Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer very slow & annoying


  • This topic is locked This topic is locked
14 replies to this topic

#1 ed-e-dee

ed-e-dee

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:06:32 PM

Posted 13 October 2015 - 12:15 AM

Hi All,

 

I've been sent over from " Am I Infected."

In Internet Explorer I keep getting boxs popup, Stop running this script.   WIE Stop running this script,  IE Has stopped working. This page cannot be displayed. " Whats App Reminder".

 

In am I infected we did a lot of work there seems to be Virus free, We down loaded Firefox when I go into Facebook I don't get half the photos then I'll get Stop running script.

 

I have just ran FRST.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-10-2015
Ran by admin (administrator) on COMPUTER (13-10-2015 15:59:26)
Running from C:\Users\admin\Downloads
Loaded Profiles: admin (Available Profiles: admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Farbar) C:\Users\admin\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3778472 2015-10-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1382244373-2055223747-3369237834-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8461224 2015-09-17] (Piriform Ltd)
BootExecute:
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BB87E0A3-252A-4D07-BE03-06DBCBE54D28}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1382244373-2055223747-3369237834-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1382244373-2055223747-3369237834-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1382244373-2055223747-3369237834-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-au/?ocid=iehp
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1382244373-2055223747-3369237834-1003 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1382244373-2055223747-3369237834-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-31] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-31] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1382244373-2055223747-3369237834-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-08-15] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\sysWOW64\urlmon.dll [2015-08-15] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-08-15] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\sysWOW64\urlmon.dll [2015-08-15] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3ij6ixwb.default
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-10-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-10-08] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-11] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-31] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2014-08-29] (Nero AG)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1382244373-2055223747-3369237834-1003: @tools.google.com/Google Update;version=3 -> C:\Users\admin\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1382244373-2055223747-3369237834-1003: @tools.google.com/Google Update;version=9 -> C:\Users\admin\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-28] (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxps://au.search.yahoo.com/?type=926458&fr=yo-yhp-ch
CHR StartupUrls: Default -> "hxxps://au.search.yahoo.com/?type=926458&fr=yo-yhp-ch"
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-18]
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-18]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-18]
CHR Extension: (Google Search) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-18]
CHR Extension: (Bookmark Manager) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-13]
CHR Extension: (Google Wallet) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-18]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-18]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3642280 2015-10-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-10-05] (AVG Technologies CZ, s.r.o.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [314800 2015-10-05] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [300464 2015-08-04] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-05-13] ()
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [223744 2013-03-19] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [295424 2013-03-19] (VIA Technologies, Inc.)
S3 a2acc; \??\C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [X]
S1 A2DDA; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [X]
S1 a2injectiondriver; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [X]
S1 a2util; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
S3 LgBttPort; system32\DRIVERS\lgbtpt64.sys [X]
S3 lgbusenum; system32\DRIVERS\lgbtbs64.sys [X]
