Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast will not start or be removed


  • This topic is locked This topic is locked
15 replies to this topic

#1 ahscotty

ahscotty

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hobart , Tasmania ,Australia
  • Local time:06:28 PM

Posted 13 April 2015 - 08:56 PM

hi all ,have already had help with this problem on here ( http://www.bleepingcomputer.com/forums/t/573138/cannot-start-any-av-and-mbam-chameleon-etc-will-not-start/ )  and the moderater has instructed me to produce some ( Farbar ) logs and post them in this section. Thanks guys for the help, and i hope i have done this correctly. Ps i screwed it up ,i was meant to attach the Additional txt file ,not paste ,so i have now attatched it.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2015
Ran by ahscotty (administrator) on WORKSTATION-PC on 14-04-2015 11:46:08
Running from C:\Users\ahscotty\Desktop
Loaded Profiles: ahscotty & postgres (Available profiles: ahscotty & postgres)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\ahscotty\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Sysinternals - www.sysinternals.com) C:\Users\ahscotty\Desktop\autoruns.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8447192 2015-04-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-22] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-20] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1359113973-2604028188-1972822311-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1359113973-2604028188-1972822311-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-1359113973-2604028188-1972822311-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-1359113973-2604028188-1972822311-1000\...\Run: [GoogleChromeAutoLaunch_E6998FD7E8F6E8EA8A6C05D03D080623] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-31] (Google Inc.)
HKU\S-1-5-21-1359113973-2604028188-1972822311-1000\...\MountPoints2: {1d1cfbf4-3a10-11e4-8bc9-806e6f6e6963} - D:\Bin\ASSETUP.exe
HKU\S-1-5-21-1359113973-2604028188-1972822311-1000\...\MountPoints2: {8a3f06a8-3998-11e4-9586-806e6f6e6963} - D:\SETUP.EXE
HKU\S-1-5-18\...\Run: [Advanced SystemCare 8] => "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto
Startup: C:\Users\ahscotty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\ahscotty\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ahscotty\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ahscotty\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ahscotty\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ahscotty\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ahscotty\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ahscotty\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ahscotty\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-11-22] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-11-22] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: No Name -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} ->  No File
Toolbar: HKU\S-1-5-21-1359113973-2604028188-1972822311-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\ahscotty\AppData\Roaming\Mozilla\Firefox\Profiles\odbapajy.default
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: https://www.google.com.au/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-04-13] ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2014-09-12] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2014-09-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2014-08-01] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF SearchPlugin: C:\Users\ahscotty\AppData\Roaming\Mozilla\Firefox\Profiles\odbapajy.default\searchplugins\google-avast.xml [2015-02-04]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\ahscotty\AppData\Roaming\Mozilla\Firefox\Profiles\odbapajy.default\Extensions\artur.dubovoy@gmail.com [2015-03-20]
FF Extension: NetVideoHunter - C:\Users\ahscotty\AppData\Roaming\Mozilla\Firefox\Profiles\odbapajy.default\Extensions\netvideohunter@netvideohunter.com [2015-03-10]
FF Extension: Youtube Downloader - 4K Download - C:\Users\ahscotty\AppData\Roaming\Mozilla\Firefox\Profiles\odbapajy.default\Extensions\paulsaintuzb@gmail.com [2015-03-23]
FF Extension: Blue Fox - C:\Users\ahscotty\AppData\Roaming\Mozilla\Firefox\Profiles\odbapajy.default\Extensions\{241aae70-0022-11de-87af-0800200c9a66} [2015-02-04]
FF Extension: FT DeepDark - C:\Users\ahscotty\AppData\Roaming\Mozilla\Firefox\Profiles\odbapajy.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2015-03-01]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\ahscotty\AppData\Roaming\Mozilla\Firefox\Profiles\odbapajy.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-09-11]
FF Extension: Gmail Notifier (restartless) - C:\Users\ahscotty\AppData\Roaming\Mozilla\Firefox\Profiles\odbapajy.default\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi [2014-09-11]
FF Extension: Personas Plus - C:\Users\ahscotty\AppData\Roaming\Mozilla\Firefox\Profiles\odbapajy.default\Extensions\personas@christopher.beard.xpi [2014-09-11]
FF Extension: Adblock Plus - C:\Users\ahscotty\AppData\Roaming\Mozilla\Firefox\Profiles\odbapajy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-16]
FF Extension: No Name - C:\Users\ahscotty\AppData\Roaming\Mozilla\Firefox\Profiles\odbapajy.default\extensions\iobitascsurfingprotection@iobit.com [Not Found]

Chrome:
=======
CHR Profile: C:\Users\ahscotty\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Glow) - C:\Users\ahscotty\AppData\Local\Google\Chrome\User Data\Default\Extensions\bekmjjakgojplnhahcilegeiklenjbgb [2015-04-13]
CHR Extension: (Google Cast) - C:\Users\ahscotty\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-02-13]
CHR Extension: (No Name) - C:\Users\ahscotty\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2015-02-05]
CHR Extension: (Google Cast (Beta)) - C:\Users\ahscotty\AppData\Local\Google\Chrome\User Data\Default\Extensions\dliochdbjfkdbacpmhlcpmleaejidimm [2015-04-10]
CHR Extension: (Avast Online Security) - C:\Users\ahscotty\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-03]
CHR Extension: (Custom Google™ Background) - C:\Users\ahscotty\AppData\Local\Google\Chrome\User Data\Default\Extensions\jepibmfmhopgkplegmkjgifmhabbjadg [2015-02-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\ahscotty\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-05]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\ahscotty\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-02-04]
CHR Extension: (LocalChromecast Player) - C:\Users\ahscotty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmladpigjlinmngadjgfogblnmddndcp [2015-04-10]
CHR Extension: (Google Wallet) - C:\Users\ahscotty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-05]
CHR HKU\S-1-5-21-1359113973-2604028188-1972822311-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\ahscotty\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-02-03]
CHR HKU\S-1-5-21-1359113973-2604028188-1972822311-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-22] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-22] (Avast Software)
R2 btwdins; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [396288 2006-01-17] (Broadcom Corporation.) [File not signed]
S2 BubbleUPnP Server; C:\Program Files (x86)\BubbleUPnP Server\BubbleUPnPServer.exe [420352 2014-07-24] () [File not signed]
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319080 2015-03-13] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-20] (Intel Corporation)
R2 postgresql-x64-9.2; C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe [89600 2013-04-02] (PostgreSQL Global Development Group) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-08-08] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 AdobeFlashPlayerUpdateSvc; No ImagePath

