Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

my hijackthis log


  • This topic is locked This topic is locked
5 replies to this topic

#1 Alston518

Alston518

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 26 June 2015 - 12:04 AM

How does it look?

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:56 PM

Posted 28 June 2015 - 08:37 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

What issues are you having with this computer?

p.s.
HijackThis is no longer supported.
I suggest your remove it Using the Add/Remove programs applet.
Use the Farbar tool from now on to report problems.
<<<>>>

#3 Alston518

Alston518
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 02 July 2015 - 11:00 PM

malware bytes:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/2/2015
Scan Time: 10:23:38 PM
Logfile: mallog.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.07.02.05
Rootkit Database: v2015.07.01.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 402568
Time Elapsed: 22 min, 28 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.AskAPN.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{434D472D-5350-006A-76A7-A758B70C1500}, Quarantined, [5da002da2d5df145f30e14e7e41fcb35],

Registry Values: 1
PUP.Optional.AskAPN.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{434D472D-5350-006A-76A7-A758B70C1500}|InstallSource, C:\ProgramData\APN\APN-Stub\CMG-SP\, Quarantined, [5da002da2d5df145f30e14e7e41fcb35]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Hacktool.Agent, C:\Users\owner\Desktop\Windows 7 Starter SP1 (32 Bit)\Windows 7 Activation.zip, Quarantined, [e51802da008a5dd90256c9ba43bed828],

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

adwcleaner log:

 

# AdwCleaner v4.207 - Logfile created 02/07/2015 at 23:43:39
# Updated 21/06/2015 by Xplode
# Database : 2015-07-02.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x86)
# Username : owner - OWNER-PC
# Running from : C:\Users\owner\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] -
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] -

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840

-\\ Mozilla Firefox v38.0.5 (x86 en-US)

*************************

AdwCleaner[R0].txt - [1193 bytes] - [02/07/2015 23:18:47]
AdwCleaner[S0].txt - [896 bytes] - [02/07/2015 23:43:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [954  bytes] ########## 

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-06-2015 01
Ran by owner (administrator) on OWNER-PC on 02-07-2015 23:51:02
Running from C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F9L7UXVM
Loaded Profiles: owner (Available Profiles: owner)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Lavasoft Limited) C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(LULU Software Limited) C:\Program Files\Soda PDF 3D Reader\HelperService.exe
(LULU Software Limited) C:\Program Files\Soda PDF 3D Reader\ConversionService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\makecab.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2296600 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-17] (Avast Software s.r.o.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2013-06-13] (Logitech, Inc.)
HKU\S-1-5-21-1339881466-3233230386-2842357061-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6714136 2015-05-15] (SUPERAntiSpyware)
HKU\S-1-5-21-1339881466-3233230386-2842357061-1000\...\MountPoints2: {7913661a-c5b5-11e4-9534-001d09c2458c} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1339881466-3233230386-2842357061-1000\...\MountPoints2: {e8fb6f4b-c5fc-11e4-bdf3-001d09c2458c} - E:\HTC_Sync_Manager_PC.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-17] (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:52772;https=127.0.0.1:52772
HKU\S-1-5-21-1339881466-3233230386-2842357061-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=COSP&ptag=D051415-ABA01A7CCEB2146F8A7F&form=CONMHP&conlogo=CT3330961
HKU\S-1-5-21-1339881466-3233230386-2842357061-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
HKU\S-1-5-21-1339881466-3233230386-2842357061-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1339881466-3233230386-2842357061-1000 -> {0F19EA04-EBB5-403C-80BE-CEC15D409CC8} URL =
BHO: Soda PDF 3D Reader Helper -> {2FE0F895-6D1D-4c80-A20D-18E42DE9B631} -> C:\Program Files\Soda PDF 3D Reader\PDFIEHelper.dll [2013-08-19] (LULU Software Limited)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-17] (Avast Software s.r.o.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{26B48D3F-076B-4247-AE78-B62C1F4C69E9}: [DhcpNameServer] 75.75.76.76 75.75.75.75