S3 LGVMODEM; system32\DRIVERS\lgvmdm64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-13 15:59 - 2015-10-13 15:59 - 02196480 _____ (Farbar) C:\Users\admin\Downloads\FRST64(1).exe
2015-10-13 15:59 - 2015-10-13 15:59 - 00017640 _____ C:\Users\admin\Downloads\FRST.txt
2015-10-13 15:59 - 2015-10-13 15:59 - 00000000 ____D C:\FRST
2015-10-13 15:57 - 2015-10-13 15:58 - 02196480 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe.part
2015-10-13 15:57 - 2015-10-13 15:57 - 00000000 _____ C:\Users\admin\Downloads\FRST64.exe
2015-10-13 15:11 - 2015-10-13 15:13 - 167601944 _____ (Apple Inc.) C:\Users\admin\Downloads\iTunes6464Setup(1).exe
2015-10-12 19:27 - 2015-10-12 19:28 - 00891392 _____ (Farbar) C:\Users\admin\Downloads\MiniToolBox(1).exe
2015-10-12 19:26 - 2015-10-12 19:26 - 00985600 _____ C:\Users\admin\Downloads\MicrosoftFixit50123.msi
2015-10-12 17:07 - 2015-10-12 17:08 - 02310216 _____ (apple) C:\Users\admin\Downloads\apple-scc-w0yc305j6wgw18iy6fdj5yf66egdw5hz1dhjfjc40jc90.exe
2015-10-11 20:02 - 2015-10-13 15:02 - 00189560 _____ C:\Windows\setupact.log
2015-10-11 20:02 - 2015-10-11 20:02 - 00000000 _____ C:\Windows\setuperr.log
2015-10-11 11:15 - 2015-10-11 11:15 - 00010910 _____ C:\Users\admin\Documents\cc_20151011_111525.reg
2015-10-10 13:30 - 2015-10-10 13:30 - 00000134 _____ C:\Users\admin\Desktop\Internet Explorer Troubleshooting.url
2015-10-10 12:46 - 2015-10-10 12:46 - 00003654 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2015-10-10 12:46 - 2015-10-10 12:46 - 00002163 _____ C:\Users\admin\Desktop\Tweaking.com - Windows Repair.lnk
2015-10-10 12:46 - 2015-10-10 12:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-10-08 17:35 - 2015-10-08 17:35 - 00000000 ____D C:\Users\admin\AppData\Local\CEF
2015-10-08 17:11 - 2015-10-08 17:11 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-08 17:11 - 2015-10-08 17:11 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-10-08 17:07 - 2015-10-13 15:43 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-08 17:07 - 2015-10-08 17:07 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-08 17:05 - 2015-10-08 17:05 - 01190616 _____ (Adobe Systems Incorporated) C:\Users\admin\Downloads\flashplayer19_ha_install.exe
2015-10-08 13:15 - 2015-10-08 13:15 - 00006242 _____ C:\Users\admin\Documents\cc_20151008_131544.reg
2015-10-08 12:38 - 2015-10-13 15:50 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{301BD350-D632-4189-9DA9-62FE259E36E7}
2015-10-08 12:26 - 2015-08-15 07:20 - 01539584 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-08 12:26 - 2015-08-15 07:20 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-08 12:26 - 2015-08-15 07:20 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-08 12:26 - 2015-08-15 07:20 - 00290304 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-08 12:26 - 2015-08-15 07:20 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-10-08 12:26 - 2015-08-15 07:19 - 12306944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-08 12:26 - 2015-08-15 07:19 - 09070080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-08 12:26 - 2015-08-15 07:19 - 02470912 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-08 12:26 - 2015-08-15 07:19 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2015-10-08 12:26 - 2015-08-15 07:19 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-08 12:26 - 2015-08-15 07:19 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-08 12:26 - 2015-08-15 07:19 - 00495616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-08 12:26 - 2015-08-15 07:19 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-08 12:26 - 2015-08-15 07:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-08 12:26 - 2015-08-15 07:19 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-10-08 12:26 - 2015-08-15 07:19 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-08 12:26 - 2015-08-15 07:19 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-08 12:26 - 2015-08-15 07:19 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-10-08 12:26 - 2015-08-15 07:19 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-08 12:26 - 2015-08-15 07:19 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-08 12:26 - 2015-08-15 07:19 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-10-08 12:26 - 2015-08-15 07:19 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-08 12:26 - 2015-08-15 07:19 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-10-08 12:26 - 2015-08-15 07:19 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-10-08 12:26 - 2015-08-15 07:19 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2015-10-08 12:26 - 2015-08-15 07:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-10-08 