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-22] ()
S3 BTKRNL; C:\Windows\System32\DRIVERS\btkrnl.sys [1106944 2006-01-17] (Broadcom Corporation.) [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-09-14] (Disc Soft Ltd)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-01-06] (REALiX™)
R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2013-01-25] (ASUSTeK Computer Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2015-03-13] (Intel Corporation)
S3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [559320 2014-09-12] (Realtek Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2014-09-12] (Synaptics Incorporated)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-22] (Avast Software)
S2 BTSERIAL; \??\C:\Windows\system32\drivers\btserial.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-14 11:46 - 2015-04-14 11:46 - 00020509 _____ () C:\Users\ahscotty\Desktop\FRST.txt
2015-04-14 11:46 - 2015-04-14 11:46 - 00000000 ____D () C:\FRST
2015-04-14 11:42 - 2015-04-14 11:42 - 02096640 _____ (Farbar) C:\Users\ahscotty\Desktop\FRST64.exe
2015-04-14 11:41 - 2015-04-14 11:44 - 00003137 _____ () C:\Windows\system32\DB1785135886
2015-04-14 11:37 - 2015-04-14 11:37 - 00000871 _____ () C:\Users\ahscotty\Desktop\checkup.txt
2015-04-14 11:34 - 2015-04-14 11:34 - 00852616 _____ () C:\Users\ahscotty\Desktop\SecurityCheck.exe
2015-04-14 10:41 - 2015-04-14 10:41 - 07058640 _____ () C:\Users\ahscotty\Desktop\WORKSTATION-PC.arn
2015-04-14 10:40 - 2015-03-08 10:31 - 00583832 _____ (Sysinternals - www.sysinternals.com) C:\Users\ahscotty\Desktop\autorunsc.exe
2015-04-14 10:40 - 2015-03-08 10:22 - 00670880 _____ (Sysinternals - www.sysinternals.com) C:\Users\ahscotty\Desktop\autoruns.exe
2015-04-14 10:40 - 2015-01-04 15:04 - 00050512 _____ () C:\Users\ahscotty\Desktop\autoruns.chm
2015-04-14 10:40 - 2014-06-28 16:47 - 00002028 _____ () C:\Users\ahscotty\Desktop\Eula.txt
2015-04-14 10:39 - 2015-04-14 10:39 - 00588816 _____ () C:\Users\ahscotty\Desktop\Autoruns.zip
2015-04-14 10:23 - 2015-04-14 10:35 - 00000000 ____D () C:\Windows\pss
2015-04-14 10:18 - 2015-04-14 11:38 - 00000000 ____D () C:\Users\ahscotty\AppData\Roaming\tor
2015-04-14 10:04 - 2015-04-14 10:04 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-04-14 09:46 - 2015-04-14 09:46 - 00036776 _____ () C:\Users\ahscotty\Desktop\Mini toolbox Result.txt
2015-04-14 09:45 - 2015-04-14 09:46 - 00036776 _____ () C:\Users\ahscotty\Desktop\Result.txt
2015-04-14 09:44 - 2015-04-14 09:44 - 00402944 _____ (Farbar) C:\Users\ahscotty\Desktop\MiniToolBox.exe
2015-04-14 09:03 - 2015-04-14 09:03 - 00262144 _____ () C:\Windows\Minidump\041415-48875-01.dmp
2015-04-13 20:06 - 2015-04-13 20:06 - 02217984 _____ () C:\Users\ahscotty\Downloads\adwcleaner_4.201.exe
2015-04-13 20:05 - 2015-04-13 20:05 - 02686959 _____ (Thisisu) C:\Users\ahscotty\Downloads\JRT.exe
2015-04-13 20:05 - 2015-04-13 20:05 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-WORKSTATION-PC-Windows-7-Ultimate-(64-bit).dat
2015-04-13 20:05 - 2015-04-13 20:05 - 00000000 ____D () C:\RegBackup
2015-04-13 20:02 - 2015-04-13 20:02 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\ahscotty\Downloads\iExplore.exe
2015-04-13 20:02 - 2015-04-13 20:02 - 00001456 _____ () C:\Users\ahscotty\Desktop\iExplore - Shortcut.lnk
2015-04-13 20:01 - 2015-04-13 20:01 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\ahscotty\Desktop\rkill.exe
2015-04-13 19:58 - 2015-04-13 19:58 - 00000000 ____D () C:\Users\ahscotty\Downloads\mbam-chameleon-3.1.16.0
2015-04-13 19:55 - 2015-04-13 19:55 - 00977624 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2015-04-13 19:55 - 2015-04-13 19:55 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2015-04-13 19:55 - 2015-04-13 19:55 - 00000000 ____D () C:\Users\ahscotty\Desktop\Chameleon
2015-04-13 19:53 - 2015-04-13 19:54 - 06289130 _____ () C:\Users\ahscotty\Downloads\mbam-chameleon-3.1.16.0.zip
2015-04-13 19:53 - 2015-04-13 19:53 - 72113152 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2015-04-13 19:53 - 2015-04-13 19:53 - 12975360 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2015-04-13 19:53 - 2015-04-13 19:53 - 07087448 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2015-04-13 19:53 - 2015-04-13 19:53 - 05486344 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV2apo.dll
2015-04-13 19:53 - 2015-04-13 19:53 - 04408792 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-04-13 19:53 - 2015-04-13 19:53 - 03218800 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-04-13 19:53 - 2015-04-13 19:53 - 02902040 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-04-13 19:53 - 2015-04-13 19:53 - 02888920 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-04-13 19:53 - 2015-04-13 19:53 - 02808176 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2015-04-13 19:53 - 2015-04-13 19:53 - 02702040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-04-13 19:53 - 2015-04-13 19:53 - 02498416 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RltkAPO.dll
2015-04-13 19:53 - 2015-04-13 19:53 - 02421480 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE2.dll
2015-04-13 19:53 - 2015-04-13 19:53 - 01939800 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2015-04-13 19:53 - 2015-04-13 19:53 - 01709083 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-04-13 19:53 - 2015-04-13 19:53 - 01708248 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-04-13 19:53 - 2015-04-13 19:53 - 01411096 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
2015-04-13 19:53 - 2015-04-13 19:53 - 01360640 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2015-04-13 19:53 - 2015-04-13 19:53 - 01298136 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-04-13 19:53 - 2015-04-13 19:53 - 01104040 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2015-04-13 19:53 - 2015-04-13 19:53 - 00943784 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2015-04-13 19:53 - 2015-04-13 19:53 - 00734376 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2015-04-13 19:53 - 2015-04-13 19:53 - 00647656 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN64.dll
2015-04-13 19:53 - 2015-04-13 19:53 - 00631000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-04-13 19:53 - 2015-04-13 19:53 - 00451608 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
2015-04-13 19:53 - 2015-04-13 19:53 - 00366616 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
2015-04-13 19:53 - 2015-04-13 19:53 - 00336144 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64AF3.dll
2015-04-13 19:53 - 2015-04-13 19:53 - 00326680 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
2015-04-13 19:53 - 2015-04-13 19:53 - 00326680 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2015-04-13 19:53 - 2015-04-13 19:53 - 00315736 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2015-04-13 19:53 - 2015-04-13 19:53 - 00306288 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2015-04-13 19:53 - 2015-04-13 19:53 - 00284944 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64F3.dll
2015-04-13 19:53 - 2015-04-13 19:53 - 00261464 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2015-04-13 19:53 - 2015-04-13 19:53 - 00250536 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2015-04-13 19:46 - 2015-04-13 19:48 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\ahscotty\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-13 19:27 - 2015-04-13 19:28 - 05481336 _____ (Avast Software s.r.o.) C:\Users\ahscotty\Downloads\avast_free_antivirus_setup_online_cnet.exe
2015-04-13 19:26 - 2015-04-13 19:27 - 05581328 _____ (Avast Software s.r.o.) C:\Users\ahscotty\Desktop\avastclear.exe
2015-04-13 19:10 - 2015-04-14 09:03 - 00000000 ____D () C:\Windows\Minidump
2015-04-13 19:10 - 2015-04-13 19:10 - 00262144 _____ () C:\Windows\Minidump\041315-46269-01.dmp
2015-04-13 16:02 - 2015-04-13 16:16 - 00000000 ____D () C:\Users\ahscotty\Desktop\Points 13-04-15
2015-04-10 13:35 - 2015-04-10 13:35 - 00000000 ___HD () C:\ProgramData\CanonBJ
2015-04-10 13:15 - 2015-04-13 16:04 - 00000000 ____D () C:\Users\ahscotty\Desktop\print pics
2015-04-10 07:35 - 2015-04-13 16:14 - 00115308 ____H () C:\Users\ahscotty\Desktop\ZbThumbnail.info
2015-04-10 04:16 - 2015-04-13 00:38 - 01226652 _____ () C:\Windows\system32\CFG1785135886
2015-04-09 15:27 - 2015-04-09 15:27 - 06242576 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64AF3.dll
2015-04-09 15:27 - 2015-04-09 15:27 - 01933584 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64AF3.dll
2015-04-09 15:27 - 2015-04-09 15:27 - 00833512 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA64.dll
2015-04-09 15:27 - 2015-04-09 15:27 - 00539624 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SECOMN32.DLL
2015-04-09 15:27 - 2015-04-09 15:27 - 00432104 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO64.dll
2015-04-09 15:27 - 2015-04-09 15:27 - 00213432 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaemaxapo64.dll