FireFox:
========
FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\rn9xu3wn.default-1415362862983
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchEngine.US: Google (avast)
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: https://www.google.com/?trackid=sp-006
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-25] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll [2010-10-06] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll [2010-10-06] (Coupons, Inc.)
FF SearchPlugin: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\rn9xu3wn.default-1415362862983\searchplugins\google-avast.xml [2015-06-03]
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-01-24]
FF HKLM\...\Firefox\Extensions: [FFSodaReaderPDFConverter@sodapdf.com] - C:\Program Files\Soda PDF 3D Reader\FFSodaReaderExt
FF Extension: Soda PDF 3D Reader Converter For Firefox - C:\Program Files\Soda PDF 3D Reader\FFSodaReaderExt [2014-06-05]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-17]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-17]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-17]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-17] (Avast Software s.r.o.)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-06-14] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-05-17] (Avast Software)
R2 LavasoftTcpService; C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe [2748720 2015-04-30] (Lavasoft Limited)
R2 Soda PDF 3D Reader Helper Service; C:\Program Files\Soda PDF 3D Reader\HelperService.exe [1162592 2013-08-19] (LULU Software Limited)
R2 Soda PDF 3D Reader Service; C:\Program Files\Soda PDF 3D Reader\ConversionService.exe [852320 2013-08-19] (LULU Software Limited)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 NHIHHIY; C:\Users\owner\AppData\Local\Temp\NHIHHIY.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-05-17] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26096 2015-06-14] (Avast Software s.r.o.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-05-17] (Avast Software s.r.o.)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [271248 2015-06-14] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-05-17] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-05-17] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-05-17] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [428120 2015-06-26] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-05-17] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-05-17] ()
R3 guardian2; C:\Windows\System32\Drivers\oz776.sys [69664 2009-09-09] (O2Micro)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28312 2013-05-23] (Logitech, Inc.)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [20040 2014-01-14] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [113984 2015-04-07] (Power Software Ltd)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-05-17] (Avast Software)
S3 AQFileRestore; system32\DRIVERS\AQFileRestore.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-02 23:50 - 2015-07-02 23:51 - 00000000 ____D C:\FRST
2015-07-02 23:48 - 2015-07-02 23:48 - 00001033 _____ C:\Users\owner\Desktop\AdwCleaner[S0].txt
2015-07-02 23:43 - 2015-07-02 23:43 - 00001193 _____ C:\Users\owner\Desktop\AdwCleaner[R0].txt
2015-07-02 23:18 - 2015-07-02 23:43 - 00000000 ____D C:\AdwCleaner
2015-07-02 23:18 - 2015-07-02 23:18 - 02244096 _____ C:\Users\owner\Downloads\AdwCleaner.exe
2015-06-26 01:01 - 2015-06-26 01:01 - 00004928 _____ C:\Users\owner\Documents\hijackthis.log
2015-06-26 00:58 - 2015-06-26 00:58 - 00262956 _____ C:\Users\owner\Downloads\HijackThis.zip
2015-06-26 00:51 - 2015-06-26 00:51 - 00050688 _____ (Atribune.org) C:\Users\owner\Downloads\ATF-Cleaner.exe
2015-06-26 00:43 - 2015-06-26 00:50 - 00000000 ____D C:\Users\owner\Doctor Web
2015-06-26 00:40 - 2015-06-26 00:42 - 164990048 _____ C:\Users\owner\Downloads\oipeflg7.exe
2015-06-26 00:33 - 2015-06-26 00:33 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\owner\Downloads\tdsskiller.exe
2015-06-25 23:50 - 2015-06-25 23:50 - 00000000 ____D C:\SUPERDelete
2015-06-25 23:49 - 2015-06-25 23:49 - 00370943 _____ C:\Users\owner\Downloads\gmer.zip
2015-06-25 23:49 - 2015-06-25 23:49 - 00001925 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-06-25 23:49 - 2015-06-25 23:49 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f1da6150-adef-4559-9d6b-96877465ae3d.job
2015-06-25 23:49 - 2015-06-25 23:49 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c52c2532-e59a-4e38-81e6-157e211a67a3.job
2015-06-25 23:49 - 2015-06-25 23:49 - 00000000 ____D C:\Users\owner\AppData\Roaming\SUPERAntiSpyware.com
2015-06-25 23:49 - 2015-06-25 23:49 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-06-25 23:49 - 2015-06-25 23:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-06-25 23:49 - 2015-06-25 23:49 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-06-25 23:48 - 2015-06-25 23:48 - 22284912 _____ (SUPERAntiSpyware) C:\Users\owner\Downloads\SUPERAntiSpyware.exe
2015-06-25 23:48 - 2015-06-25 23:48 - 05630239 _____ (Swearware) C:\Users\owner\Downloads\ComboFix.exe
2015-06-25 23:44 - 2015-06-25 23:44 - 00000000 ____D C:\Users\owner\Downloads\RootkitRevealer
2015-06-25 23:38 - 2015-06-25 23:38 - 00228186 _____ C:\Users\owner\Downloads\RootkitRevealer.zip
2015-06-16 22:52 - 2015-06-16 22:53 - 38531603 _____ C:\Users\owner\Downloads\0001-RTLWlanE_WindowsDriver_2007.12.0419.2013.zip
2015-06-16 22:09 - 2015-06-16 22:11 - 19976648 _____ C:\Users\owner\Downloads\TC00244800S.exe
2015-06-16 22:08 - 2015-06-16 22:11 - 33000512 _____ C:\Users\owner\Downloads\TC00503900A.exe
2015-06-16 22:08 - 2015-06-16 22:10 - 27844176 _____ C:\Users\owner\Downloads\tc00346200e.exe
2015-06-14 13:10 - 2015-06-14 13:10 - 00000000 ____D C:\Users\owner\Downloads\Girls Gone Wild - Finally 18 #3
