Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keep getting a "Script Error" pop up


  • This topic is locked This topic is locked
29 replies to this topic

#1 tkennedy41

tkennedy41

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 20 January 2015 - 07:55 PM

Getting the following pop up Script Error fail:
 
(Unable to9079a8d5 open registry key "HKCU\software\classes\clsid\{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}\localserver32\a" for reading)

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496
Run by Thomas at 19:32:30 on 2015-01-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8086.2448 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\PasswordBox\pbbtnService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_16_0_0_257_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://comcast.net/
uSearch Bar = Preserve
mStart Page = www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: PasswordBox Helper: {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - LocalServer32 - <no file>
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - LocalServer32 - <no file>
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
uRun: [WinSweep] C:\Program Files (x86)\WinSweeper\WinSweeper.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRunOnce: [Adobe Speed Launcher] 1421416087
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
StartupFolder: C:\Users\Thomas\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\INTEL(~1.LNK - C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{72654BD5-7C4D-4CFE-8DEC-306BD07E00FE} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{72654BD5-7C4D-4CFE-8DEC-306BD07E00FE}\6596C6C61602E4F667160275966496 : NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{72654BD5-7C4D-4CFE-8DEC-306BD07E00FE}\6596C6C61602E4F667160275966496 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{72654BD5-7C4D-4CFE-8DEC-306BD07E00FE}\8405D2052796E647D22443D2F46666963656A65647020527F60283630303 : NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{72654BD5-7C4D-4CFE-8DEC-306BD07E00FE}\C416155796E64716 : NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{72654BD5-7C4D-4CFE-8DEC-306BD07E00FE}\C416155796E64716 : DHCPNameServer = 4.2.2.1
TCP: Interfaces\{72654BD5-7C4D-4CFE-8DEC-306BD07E00FE}\E4564776561627 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{72654BD5-7C4D-4CFE-8DEC-306BD07E00FE}\E4564776561627F5548545 : DHCPNameServer = 192.168.1.1
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = www.google.com
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R?2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-5-10 1593632]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-11-18 203544]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-7-18 313624]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-10-5 124184]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-6-18 31512]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2014-5-10 33736]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-3-21 55856]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2013-3-21 21616]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-6-18 153368]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-12-8 260888]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-8-28 243480]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-10-10 274200]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-3-21 50976]
R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2014-5-10 300320]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2013-3-25 98208]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2014-12-18 3432976]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2014-12-18 298080]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-3-21 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-10-22 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-10-22 969016]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-5-10 16941856]
R2 PasswordBox;PasswordBox;C:\Program Files (x86)\PasswordBox\pbbtnService.exe [2013-11-1 67584]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-2-17 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-2-17 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-2-17 171416]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-5-10 411936]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-3-25 2656280]
R2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [2014-8-11 1820184]
R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2014-12-2 1042808]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2014-6-2 296312]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2013-3-18 27760]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-10-19 195072]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-8-29 53760]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-10-10 288768]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2013-3-21 175168]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-10-11 59904]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-3-25 317440]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-10-22 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-10-22 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-10-22 63704]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2013-3-18 95744]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2013-3-18 212992]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-5-10 39200]
R3 qicflt;upper Device Filter Driver;C:\Windows\System32\drivers\qicflt.sys [2013-3-18 29288]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-3-18 412264]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2010-2-17 66632]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2013/09/21 19:29:18;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2013-1-2 247328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-10-19 195072]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-3-21 57856]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2014-3-31 1512640]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-9 114688]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2013-3-18 172632]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-1 340240]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\System32\drivers\nvstusb.sys [2013-3-18 291648]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-21 19456]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-2-17 12872]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-5-9 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-3-21 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-3-21 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2015-01-14 10:50:02 5553592 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-01-14 10:50:01 503808 ----a-w- C:\Windows\System32\srcore.dll
2015-01-14 10:50:01 50176 ----a-w- C:\Windows\System32\srclient.dll
2015-01-14 10:50:01 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-01-14 10:50:01 3971512 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-01-14 10:50:01 3916728 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-01-14 10:50:01 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-01-14 10:47:28 210432 ----a-w- C:\Windows\System32\profsvc.dll
2015-01-14 10:47:26 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2015-01-14 10:47:26 303616 ----a-w- C:\Windows\System32\nlasvc.dll