2015-04-05 07:00 - 2015-04-14 13:03 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-05 07:00 - 2015-04-05 07:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-03-31 06:55 - 2015-03-31 06:55 - 73825044 _____ () C:\Users\ahscotty\Desktop\2015_0330_141031_002.MOV.MP4
2015-03-30 14:56 - 2015-03-30 13:29 - 04851408 _____ () C:\Users\ahscotty\Desktop\2015_0330_142929_005.MOV
2015-03-30 14:56 - 2015-03-30 13:28 - 04163212 _____ () C:\Users\ahscotty\Desktop\2015_0330_142857_004.MOV
2015-03-30 14:56 - 2015-03-30 13:18 - 19926700 _____ () C:\Users\ahscotty\Desktop\2015_0330_141812_003.MOV
2015-03-30 14:55 - 2015-03-30 13:18 - 910023612 _____ () C:\Users\ahscotty\Desktop\2015_0330_141031_002.MOV
2015-03-30 14:55 - 2015-03-29 10:13 - 06031228 _____ () C:\Users\ahscotty\Desktop\2015_0329_111313_001.MOV
2015-03-27 09:05 - 2015-03-27 09:06 - 05344528 _____ (Piriform Ltd) C:\Users\ahscotty\Downloads\ccsetup504.exe
2015-03-27 09:00 - 2015-03-27 09:01 - 01054912 _____ (Adobe) C:\Users\ahscotty\Downloads\install_flashplayer17x32au_mssd_aaa_aih.exe
2015-03-26 06:30 - 2015-03-26 06:30 - 00000197 _____ () C:\Windows\system32\2015-03-25-20-30-34.094-AvastVBoxSVC.exe-4916.log
2015-03-26 06:26 - 2015-03-26 06:30 - 00000197 _____ () C:\Windows\system32\2015-03-25-20-26-35.048-AvastVBoxSVC.exe-5100.log
2015-03-26 06:20 - 2015-03-26 06:20 - 00000197 _____ () C:\Windows\system32\2015-03-25-20-20-42.011-AvastVBoxSVC.exe-4544.log
2015-03-26 06:18 - 2015-03-26 06:18 - 00000197 _____ () C:\Windows\system32\2015-03-25-20-18-25.054-AvastVBoxSVC.exe-3144.log
2015-03-26 06:17 - 2015-04-14 10:16 - 00012356 _____ () C:\Windows\PFRO.log
2015-03-26 06:16 - 2015-03-26 06:16 - 00000000 ____H () C:\asc_rdflag
2015-03-25 20:17 - 2015-03-11 14:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 20:17 - 2015-03-11 14:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 20:17 - 2015-03-11 14:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 20:17 - 2015-03-11 14:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 20:17 - 2015-03-11 14:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 20:17 - 2015-03-11 14:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 20:17 - 2015-03-11 14:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 20:17 - 2015-03-11 14:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-22 13:27 - 2015-04-14 09:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-22 00:00 - 2015-04-14 10:36 - 00001639 _____ () C:\Windows\setupact.log
2015-03-22 00:00 - 2015-03-22 00:00 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-19 16:40 - 2015-03-19 18:23 - 343401606 _____ () C:\Users\ahscotty\Downloads\Green Elephant (1999) Eng Sub.mp4
2015-03-17 20:44 - 2015-03-17 20:44 - 215594962 _____ () C:\Users\ahscotty\Downloads\The Mitchell and Webb Situation S01E01.avi
2015-03-15 13:17 - 2015-03-15 13:18 - 05325696 _____ (Piriform Ltd) C:\Users\ahscotty\Downloads\ccsetup503.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-14 13:03 - 2015-02-13 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-14 13:03 - 2015-02-01 14:26 - 00000000 ____D () C:\Users\ahscotty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iDealshare
2015-04-14 13:03 - 2015-01-10 15:30 - 00000000 ____D () C:\Users\ahscotty\AppData\Local\CANON_INC
2015-04-14 13:03 - 2014-09-23 10:25 - 00000000 ____D () C:\Users\ahscotty\AppData\Roaming\vlc
2015-04-14 13:03 - 2014-09-12 10:56 - 00000000 ____D () C:\ProgramData\ProductData
2015-04-14 13:03 - 2014-09-12 10:55 - 00000000 ____D () C:\Users\ahscotty\AppData\Roaming\IObit
2015-04-14 13:03 - 2014-09-11 19:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-14 13:03 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\system32\sysprep
2015-04-14 13:03 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\security
2015-04-14 13:03 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\registration
2015-04-14 13:02 - 2014-09-11 19:56 - 00000000 ____D () C:\Users\ahscotty\AppData\Local\Mozilla
2015-04-14 13:01 - 2014-09-11 18:44 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-14 13:01 - 2012-06-20 01:37 - 00000000 ____D () C:\Program Files (x86)\AviSynth 2.6
2015-04-14 11:30 - 2014-09-11 19:51 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2015-04-14 11:05 - 2014-09-11 18:44 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-14 11:04 - 2014-09-11 20:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-14 10:45 - 2009-07-14 14:45 - 00029776 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-14 10:45 - 2009-07-14 14:45 - 00029776 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-14 10:43 - 2009-07-14 15:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-14 10:42 - 2014-09-12 10:06 - 01173123 _____ () C:\Windows\WindowsUpdate.log
2015-04-14 10:38 - 2014-09-11 20:15 - 00000000 ___RD () C:\Users\ahscotty\Dropbox
2015-04-14 10:38 - 2014-09-11 20:14 - 00000000 ____D () C:\Users\ahscotty\AppData\Roaming\Dropbox
2015-04-14 10:37 - 2015-02-03 11:46 - 00000000 ___RD () C:\Users\ahscotty\Google Drive
2015-04-14 10:37 - 2014-09-11 18:44 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-14 10:36 - 2014-09-11 23:02 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2015-04-14 10:36 - 2009-07-14 15:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-14 10:31 - 2014-11-22 12:34 - 00002170 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-04-14 10:17 - 2015-02-01 12:43 - 00000000 ____D () C:\Users\postgres
2015-04-14 10:16 - 2014-09-12 10:55 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-04-14 10:01 - 2014-09-11 20:43 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-04-14 09:03 - 2014-10-01 16:46 - 00000000 ____D () C:\Program Files (x86)\BubbleUPnP Server
2015-04-13 20:12 - 2014-09-11 20:15 - 00000988 _____ () C:\Users\ahscotty\Desktop\Dropbox.lnk
2015-04-13 20:12 - 2014-09-11 20:14 - 00000000 ____D () C:\Users\ahscotty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-13 20:11 - 2014-10-13 11:35 - 00000000 ____D () C:\AdwCleaner
2015-04-13 19:55 - 2014-09-11 19:39 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2015-04-13 19:54 - 2014-09-11 19:36 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-04-13 19:51 - 2015-02-01 14:26 - 00000000 ____D () C:\Program Files (x86)\iDealshare
2015-04-13 19:25 - 2014-09-11 20:41 - 00000000 ____D () C:\Users\ahscotty\AppData\Local\Adobe
2015-04-13 19:24 - 2014-09-11 20:43 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-13 19:24 - 2014-09-11 20:43 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-13 19:24 - 2014-09-11 20:43 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-13 19:16 - 2014-09-11 18:36 - 00000000 ____D () C:\Users\ahscotty
2015-04-13 19:12 - 2014-09-12 10:57 - 00000000 ____D () C:\Users\ahscotty\AppData\Roaming\ProductData
2015-04-13 17:36 - 2011-04-12 18:28 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-04-13 15:21 - 2015-01-10 15:35 - 00000000 ____D () C:\Users\ahscotty\AppData\Roaming\ZoomBrowser EX
2015-04-13 15:21 - 2014-11-01 13:03 - 00000000 ____D () C:\ProgramData\ZoomBrowser
2015-04-10 21:56 - 2014-09-12 12:26 - 00000000 ____D () C:\Users\ahscotty\AppData\Local\CrashDumps
2015-04-10 13:47 - 2014-09-11 18:36 - 00000000 ____D () C:\Users\ahscotty\AppData\Local\VirtualStore
2015-04-10 10:53 - 2014-09-12 11:43 - 00000000 ____D () C:\Users\ahscotty\AppData\Local\Windows Live
2015-04-03 16:08 - 2015-02-13 17:04 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-27 09:06 - 2015-01-06 17:31 - 00000782 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-27 09:06 - 2014-09-11 20:31 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-27 09:04 - 2014-10-17 14:06 - 00000000 ____D () C:\Program Files (x86)\Mission Planner
2015-03-26 06:16 - 2015-03-13 09:43 - 69001216 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag
2015-03-26 06:16 - 2015-03-13 09:43 - 00311296 _____ () C:\Windows\system32\config\DEFAULT.iodefrag
2015-03-26 06:16 - 2015-03-13 09:43 - 00061440 _____ () C:\Windows\system32\config\SAM.iodefrag
2015-03-26 06:16 - 2015-03-13 09:43 - 00028672 _____ () C:\Windows\system32\config\SECURITY.iodefrag
2015-03-26 06:16 - 2014-09-15 09:49 - 69001216 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2015-03-26 06:16 - 2014-09-15 09:49 - 00311296 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
2015-03-26 06:16 - 2014-09-15 09:49 - 00061440 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
2015-03-26 06:16 - 2014-09-15 09:49 - 00028672 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
2015-03-26 06:15 - 2014-12-11 06:18 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-26 06:15 - 2014-09-12 10:29 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-15 13:38 - 2014-09-11 20:33 - 00000000 ____D () C:\Users\ahscotty\Documents\CCleaner Entries
2015-03-15 13:11 - 2009-07-14 15:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