2015-06-14 12:05 - 2015-05-25 14:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-06-14 12:05 - 2015-05-25 14:01 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-14 12:05 - 2015-05-25 14:01 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-14 12:05 - 2015-05-25 14:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-14 12:05 - 2015-05-25 14:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-14 12:04 - 2015-05-25 14:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-14 12:04 - 2015-05-25 14:07 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-14 12:04 - 2015-05-25 14:07 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-14 12:04 - 2015-05-25 14:04 - 01307648 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-14 12:04 - 2015-05-25 14:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-14 12:04 - 2015-05-25 14:01 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-14 12:04 - 2015-05-25 14:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-14 12:04 - 2015-05-25 14:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-14 12:04 - 2015-05-25 14:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-14 12:04 - 2015-05-25 14:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-14 12:04 - 2015-05-25 14:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-14 12:04 - 2015-05-25 14:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-14 12:04 - 2015-05-25 14:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-14 12:04 - 2015-05-25 14:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-14 12:04 - 2015-05-25 14:01 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-14 12:04 - 2015-05-25 14:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-14 12:04 - 2015-05-25 14:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-14 12:04 - 2015-05-25 14:01 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-14 12:04 - 2015-05-25 14:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-14 12:04 - 2015-05-25 14:00 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-14 12:04 - 2015-05-25 14:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-14 12:04 - 2015-05-25 14:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-14 12:04 - 2015-05-25 14:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-14 12:04 - 2015-05-25 14:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-14 12:04 - 2015-05-25 14:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-14 12:04 - 2015-05-25 14:00 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-14 12:04 - 2015-05-25 14:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-14 12:04 - 2015-05-25 13:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-14 12:04 - 2015-05-25 13:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-14 12:04 - 2015-05-25 13:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-14 12:04 - 2015-05-25 13:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-14 12:04 - 2015-05-25 12:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-14 11:35 - 2015-06-14 11:35 - 00002023 _____ C:\Users\Public\Desktop\Avast SafeZone.lnk
2015-06-14 11:35 - 2015-06-14 11:35 - 00001963 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
2015-06-14 11:35 - 2015-06-14 11:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-06-14 11:33 - 2015-06-14 11:32 - 00026096 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswKbd.sys
2015-06-14 11:33 - 2015-05-17 14:07 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-06-14 11:32 - 2015-06-14 11:32 - 00271248 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswNdisFlt.sys
2015-06-13 14:08 - 2011-12-09 19:53 - 35188276 _____ C:\Users\owner\Desktop\IMG_0084.MOV
2015-06-13 12:54 - 2015-06-13 13:06 - 1044381696 _____ C:\Users\owner\Desktop\ubuntu-14.04.2-desktop-amd64.iso
2015-06-12 14:00 - 2015-06-02 15:35 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-12 14:00 - 2015-05-27 10:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-12 14:00 - 2015-05-22 23:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-12 14:00 - 2015-05-22 23:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-12 14:00 - 2015-05-22 23:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-12 14:00 - 2015-05-22 23:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-12 14:00 - 2015-05-22 23:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-12 14:00 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-12 14:00 - 2015-05-22 23:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-12 14:00 - 2015-05-22 23:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-12 14:00 - 2015-05-22 23:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-12 14:00 - 2015-05-22 23:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-12 14:00 - 2015-05-22 23:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-12 14:00 - 2015-05-22 23:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-12 14:00 - 2015-05-22 23:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-12 14:00 - 2015-05-22 23:05 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-12 14:00 - 2015-05-22 23:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-12 14:00 - 2015-05-22 23:00 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-12 14:00 - 2015-05-22 22:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-12 14:00 - 2015-05-22 22:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-12 14:00 - 2015-05-22 22:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-12 14:00 - 2015-05-22 22:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-12 14:00 - 2015-05-22 22:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-12 14:00 - 2015-05-22 22:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-12 14:00 - 2015-05-22 22:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-12 14:00 - 2015-05-22 22:38 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-12 14:00 - 2015-05-22 22:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-12 14:00 - 2015-05-22 22:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-12 14:00 - 2015-05-22 22:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-12 14:00 - 2015-05-22 22:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-12 14:00 - 2015-05-22 22:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-12 14:00 - 2015-05-22 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-12 14:00 - 2015-04-10 23:07 - 00054656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-12 13:59 - 2015-05-25 13:00 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-12 13:59 - 2015-04-29 14:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-12 13:59 - 