2015-01-14 10:47:26 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2015-01-14 10:47:26 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2015-01-14 10:47:25 87040 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2015-01-04 19:16:28 -------- d-----w- C:\Users\Thomas\AppData\Roaming\AVG2015
2015-01-04 19:15:43 -------- d--h--w- C:\$AVG
2015-01-04 19:11:27 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2015-01-04 19:09:48 -------- d-----w- C:\Users\Thomas\AppData\Local\Avg2015
2015-01-04 02:10:39 -------- d-----w- C:\ProgramData\REGSERVO64
2015-01-03 04:33:49 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DE96E3DB-18F4-43A6-B486-091CE5B69596}\offreg.dll
2015-01-03 03:39:34 11870360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DE96E3DB-18F4-43A6-B486-091CE5B69596}\mpengine.dll
2015-01-01 21:47:23 129752 ----a-w- C:\Windows\System32\drivers\7A7A4A92.sys
2015-01-01 14:09:12 19888 ----a-w- C:\Windows\System32\roboot64.exe
2015-01-01 14:09:11 -------- d-----w- C:\Program Files (x86)\WinThruster
2014-12-31 20:01:01 -------- d-----w- C:\Users\Thomas\AppData\Roaming\Solvusoft
2014-12-29 19:35:54 -------- d-----w- C:\Windows\ELAMBKUP
2014-12-29 19:35:50 -------- d-----w- C:\ProgramData\Kaspersky Lab
2014-12-29 18:36:33 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2014-12-29 01:12:47 -------- d-----w- C:\Users\Thomas\AppData\Roaming\Dropbox
2014-12-29 01:01:10 -------- d-----w- C:\Program Files\AVAST Software
2014-12-29 01:01:00 -------- d-----w- C:\ProgramData\AVAST Software
2014-12-28 21:50:39 1660 ----a-w- C:\Windows\System32\ASOROSet.bin
2014-12-28 21:49:33 -------- d-----w- C:\Users\Thomas\AppData\Local\WinSweeper
2014-12-22 00:52:19 -------- d-----w- C:\searchplugins
2014-12-22 00:51:31 358736 ----a-w- C:\Windows\System32\LavasoftTcpService64.dll
2014-12-22 00:51:28 312424 ----a-w- C:\Windows\SysWow64\LavasoftTcpService.dll
2014-12-22 00:49:54 -------- d-----w- C:\Users\Thomas\AppData\Roaming\RHEng
.
==================== Find3M ====================
.
2015-01-20 23:34:20 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-01-14 22:01:15 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-14 22:01:15 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-12-13 05:09:01 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-12-13 03:33:44 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-12-09 02:24:26 260888 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2014-12-04 02:50:55 413184 ----a-w- C:\Windows\System32\generaltel.dll
2014-12-04 02:50:45 741376 ----a-w- C:\Windows\System32\invagent.dll
2014-12-04 02:50:40 396800 ----a-w- C:\Windows\System32\devinv.dll
2014-12-04 02:50:38 830976 ----a-w- C:\Windows\System32\appraiser.dll
2014-12-04 02:50:37 227328 ----a-w- C:\Windows\System32\aepdu.dll
2014-12-04 02:50:37 192000 ----a-w- C:\Windows\System32\aepic.dll
2014-12-04 02:44:48 1083392 ----a-w- C:\Windows\System32\aeinv.dll
2014-12-01 23:28:44 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
2014-11-24 19:04:56 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-21 11:14:22 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-21 11:14:12 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-21 11:14:08 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-19 02:42:04 203544 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-10-30 02:03:43 165888 ----a-w- C:\Windows\System32\charmap.exe
2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
.
============= FINISH: 19:33:46.33 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/21/2013 2:14:49 PM
System Uptime: 1/17/2015 8:27:30 AM (83 hours ago)
.
Motherboard: Dell Inc. | | 0XN71K
Processor: Intel® Core™ i7-2670QM CPU @ 2.20GHz | CPU | 2201/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 685 GiB total, 210.321 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
H: is FIXED (FAT32) - 30 GiB total, 22.328 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&12CC6033&0&01
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&12CC6033&0&01
Service: vwifimp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&12CC6033&0&02
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter #2
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&12CC6033&0&02
Service: vwifimp
.
==== System Restore Points ===================
.
RP238: 1/11/2015 4:17:26 PM - WinThruster Sun, Jan 11, 15 16:17
RP239: 1/15/2015 3:00:22 AM - Windows Update
RP240: 1/15/2015 7:46:57 AM - WinThruster Thu, Jan 15, 15 07:46
.
==== Installed Programs ======================
.
AccelerometerP11
Accidental Damage Services Agreement
Adobe Flash Player 16 ActiveX
Adobe Flash Player 16 NPAPI
Adobe Reader XI (11.0.10)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2014
AVG 2015
Blio
Bonjour
Cozi
CyberLink PowerDVD 9.6
D3DX10
Dell Edoc Viewer
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell VideoStage
Dell Webcam Central
DirectX 9 Runtime
Free RAR Extractor
FrostWire 6.0.3
GeForce Experience NvStream Client Components
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Intel PROSet Wireless
Intel® Management Engine Components
Intel® Processor Graphics
Intel® PROSet/Wireless Software for Bluetooth® Technology
Intel® PROSet/Wireless WiFi Software
Intel® Rapid Storage Technology
Intel® Turbo Boost Technology Monitor 2.0
iTunes
Junk Mail filter update
Malwarebytes Anti-Malware version 2.0.4.1028
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Movie Maker
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA 3D Vision Driver 335.23
NVIDIA Control Panel 335.23
NVIDIA GeForce Experience 1.8.2.1
NVIDIA Graphics Driver 335.23
NVIDIA HD Audio Driver 1.3.30.1
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA Optimus Update 11.10.13
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.1220
NVIDIA ShadowPlay 11.10.13
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 11.10.13
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.20
OpenOffice 4.0.0
Photo Common
Photo Gallery
PhotoShowExpress
PlayReady PC Runtime x86
QuickTime
RBVirtualFolder64Inst
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
SHIELD Streaming
Skype Click to Call
Skype™ 7.0
Sonic CinePlayer Decoder Pack
Sonos Controller
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
TouchCopy 12
Visual Studio 2010 x64 Redistributables
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
VLC media player
Vuze
Vuze Remote Toolbar v8.7
WD Drive Utilities
WD Quick View
WD Security
WD SmartWare
WD SmartWare Installer
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinThruster
.
==== Event Viewer Messages From Past Week ========
.
1/19/2015 7:04:48 PM, Error: Schannel [36887] - The following fatal alert was received: 20.
1/19/2015 7:04:46 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer ALICE that believes that it is the master browser for the domain on transport NetBT_Tcpip_{72654BD5-7C4D-4CFE-8DEC-306BD07E00FE}. The master browser is stopping or an election is being forced.
1/18/2015 8:30:10 PM, Error: Schannel [36887] - The following fatal alert was received: 40.
1/16/2015 8:49:39 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
1/16/2015 8:47:46 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
1/16/2015 8:47:46 AM, Error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/16/2015 8:46:28 AM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
1/16/2015 8:46:28 AM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
.
==== End Of File ===========================