==================== Files in the root of some directories =======

2015-02-01 12:02 - 2015-03-10 14:01 - 0003584 _____ () C:\Users\ahscotty\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-06 15:08 - 2015-02-06 15:08 - 0000877 _____ () C:\Users\ahscotty\AppData\Local\recently-used.xbel
2014-09-12 11:08 - 2014-09-12 11:08 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\ahscotty\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfmdrp1.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-14 09:33

==================== End Of Log ============================

 

 

ADDITIONAL :

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2015
Ran by ahscotty at 2015-04-14 11:46:35
Running from C:\Users\ahscotty\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 - Michael Tippach)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.020 - ASUSTek Computer Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
BubbleUPnP Server (HKLM-x32\...\BubbleUPnP Server) (Version:  - )
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Canon RAW Codec (HKLM-x32\...\Canon RAW Codec) (Version: 1.11.0.75 - Canon Inc.)
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 2.6.0.13 - )
Canon Utilities Digital Photo Professional 3.0 (HKLM-x32\...\DPP) (Version: 3.0.2.6 - )
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.0.2.26 - )
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.19.43 - )
Canon Utilities WFT-E1/E2 Utility (HKLM-x32\...\WFTK) (Version: 3.0.1.14 - )
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 5.8.0.74 - )
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
CPUID CPU-Z 1.70 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2930.0 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.2930.0 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Digital Video Repair 1.0 (HKLM-x32\...\Digital Video Repair) (Version:  - )
Dropbox (HKU\S-1-5-21-1359113973-2604028188-1972822311-1000\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Express Burn Disc Burning Software (HKLM-x32\...\ExpressBurn) (Version: 4.77 - NCH Software)
ffdshow v1.3.4532 [2014-07-17] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4532.0 - )
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4061 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Jahshaka (HKLM-x32\...\Jahshaka) (Version:  - )
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 12.0.2.0 - Lightworks)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
MAGIX Burn routines (HKLM\...\{712D74A5-4C3D-41E6-A850-1696E54B28CD}) (Version: 11.0.0.237 - MAGIX AG)
MAGIX Common Components 1 (x64) (HKLM\...\{F2C951C1-A0BF-4AEE-96DC-0BAE9282BACD}) (Version: 1.3.0.0 - MAGIX Software GmbH)
MAGIX Content and Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Music Maker 2014 Premium (Demo songs) (HKLM-x32\...\MX.{B807FEBE-E253-4B7E-B23F-364873478065}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Music Maker 2014 Premium (Demo songs) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Premium (HKLM-x32\...\MX.{088A4B09-8FB2-48D0-932A-7F90BE050543}) (Version: 20.0.2.35 - MAGIX AG)
MAGIX Music Maker 2014 Premium (Synthesizer and effects) (HKLM-x32\...\MX.{773A4DDC-3B52-42C7-8B7A-52369B9A390B}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Music Maker 2014 Premium (Synthesizer and effects) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Premium (Version: 20.0.2.35 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Premium Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Premium Update (Version: 20.0.4.49 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Samplitude Music Studio 2014 (HKLM-x32\...\MAGIX Samplitude Music Studio 2014_is1) (Version:  - )
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{419D0D8D-1781-4DA2-B77E-699F4ED9FAC2}) (Version: 7.0.1.27 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.1.27 - MAGIX AG) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM\...\{D553E8CC-5C56-4B06-AC1A-A443DFF31092}) (Version: 6.3.9723.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1359113973-2604028188-1972822311-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mission Planner (HKLM-x32\...\{6855A58E-ADA4-42C2-83DA-1E05B1286068}) (Version: 1.3.10 - Michael Oborne)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
msxml4 (HKLM-x32\...\{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}) (Version: 1.0.0 - Default Company Name)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG)
Nero MediaHome Free (HKLM-x32\...\{AD35CA78-52F0-4A86-B672-0EF769752CEB}) (Version: 15.0.04700 - Nero AG)
Nero Prerequisite Installer 2.0 (HKLM-x32\...\{10EACC1C-7B87-4F57-ACA6-4EC15E13E4E9}) (Version: 12.0.01300 - Nero AG)
Nero12EssTSST (HKLM-x32\...\{1DEC64C1-7F34-44CD-BC35-8E0A096300CF}) (Version: 12.0.01100 - Nero AG)
NewBlue Video Essentials for PowerDirector (HKLM\...\NewBlue Video Essentials for Cyberlink) (Version: 3.0 - NewBlue)
OpenLibraries (HKLM-x32\...\OpenLibraries) (Version:  - )
PhotoStage Slideshow Producer (HKLM-x32\...\PhotoStage) (Version: 3.10 - NCH Software)
PostgreSQL 9.2  (HKLM\...\PostgreSQL 9.2) (Version: 9.2 - PostgreSQL Global Development Group)
Prerequisite installer (x32 Version: 12.0.0004 - Nero AG) Hidden
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
Prism Video File Converter (HKLM-x32\...\Prism) (Version: 2.25 - NCH Software)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7443 - Realtek Semiconductor Corp.)
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.6.2.4 - Splashtop Inc.)
SUPER © v2015.build.64+Recorder (2015/02/13) version v2015.buil (HKLM-x32\...\{8E2A29E2-96BF-8759-4DA7-5C16C90729A4}_is1) (Version: v2015.build.64+Recorder - eRightSoft)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
TuxGuitar (HKLM-x32\...\{03534DA5-2F88-4B8E-A978-849B979E1B8F}) (Version: 1.2 - Herac)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.72 - NCH Software)
Vita 2 (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
Vita 2 add-on content (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
Vita Drum Engine (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
Vita Electric Piano (Version: 1.0.2.0 - MAGIX AG) Hidden
Vita Jazz Drums (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
Vita Pop Brass (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Power Guitar (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Vintage Organ (Version: 1.0.1.0 - MAGIX AG) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 6.05 - NCH Software)
WIDCOMM Bluetooth Software (HKLM\...\{3F4EC965-28EF-45C3-B063-04B25D4E9679}) (Version: 5.0.1.1500 -  )
Windows Driver Package - 3D Robotics (usbser) Ports  (04/11/2013 2.0.0.4) (HKLM\...\434608CF2B6E31F0DDBA5C511053F957B55F098E) (Version: 04/11/2013 2.0.0.4 - 3D Robotics)
Windows Driver Package - 3D Robotics (usbser) Ports  (04/11/2013 2.0.0.4) (HKLM\...\FCBC924691E2F2C40A755779AA1E64588ED634A6) (Version: 04/11/2013 2.0.0.4 - 3D Robotics)
Windows Driver Package - Arduino LLC (www.arduino.cc) (usbser) Ports  (11/15/2012 5.1.2600.1) (HKLM\...\4D5C83CB44CE9278C27458316B8CCA4571BA7B39) (Version: 11/15/2012 5.1.2600.1 - Arduino LLC (www.arduino.cc))
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (07/12/2013 2.08.30) (HKLM\...\22CCD58B53472BE3FCAFF05631111C4062959A43) (Version: 07/12/2013 2.08.30 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (07/12/2013 2.08.30) (HKLM\...\BD00013670D26C16E19F284BF8E15DAF813497C7) (Version: 07/12/2013 2.08.30 - FTDI)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1359113973-2604028188-1972822311-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\ahscotty\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1359113973-2604028188-1972822311-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1359113973-2604028188-1972822311-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\ahscotty\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1359113973-2604028188-1972822311-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\ahscotty\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1359113973-2604028188-1972822311-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\ahscotty\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1359113973-2604028188-1972822311-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\ahscotty\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1359113973-2604028188-1972822311-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\ahscotty\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1359113973-2604028188-1972822311-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\ahscotty\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1359113973-2604028188-1972822311-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ahscotty\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1359113973-2604028188-1972822311-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ahscotty\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1359113973-2604028188-1972822311-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ahscotty\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1359113973-2604028188-1972822311-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ahscotty\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1359113973-2604028188-1972822311-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ahscotty\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1359113973-2604028188-1972822311-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ahscotty\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1359113973-2604028188-1972822311-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ahscotty\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1359113973-2604028188-1972822311-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ahscotty\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