2015-04-29 14:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-12 13:59 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-12 13:59 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-12 13:59 - 2015-04-29 14:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-12 13:58 - 2015-05-22 14:03 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-12 13:58 - 2015-05-22 14:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-12 13:58 - 2015-05-22 14:02 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-12 13:58 - 2015-05-22 14:02 - 00333824 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-12 13:58 - 2015-05-22 14:02 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-12 13:58 - 2015-05-22 14:02 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-12 13:58 - 2015-05-22 13:58 - 00901120 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-12 13:58 - 2015-05-21 09:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-12 13:56 - 2015-05-08 23:14 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-12 13:56 - 2015-05-08 23:13 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-12 13:56 - 2015-05-08 23:13 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-12 13:56 - 2015-05-08 23:12 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-12 13:56 - 2015-05-08 23:08 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-12 13:56 - 2015-05-08 23:08 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-12 13:56 - 2015-05-08 23:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-12 13:56 - 2015-05-08 23:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-12 13:56 - 2015-05-08 23:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-12 13:56 - 2015-05-08 23:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-12 13:56 - 2015-05-08 23:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-12 13:56 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-12 13:56 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-12 13:56 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-12 13:56 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-12 13:56 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-12 13:56 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-12 13:56 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-12 13:56 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-12 13:56 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-12 13:56 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-12 13:56 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-12 13:56 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-12 13:56 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-12 13:56 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-12 13:56 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-12 13:56 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-12 13:56 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-12 13:56 - 2015-05-08 21:59 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-12 13:56 - 2015-05-08 21:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-12 13:56 - 2015-05-08 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-12 13:56 - 2015-05-08 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-12 13:42 - 2015-06-25 23:32 - 18174128 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2015-06-09 18:40 - 2015-04-24 13:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-04 17:06 - 2015-06-04 17:07 - 01293667 _____ C:\Users\owner\Downloads\vista-7.7.0.498-whql.zip
2015-06-03 21:54 - 2015-06-03 21:54 - 02690690 _____ C:\Users\owner\Downloads\Wireless LAN_Atheros_7.1.0.90_VistaX86.zip
2015-06-03 21:36 - 2015-06-03 21:36 - 00403456 _____ (Farbar) C:\Users\owner\Downloads\MiniToolBox.exe
2015-06-02 18:25 - 2015-06-25 23:51 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-02 23:53 - 2014-01-11 21:23 - 01353649 _____ C:\Windows\WindowsUpdate.log
2015-07-02 23:45 - 2010-11-20 17:48 - 00296906 _____ C:\Windows\PFRO.log
2015-07-02 23:45 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-02 23:45 - 2009-07-14 00:39 - 00056135 _____ C:\Windows\setupact.log
2015-07-02 23:32 - 2014-05-09 19:49 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-02 23:08 - 2009-07-14 00:34 - 00043984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-02 23:08 - 2009-07-14 00:34 - 00043984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-02 22:23 - 2015-03-27 13:06 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-26 21:45 - 2015-05-14 06:37 - 00000000 ____D C:\Program Files\PeerBlock
2015-06-26 21:33 - 2015-04-10 18:31 - 00000000 ____D C:\Users\owner\Desktop\Tor Browser
2015-06-26 10:22 - 2014-01-11 18:41 - 00000000 ____D C:\Users\owner
2015-06-26 10:18 - 2015-05-17 14:07 - 00428120 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-06-25 23:32 - 2014-05-09 19:49 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-06-25 23:32 - 2014-05-09 19:49 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-06-19 15:11 - 2010-11-20 17:01 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-16 23:00 - 2015-04-20 17:53 - 00000000 ____D C:\Users\owner\AppData\Roaming\uTorrent
2015-06-16 18:46 - 2015-03-09 21:41 - 00000000 __SHD C:\Users\owner\AppData\Local\EmieBrowserModeList
2015-06-16 18:46 - 2014-05-08 06:32 - 00000000 __SHD C:\Users\owner\AppData\Local\EmieUserList
2015-06-16 18:46 - 2014-05-08 06:32 - 00000000 __SHD C:\Users\owner\AppData\Local\EmieSiteList
2015-06-14 16:06 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\rescache
2015-06-14 11:44 - 2009-07-14 00:33 - 00277640 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-14 11:40 - 2014-12-10 19:18 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-14 11:40 - 2014-05-09 03:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-10 18:22 - 2014-01-11 19:32 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 18:05 - 2014-01-11 19:32 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-10 17:50 - 2014-05-09 19:17 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-06-03 21:09 - 2014-05-09 19:17 - 00001057 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-03 21:09 - 2014-05-09 19:17 - 00001057 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

