760D88}" => Key deleted successfully.
"HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{32CB207D-1B68-45D4-9C71-7794F8A99EFD}" => Key deleted successfully.
HKCR\CLSID\{32CB207D-1B68-45D4-9C71-7794F8A99EFD} => Key not found.
HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
C:\Users\Shake\AppData\Roaming\BeFrugal.com-Install.exe => Moved successfully.
EmptyTemp: => Removed 1.5 GB temporary data.


The system needed a reboot.

==== End of Fixlog 14:11:45 ====
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/21/2015
Scan Time: 2:23:53 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.21.10
Rootkit Database: v2015.01.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: Shake

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 325903
Time Elapsed: 9 min, 29 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Edited by Max Lynn, 21 January 2015 - 04:51 PM.


#8 Max Lynn

Max Lynn
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Location:Denver, CO, USA
  • Local time:07:11 AM

Posted 21 January 2015 - 05:50 PM

When I ran GMER it had 1 entry that repeated 6 times:

Type: INITKDBG   Name: C:\Windows\System32\ntoskrnl.exe   Value: Suspicious Modification



#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 PM

Posted 22 January 2015 - 03:59 AM

Why did you run gmer without being instructed to do so?

 

 

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Edited by TB-Psychotic, 22 January 2015 - 04:00 AM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 Max Lynn

Max Lynn
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Location:Denver, CO, USA
  • Local time:07:11 AM

Posted 22 January 2015 - 06:14 AM

I forgot to post the result earlier when you asked me to run GMER, I could not get GMER to save the log.