15-03-2015 06:56:16 Scheduled Checkpoint
15-03-2015 18:00:05 Windows Backup
22-03-2015 18:00:14 Windows Backup
26-03-2015 06:00:10 Windows Update
27-03-2015 09:02:47 Driver Booster : Realtek PCIe GBE Family Controller
29-03-2015 18:00:14 Windows Backup
05-04-2015 07:00:11 Windows Update
05-04-2015 19:00:09 Windows Backup
09-04-2015 15:26:12 Driver Booster : Realtek High Definition Audio
09-04-2015 15:28:31 IObit Uninstaller restore point
10-04-2015 06:53:07 IObit Uninstaller restore point
12-04-2015 19:00:17 Windows Backup
13-04-2015 17:00:46 IObit Uninstaller restore point
13-04-2015 17:12:57 IObit Uninstaller restore point
13-04-2015 17:32:26 Restore Operation
13-04-2015 19:50:55 IObit Uninstaller restore point
13-04-2015 19:53:36 Driver Booster : Realtek High Definition Audio
13-04-2015 20:03:33 IObit Uninstaller restore point
14-04-2015 10:01:02 IObit Uninstaller restore point
14-04-2015 10:03:34 Removed Java 7 Update 72
14-04-2015 10:04:09 Removed Java 8 Update 31