Attached Files


Edited by Oh My!, 20 January 2015 - 11:01 PM.
Posted logs


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,005 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:20 AM

Posted 20 January 2015 - 11:02 PM

Greetings tkennedy41 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 tkennedy41

tkennedy41
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 21 January 2015 - 06:27 AM

Thanks for your quick response. I will go through the procedure shortly and let you know how it goes. Let me tell you that I recently has a virus that was causing my computer to run really slow. As I opened Task Manager, there were various Programs running that looked legit but they were causing the CPU usage to run high. I tried various Malware Removal programs (Avira, Winthruster/Winsweeper and some others) I currently use AVG, Malwarebyte, Spybot and Superspyware. Eventually I fixed the problem but 2 new ones arose. This problem here and I'm also having trouble viewing Thumbnails in Window Explorer. I have a separate Thread for that. Thanks again. 



#4 tkennedy41

tkennedy41
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 21 January 2015 - 07:19 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Thomas (administrator) on THOMAS-PC on 21-01-2015 07:04:50
Running from C:\Users\Thomas\Downloads
Loaded Profiles: Thomas (Available profiles: Thomas & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Solvusoft Corporation) C:\Program Files (x86)\WinThruster\WinThruster.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SUPERAntiSpyware.com) C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_257_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2370856 2010-09-23] (Synaptics Incorporated)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-11-01] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7284328 2011-08-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [487562 2010-08-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [181208 2013-04-03] (cyberlink)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694072 2013-10-15] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\!SASWinLogon-x32: C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-895303375-2132951279-3078752421-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-895303375-2132951279-3078752421-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30879328 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-895303375-2132951279-3078752421-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-895303375-2132951279-3078752421-1001\...\Run: [WinSweep] => C:\Program Files (x86)\WinSweeper\WinSweeper.exe
HKU\S-1-5-21-895303375-2132951279-3078752421-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010864 2010-04-01] (SUPERAntiSpyware.com)
HKU\S-1-5-21-895303375-2132951279-3078752421-1001\...\RunOnce: [Adobe Speed Launcher] => 1421841450
HKU\S-1-5-21-895303375-2132951279-3078752421-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-895303375-2132951279-3078752421-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-895303375-2132951279-3078752421-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_23_ie&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0DtBtB0BzzyCyDyEtAtAtN0D0Tzu0SzzzzzytN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBtC0CtCyBzzzz0EtGyEyC0CzytGtAzy0E0FtGyEtB0DtBtGtAtB0CyB0CzztAyE0C0Dzz0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtC0C0CyBzy0A0DtGtD0AyDzztGzy0ByE0AtG0DyBtByDtGyCyC0A0Ezy0EtC0B0ByBzy0E2QtN1B1L1H1Ezu1O2U1M1B&cr=2119126984&ir=
SearchScopes: HKU\S-1-5-21-895303375-2132951279-3078752421-1001 -> DefaultScope {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = https://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10048_swoc_campaign_141222__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-895303375-2132951279-3078752421-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?pc=COSP&ptag=D122214-ABA01A7CCEB2146F8A7F&form=CONBDF&conlogo=CT3330961&q={searchTerms}
SearchScopes: HKU\S-1-5-21-895303375-2132951279-3078752421-1001 -> {B286DB92-DDC1-48F1-8D51-03505248C9F2} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
SearchScopes: HKU\S-1-5-21-895303375-2132951279-3078752421-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = https://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10048_swoc_campaign_141222__yaie&p={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-895303375-2132951279-3078752421-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKU\S-1-5-21-895303375-2132951279-3078752421-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-895303375-2132951279-3078752421-1001 -> No Name - {46575637-0076-A76A-76A7-7A786E7484D7} - No File
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
ShellExecuteHooks-x32: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Unit Layers - C:\Program Files (x86)\Mozilla Firefox\extensions\fgsegj@ohwcaijlmohgftbpsu.org [2013-06-14]
Chrome:
=======
CHR HomePage: Default -> https://search.yahoo.com/?type=994519&fr=yo-yhp-ch
CHR StartupUrls: Default -> "https://search.yahoo.com/?type=994519&fr=yo-yhp-ch"
CHR DefaultSearchKeyword: Default -> yahoo.com search
CHR DefaultSearchURL: Default -> https://search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=994519&p={searchTerms}
CHR DefaultSuggestURL: Default -> https://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll (AVG Technologies)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Profile: C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-03]
CHR Extension: (Skype Click to Call) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-07-04]
CHR Extension: (Google Wallet) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-04]
CHR HKLM\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - No Path
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKU\S-1-5-21-895303375-2132951279-3078752421-1001\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - No Path
CHR HKLM-x32\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [247328 2013-01-02] (CyberLink)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-11-01] ()
U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2013-11-01] (PasswordBox, Inc.) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-06-02] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2014-03-04] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S1 SASDIFSV; C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SASENUM; C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [12872 2010-02-17] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [66632 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-21 07:04 - 2015-01-21 07:05 - 00029153 _____ () C:\Users\Thomas\Downloads\FRST.txt
2015-01-21 07:04 - 2015-01-21 07:04 - 00000000 ____D () C:\FRST
2015-01-21 07:03 - 2015-01-21 07:03 - 02126848 _____ (Farbar) C:\Users\Thomas\Downloads\FRST64.exe
2015-01-21 06:51 - 2015-01-21 06:51 - 00000738 _____ () C:\Users\Thomas\Downloads\Rebuild_Icon_Cache.bat
2015-01-21 06:49 - 2015-01-21 06:49 - 00001377 _____ () C:\Users\Thomas\Desktop\Clear_and_Reset_Thumbnail_Cache.lnk
2015-01-21 06:47 - 2015-01-21 06:47 - 00000315 _____ () C:\Users\Thomas\Downloads\Clear_and_Reset_Thumbnail_Cache.bat
2015-01-20 19:33 - 2015-01-20 19:33 - 00031558 _____ () C:\Users\Thomas\Desktop\dds.txt
2015-01-20 19:33 - 2015-01-20 19:33 - 00007169 _____ () C:\Users\Thomas\Desktop\attach.txt
2015-01-20 19:32 - 2015-01-20 19:32 - 00688992 ____R (Swearware) C:\Users\Thomas\Downloads\dds.com
2015-01-14 05:50 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 05:50 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 05:50 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 05:50 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 05:50 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 05:50 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 05:50 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 05:47 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 05:47 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 05:47 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 05:47 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 05:47 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 05:47 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-04 14:16 - 2015-01-04 14:16 - 00000927 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-01-04 14:16 - 2015-01-04 14:16 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\AVG2015