ComboFix 15-01-22.01 - Shake 01/22/2015   2:50.2.8 - x64
Microsoft® Windows Vista™ Ultimate   6.0.6002.2.1252.1.1033.18.6133.4599 [GMT -7:00]
Running from: c:\users\Shake\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Emsisoft Anti-Malware *Disabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Emsisoft Anti-Malware *Disabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-12-22 to 2015-01-22  )))))))))))))))))))))))))))))))
.
.
2015-01-22 10:21 . 2015-01-22 10:21	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-01-22 08:57 . 2015-01-22 08:57	--------	d-----w-	c:\windows\ERUNT
2015-01-22 00:58 . 2015-01-22 01:34	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-22 00:58 . 2015-01-22 01:31	97496	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-01-22 00:53 . 2015-01-22 00:53	--------	d-----w-	c:\windows\system32\appmgmt
2015-01-22 00:01 . 2015-01-22 00:01	35064	----a-w-	c:\windows\system32\drivers\TrueSight.sys
2015-01-21 01:17 . 2015-01-21 01:20	--------	d-----w-	c:\users\Shake\Virustemp
2015-01-21 00:59 . 2015-01-21 00:59	--------	d-----w-	c:\programdata\Sophos
2015-01-21 00:57 . 2015-01-21 00:57	--------	d-----w-	c:\program files (x86)\Sophos
2015-01-20 08:26 . 2015-01-20 08:26	--------	d-----w-	c:\program files (x86)\ESET
2015-01-20 06:35 . 2015-01-21 22:02	--------	d-----w-	c:\users\Shake\Pavark
2015-01-20 04:30 . 2015-01-20 04:30	388096	----a-r-	c:\users\Shake\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2015-01-20 02:33 . 2015-01-20 02:33	--------	d-----w-	c:\programdata\Emsisoft
2015-01-20 02:24 . 2015-01-22 09:01	--------	d-----w-	c:\program files (x86)\Emsisoft Anti-Malware
2015-01-18 17:37 . 2015-01-18 17:37	--------	d-----w-	c:\users\Shake\AppData\Roaming\AVAST Software
2015-01-18 17:35 . 2015-01-20 11:15	--------	d-----w-	c:\program files\Google
2015-01-18 17:34 . 2015-01-20 11:15	--------	d-----w-	c:\program files (x86)\Google
2015-01-18 17:34 . 2015-01-20 05:43	--------	d-----w-	c:\users\Shake\AppData\Local\Google
2015-01-18 17:34 . 2015-01-18 17:34	65264	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2015-01-18 17:34 . 2015-01-18 17:34	267632	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2015-01-18 17:34 . 2015-01-18 17:34	436624	----a-w-	c:\windows\system32\drivers\aswSP.sys
2015-01-18 17:34 . 2015-01-18 17:34	65776	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2015-01-18 17:34 . 2015-01-18 17:36	87912	----a-w-	c:\windows\system32\drivers\aswmonflt.sys
2015-01-18 17:34 . 2015-01-18 17:34	29208	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2015-01-18 17:34 . 2015-01-18 17:33	64752	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2015-01-18 17:34 . 2015-01-18 17:36	1050432	----a-w-	c:\windows\system32\drivers\aswsnx.sys
2015-01-18 17:34 . 2015-01-18 17:34	364512	----a-w-	c:\windows\system32\aswBoot.exe
2015-01-18 17:33 . 2015-01-18 17:33	43152	----a-w-	c:\windows\avastSS.scr
2015-01-18 17:32 . 2015-01-18 17:32	--------	d-----w-	c:\program files\AVAST Software
2015-01-18 17:29 . 2015-01-18 17:32	--------	d-----w-	c:\programdata\AVAST Software
2015-01-18 03:59 . 2015-01-20 20:40	--------	d-----w-	c:\windows\system32\catroot2
2015-01-18 03:43 . 2015-01-18 03:43	--------	d-----w-	c:\windows\SysWow64\wbem\Performance
2015-01-18 03:18 . 2015-01-09 09:07	73840	----a-w-	c:\program files (x86)\Mozilla Firefox\wow_helper.exe
2015-01-18 03:18 . 2015-01-09 09:06	915376	----a-w-	c:\program files (x86)\Mozilla Firefox\uninstall\helper.exe
2015-01-18 00:51 . 2015-01-18 00:51	--------	d-----w-	C:\RegBackup
2015-01-17 23:47 . 2015-01-17 23:47	--------	d-----w-	c:\program files (x86)\Tweaking.com
2015-01-17 10:48 . 2015-01-17 10:49	--------	d-----w-	c:\program files (x86)\Mozilla Firefox(1)
2015-01-16 21:01 . 2015-01-22 09:17	--------	d-----w-	C:\FRST
2015-01-16 19:47 . 2015-01-22 00:01	--------	d-----w-	c:\programdata\RogueKiller
2015-01-16 04:59 . 2015-01-16 04:59	--------	d-----w-	c:\program files (x86)\Trend Micro
2015-01-16 04:46 . 2015-01-16 04:46	--------	d-----w-	C:\$RECYCLE(0).BIN
2015-01-16 04:16 . 2015-01-16 20:16	--------	d-----w-	c:\programdata\Malwarebytes
2015-01-16 04:16 . 2015-01-22 08:50	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-01-16 04:08 . 2015-01-16 04:08	--------	d-----w-	c:\users\Shake\AppData\Roaming\WinPatrol
2015-01-16 04:08 . 2015-01-16 04:08	--------	d-----w-	c:\programdata\InstallMate
2015-01-16 04:08 . 2015-01-16 04:08	--------	d-----w-	c:\program files (x86)\Ruiware
2015-01-13 18:31 . 2015-01-13 18:31	--------	d-----w-	c:\users\Shake\AppData\Roaming\JAM Software
2015-01-07 21:56 . 2015-01-07 22:44	--------	d-----w-	c:\users\Shake\AppData\Local\Microsoft Games
2015-01-01 10:16 . 2015-01-22 00:53	--------	d-----w-	c:\users\Shake\AppData\Local\Downloaded Installations