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 12:34 - 2009-06-11 07:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0FB00DB0-F406-499C-97A4-1ECB3B18414A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {0FCF1458-EC6A-45AC-9C01-00BCC5AA4DEC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1F6D35A9-EA3E-47D9-8F6F-9C7FBC94E241} - System32\Tasks\{9A0E3C45-2418-40A5-BB89-B6966FF2AFA2} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {2DC61A3E-D06B-441D-BAF7-1605151A345D} - System32\Tasks\{5506AE42-AD52-4178-8F41-0154730B2B07} => pcalua.exe -a D:\Utilities\SonyMPEG\install.exe -d D:\Utilities\SonyMPEG
Task: {4823F33C-8ABB-4BA6-A6F2-12BEFFADF58D} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-10-16] (Nero AG)
Task: {4BACBCDE-BD62-4A18-9FEF-D68DE10E6A60} - System32\Tasks\avastBCLRestartS-1-5-21-1359113973-2604028188-1972822311-1000 => Chrome.exe
Task: {4DA96C90-2D2E-48CE-ACAC-70C8668E4918} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-01-25] (ASUSTek Computer Inc.)
Task: {6214D551-58F6-40BE-B395-B774DF318FEE} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {6AE4D735-5F1E-4D5B-8D4F-5F29E92C4DF9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {6D52F39B-EE24-446E-AD1E-5E1A350832BD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-22] (AVAST Software)
Task: {70C63405-6A2F-4624-9EF3-8AB8AC210BBB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {912EE0F8-DA26-4228-AA82-22CDA8DB55D2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {9F407ECE-981A-4EE2-87C5-E1FF099C88B5} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {D20420AB-136F-485C-8058-27BA1C30128B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {D6FA5FE9-EB50-4B6B-83E0-C1B9929BAD7D} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {FA0ECF1A-BB40-411E-949C-D039023E2DA7} - System32\Tasks\ASUS\i-Setup184254 => C:\Windows\Chipset\AsusSetup.exe [2010-09-10] (ASUSTeK Computer Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2006-01-17 11:30 - 2006-01-17 11:30 - 00049152 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2015-02-01 12:42 - 2013-04-02 13:41 - 00176128 _____ () C:\Program Files\PostgreSQL\9.2\bin\LIBPQ.dll
2014-09-11 20:51 - 2012-08-08 21:36 - 00390672 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-02-01 12:43 - 2012-08-14 23:31 - 01328128 _____ () C:\Program Files\PostgreSQL\9.2\bin\libxml2.dll
2015-04-14 10:37 - 2015-04-14 10:37 - 00043008 _____ () c:\users\ahscotty\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfmdrp1.dll
2015-03-05 07:45 - 2015-03-05 07:45 - 00750080 _____ () C:\Users\ahscotty\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-05 07:45 - 2015-03-05 07:45 - 00047616 _____ () C:\Users\ahscotty\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-05 07:45 - 2015-03-05 07:45 - 00865280 _____ () C:\Users\ahscotty\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-05 07:45 - 2015-03-05 07:45 - 00200704 _____ () C:\Users\ahscotty\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-12 23:39 - 2012-09-12 23:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2015-04-14 10:36 - 2015-04-14 10:36 - 00098816 _____ () C:\Users\ahscotty\AppData\Local\Temp\_MEI14922\win32api.pyd
2015-04-14 10:36 - 2015-04-14 10:36 - 00110080 _____ () C:\Users\ahscotty\AppData\Local\Temp\_MEI14922\pywintypes27.dll
2015-04-14 10:36 - 2015-04-14 10:36 - 00364544 _____ () C:\Users\ahscotty\AppData\Local\Temp\_MEI14922\pythoncom27.dll
2015-04-14 10:36 - 2015-04-14 10:36 - 00045568 _____ () C:\Users\ahscotty\AppData\Local\Temp\_MEI14922\_socket.pyd
2015-04-14 10:36 - 2015-04-14 10:36 - 01161216 _____ () C:\Users\ahscotty\AppData\Local\Temp\_MEI14922\_ssl.pyd
2015-04-14 10:36 - 2015-04-14 10:36 - 00320512 _____ () C:\Users\ahscotty\AppData\Local\Temp\_MEI14922\win32com.shell.shell.pyd
2015-04-14 10:36 - 2015-04-14 10:36 - 00713216 _____ () C:\Users\ahscotty\AppData\Local\Temp\_MEI14922\_hashlib.pyd
2015-04-14 10:36 - 2015-04-14 10:36 - 01175040 _____ () C:\Users\ahscotty\AppData\Local\Temp\_MEI14922\wx._core_.pyd
2015-04-14 10:36 - 2015-04-14 10:36 - 00805888 _____ () C:\Users\ahscotty\AppData\Local\Temp\_MEI14922\wx._gdi_.pyd
2015-04-14 10:36 - 2015-04-14 10:36 - 00811008 _____ () C:\Users\ahscotty\AppData\Local\Temp\_MEI14922\wx._windows_.pyd
2015-04-14 10:36 - 2015-04-14 10:36 - 01062400 _____ () C:\Users\ahscotty\AppData\Local\Temp\_MEI14922\wx._controls_.pyd
2015-04-14 10:36 - 2015-04-14 10:36 - 00735232 _____ () C:\Users\ahscotty\AppData\Local\Temp\_MEI14922\wx._misc_.pyd
2015-04-14 10:36 - 2015-04-14 10:36 - 00682496 _____ () C:\Users\ahscotty\AppData\Local\Temp\_MEI14922\pysqlite2._sqlite.pyd
2015-04-14 10:36 - 2015-04-14 10:36 - 00128512 _____ () C:\Users\ahscotty\AppData\Local\Temp\_MEI14922\_elementtree.pyd
2015-04-14 10:36 - 2015-04-14 10:36 - 00127488 _____ () C:\Users\ahscotty\AppData\Local\Temp\_MEI14922\pyexpat.pyd
2015-04-14 10:36 - 2015-04-14 10:36 - 00087552 _____ () C:\Users\ahscotty\AppData\Local\Temp\_MEI14922\_ctypes.pyd
2015-04-14 10:36 - 2015-04-14 10:36 - 00119808 _____ () C:\Users\ahscotty\AppData\Local\Temp\_MEI14922\win32file.pyd
2015-04-14 10:36 - 2015-04-14 10:36 - 00108544 _____ () C:\Users\ahscotty\AppData\Local\Temp\_MEI14922\win32security.pyd
2015-04-14 10:36 - 2015-04-14 10:36 - 00007168 _____ () C:\Users\ahscotty\AppData\Local\Temp\_MEI14922\hashobjs_ext.pyd
2015-04-14 10:36 - 2015-04-14 10:36 - 00167936 _____ () C:\Users\ahscotty\AppData\Local\Temp\_MEI14922\win32gui.pyd
2015-04-14 10:36 - 2015-04-14 10:36 - 00018432 _____ () C:\Users\ahscotty\AppData\Local\Temp\_MEI14922\win32event.pyd
2015-04-14 10:36 - 2015-04-14 10:36 - 00038912 _____ () C:\Users\ahscotty\AppData\Local\Temp\_MEI14922\win32inet.pyd
2015-04-14 10:36 - 2015-04-14 10:36 - 00011264 _____ () C:\Users\ahscotty\AppData\Local\Temp\_MEI14922\win32crypt.pyd
2015-04-14 10:36 - 2015-04-14 10:36 - 00070656 _____ () C:\Users\ahscotty\AppData\Local\Temp\_MEI14922\wx._html2.pyd
2015-04-14 10:36 - 2015-04-14 10:36 - 00027136 _____ () C:\Users\ahscotty\AppData\Local\Temp\_MEI14922\_multiprocessing.pyd
2015-04-14 10:36 - 2015-04-14 10:36 - 00020480 _____ () C:\Users\ahscotty\AppData\Local\Temp\_MEI14922\_yappi.pyd
2015-04-14 10:36 - 2015-04-14 10:36 - 00035840 _____ () C:\Users\ahscotty\AppData\Local\Temp\_MEI14922\win32process.pyd
2015-04-14 10:36 - 2015-04-14 10:36 - 00686080 _____ () C:\Users\ahscotty\AppData\Local\Temp\_MEI14922\unicodedata.pyd
2015-04-14 10:36 - 2015-04-14 10:36 - 00122368 _____ () C:\Users\ahscotty\AppData\Local\Temp\_MEI14922\wx._wizard.pyd
2015-04-14 10:36 - 2015-04-14 10:36 - 00024064 _____ () C:\Users\ahscotty\AppData\Local\Temp\_MEI14922\win32pipe.pyd
2015-04-14 10:36 - 2015-04-14 10:36 - 00010240 _____ () C:\Users\ahscotty\AppData\Local\Temp\_MEI14922\select.pyd
2015-04-14 10:36 - 2015-04-14 10:36 - 00025600 _____ () C:\Users\ahscotty\AppData\Local\Temp\_MEI14922\win32pdh.pyd
2015-04-14 10:36 - 2015-04-14 10:36 - 00525640 _____ () C:\Users\ahscotty\AppData\Local\Temp\_MEI14922\windows._lib_cacheinvalidation.pyd
2015-04-14 10:36 - 2015-04-14 10:36 - 00017408 _____ () C:\Users\ahscotty\AppData\Local\Temp\_MEI14922\win32profile.pyd
2015-04-14 10:36 - 2015-04-14 10:36 - 00022528 _____ () C:\Users\ahscotty\AppData\Local\Temp\_MEI14922\win32ts.pyd
2015-04-14 10:36 - 2015-04-14 10:36 - 00078336 _____ () C:\Users\ahscotty\AppData\Local\Temp\_MEI14922\wx._animate.pyd
2015-04-14 10:18 - 1999-12-31 23:00 - 00714452 _____ () C:\Users\ahscotty\AppData\Local\Temp\T1785135886\Tor\libevent-2-0-5.dll
2015-04-14 10:18 - 1999-12-31 23:00 - 00091026 _____ () C:\Users\ahscotty\AppData\Local\Temp\T1785135886\Tor\libssp-0.dll
2015-04-14 10:18 - 1999-12-31 23:00 - 00517814 _____ () C:\Users\ahscotty\AppData\Local\Temp\T1785135886\Tor\libgcc_s_sjlj-1.dll
2015-04-14 10:18 - 1999-12-31 23:00 - 00110592 _____ () C:\Users\ahscotty\AppData\Local\Temp\T1785135886\Tor\zlib1.dll
2014-09-11 19:41 - 2012-07-19 13:55 - 01198912 ____R () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-10-15 11:43 - 2014-10-15 11:43 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll
2014-09-11 19:38 - 2012-02-01 16:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SplashtopRemoteService => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1359113973-2604028188-1972822311-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ahscotty\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-1359113973-2604028188-1972822311-500 - Administrator - Disabled)
ahscotty (S-1-5-21-1359113973-2604028188-1972822311-1000 - Administrator - Enabled) => C:\Users\ahscotty
Guest (S-1-5-21-1359113973-2604028188-1972822311-501 - Limited - Disabled)
postgres (S-1-5-21-1359113973-2604028188-1972822311-1001 - Limited - Enabled) => C:\Users\postgres