==================== Files in the root of some directories =======

2014-06-05 14:48 - 2014-06-06 17:18 - 0000000 _____ () C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml

Some files in TEMP:
====================
C:\Users\owner\AppData\Local\Temp\Quarantine.exe
C:\Users\owner\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-06-13 13:42

==================== End of log ============================

 

ADDITION:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-06-2015 01
Ran by owner at 2015-07-02 23:54:33
Running from C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F9L7UXVM
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1339881466-3233230386-2842357061-500 - Administrator - Disabled)
Guest (S-1-5-21-1339881466-3233230386-2842357061-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1339881466-3233230386-2842357061-1002 - Limited - Enabled)
owner (S-1-5-21-1339881466-3233230386-2842357061-1000 - Administrator - Enabled) => C:\Users\owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1339881466-3233230386-2842357061-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
7-Zip 9.38 beta (HKLM\...\7-Zip) (Version:  - )
Ad-Aware Web Companion (Version: 1.1.987.2028 - Lavasoft) Hidden
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Avast Internet Security (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)
Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
erLT (Version: 1.20.0137 - Logitech, Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
LavasoftTcpService (Version: 2.3.4.2 - Lavasoft) Hidden
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
PowerISO (HKLM\...\PowerISO) (Version: 6.2 - Power Software Ltd)
Soda PDF 3D Reader (HKLM\...\{025C48E1-4695-4F49-906E-EBABCD54EA51}) (Version: 5.0.30.11889 - LULU Software Limited)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1194 - SUPERAntiSpyware.com)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows 7 USB/DVD Download Tool (HKLM\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version:  - ZTE Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1339881466-3233230386-2842357061-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1339881466-3233230386-2842357061-1000_Classes\CLSID\{15ea6566-467f-42ae-85d7-0ef80306cbdc}\localserver32 -> C:\Users\owner\AppData\Local\Temp\{8b1670c8-dc4a-4ed4-974b-81737a23826b}\IDriver.NonElevated.exe No  (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-1339881466-3233230386-2842357061-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1339881466-3233230386-2842357061-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.26.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1339881466-3233230386-2842357061-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1339881466-3233230386-2842357061-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.26.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1339881466-3233230386-2842357061-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points =========================