12:26 - 2015-08-15 07:18 - 01538048 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-08 12:26 - 2015-08-15 04:54 - 01267712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-08 12:26 - 2015-08-15 04:54 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-08 12:26 - 2015-08-15 04:54 - 00429568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-08 12:26 - 2015-08-15 04:54 - 00229376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-08 12:26 - 2015-08-15 04:54 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-10-08 12:26 - 2015-08-15 04:53 - 11031040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-08 12:26 - 2015-08-15 04:53 - 06034944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-08 12:26 - 2015-08-15 04:53 - 02088448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-08 12:26 - 2015-08-15 04:53 - 00717312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-08 12:26 - 2015-08-15 04:53 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-08 12:26 - 2015-08-15 04:53 - 00624640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2015-10-08 12:26 - 2015-08-15 04:53 - 00389120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-08 12:26 - 2015-08-15 04:53 - 00345600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-08 12:26 - 2015-08-15 04:53 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-08 12:26 - 2015-08-15 04:53 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-10-08 12:26 - 2015-08-15 04:53 - 00186368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-10-08 12:26 - 2015-08-15 04:53 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-08 12:26 - 2015-08-15 04:53 - 00153088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-10-08 12:26 - 2015-08-15 04:53 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-10-08 12:26 - 2015-08-15 04:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-08 12:26 - 2015-08-15 04:53 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-10-08 12:26 - 2015-08-15 04:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-10-08 12:26 - 2015-08-15 04:53 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-10-08 12:26 - 2015-08-15 04:53 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2015-10-08 12:26 - 2015-08-15 04:53 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\corpol.dll
2015-10-08 12:26 - 2015-08-15 04:53 - 00015872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-10-08 12:26 - 2015-08-15 04:52 - 01466368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-08 12:26 - 2015-08-15 04:27 - 00483328 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-08 12:26 - 2015-08-15 04:17 - 00386560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-10-08 12:26 - 2015-08-15 04:06 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-08 12:26 - 2015-08-15 03:57 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-10-07 21:49 - 2015-10-07 21:49 - 00001447 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-07 21:49 - 2015-10-07 21:49 - 00001413 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-10-07 21:27 - 2015-10-11 11:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-07 21:27 - 2015-10-10 13:33 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-10-07 21:27 - 2015-10-10 13:33 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-10-05 15:44 - 2015-10-05 15:44 - 01681920 _____ C:\Users\admin\Downloads\AdwCleaner (2).exe
2015-10-05 11:48 - 2015-10-05 11:48 - 00001049 _____ C:\mbam.txt
2015-10-05 11:14 - 2015-10-05 11:14 - 00314800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2015-10-03 22:08 - 2015-10-03 22:08 - 01801288 _____ (Malwarebytes) C:\Users\admin\Downloads\JRT.exe
2015-10-03 22:02 - 2015-10-03 22:02 - 01670656 _____ C:\Users\admin\Downloads\AdwCleaner (1).exe
2015-10-03 22:01 - 2015-10-03 22:01 - 01670656 _____ C:\Users\admin\Downloads\AdwCleaner.exe
2015-10-03 21:45 - 2015-10-03 21:45 - 00011220 _____ C:\Users\admin\Documents\cc_20151003_204519.reg
2015-09-28 22:34 - 2015-09-28 22:34 - 00267555 _____ C:\Users\admin\Downloads\Tilly3.htm
2015-09-28 22:33 - 2015-09-28 22:33 - 00273794 _____ C:\Users\admin\Downloads\Tilly   2.htm
2015-09-28 22:32 - 2015-09-28 22:32 - 00270470 _____ C:\Users\admin\Downloads\Tilly.htm
2015-09-27 21:26 - 2015-09-27 21:26 - 00000000 ____D C:\Users\admin\Desktop\Canberra,parliment house
2015-09-27 14:50 - 2015-09-27 14:50 - 00166073 _____ C:\Users\admin\Downloads\watch.htm
2015-09-25 14:48 - 2015-09-25 14:48 - 00041597 _____ C:\Users\admin\Downloads\cheesy-potato-bake-recipe.htm
2015-09-25 13:43 - 2015-09-25 13:43 - 00270259 _____ C:\Users\admin\Downloads\Staffy femail.htm
2015-09-21 15:46 - 2015-09-21 15:46 - 00000000 ____D C:\Users\admin\Desktop\Tetlow kiln