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/14/2015 11:34:20 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/14/2015 10:37:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/14/2015 10:37:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 41.0.2272.118, time stamp: 0x55199d5a
Faulting module name: chrome.dll, version: 41.0.2272.118, time stamp: 0x55199942
Exception code: 0x80000003
Fault offset: 0x004fe1b8
Faulting process id: 0x6f4
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (04/14/2015 10:26:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/14/2015 10:18:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/14/2015 10:18:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 41.0.2272.118, time stamp: 0x55199d5a
Faulting module name: chrome.dll, version: 41.0.2272.118, time stamp: 0x55199942
Exception code: 0x80000003
Fault offset: 0x004fe1b8
Faulting process id: 0xec4
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (04/14/2015 09:41:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 41.0.2272.118, time stamp: 0x55199d5a
Faulting module name: chrome.dll, version: 41.0.2272.118, time stamp: 0x55199942
Exception code: 0x80000003
Fault offset: 0x004fe1b8
Faulting process id: 0x1190
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (04/14/2015 09:33:39 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Nfx.SmmContracts,processorArchitecture="msil",publicKeyToken="160f5391b5b5d5d4",version="11.1.0.0"1".
Dependent Assembly Nfx.SmmContracts,processorArchitecture="msil",publicKeyToken="160f5391b5b5d5d4",version="11.1.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/14/2015 09:04:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/14/2015 09:00:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/14/2015 10:37:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BubbleUPnP Server service failed to start due to the following error:
%%1053

Error: (04/14/2015 10:37:01 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the BubbleUPnP Server service to connect.

Error: (04/14/2015 10:36:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Bluetooth Serial Driver service failed to start due to the following error:
%%2

Error: (04/14/2015 10:36:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IMF Service service failed to start due to the following error:
%%2

Error: (04/14/2015 10:36:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! Antivirus service failed to start due to the following error:
%%1053

Error: (04/14/2015 10:36:28 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the avast! Antivirus service to connect.

Error: (04/14/2015 10:35:36 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (04/14/2015 10:35:13 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/14/2015 10:35:13 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/14/2015 10:35:13 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (04/14/2015 11:34:20 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\ahscotty\Downloads\SoftonicDownloader_for_logitech-webcam-software.exe

Error: (04/14/2015 10:37:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/14/2015 10:37:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe41.0.2272.11855199d5achrome.dll41.0.2272.1185519994280000003004fe1b86f401d0764b1471c2d0C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\chrome.dll5ce6becc-e23e-11e4-9f94-60a44cb00fc4

Error: (04/14/2015 10:26:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/14/2015 10:18:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/14/2015 10:18:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe41.0.2272.11855199d5achrome.dll41.0.2272.1185519994280000003004fe1b8ec401d07648807a72d0C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\chrome.dllc19a1c36-e23b-11e4-8880-60a44cb00fc4

Error: (04/14/2015 09:41:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe41.0.2272.11855199d5achrome.dll41.0.2272.1185519994280000003004fe1b8119001d076435f366a40C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\chrome.dll9e8b15af-e236-11e4-bc79-60a44cb00fc4

Error: (04/14/2015 09:33:39 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Nfx.SmmContracts,processorArchitecture="msil",publicKeyToken="160f5391b5b5d5d4",version="11.1.0.0"c:\program files (x86)\Nero\Nero 12\nero backitup\NBCore.exe

Error: (04/14/2015 09:04:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/14/2015 09:00:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-11-12 16:53:34.440
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_b5abe389e220f951\appidapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-12 16:53:34.393
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_b5abe389e220f951\appidapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-12 16:53:34.315
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_b5abe389e220f951\appid.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-12 16:53:34.268
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_b5abe389e220f951\appid.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-12 16:47:22.084
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_c0008ddc1681bb4c\appidapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-12 16:47:22.006
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_c0008ddc1681bb4c\appidapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-16 11:24:54.285
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btkrnl.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-16 11:24:54.254
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btkrnl.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-16 10:54:23.715
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btkrnl.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-16 10:54:23.653
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btkrnl.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 38%
Total physical RAM: 7845.59 MB
Available physical RAM: 4816.64 MB
Total Pagefile: 15691.18 MB
Available Pagefile: 12510.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:315.14 GB) (Free:6.36 GB) NTFS
Drive d: (CanonEOS143W) (CDROM) (Total:0.27 GB) (Free:0 GB) CDFS
Drive f: () (Fixed) (Total:931.51 GB) (Free:76.14 GB) NTFS
Drive i: (New Volume) (Fixed) (Total:323.31 GB) (Free:202.08 GB) NTFS
Drive j: (New Volume) (Fixed) (Total:292.97 GB) (Free:146.26 GB) NTFS
Drive l: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5FB69C4A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=315.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=323.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=293 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 64A8611F)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Attached Files


Edited by ahscotty, 13 April 2015 - 09:02 PM.


BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,550 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 AM

Posted 18 April 2015 - 09:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/573150 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 ahscotty

ahscotty
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hobart , Tasmania ,Australia
  • Local time:06:28 PM

Posted 19 April 2015 - 09:57 PM

Hi all, I still need help, no a/v programs will run or uninstall . I am posting here again as instructed by the helpbot. I am running win7 ultimate 64 bit. I am pretty sure all my logs/reports that are needed are posted on here. I have turned the offending PC off ,since I last posted here so ,everything should be the same. Also I think I do have my windows dvd. Thanks guys. Cheers Scott.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:28 AM

Posted 20 April 2015 - 08:23 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

This application tracks your seufing habits. If you want to remove it add these lines to the fix below.
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
C:\Program Files (x86)\Splashtop
<<<>>>


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

(Sysinternals - www.sysinternals.com) C:\Users\ahscotty\Desktop\autoruns.exe
Winlogon\Notify\igfxcui: igfxdev.dll [X]
BHO-x32: No Name -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} ->  No File
Toolbar: HKU\S-1-5-21-1359113973-2604028188-1972822311-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: https://www.google.com.au/?gws_rd=ssl
FF SearchPlugin: C:\Users\ahscotty\AppData\Roaming\Mozilla\Firefox\Profiles\odbapajy.default\searchplugins\google-avast.xml [2015-02-04]
FF Extension: No Name - C:\Users\ahscotty\AppData\Roaming\Mozilla\Firefox\Profiles\odbapajy.default\extensions\iobitascsurfingprotection@iobit.com [Not Found]
CHR Extension: (Avast Online Security) - C:\Users\ahscotty\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-03]
CHR HKU\S-1-5-21-1359113973-2604028188-1972822311-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-22]
S3 AdobeFlashPlayerUpdateSvc; No ImagePath
S2 BTSERIAL; \??\C:\Windows\system32\drivers\btserial.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Download Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender


Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.