2015-01-04 14:16 - 2015-01-04 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-04 14:15 - 2015-01-04 14:16 - 00000000 ___HD () C:\$AVG
2015-01-04 14:12 - 2015-01-04 14:12 - 00000995 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-01-04 14:09 - 2015-01-04 14:19 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Avg2015
2015-01-04 14:09 - 2015-01-04 14:09 - 04637504 _____ (AVG Technologies) C:\Users\Thomas\Downloads\avg_free_stb_all_2015_5557_cnet.exe
2015-01-03 21:10 - 2015-01-03 21:10 - 00000000 ____D () C:\ProgramData\REGSERVO64
2015-01-02 23:54 - 2015-01-02 23:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\Apple Computer
2015-01-02 23:49 - 2015-01-02 23:49 - 00000000 ____D () C:\Users\Guest\AppData\Local\Dell
2015-01-01 16:47 - 2015-01-01 16:47 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\7A7A4A92.sys
2015-01-01 09:09 - 2015-01-21 06:56 - 00003106 _____ () C:\Windows\System32\Tasks\WinThruster
2015-01-01 09:09 - 2015-01-01 09:09 - 00001005 _____ () C:\Users\Public\Desktop\WinThruster.lnk
2015-01-01 09:09 - 2015-01-01 09:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinThruster
2015-01-01 09:09 - 2015-01-01 09:09 - 00000000 ____D () C:\Program Files (x86)\WinThruster
2015-01-01 09:09 - 2012-10-15 17:02 - 00019888 _____ (solvusoft) C:\Windows\system32\roboot64.exe
2014-12-31 15:01 - 2015-01-01 09:09 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Solvusoft
2014-12-30 19:29 - 2015-01-21 06:53 - 00011312 _____ () C:\Windows\setupact.log
2014-12-30 19:29 - 2014-12-30 19:29 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-29 20:20 - 2012-05-04 23:49 - 22259528 _____ () C:\Users\Thomas\Downloads\vlc-2.0.1-win32.exe
2014-12-29 20:20 - 2012-01-17 00:28 - 04900376 _____ (Lime Wire LLC) C:\Users\Thomas\Downloads\Limewire4.18.8.exe
2014-12-29 14:35 - 2015-01-04 14:03 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-12-29 14:35 - 2015-01-04 14:03 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-12-28 20:12 - 2014-12-28 20:12 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Dropbox
2014-12-28 20:01 - 2014-12-29 13:40 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-28 20:01 - 2014-12-28 20:01 - 00000350 ____H () C:\Windows\Tasks\avast! Emergency Update.job
2014-12-28 20:01 - 2014-12-28 20:01 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-28 17:37 - 2014-12-28 17:37 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Google
2014-12-28 17:36 - 2014-12-28 17:36 - 00000000 __SHD () C:\Users\Guest\AppData\Local\EmieUserList
2014-12-28 17:36 - 2014-12-28 17:36 - 00000000 __SHD () C:\Users\Guest\AppData\Local\EmieSiteList
2014-12-28 17:36 - 2014-12-28 17:36 - 00000000 __SHD () C:\Users\Guest\AppData\Local\EmieBrowserModeList
2014-12-28 17:35 - 2015-01-02 23:54 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Apple Computer
2014-12-28 17:35 - 2014-12-28 17:35 - 00080864 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-28 17:35 - 2014-12-28 17:35 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Roxio
2014-12-28 17:35 - 2014-12-28 17:35 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Intel Corporation
2014-12-28 17:35 - 2014-12-28 17:35 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Dell
2014-12-28 17:35 - 2014-12-28 17:35 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Creative
2014-12-28 17:35 - 2014-12-28 17:35 - 00000000 ____D () C:\Users\Guest\AppData\Local\WinSweeper
2014-12-28 17:34 - 2014-12-28 17:34 - 00001415 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-28 17:34 - 2014-12-28 17:34 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-12-28 17:34 - 2014-12-28 17:34 - 00000000 ____D () C:\Users\Guest\AppData\Local\NVIDIA Corporation
2014-12-28 17:33 - 2014-12-28 17:33 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2014-12-28 17:33 - 2014-12-28 17:33 - 00000000 ____D () C:\Users\Guest\AppData\Local\NVIDIA
2014-12-28 17:32 - 2015-01-03 00:55 - 00000000 ____D () C:\Users\Guest
2014-12-28 17:32 - 2014-12-28 17:37 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-12-28 17:32 - 2014-12-28 17:32 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2014-12-28 17:32 - 2014-12-28 17:32 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Intel
2014-12-28 17:32 - 2013-04-08 21:05 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Macromedia
2014-12-28 17:32 - 2013-04-04 15:02 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\TuneUp Software
2014-12-28 17:32 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-28 17:32 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-28 16:50 - 2014-12-30 20:30 - 00001660 _____ () C:\Windows\system32\ASOROSet.bin
2014-12-28 16:50 - 2014-12-30 20:26 - 00000000 ____D () C:\Windows\system32\config\RCCBakup
2014-12-28 16:49 - 2014-12-28 16:49 - 00000000 ____D () C:\Users\Thomas\AppData\Local\WinSweeper
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-21 07:03 - 2009-07-13 23:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-21 07:03 - 2009-07-13 23:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-21 07:01 - 2013-03-21 12:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-21 06:59 - 2013-03-21 13:15 - 01843533 _____ () C:\Windows\WindowsUpdate.log
2015-01-21 06:56 - 2014-10-22 12:52 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-21 06:55 - 2013-09-22 16:00 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Skype
2015-01-21 06:54 - 2014-03-07 15:43 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2015-01-21 06:54 - 2013-03-22 18:54 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-21 06:53 - 2013-03-21 13:14 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-21 06:53 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-21 06:31 - 2013-03-22 18:54 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-21 05:22 - 2014-01-21 13:53 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Azureus
2015-01-21 02:35 - 2013-03-21 13:46 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-20 21:39 - 2013-03-21 15:34 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\vlc
2015-01-20 20:03 - 2013-09-06 08:37 - 00018861 _____ () C:\Users\Thomas\Documents\Sign Ons.odt
2015-01-20 15:18 - 2014-03-06 15:43 - 00027489 _____ () C:\Users\Thomas\Documents\Money Spent.ods
2015-01-20 11:29 - 2013-09-15 11:41 - 00103852 _____ () C:\Users\Thomas\Documents\Movies 1-15-15.ods
2015-01-20 10:15 - 2014-03-23 12:40 - 00000000 ____D () C:\Users\Thomas\Documents\5 Phone Back-Up
2015-01-19 18:57 - 2014-10-06 21:44 - 00016981 _____ () C:\Users\Thomas\Documents\Charities.odt
2015-01-15 18:56 - 2014-11-16 11:42 - 00000000 ____D () C:\Users\Thomas\Documents\Mom
2015-01-15 03:09 - 2013-08-15 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 03:01 - 2013-03-21 13:16 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 17:01 - 2013-03-21 12:24 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 17:01 - 2013-03-21 12:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 17:01 - 2013-03-21 12:24 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-10 23:51 - 2013-04-12 15:55 - 00000000 ____D () C:\Users\Thomas\.frostwire5
2015-01-08 17:12 - 2013-03-21 13:55 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-08 15:47 - 2013-09-03 19:55 - 00000000 ____D () C:\Users\Thomas\Documents\4 Personal
2015-01-04 14:16 - 2014-10-23 19:24 - 00000000 ____D () C:\ProgramData\AVG2015
2015-01-04 14:12 - 2013-03-21 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-01-04 14:12 - 2013-03-21 15:54 - 00000000 ____D () C:\Program Files (x86)\SUPERAntiSpyware
2015-01-04 14:04 - 2014-10-28 04:32 - 00518474 _____ () C:\Windows\PFRO.log
2015-01-03 19:08 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-03 10:20 - 2013-04-01 08:50 - 00028830 _____ () C:\Windows\wininit.ini
2015-01-03 00:48 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-01-03 00:02 - 2014-02-17 15:03 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-02 22:09 - 2014-11-04 16:12 - 00000000 ____D () C:\Windows\Minidump