2015-09-18 14:54 - 2015-09-18 14:54 - 00237389 _____ C:\Users\admin\Downloads\popcorn.m4r
2015-09-15 14:36 - 2015-09-15 14:37 - 01660416 _____ C:\Users\admin\Downloads\AdwCleaner (1).exe.u10o5fh (2).partial
2015-09-15 14:31 - 2015-10-13 08:53 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-15 14:26 - 2015-09-15 14:31 - 00000000 ____D C:\Users\admin\AppData\Roaming\Malwarebytes
2015-09-15 14:26 - 2015-09-15 14:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-09-14 21:59 - 2015-09-15 14:05 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-09-14 21:59 - 2015-09-14 21:59 - 00000000 ____D C:\Users\admin\AppData\Local\Dropbox
2015-09-14 21:59 - 2015-09-14 21:59 - 00000000 ____D C:\ProgramData\Dropbox
2015-09-13 21:22 - 2015-09-13 21:22 - 00000796 _____ C:\Users\Public\Desktop\Speccy.lnk
2015-09-13 21:22 - 2015-09-13 21:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2015-09-13 21:22 - 2015-09-13 21:22 - 00000000 ____D C:\Program Files\Speccy
2015-09-13 21:18 - 2015-10-12 19:29 - 00021507 _____ C:\Users\admin\Downloads\MTB.txt
2015-09-13 21:16 - 2015-09-13 21:16 - 00891392 _____ (Farbar) C:\Users\admin\Downloads\MiniToolBox (2).exe
2015-09-13 21:14 - 2015-09-13 21:14 - 00891392 _____ (Farbar) C:\Users\admin\Downloads\MiniToolBox (1).exe
2015-09-13 21:13 - 2015-09-13 21:13 - 00891392 _____ (Farbar) C:\Users\admin\Downloads\MiniToolBox.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-13 15:10 - 2015-08-13 15:41 - 01240651 _____ C:\Windows\WindowsUpdate.log
2015-10-13 15:10 - 2009-07-14 15:45 - 00026000 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-13 15:10 - 2009-07-14 15:45 - 00026000 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-13 15:06 - 2009-07-14 16:13 - 00774168 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-13 15:02 - 2015-06-13 15:04 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-10-13 15:02 - 2009-07-14 16:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-13 08:55 - 2014-08-21 13:39 - 00000000 ____D C:\ProgramData\MFAData
2015-10-13 08:50 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\tracing
2015-10-12 19:18 - 2009-07-14 16:08 - 00032548 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-11 20:01 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\system32\NDF
2015-10-11 11:37 - 2015-05-13 19:10 - 00000000 ____D C:\Users\admin\AppData\Local\CrashDumps
2015-10-10 13:33 - 2015-05-21 20:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-10 13:22 - 2014-09-17 14:12 - 00064024 _____ C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-10 13:22 - 2009-07-14 15:45 - 00294496 _____ C:\Windows\system32\FNTCACHE.DAT
2015-10-10 12:57 - 2009-07-14 13:34 - 00000454 _____ C:\Windows\win.ini
2015-10-10 12:45 - 2015-07-27 22:00 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-10-09 09:31 - 2015-04-26 16:30 - 00000965 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-10-09 09:31 - 2014-09-21 00:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-10-09 09:28 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\rescache
2015-10-08 17:35 - 2014-08-16 16:17 - 00000000 ____D C:\Users\admin\AppData\Local\Adobe
2015-10-08 17:11 - 2015-05-13 19:34 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-08 17:11 - 2014-07-24 17:27 - 00000000 ____D C:\ProgramData\Adobe
2015-10-08 17:11 - 2014-07-24 17:27 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-10-08 17:07 - 2014-07-24 17:30 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-08 17:07 - 2014-07-24 17:30 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-08 16:40 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-10-08 13:15 - 2014-09-18 07:50 - 00000000 ____D C:\Windows\Panther
2015-10-08 12:44 - 2014-07-26 11:53 - 00000308 _____ C:\Users\admin\Desktop\FACEBOOK.url
2015-10-06 22:42 - 2014-07-24 17:24 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-10-05 15:49 - 2014-09-27 14:02 - 00000000 ____D C:\AdwCleaner
2015-10-05 14:14 - 2015-01-25 13:04 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-05 14:14 - 2015-01-25 13:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-05 14:14 - 2015-01-25 13:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-04 13:12 - 2014-09-27 14:04 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-10-04 13:12 - 2014-09-27 14:04 - 00000000 ____D C:\Program Files\CCleaner
2015-09-21 15:46 - 2014-07-24 20:07 - 00000000 ____D C:\Users\admin\Desktop\Unused
2015-09-15 22:16 - 2015-08-12 17:16 - 00000000 ____D C:\Program Files (x86)\Canon
2015-09-15 22:15 - 2015-08-30 15:08 - 00000000 ____D C:\ProgramData\Skype
2015-09-15 14:26 - 2014-09-17 14:55 - 00000000 ____D C:\ProgramData\Malwarebytes