#5 ahscotty

ahscotty
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hobart , Tasmania ,Australia
  • Local time:06:28 PM

Posted 21 April 2015 - 02:10 AM

Thanks for your help , Nasdaq. I have followed your instructions, and the only problem i had is that RogueKiller will not run,i get the user account control dialogue box ,then when i click YES ,the box just dissappears and nothing happens. i have pasted below ,the other two scan/logs that you aked for:

 

Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2015
Ran by ahscotty at 2015-04-21 16:47:12 Run:1
Running from C:\Users\ahscotty\Desktop
Loaded Profiles: ahscotty & postgres (Available profiles: ahscotty & postgres)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

(Sysinternals - www.sysinternals.com) C:\Users\ahscotty\Desktop\autoruns.exe
Winlogon\Notify\igfxcui: igfxdev.dll [X]
BHO-x32: No Name -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} ->  No File
Toolbar: HKU\S-1-5-21-1359113973-2604028188-1972822311-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: https://www.google.com.au/?gws_rd=ssl
FF SearchPlugin: C:\Users\ahscotty\AppData\Roaming\Mozilla\Firefox\Profiles\odbapajy.default\searchplugins\google-avast.xml [2015-02-04]
FF Extension: No Name - C:\Users\ahscotty\AppData\Roaming\Mozilla\Firefox\Profiles\odbapajy.default\extensions\iobitascsurfingprotection@iobit.com [Not Found]
CHR Extension: (Avast Online Security) - C:\Users\ahscotty\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-03]
CHR HKU\S-1-5-21-1359113973-2604028188-1972822311-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-22]
S3 AdobeFlashPlayerUpdateSvc; No ImagePath
S2 BTSERIAL; \??\C:\Windows\system32\drivers\btserial.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

End
*****************

Processes closed successfully.
C:\Users\ahscotty\Desktop\autoruns.exe => No running process found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} => Key not found.
HKU\S-1-5-21-1359113973-2604028188-1972822311-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox DefaultSearchUrl deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
C:\Users\ahscotty\AppData\Roaming\Mozilla\Firefox\Profiles\odbapajy.default\searchplugins\google-avast.xml => Moved successfully.
C:\Users\ahscotty\AppData\Roaming\Mozilla\Firefox\Profiles\odbapajy.default\extensions\iobitascsurfingprotection@iobit.com not found.
C:\Users\ahscotty\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => Moved successfully.
"HKU\S-1-5-21-1359113973-2604028188-1972822311-1000\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => Key deleted successfully.
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
AdobeFlashPlayerUpdateSvc => Service deleted successfully.
BTSERIAL => Service deleted successfully.
VGPU => Service deleted successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-04-21 16:49:20)<=

"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => File could not move.

==== End of Fixlog 16:49:20 ====

 

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

FSS Utility log:

 

Farbar Service Scanner Version: 17-01-2015
Ran by ahscotty (administrator) on 21-04-2015 at 16:56:35
Running from "C:\Users\ahscotty\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 Thanks Nasdaq, look fwd to hearing from you!



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:28 AM

Posted 21 April 2015 - 07:40 AM

Right click on the RogueKiller.exe file and select Run As Administrator.
Can you run it now?

===

How is the computer running now?

#7 ahscotty

ahscotty
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hobart , Tasmania ,Australia
  • Local time:06:28 PM

Posted 21 April 2015 - 08:53 PM

No ,sorry right click as admin, doesn't work for any of these programs that are affected at the moment. Some things just dont open at all and some others,just the box comes up that asks you to click yes,but then nothing happens.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:28 AM

Posted 22 April 2015 - 08:00 AM

Make sure you make a Backup system restore as suggested in post no. 5


Please Download Tweaking.com - Windows Repair from Here

  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click on Repairs
  • Click Repairs - Open Repairs in the bottom right corner
  • Click the Unselect All button then select just the item(s) listed below

  • 01 - Repair Registry Permissions
    03 - Reset Service permissions
    04 - Register System Files
    10 - Remove Policies Set By Infections
    11 - Repair Start Menu Icons Removed by Infections
    14 - Removed Temp Files
    26 - Restore Important Windows Services
    
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.

  • ===

    p.s.
    Make sure you make a Backup system restore as suggested in step no. 5

    Keep me posted.






#9 ahscotty

ahscotty
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hobart , Tasmania ,Australia
  • Local time:06:28 PM

Posted 22 April 2015 - 07:28 PM

OK ,have carried out these actions, one thing that came up ,it said last backup did not perform properly, I just kept trying and it seemed to work. I did all the repairs that you listed and that seemed to run OK too. There were no error logs produced. One thing that I did notice and I don't know if this is relative,but when trying to download the Windows repair tool ,Mozilla would try to block out the download and also remove it from the downloads folder as soon as it would download. In mozilla ,it has a white cross on a red background (under the download arrow!) and says " Blocked :may contain a virus or spyware-majorgeek" It's just I have not seen that behavior on a download before. I am awaiting further instructions as there is no log to post! Thanks ,NASDAQ.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:28 AM

Posted 23 April 2015 - 07:56 AM

Your security software may have prompted that message.
The tool has the capacity to repair some registry entries. The security programs is possibly informing you of this.
The tool is safe.

How is the computer running now?

#11 ahscotty

ahscotty
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hobart , Tasmania ,Australia
  • Local time:06:28 PM

Posted 23 April 2015 - 08:59 PM

OK cool. Yeah the computer still has all the same issues ,still can't open avast or any other security related stuff. Also still have the little flag icon down the bottom that when you click on it,it says " turn on avast" which I can't; "update windows defender" which I do but then nothing happens, it just keeps says that defender needs updating! Am I going to have to reinstall Windows and is that going to fix this? Thanks NASDAQ.

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:28 AM

Posted 24 April 2015 - 10:19 AM

Download and run avast uninstaller tool.

http://files.avast.com/files/eng/aswclear.exe

Restart the computer normally.

Re-install the application.

How is it now?

Edited by nasdaq, 29 April 2015 - 07:39 AM.


#13 ahscotty

ahscotty
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hobart , Tasmania ,Australia
  • Local time:06:28 PM

Posted 29 April 2015 - 03:18 AM

OK,sorry for the delay. I have downloaded and tried to run the avast uninstall tool again but to no avail. Also when the PC restarted it came up with blue screen error and something about the "minidump" file would have more info . I also tried a system restore, but it says that it did not complete properly because the antivirus is running and to please disable the a/v ,which obviously I can't do, so that rules out system restore ,I guess. Really don't know what more to do now besides transfer all the stuff I want to keep and then a fresh reinstall? Cheers.

#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:28 AM

Posted 29 April 2015 - 07:42 AM

I have downloaded and tried to run the avast uninstall tool again but to no avail. Also when the PC restarted it came up with blue screen error and something about the "minidump" file would have more info


The minidump file can give some clues to a trained technician.

I suggest you start a new topic in the Windows 7 forum
http://www.bleepingcomputer.com/forums/f/167/windows-7/

Explain your problem and post or attach the Minidump file.

Edited by nasdaq, 30 April 2015 - 07:19 AM.


#15 ahscotty

ahscotty
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hobart , Tasmania ,Australia
  • Local time:06:28 PM

Posted 29 April 2015 - 04:50 PM

No worries, thank you for your help Nasdaq! Cheers




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users