2015-01-02 21:59 - 2013-03-21 13:14 - 00000000 ____D () C:\Users\Thomas
2014-12-31 17:58 - 2013-03-30 16:31 - 00001915 _____ () C:\Users\Public\Desktop\Sonos.lnk
2014-12-31 17:58 - 2013-03-30 16:31 - 00000000 ____D () C:\ProgramData\Sonos,_Inc
2014-12-31 17:58 - 2013-03-30 16:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonos
2014-12-31 17:58 - 2013-03-30 16:31 - 00000000 ____D () C:\Program Files (x86)\Sonos
2014-12-31 17:58 - 2013-03-25 15:50 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Downloaded Installations
2014-12-30 20:30 - 2009-07-13 21:34 - 79691776 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-12-30 20:30 - 2009-07-13 21:34 - 40108032 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-12-30 20:30 - 2009-07-13 21:34 - 00024576 _____ () C:\Windows\system32\config\SECURITY.bak
2014-12-30 20:27 - 2009-07-13 21:34 - 00057344 _____ () C:\Windows\system32\config\SAM.bak
2014-12-29 20:52 - 2013-03-21 19:50 - 00000000 ____D () C:\ProgramData\Sonic
2014-12-29 14:50 - 2014-09-20 22:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-12-29 14:50 - 2013-12-21 20:33 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-12-29 14:50 - 2013-12-21 20:33 - 00000000 ____D () C:\ProgramData\Skype
2014-12-29 14:21 - 2014-03-09 09:53 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-28 22:47 - 2014-01-21 14:44 - 00000000 ____D () C:\Program Files (x86)\sp
2014-12-28 21:40 - 2014-01-21 14:53 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2014-12-23 05:43 - 2014-11-26 19:38 - 00000000 ____D () C:\Program Files (x86)\FrostWire 6
==================== Files in the root of some directories =======
2014-04-06 18:40 - 2014-04-06 18:40 - 0000061 _____ () C:\Users\Thomas\AppData\Roaming\mbam.context.scan
2014-05-14 18:12 - 2014-05-14 18:12 - 0006656 _____ () C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-07 21:58 - 2014-11-23 23:50 - 0007609 _____ () C:\Users\Thomas\AppData\Local\Resmon.ResmonCfg
Some content of TEMP:
====================
C:\Users\Thomas\AppData\Local\Temp\SSUPDATE.EXE
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-14 00:47
==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Thomas at 2015-01-21 07:05:30
Running from C:\Users\Thomas\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.22 - STMicroelectronics)
Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4260 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.)
CyberLink PowerDVD 9.6 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.6.1.6523 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell MusicStage (HKLM-x32\...\{A74FA75D-6D95-4E66-AEDB-DC6FC5DC6D70}) (Version: 1.3.24.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{0D98F04D-11A1-4B64-A406-43292B9EEE90}) (Version: 1.5.0.130 - ArcSoft)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.1.1.1408 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.1.1.1408 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.35 - Creative Technology Ltd)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Free RAR Extractor (HKLM-x32\...\{6CB794C8-218C-430E-BF70-8BFE235C7A43}) (Version: 1.2.0.0 - iWesoft)
FrostWire 6.0.3 (HKLM-x32\...\FrostWire 6) (Version: 6.0.3.1 - FrostWire LLC)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2455 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}) (Version: 1.2.1.0608 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}) (Version: 14.03.0000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6449 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.27.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.27.0 - Renesas Electronics Corporation) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 28.1.83040 - Sonos, Inc.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
SUPERAntiSpyware Free Edition (HKLM-x32\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.35.0.1002 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.15.0 - Synaptics Incorporated)
TouchCopy 12 (HKLM-x32\...\{68E929BE-B3FE-4AF9-9C0C-C745E68BE203}) (Version: 12.07 - Wide Angle Software)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.5.0.0 - Azureus Software, Inc.)
Vuze Remote Toolbar v8.7 (HKLM-x32\...\{FDBA8A75-E114-4E0E-ABF0-ED881F00F21C}) (Version: 8.7 - Spigot, Inc.) <==== ATTENTION
WD Drive Utilities (HKLM-x32\...\{7431ED5D-9247-4F17-91C9-702D9B36FAC4}) (Version: 1.0.7.3 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{79966948-BECF-4CB1-A79F-E76C830A17D2}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{90C3D9C7-2F83-4399-8E28-A00228CFFDF8}) (Version: 1.0.7.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{7AE43D6C-B3F1-448D-AD84-1CDC7AC6EBC7}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{1891b882-48f7-442d-98d0-c1ce533f25bd}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinThruster (HKLM-x32\...\WinThruster_is1) (Version: 1.79 - solvusoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-895303375-2132951279-3078752421-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?
==================== Restore Points =========================
11-01-2015 16:17:26 WinThruster Sun, Jan 11, 15 16:17
15-01-2015 03:00:22 Windows Update
15-01-2015 07:46:57 WinThruster Thu, Jan 15, 15 07:46
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0CD3ED7D-3A40-4864-B615-658CF7E5B68F} - System32\Tasks\RegistryDr_Popup => C:\Program Files (x86)\Registry Dr\Splash.exe <==== ATTENTION
Task: {16EB30CE-8431-4229-914D-D107D78E3C28} - System32\Tasks\{FAF200B9-AAB6-4E5B-BAAE-56E8805064CC} => pcalua.exe -a C:\Users\Thomas\Downloads\R308016.exe -d C:\Users\Thomas\Downloads
Task: {18ADB8CC-5F6D-45D5-A8EC-65A180C2672B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {3083B9EB-EF8E-4654-AF45-9EFA4771855E} - System32\Tasks\{455C23DC-774E-4057-B746-BCBA027D5B9D} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-02-21] (Apple Inc.)
Task: {3306CEF4-C08F-4787-8900-97559E541BD0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-22] (Google Inc.)
Task: {3D749268-5665-4FC2-9019-01AA22AFF910} - System32\Tasks\{BE6F4515-A21D-4F8A-A1B4-CA27766593DB} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-02-21] (Apple Inc.)
Task: {3F6C7E9A-F43B-4216-9A72-6485C2F52280} - System32\Tasks\Ask4Expert\Smart PC Booster\Run at Windows Startup => C:\Program Files (x86)\Ask4Expert\Smart PC Booster 7\Integrator.exe
Task: {4FB88074-7787-4BEE-8A52-0D775EC7CBCB} - \ProgramRefresh-ATFST No Task File <==== ATTENTION
Task: {5342D16E-4B47-4862-9BFB-CD9DB1F6D825} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {54767A4A-DE7F-4AF1-A844-FD13CC87A0B3} - System32\Tasks\WinThruster => C:\Program Files (x86)\WinThruster\WinThruster.exe [2012-10-15] (Solvusoft Corporation)
Task: {57683B2B-8689-42F3-BEA1-30D60660D882} - System32\Tasks\{1B8BECE6-8F8B-4782-A4FA-2B1C40E2561E} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-02-21] (Apple Inc.)
Task: {6476C7A1-E293-4917-B38C-165E69A3DFE6} - System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {655C2CBB-C839-4050-AEA0-8B2C3D608731} - System32\Tasks\{BBB9D525-67FF-4B80-A17F-389B14DF0CBB} => C:\Program Files (x86)\AVG\AVG2014\avgui.exe
Task: {7127C344-4CE9-4D59-B3A3-8FB5ABA2092F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {71C89374-F9F9-46E6-BD43-6E37DDBDE064} - System32\Tasks\RegistryDr_Start => C:\Program Files (x86)\Registry Dr\RegistryDr.exe <==== ATTENTION
Task: {7D33A096-18C2-4CA8-893C-B9BA1BE541FC} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {7E11A1B7-B978-41C4-9549-42EA006BF9A1} - \ProgramUpdateCheck No Task File <==== ATTENTION
Task: {8CF7185C-54C1-465F-9EB0-606F3C1B53B2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {9976BDAF-AAA0-47AE-A427-4DD7F83E7A66} - System32\Tasks\4801 => Wscript.exe C:\Users\Thomas\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {A9243C64-83D6-4304-9A21-8FFB01EC2538} - System32\Tasks\Ask4Expert\Smart PC Booster\Daily Scan => C:\Program Files (x86)\Ask4Expert\Smart PC Booster 7\Helper.exe
Task: {ADC29DCD-C5A5-47A3-92BD-A8FEE83CC150} - \SaveSense No Task File <==== ATTENTION
Task: {BE00D7E1-7192-4BB2-94F7-70C8F77BBD45} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-22] (Google Inc.)