==================== Files in the root of some directories =======

2014-12-24 10:46 - 2015-07-04 22:55 - 0000115 _____ () C:\Users\admin\AppData\Roaming\LogFile.txt
2014-07-24 20:02 - 2014-08-02 20:10 - 0018526 _____ () C:\Users\admin\AppData\Roaming\UserTile.png
2014-09-26 21:22 - 2014-09-26 21:22 - 0003584 _____ () C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-11 12:45

==================== End of FRST.txt ============================

 


Eddee

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:32 AM

Posted 13 October 2015 - 08:42 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\igfxcui: igfxdev.dll [X]
GroupPolicy: Restriction - Chrome <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1382244373-2055223747-3369237834-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1382244373-2055223747-3369237834-1003 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1382244373-2055223747-3369237834-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKU\S-1-5-21-1382244373-2055223747-3369237834-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HomePage: Default -> hxxps://au.search.yahoo.com/?type=926458&fr=yo-yhp-ch
CHR StartupUrls: Default -> "hxxps://au.search.yahoo.com/?type=926458&fr=yo-yhp-ch"
S3 a2acc; \??\C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [X]
S1 A2DDA; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [X]
S1 a2injectiondriver; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [X]
S1 a2util; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
S3 LgBttPort; system32\DRIVERS\lgbtpt64.sys [X]
S3 lgbusenum; system32\DRIVERS\lgbtbs64.sys [X]
S3 LGVMODEM; system32\DRIVERS\lgvmdm64.sys [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141
===

How is the computer running now?

p.s.
Please post the Addition.txt file created by the Farbar tool.

#3 ed-e-dee

ed-e-dee
  • Topic Starter

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:06:32 PM

Posted 14 October 2015 - 10:14 PM

Hi nasdaq, Thanks for helping me out,, I'm still a novice at computing I get old seniors moments. Lol.

 

I don't feel as I've done this right for you I could not get Farbar to fix after scan, but I'll send what I have got maybe I did do it right, so here goes.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:12-10-2015
Ran by admin (2015-10-13 15:59:46)
Running from C:\Users\admin\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2014-09-17 03:09:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

admin (S-1-5-21-1382244373-2055223747-3369237834-1003 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-1382244373-2055223747-3369237834-500 - Administrator - Disabled)
Guest (S-1-5-21-1382244373-2055223747-3369237834-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1382244373-2055223747-3369237834-1005 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security 2015 (Disabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6172 - AVG Technologies)
AVG 2015 (Version: 15.0.4447 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6172 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J430W (HKLM-x32\...\{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}) (Version: 1.0.10.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
eM Client (HKLM-x32\...\{6D1C3187-2820-44F9-B64F-83FD3DEE0201}) (Version: 6.0.22344.0 - eM Client Inc.)
Etron USB3.0 Host Controller (x32 Version: 0.115 - Etron Technology) Hidden
Google Photos Backup (HKU\S-1-5-21-1382244373-2055223747-3369237834-1003\...\Google Photos Backup) (Version: 1.1.0.239 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
K-Lite Codec Pack 9.9.9 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.9.9 - )
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1382244373-2055223747-3369237834-1003\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 41.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 en-US)) (Version: 41.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.1 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 2015 (HKLM-x32\...\{E6626251-ED62-469C-821F-D75C50154C48}) (Version: 16.0.02800 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG)
ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.239 - Google, Inc.)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Prerequisite installer (x32 Version: 16.0.0000 - Nero AG) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7076 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.6.0 - Tweaking.com)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1382244373-2055223747-3369237834-1003_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1382244373-2055223747-3369237834-1003_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1382244373-2055223747-3369237834-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

07-10-2015 21:46:56 Windows Modules Installer
08-10-2015 13:35:47 Windows Update
10-10-2015 13:29:36 Windows Modules Installer
11-10-2015 16:35:32 Windows Update
12-10-2015 19:26:47 Installed Microsoft Fix it 50123