14-06-2015 16:04:53 Scheduled Checkpoint
15-06-2015 17:52:26 Windows Update
19-06-2015 15:27:32 Windows Update
26-06-2015 17:46:38 Windows Update
02-07-2015 23:04:15 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {33F9EDA0-15EF-48A7-9552-E18F33C2DC6D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-17] (Avast Software s.r.o.)
Task: {3D7455D7-91A1-491E-B038-EEB680A2F886} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1339881466-3233230386-2842357061-1000Core => C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {618B7651-05A7-432D-ACA8-AC8B01E63C0C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-25] (Adobe Systems Incorporated)
Task: {678A7471-DC1C-4FEA-801F-67D3A01D2C69} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1339881466-3233230386-2842357061-1000UA => C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {8CE5BB99-BF9A-41D7-BCF6-3DF30E5B2BF7} - System32\Tasks\HpWebReg.exe => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HpWebReg.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c52c2532-e59a-4e38-81e6-157e211a67a3.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f1da6150-adef-4559-9d6b-96877465ae3d.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (Whitelisted) ==============

2015-05-17 14:07 - 2015-05-17 14:07 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-17 14:07 - 2015-05-17 14:07 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-02 21:51 - 2015-07-02 21:51 - 02955264 _____ () C:\Program Files\AVAST Software\Avast\defs\15070203\algo.dll
2015-05-17 14:07 - 2015-05-17 14:07 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1339881466-3233230386-2842357061-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.76.76 - 75.75.75.75