Task: {C73FCBBF-86E3-478C-A278-2217D9C0F761} - System32\Tasks\Test TimeTrigger => C:\Users\Thomas\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {DC5FDEF4-1F38-4338-8626-D6BA9B138AAF} - System32\Tasks\{FF38FF2D-CDB0-4833-A982-61E365A75718} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-02-21] (Apple Inc.)
Task: {E2565D33-D406-447B-BC4A-C7FD00DD4E19} - System32\Tasks\{0B849967-F715-4900-99AA-D437892DB384} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-02-21] (Apple Inc.)
Task: {E90C0FD4-B697-4E7F-8928-A7685C88E1BD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {EA898536-99DA-4308-A5ED-C79E4EFE86A4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {F4EE538F-ACA8-4DD9-881D-49AB7F97C4A9} - System32\Tasks\{43CA652A-10E3-4965-B112-9CF645B5A4BD} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-02-21] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SpeedUpMyPC Maintenance.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: C:\Windows\Tasks\SpeedUpMyPC Startup.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2011-11-01 12:58 - 2011-11-01 12:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-03-21 13:14 - 2014-03-04 08:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-03-21 12:37 - 2010-12-17 10:25 - 00686704 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2011-11-01 12:58 - 2011-11-01 12:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2013-03-18 20:37 - 2011-07-19 17:04 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-02-01 10:50 - 2012-02-01 10:50 - 02195824 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
2010-11-17 09:35 - 2010-11-17 09:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2012-02-01 10:50 - 2012-02-01 10:50 - 00968048 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-01 15:11 - 2013-11-01 15:11 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll
2014-02-17 15:03 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-02-17 15:03 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-02-17 15:03 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-02-17 15:03 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-02-17 15:03 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2012-02-01 10:44 - 2012-02-01 10:44 - 08151040 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\QtGui4.dll
2012-02-01 10:44 - 2012-02-01 10:44 - 02278400 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\QtCore4.dll
2010-11-24 21:44 - 2010-11-24 21:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2012-02-01 10:44 - 2012-02-01 10:44 - 08151040 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
2012-02-01 10:44 - 2012-02-01 10:44 - 02278400 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
2014-10-17 03:00 - 2014-10-17 03:00 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9b1cac8d98bd69d3e56a26ff2f96f266\IsdiInterop.ni.dll
2013-03-21 12:39 - 2011-01-12 17:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-895303375-2132951279-3078752421-500 - Administrator - Disabled)
Guest (S-1-5-21-895303375-2132951279-3078752421-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-895303375-2132951279-3078752421-1003 - Limited - Enabled)
Sonos (S-1-5-21-895303375-2132951279-3078752421-1006 - Limited - Enabled)
Thomas (S-1-5-21-895303375-2132951279-3078752421-1001 - Administrator - Enabled) => C:\Users\Thomas
==================== Faulty Device Manager Devices =============
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Microsoft Virtual WiFi Miniport Adapter #2
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (01/21/2015 06:57:29 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.
Error: (01/21/2015 06:57:29 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.
Error: (01/21/2015 06:57:05 AM) (Source: MsiInstaller) (EventID: 11720) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Error 1720. There is a problem with this Windows Installer package. A script required for this install to complete could not be run. Contact your support personnel or package vendor. Custom action GetFirefoxLocalProfilePath.AE456DBC_DDBA_441F_BC5E_0CF21D88B0A1 script error -2146827864, Microsoft VBScript runtime error: Object required: 'CreateObject(...).NameSpace(...)' Line 191, Column 7,
Error: (01/21/2015 06:54:48 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/21/2015 06:54:43 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/21/2015 06:54:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/21/2015 06:52:04 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/21/2015 06:51:36 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/21/2015 05:23:15 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/20/2015 10:14:19 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
System errors:
=============
Error: (01/21/2015 06:56:02 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL
Error: (01/21/2015 06:55:13 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (01/21/2015 06:53:32 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (01/21/2015 06:53:32 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (01/20/2015 09:19:29 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer ALICE
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{72654BD5-7C4D-4CFE-8DEC-306BD07E00FE}.
The master browser is stopping or an election is being forced.
Error: (01/20/2015 06:42:26 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (01/19/2015 07:04:48 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (01/19/2015 07:04:46 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer ALICE
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{72654BD5-7C4D-4CFE-8DEC-306BD07E00FE}.
The master browser is stopping or an election is being forced.
Error: (01/19/2015 05:51:11 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (01/18/2015 08:30:10 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
Microsoft Office Sessions:
=========================
Error: (01/21/2015 06:57:29 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (01/21/2015 06:57:29 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (01/21/2015 06:57:05 AM) (Source: MsiInstaller) (EventID: 11720) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Error 1720. There is a problem with this Windows Installer package. A script required for this install to complete could not be run. Contact your support personnel or package vendor. Custom action GetFirefoxLocalProfilePath.AE456DBC_DDBA_441F_BC5E_0CF21D88B0A1 script error -2146827864, Microsoft VBScript runtime error: Object required: 'CreateObject(...).NameSpace(...)' Line 191, Column 7, (NULL)(NULL)(NULL)(NULL)(NULL)
Error: (01/21/2015 06:54:48 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe
Error: (01/21/2015 06:54:43 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe
Error: (01/21/2015 06:54:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/21/2015 06:52:04 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe
Error: (01/21/2015 06:51:36 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe
Error: (01/21/2015 05:23:15 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe
Error: (01/20/2015 10:14:19 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe
==================== Memory info ===========================
Processor: Intel® Core™ i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 38%
Total physical RAM: 8086.17 MB
Available physical RAM: 4990.59 MB
Total Pagefile: 16170.52 MB
Available Pagefile: 12314.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:685.34 GB) (Free:214.87 GB) NTFS
Drive e: () (Removable) (Total:29.8 GB) (Free:12.53 GB) FAT32
Drive f: () (Removable) (Total:14.9 GB) (Free:2.54 GB) FAT32
Drive h: () (Fixed) (Total:29.8 GB) (Free:22.32 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: 1401EB3A)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=685.3 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
========================================================
Disk: 2 (Size: 29.8 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
========================================================
Disk: 3 (Size: 29.8 GB) (Disk ID: C92281A6)
Partition 1: (Not Active) - (Size=29.8 GB) - (Type=0C)
==================== End Of Log ============================