2015-01-01 10:15 . 2015-01-01 10:15	--------	d-----w-	c:\program files (x86)\Spirent Communications
2015-01-01 10:12 . 2015-01-22 00:53	--------	d-----w-	c:\program files (x86)\HTC
2015-01-01 10:12 . 2015-01-01 10:12	--------	d-----w-	c:\program files (x86)\Common Files\Adobe AIR
2015-01-01 10:12 . 2015-01-01 10:12	--------	d-----w-	c:\program files (x86)\MSXML 4.0
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-23 08:34 . 2014-12-23 08:34	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC7E0793-0F11-4E1F-B761-72FC95696C96}\offreg.dll
2014-12-22 04:08 . 2014-05-12 09:43	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-22 04:08 . 2014-05-12 09:43	701616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-31 03:07 . 2014-10-31 03:05	188128	----a-w-	c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2014-10-27 20:32 . 2014-11-19 20:16	17870336	----a-w-	c:\windows\system32\mshtml.dll
2014-10-27 20:13 . 2014-11-19 20:16	2339840	----a-w-	c:\windows\system32\jscript9.dll
2014-10-27 20:12 . 2014-11-19 20:16	10921472	----a-w-	c:\windows\system32\ieframe.dll
2014-10-27 20:07 . 2014-11-19 20:16	1388032	----a-w-	c:\windows\system32\urlmon.dll
2014-10-27 20:06 . 2014-11-19 20:16	1392128	----a-w-	c:\windows\system32\wininet.dll
2014-10-27 20:05 . 2014-11-19 20:16	1494016	----a-w-	c:\windows\system32\inetcpl.cpl
2014-10-27 20:05 . 2014-11-19 20:16	237056	----a-w-	c:\windows\system32\url.dll
2014-10-27 20:05 . 2014-11-19 20:16	86016	----a-w-	c:\windows\system32\jsproxy.dll
2014-10-27 20:04 . 2014-11-19 20:16	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2014-10-27 20:04 . 2014-11-19 20:16	2157056	----a-w-	c:\windows\system32\iertutil.dll
2014-10-27 20:04 . 2014-11-19 20:16	599040	----a-w-	c:\windows\system32\vbscript.dll
2014-10-27 20:04 . 2014-11-19 20:16	816640	----a-w-	c:\windows\system32\jscript.dll
2014-10-27 20:04 . 2014-11-19 20:16	729088	----a-w-	c:\windows\system32\msfeeds.dll
2014-10-27 20:04 . 2014-11-19 20:16	453120	----a-w-	c:\windows\system32\dxtmsft.dll
2014-10-27 20:03 . 2014-11-19 20:16	282112	----a-w-	c:\windows\system32\dxtrans.dll
2014-10-27 20:03 . 2014-11-19 20:16	55296	----a-w-	c:\windows\system32\msfeedsbs.dll
2014-10-27 20:03 . 2014-11-19 20:16	11264	----a-w-	c:\windows\system32\msfeedssync.exe
2014-10-27 20:03 . 2014-11-19 20:16	96768	----a-w-	c:\windows\system32\mshtmled.dll
2014-10-27 20:03 . 2014-11-19 20:16	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2014-10-27 20:03 . 2014-11-19 20:16	12800	----a-w-	c:\windows\system32\mshta.exe
2014-10-27 20:03 . 2014-11-19 20:16	248320	----a-w-	c:\windows\system32\ieui.dll
2014-10-27 19:05 . 2014-11-19 20:16	1810944	----a-w-	c:\windows\SysWow64\jscript9.dll
2014-10-27 18:59 . 2014-11-19 20:16	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2014-10-27 18:58 . 2014-11-19 20:16	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2014-10-27 18:56 . 2014-11-19 20:16	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2014-10-27 18:56 . 2014-11-19 20:16	421376	----a-w-	c:\windows\SysWow64\vbscript.dll
2014-10-27 18:55 . 2014-11-19 20:16	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-10-27 18:55 . 2014-11-19 20:16	11776	----a-w-	c:\windows\SysWow64\mshta.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"WMPNSCFG"="c:\program files (x86)\Windows Media Player\WMPNSCFG.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LiveUpdate 5"="c:\program files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe" [2014-03-05 322544]
"NCUpdateHelper"="c:\program files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe" [2014-05-14 526240]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-18 5227112]
"emsisoft anti-malware"="c:\program files (x86)\emsisoft anti-malware\a2guard.exe" [2014-12-31 4997872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [x]
S1 a2injectiondriver;a2injectiondriver;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys [x]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys [x]
S2 a2AntiMalware;Emsisoft Protection Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [x]
S3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-01-18 17:33	860984	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Shake\AppData\Roaming\Mozilla\Firefox\Profiles\bxglrmeu.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{6E4293AD-DA06-4ABE-A098-DF6843B2BEC1} - (no file)
AddRemove-ToneGen - c:\program files (x86)\NCH Software\ToneGen\tonegen.exe
AddRemove-WavePad - c:\program files (x86)\NCH Software\WavePad\wavepad.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2015-01-22  03:23:43
ComboFix-quarantined-files.txt  2015-01-22 10:23
ComboFix2.txt  2015-01-22 04:09
ComboFix3.txt  2015-01-16 04:46
.
Pre-Run: 93,236,092,928 bytes free
Post-Run: 93,197,103,104 bytes free
.
- - End Of File - - 47873F2104370AC77907EC5E69F212E4
5C616939100B85E558DA92B899A0FC36