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 13:34 - 2015-10-10 12:57 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09C6E53B-900D-4D46-AE2A-00F222B38D57} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {1E4FA9AB-60A7-4CEE-83CF-35D9D70DCF42} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-17] (Piriform Ltd)
Task: {2DCCADBF-38CC-4B23-9081-1752A340D757} - System32\Tasks\{4B424C83-7F5B-4418-8056-84FC3D36667B} => pcalua.exe -a C:\Users\admin\AppData\Roaming\sweet-page\UninstallManager.exe -c  -ptid=sof
Task: {2EF16179-5321-4651-9E2F-4D6A614D007A} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {3BFC7575-F499-437F-9395-B80B8F6010AF} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2014-07-21] (Nero AG)
Task: {4AFDE148-4A79-41B9-BEBB-E3E709BD1C63} - System32\Tasks\Java™ Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-08-04] (Oracle Corporation)
Task: {50290DEB-02C1-4B5C-99FD-4389394C64B4} - \LaunchSignup -> No File <==== ATTENTION
Task: {5266C1FC-4C87-446A-84B5-7F18F7865428} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-12] (Tweaking.com)
Task: {5AD36195-400D-4199-850B-9755CCD48C22} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-08] (Adobe Systems Incorporated)
Task: {629E1CFE-AEB8-4ED0-92E6-17841F82A111} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1382244373-2055223747-3369237834-1003Core => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2015-07-28] (Google Inc.)
Task: {8A8A8C04-621A-4B50-94B5-19515777E42F} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B49311F2-B63D-43BF-B6B1-5F85F2B142BB} - System32\Tasks\{7547D37E-CD86-486F-A4CA-FEAB2DACD1BE} => C:\Program Files (x86)\eM Client\MailClient.exe [2015-04-23] (eM Client, Inc.)
Task: {B964A74B-30D9-432D-B4AB-36C69C24A67B} - System32\Tasks\{071DEF7F-3080-47BF-9BF2-3AB7295EE456} => pcalua.exe -a C:\Users\admin\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=w3i <==== ATTENTION
Task: {BC6D9983-2200-4941-A254-4204C96F99D7} - System32\Tasks\{8F89AEC2-DBE7-4111-8A04-5E1C0A871CA6} => pcalua.exe -a C:\ProgramData\LGMOBILEAX\LGMLauncher.exe -d C:\ProgramData\LGMOBILEAX
Task: {C1A620F7-8D14-4AC5-BCFF-F8829ED14DB8} - System32\Tasks\{4E642B1D-5C2A-4AFF-9A0B-A67BB64CBA9D} => pcalua.exe -a E:\setup.exe -d E:\
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {D9390939-DDBB-4AEA-8352-608FDC39FA74} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1382244373-2055223747-3369237834-1003UA => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2015-07-28] (Google Inc.)
Task: {E10091BF-4BC6-492D-ACAB-85563CDDAFBC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {F97D4AFE-C859-475F-A7C0-36A5116B44CE} - System32\Tasks\{0A009F85-A859-48F7-AC59-3E487161BD6D} => pcalua.exe -a "C:\Users\admin\Downloads\B2CAppSetup (1).exe" -d C:\Users\admin\Desktop
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {FD240B49-381E-4CE3-B763-24E195318611} - System32\Tasks\{F55D658D-A66D-48EE-83B8-F4321FD3DD61} => pcalua.exe -a "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIYR1A8O\Adobe_Air_v15.0.0.356.exe" -d C:\Users\admin\Desktop