Edited by Oh My!, 21 January 2015 - 10:28 AM.


#5 tkennedy41

tkennedy41
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 21 January 2015 - 07:23 AM

Not sure the Summary file attached as it was suppose to, so I trying it again.



#6 tkennedy41

tkennedy41
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 21 January 2015 - 07:34 AM

Sorry, I forgot to Zip it, here it is.

 

Tom

Attached Files



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,005 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:20 AM

Posted 21 January 2015 - 10:48 AM

Greetings,

First, I have posted in the Windows 7 Forum that your issues are being addressed here. Your computer is infected and I am going to request you abandon the Windows 7 Topic and work solely here.

I have steps for you to take but I must first advise you of the following.

===================================================

BACKDOOR WARNING!

--------------------

One or more of the identified infections is a Backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Please let me know if you have already noticed evidences of financial institution irregularities. Those accounts should be monitored from this point forward.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
 

Here are some thoughts I have put together for people who ask what they should do in light of the infection. Ultimately each user must decide for themselves what to do and the below are things you might want to consider.

It is necessary for us to at least make you aware of the worse case scenario. This is because of the potential Backdoor Trojans bring with them, but it is not a determination on our part that your situation currently falls within this worse case scenario.

Ultimately it is a personal decision whether to reformat or not. What decision should you make to let you sleep well at night? It is different for different people. I will say whether rightly or wrongly most people decide to clean and not reformat, at least initially.

The only insight I can offer is how I evaluate the issue personally even though I have never had a Backdoor Trojan on my computer. One of the primary purposes for malicious software is to somehow separate you from your money. It seems reasonable to assume that a thief trying to take your money via a Backdoor Trojan will hit you hard, and quickly. Once your computer starts to act up and you become suspicious you have the opportunity to eliminate access to your computer and change the information taken, namely account and password information. The key to this, in my opinion, is whether or not you have noticed any irregularities in your banking or other financial institutions, or things like email and social network accounts (i.e. Facebook). If you have not seen any evidence of that then you may question whether your information has truly been stolen. If it seems it hasn't, and your critical information has been changed, it is reasonable to be more confident you are safe but you must stop short of claiming an absolute guarantee.

If, after careful consideration you decide not to reformat your computer it would be wise to continue monitoring your sensitive data and don't wait to address future symptoms on your computer which seem to be malware related.

The bottom line, the only way to be absolutely sure to be rid of a Backdoor Trojan is to reformat. The decision is yours.

Oh My!