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 PM

Posted 22 January 2015 - 07:07 AM

OK :)

 

 

Scan with ESET Online Scan

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 Max Lynn

Max Lynn
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Location:Denver, CO, USA
  • Local time:07:11 AM

Posted 22 January 2015 - 03:48 PM

No threats found. The issues are the same.



#13 Max Lynn

Max Lynn
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Location:Denver, CO, USA
  • Local time:07:11 AM

Posted 23 January 2015 - 01:44 AM

Sorry, I know this is difficult. Can you ask others on team what they think? Explorer windows blocked (Restore, System). No file names. Missing column headers. Keeps downloading other malware.

I have the external drive, it has the infection, should I plug it in?

See what the virus scanners detect?

What virus scanner and setting would work best? Maybe if we find the malware that way, we can find it's name, and find a named removal tool specific to the malware/rootkit/?.



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 PM

Posted 23 January 2015 - 05:39 AM

Use the Windows Error Checking utility (Check Disk), with the options to fix file system errors and scan the disk surface for errors, attempt recovery of data and repair the disk:

  • Click the "Windows Orb" Start button, then click Computer.
  • Right-click on the drive that you wish to check > Properties > Tools tab
  • In the "Error checking" section, click on Check now.
  • Place a checkmark in both boxes > Start.
  • If the disk you have chosen is the Windows system disk:
  • A message will notify you that a restart is necessary ask "Do you want to check for hard disk errors the next time you start your computer?".
  • Click Schedule disk check > OK and close all windows.
  • Re-start the computer. The disk will be checked when the system boots.
  • This will take some time to run and at times may appear stalled but just let it run.
  • When the disk check is complete, the system will re-start automatically and load Windows.


A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.
To open Event Viewer and view the log:

  • Click the "Windows Orb" Start button -> type "eventvwr" without the quotes -> press the key.
  • The Event Viewer window will open.
  • In the left pane, expand "Windows Logs" and then click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Wininit", with an entry corresponding to the date and time of the disk check.
  • Click on that Wininit entry to select it.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.

 

 

System File Check

For Windows XP:

  • Press the Windows- and the R-key simultanously.
  • Within the text box that jus opened, write cmd and hit Enter.


For Windows Vista/7:

  • Press the Windows key to open the start menu.
  • Don´t highlight anything, just write cmd.
  • The start menu will offer you an entry named cmd.
  • Right click it and select "run as administrator"



Within the opening window, write the following:

sfc /scannow
(See the blank within).


  • Hit enter. Your system will be checked for damaged system files.
  • Tell me the result of that scan in here (as the tool produces no log).

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 Max Lynn

Max Lynn
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Location:Denver, CO, USA
  • Local time:07:11 AM

Posted 24 January 2015 - 12:21 AM

This is second and third drive's Check Disk Logs, I have to run the first one now. D drive took over 4 hours.

The log for SFC is found at C:\Windows\Logs\CBS\CBS.log

It is very cryptic though.

The Check Disk I ran in windows showed up in the same place as the Winlogon, but source was ChkDsk

Checking file system on D:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.                         
  328320 file records processed.                                     1117 large file records processed.                               0 bad file records processed.                                 0 EA records processed.                                       43 reparse records processed.                                  389742 index entries processed.                                    0 unindexed files processed.                                  328320 security descriptors processed.                           Cleaning up 259 unused index entries from index $SII of file 0x9.
Cleaning up 259 unused index entries from index $SDH of file 0x9.
Cleaning up 259 unused security descriptors.
  30712 data files processed.                                     CHKDSK is verifying Usn Journal...
  35498576 USN bytes processed.                                      Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  328304 files processed.                                          File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  9003901 free clusters processed.                                  Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Windows has made corrections to the file system.

1465136127 KB total disk space.
1428500260 KB in 267579 files.
    137712 KB in 30713 indexes.
         0 KB in bad sectors.
    482551 KB in use by the system.
     65536 KB occupied by the log file.
  36015604 KB available on disk.

      4096 bytes in each allocation unit.
 366284031 total allocation units on disk.
   9003901 allocation units available on disk.

Internal Info:
80 02 05 00 3f 8d 04 00 5b 02 08 00 00 00 00 00  ....?...[.......
6c 46 00 00 2b 00 00 00 00 00 00 00 00 00 00 00  lF..+...........
90 c7 cb 77 00 00 00 00 50 23 57 ff 00 00 00 00  ...w....P#W.....

Chkdsk was executed in read/write mode.  

Checking file system on E:
  116928 file records processed.                                     526 large file records processed.                               0 bad file records processed.                                 2 EA records processed.                                       44 reparse records processed.                                  146846 index entries processed.                                    0 unindexed files processed.                                  116928 security descriptors processed.                           Cleaning up 11747 unused index entries from index $SII of file 0x9.
Cleaning up 11747 unused index entries from index $SDH of file 0x9.
Cleaning up 11747 unused security descriptors.
  14960 data files processed.                                     CHKDSK is verifying Usn Journal...
  35343360 USN bytes processed.                                      Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  116912 files processed.                                          File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  2875211 free clusters processed.                                  Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.

 156287999 KB total disk space.
 144504272 KB in 73061 files.
     53628 KB in 14961 indexes.
    229251 KB in use by the system.
     65536 KB occupied by the log file.
  11500848 KB available on disk.

      4096 bytes in each allocation unit.
  39071999 total allocation units on disk.
   2875212 allocation units available on disk.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users