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{CD02E9CE-D8B8-49F7-892A-B0C2CDA7020C}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{2CCFA8B4-1CF0-4086-9E9D-62BDC29B8EDF}] => (Allow) C:\Program Files\AVG\AVG2014\avgnsx.exe
FirewallRules: [{683369F8-4469-402F-91F1-3B9CBCC86AF6}] => (Allow) C:\Program Files\AVG\AVG2014\avgnsx.exe
FirewallRules: [{7FA4FDBE-7F95-4227-875F-3B325FC6A1BF}] => (Allow) C:\Program Files\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{D3408883-19B4-455B-A264-7DC528A62535}] => (Allow) C:\Program Files\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{CB7B3F9A-0972-42B1-BCC0-F1D2DECCE787}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{161E9EAB-A839-4F0F-BEA8-E2FDC8A5F22D}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{49944342-ADE8-4E09-9311-41A67CD6EBD5}] => (Allow) C:\Program Files\AVG\AVG2014\avgemcx.exe
FirewallRules: [{2E80B8F0-621A-435B-8879-0096EBA2FEF7}] => (Allow) C:\Program Files\AVG\AVG2014\avgemcx.exe
FirewallRules: [TCP Query User{31F8AE11-8517-4CC7-8950-1BF913B8916E}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd] => (Allow) C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd
FirewallRules: [UDP Query User{50358B6B-80A9-4BF0-A918-D63C50A46265}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd] => (Allow) C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd
FirewallRules: [{5431CEA1-F09B-4A93-93CD-1CCA697250E5}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{657F761D-B528-43F5-A03F-CB08660185E3}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{24A3595B-AAE2-41F2-BF44-24D3C98B4DCD}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{5E45454E-28F7-4CAE-B1A7-0462765F5806}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{59A921E7-2BA2-4CD6-B6FC-AC8F62D4986C}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{1C3629A6-B9C6-4566-9B62-A75A372FC9D4}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{B5ADFD75-3A49-44DB-9603-11CAAF2B6791}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{FBCB6346-A770-40A7-8BF3-8036991D56FD}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{857700BD-180F-4257-AA07-B42E271A2B11}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{3F30E11E-14A5-4505-A52A-E6705A717FF3}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{7F0FFF21-23E8-4B31-9069-ACD9192E1273}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{0DA411AE-EC98-4D18-95FC-D478870DEE0F}] => (Allow) C:\Users\owner\AppData\Local\Temp\speedmax_20140516.exe
FirewallRules: [{37FFBD90-4E58-49D7-AB5C-F77B603E69F9}] => (Allow) C:\Users\owner\AppData\Local\Temp\speedmax_6133.exe
FirewallRules: [{6ABFA862-7DEA-4CA4-AF3A-C08563582D94}] => (Allow) C:\Program Files\JoinMe\windows\zLoggingDaemon.exe
FirewallRules: [{C15A1301-8A34-44F6-9D96-D3E8842EE473}] => (Allow) C:\Program Files\JoinMe\windows\zLoggingDaemon.exe
FirewallRules: [{8848CA87-AA0A-4217-AB5C-7061FFD08F24}] => (Allow) C:\Program Files\JoinMe\PythonProject\Framework\JoinMeHelper.exe
FirewallRules: [{2C8F453B-BD88-4291-944F-00A2737E468D}] => (Allow) C:\Program Files\JoinMe\PythonProject\Framework\JoinMeHelper.exe
FirewallRules: [{D26F92F8-A4FF-4BA7-BCB8-79CC183FE1E9}] => (Allow) C:\Program Files\JoinMe\windows\Updtae\JoinMeUpdater.exe
FirewallRules: [{854EEEF7-C92F-4AAF-9F15-A0C65A641B06}] => (Allow) C:\Program Files\JoinMe\windows\Updtae\JoinMeUpdater.exe
FirewallRules: [TCP Query User{8DB22A5B-A51C-417F-AD8A-518292342F86}C:\program files\joinme\windows\zloggingdaemon.exe] => (Block) C:\program files\joinme\windows\zloggingdaemon.exe
FirewallRules: [UDP Query User{199B4AFE-751E-488C-AD69-D873B2B9E89E}C:\program files\joinme\windows\zloggingdaemon.exe] => (Block) C:\program files\joinme\windows\zloggingdaemon.exe
FirewallRules: [{62372E6B-4706-41BE-8E61-20FA0926FB44}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{6229A2C5-47CB-4AAC-8172-3D421747217A}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{0F011C37-416B-498C-A5E4-DA023659E713}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{B957491E-FED4-4D73-9477-4352B7D63EBF}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{CDFF3B1D-6C69-4DAF-BC39-ABE25B3509B5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0B2BDA3D-3BD9-4A44-B8DF-AB215F581843}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{5502EBC2-0AA9-4E29-BAB0-38C8BCC70DF4}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{912D9CAA-58FE-4419-8553-1F6B6971562F}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{F37731B4-0541-4638-9220-80C86E9173BB}] => (Allow) C:\Users\owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0027247E-6EE4-4B33-A425-760244298222}] => (Allow) C:\Users\owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{73FEDF60-7D7E-409C-A426-1990E94F78F8}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{5EBA045A-7586-47F0-9C85-FF1A2D5EE0C5}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/02/2015 11:46:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/02/2015 11:43:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_DiagTrack, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x55636303
Exception code: 0xc000000d
Fault offset: 0x00098001
Faulting process id: 0x220
Faulting application start time: 0xsvchost.exe_DiagTrack0
Faulting application path: svchost.exe_DiagTrack1
Faulting module path: svchost.exe_DiagTrack2
Report Id: svchost.exe_DiagTrack3

Error: (07/02/2015 10:59:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/02/2015 10:23:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/02/2015 10:19:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_DiagTrack, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x55636303
Exception code: 0xc000000d
Fault offset: 0x00098001
Faulting process id: 0x7d4
Faulting application start time: 0xsvchost.exe_DiagTrack0
Faulting application path: svchost.exe_DiagTrack1
Faulting module path: svchost.exe_DiagTrack2
Report Id: svchost.exe_DiagTrack3

Error: (06/26/2015 05:42:18 PM) (Source: ESENT) (EventID: 439) (User: )
Description: Windows (4868) Windows: Unable to write a shadowed header for file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk. Error -1032.