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

===================================================

Use of Registry Cleaner Not Recommended

--------------------

BleepingComputer DOES NOT recommend the use of registry cleaners/optimizers or the registry cleaner component of software for several reasons:
  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.
    • The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
  • Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.
If you persist in using a registry cleaner you should always backup the registry before doing so.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-895303375-2132951279-3078752421-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-895303375-2132951279-3078752421-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_23_ie&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0DtBtB0BzzyCyDyEtAtAtN0D0Tzu0SzzzzzytN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBtC0CtCyBzzzz0EtGyEyC0CzytGtAzy0E0FtGyEtB0DtBtGtAtB0CyB0CzztAyE0C0Dzz0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtC0C0CyBzy0A0DtGtD0AyDzztGzy0ByE0AtG0DyBtByDtGyCyC0A0Ezy0EtC0B0ByBzy0E2QtN1B1L1H1Ezu1O2U1M1B&cr=2119126984&ir=
BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKU\S-1-5-21-895303375-2132951279-3078752421-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKU\S-1-5-21-895303375-2132951279-3078752421-1001 -> No Name - {46575637-0076-A76A-76A7-7A786E7484D7} - No File
CustomCLSID: HKU\S-1-5-21-895303375-2132951279-3078752421-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?
Task: {0CD3ED7D-3A40-4864-B615-658CF7E5B68F} - System32\Tasks\RegistryDr_Popup => C:\Program Files (x86)\Registry Dr\Splash.exe <==== ATTENTION
Task: {4FB88074-7787-4BEE-8A52-0D775EC7CBCB} - \ProgramRefresh-ATFST No Task File <==== ATTENTION
Task: {5342D16E-4B47-4862-9BFB-CD9DB1F6D825} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {6476C7A1-E293-4917-B38C-165E69A3DFE6} - System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {71C89374-F9F9-46E6-BD43-6E37DDBDE064} - System32\Tasks\RegistryDr_Start => C:\Program Files (x86)\Registry Dr\RegistryDr.exe <==== ATTENTION
Task: {7D33A096-18C2-4CA8-893C-B9BA1BE541FC} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {7E11A1B7-B978-41C4-9549-42EA006BF9A1} - \ProgramUpdateCheck No Task File <==== ATTENTION
Task: {9976BDAF-AAA0-47AE-A427-4DD7F83E7A66} - System32\Tasks\4801 => Wscript.exe C:\Users\Thomas\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {ADC29DCD-C5A5-47A3-92BD-A8FEE83CC150} - \SaveSense No Task File <==== ATTENTION
Task: {C73FCBBF-86E3-478C-A278-2217D9C0F761} - System32\Tasks\Test TimeTrigger => C:\Users\Thomas\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: C:\Windows\Tasks\SpeedUpMyPC Maintenance.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: C:\Windows\Tasks\SpeedUpMyPC Startup.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
C:\Users\Thomas\AppData\Local\GCC
C:\Program Files (x86)\Registry Dr
C:\Users\Thomas\AppData\Local\Temp\launchie.vbs
C:\Users\Thomas\AppData\Local\Temp\Runner.exe
C:\Program Files (x86)\Uniblue\SpeedUpMyPC
EmptyTemp:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 tkennedy41

tkennedy41
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 21 January 2015 - 11:42 AM

Thanks for your help. I see my Windows 7 topic is closed. I thought maybe they were unrelated. I will try your suggestions a little later, I will be a little busy for the next few hours. I do use my Laptop for banking. I have no Reboot or Reformat disk. All of my data and files are either on external drives or backed up. I also have a Dell Waranty. So I'm full in to fix this thing. I also have a Home Computer if needed.

#9 tkennedy41

tkennedy41
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 21 January 2015 - 11:52 AM

One other thought, I was considering a new Laptop but was having trouble finding a Blu-ray capable one without spending a fortune. I do want to use my current Laptop for banking so maybe I do need a new one if this Backdoor Trojan will be a continuous problem. Any thoughts will be appreciated.

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,005 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:20 AM

Posted 21 January 2015 - 12:52 PM

Greetings,
 

I thought maybe they were unrelated.

They may be unrelated but if so we will try to resolve the issue here as well.

 

It is a tough call but I personally would be driven by whether or not I see any evidence my banking, password, or other information has been compromised. If you don't see evidence of that and you change your passwords you may want to consider leaving things as is until such time as you see irregular activity related to your sensitive data. Whether right or wrong that is what most people do.

 

I believe your computer has a Recovery Partition that is available to restore your computer back to factory condition if you want to do that.

 

Let me know.


Edited by Oh My!, 21 January 2015 - 12:52 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 tkennedy41

tkennedy41
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 21 January 2015 - 02:22 PM

Yes before I got rid of the last problem, that is what I was going to do. Except for my ITunes, I'm about ready to reformat. I will go through everything today to make sure I'm ready. I did have a blip about 2 months ago with my bank and my debit card but I changed cards and nothing ever deducted from my account. This was before I had any computer problems. I have not noticed any other problems. One other question? Will you notice someone accessing your computer while you're on it or will they try it when it's dormant? Can they access in Sleep mode?

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,005 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:20 AM

Posted 21 January 2015 - 02:57 PM

The issue of ongoing access hinges on your internet connection. So if you are in Safe Mode with Networking then yes, there is an avenue of access. Conversely, if you boot into either Normal Mode or Safe Mode while being disconnected from the internet then for that period of time information can't be successfully sent to or from your computer.

Typically they do not make it obvious by taking control of your computer in a noticeable way. There are compromises made to your computer that allow for automated functions which then send information and/or data to a computer location accessed and controlled by others for not so nice purposes.

Here is a link for you to review in order to evaluate the possibility of a factory reset. Clearly this is the most effective step to rid yourself of the current infection. Might be a little bit of a hassle but it sounds like you will not have a lot to do to recreate what you have now.

 

If you decide to reformat I would be happy to hang with you until you are up and running.  Let me know.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 tkennedy41

tkennedy41
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 21 January 2015 - 03:50 PM

I am currently adding my ITunes to my Home Desktop Computer. I will try cleaning this one but I will eventually like to start over. I may need your help but it looks like you've given me the necessary steps. Thanks again.



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,005 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:20 AM

Posted 21 January 2015 - 03:55 PM

Very good. Once you are able to post the results of Post #7 we will carry on. :thumbsup2:


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 tkennedy41

tkennedy41
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 21 January 2015 - 04:00 PM

Is there a trick to copying the Code Box. I can't figure it out. I can't highlight so it won't let me copy it.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users