Error: (06/26/2015 05:42:18 PM) (Source: ESENT) (EventID: 490) (User: )
Description: Windows (4868) Windows: An attempt to open the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (06/26/2015 05:40:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/26/2015 10:22:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_DiagTrack, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x55636303
Exception code: 0xc000000d
Fault offset: 0x00098001
Faulting process id: 0x7f0
Faulting application start time: 0xsvchost.exe_DiagTrack0
Faulting application path: svchost.exe_DiagTrack1
Faulting module path: svchost.exe_DiagTrack2
Report Id: svchost.exe_DiagTrack3

Error: (06/26/2015 10:06:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (07/02/2015 11:47:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
%%1053

Error: (07/02/2015 11:47:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

Error: (07/02/2015 11:44:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LavasoftTcpService service failed to start due to the following error:
%%109

Error: (07/02/2015 11:44:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Print Spooler service failed to start due to the following error:
%%1069

Error: (07/02/2015 11:44:38 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The Spooler service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (07/02/2015 11:44:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostics Tracking Service service failed to start due to the following error:
%%1069

Error: (07/02/2015 11:44:30 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The DiagTrack service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (07/02/2015 11:44:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
%%1069

Error: (07/02/2015 11:44:09 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (07/02/2015 11:44:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1069

Microsoft Office:
=========================
Error: (07/02/2015 11:46:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/02/2015 11:43:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_DiagTrack6.1.7600.163854a5bc100ntdll.dll6.1.7601.1886955636303c000000d0009800122001d0b53c321db28eC:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dllbc8d7d4d-2135-11e5-9111-001d09c2458c

Error: (07/02/2015 10:59:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/02/2015 10:23:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/02/2015 10:19:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_DiagTrack6.1.7600.163854a5bc100ntdll.dll6.1.7601.1886955636303c000000d000980017d401d0b0589e4fcad1C:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dllf96aaf97-2129-11e5-9ac9-001d09c2458c

Error: (06/26/2015 05:42:18 PM) (Source: ESENT) (EventID: 439) (User: )
Description: Windows4868Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk-1032

Error: (06/26/2015 05:42:18 PM) (Source: ESENT) (EventID: 490) (User: )
Description: Windows4868Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (06/26/2015 05:40:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/26/2015 10:22:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_DiagTrack6.1.7600.163854a5bc100ntdll.dll6.1.7601.1886955636303c000000d000980017f001d0b01946392232C:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dllcc21299e-1c0e-11e5-9b8f-001d09c2458c

Error: (06/26/2015 10:06:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T7250 @ 2.00GHz
Percentage of memory in use: 52%
Total physical RAM: 2037.97 MB
Available physical RAM: 976.55 MB
Total Virtual: 2549.97 MB
Available Virtual: 1048.76 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:64.61 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 7F2EB109)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

==================== End of log ============================



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:56 PM

Posted 03 July 2015 - 07:53 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
EmptyTemp:
cmd: ipconfig /flushdns
CloseProcesses:

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:52772;https=127.0.0.1:52772
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchEngine.US: Google (avast)
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: https://www.google.com/?trackid=sp-006
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll [2010-10-06] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll [2010-10-06] (Coupons, Inc.)
FF SearchPlugin: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\rn9xu3wn.default-1415362862983\searchplugins\google-avast.xml [2015-06-03]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-17]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-17]
S3 NHIHHIY; C:\Users\owner\AppData\Local\Temp\NHIHHIY.exe [X]
S3 AQFileRestore; system32\DRIVERS\AQFileRestore.sys [X]

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:56 PM

Posted 09 July 2015 - 09:12 AM

Are you still with me?

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:56 PM

Posted 15 July 2015 - 07:58 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users