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1382244373-2055223747-3369237834-1003Core.job => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1382244373-2055223747-3369237834-1003UA.job => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-03-20 19:12 - 2015-03-20 19:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 17:26 - 2015-05-15 17:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-14 01:24 - 2015-08-09 05:50 - 00404376 _____ () C:\Windows\system32\igfxTray.exe
2014-08-16 16:07 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-06-12 14:01 - 2013-09-16 13:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1382244373-2055223747-3369237834-1003\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-1382244373-2055223747-3369237834-1003\...\driversupport.com -> hxxps://apps.driversupport.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1382244373-2055223747-3369237834-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{FE85E2B5-F6B2-4E13-BA1A-06494C2501B5}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{8484F680-E1E6-4833-83C2-E51BE9CA776E}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{1FC3ABBD-77B0-4ACE-ADAF-021748EEA2EA}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{5C681607-FF00-4085-85DB-8553DEA6770A}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{BC52A77E-AC29-4FD0-8A3C-00E0B3607386}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{0517F63E-1E2B-4CD3-BEF2-FDC2933DBBF9}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{9522E27A-F336-416B-AD22-6E6CD6DF9E39}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{E9FF7ADA-D775-4A65-AB21-D53287FB24B6}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{EAD5B423-15BB-45B7-B576-43BE7599A91F}] => (Allow) LPort=1900
FirewallRules: [{C3B4A850-6FD4-44AE-93BC-8A37F756A62E}] => (Allow) LPort=2869
FirewallRules: [{EF1E8478-33C5-4356-84FD-C9270AD2E346}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{43E77EBE-2758-4ACA-BCBD-9630EF83F6D0}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{BE72903B-1301-4870-B3A2-9239306D4534}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{29C34187-D1B2-485C-B43A-1E901AD12967}] => (Allow) C:\Program Files (x86)\Nero\Nero 2015\Nero Burning ROM\StartNBR.exe
FirewallRules: [{EB17CD25-86A5-4BB1-8FD8-D65BFB6FB962}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{DAABEE07-4E95-46D9-89F5-13CB9929BD18}] => (Allow) C:\Program Files (x86)\Nero\Nero 2015\Nero Burning ROM\nero.exe
FirewallRules: [{2185BCE8-DE4D-4183-B42F-97C0FC29A605}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E44D4831-7A22-4A69-94BA-8A0125AB1D85}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4DCF8351-8B3D-4BEC-B54A-CEC75124C0BA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F34C4CCD-D07C-4AE3-BC1E-78CEC9EBE79E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E407C2A7-C536-483B-AA74-D755068C5F5C}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{B40C1266-BBCD-4275-ABA1-BD080B614E00}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{9BE0B790-958C-4EF6-A170-A7DA558F5EC7}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{1C55834D-2696-45C9-9AAB-31AF93D7E24D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{50997362-A349-41EF-9A09-66DBEDF4BAE9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{014373D0-F946-46AF-85BF-D172904527C4}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{5BB7CAE0-25EF-4CFC-B0E4-91A1A3030CB3}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{7694A6D0-759F-4204-82DD-10D2D2531279}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{6393F4F0-4D66-4CCC-9902-4FFBA943D4E6}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{63B9000B-76E7-4924-9F8A-24558C588A09}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{3F2464A7-321A-4D91-BC10-89440778B7F9}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/13/2015 03:03:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 674

Start Time: 01d1056bed84c5d0

Termination Time: 16

Application Path: C:\Windows\Explorer.EXE

Report Id: 4f9be712-715f-11e5-b034-74d435d2457b

Error: (10/11/2015 11:36:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7601.18969, time stamp: 0x55ce206f
Faulting module name: mshtml.dll, version: 8.0.7601.18969, time stamp: 0x55ce4c78
Exception code: 0xc0000005
Fault offset: 0x0000000000116652
Faulting process id: 0x1004
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (10/10/2015 01:22:39 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (10/10/2015 01:22:37 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (10/10/2015 01:01:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: COMPUTER)
Description: Installing the performance counter strings for service .NET CLR Networking 4.0.0.0 () failed. The first DWORD in the Data section contains the error code.

Error: (10/10/2015 01:01:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: COMPUTER)
Description: Installing the performance counter strings for service .NET Data Provider for Oracle () failed. The first DWORD in the Data section contains the error code.

Error: (10/10/2015 12:56:13 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\EN-US\AACLIENT.MFL

Error: (10/10/2015 12:56:11 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\AACLIENT.MOF

Error: (10/10/2015 12:50:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/10/2015 12:46:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040154, Class not registered
.


Operation:
   Instantiating VSS server


System errors:
=============
Error: (10/13/2015 03:03:22 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3C5E2B20-B911-44E2-A2DD-9F05E7B5E775}

Error: (10/13/2015 03:02:28 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
a2injectiondriver

Error: (10/13/2015 03:02:28 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (10/13/2015 09:00:28 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (10/13/2015 09:00:25 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (10/13/2015 08:50:46 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (10/13/2015 08:50:46 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

    Feature: %%886

    Error Code: 0x80070005

    Error description: Access is denied.

    Reason: %%892

Error: (10/13/2015 08:50:45 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
a2injectiondriver

Error: (10/13/2015 08:50:45 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (10/12/2015 07:18:25 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.


CodeIntegrity:
===================================
  Date: 2015-05-13 18:20:51.437
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-05-13 18:20:51.422
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-05-13 18:19:44.108
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\admin\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-05-13 18:19:44.092
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\admin\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-05-13 18:19:44.077
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\admin\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-05-13 18:19:44.045
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\admin\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-05-13 18:19:43.967
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\admin\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-05-13 18:19:43.952
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\admin\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-01-27 17:39:06.267
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\System Volume Information\_restore{F065F383-0759-4156-9BC6-A0EFBCE6D21E}\RP261\A0055837.rbf because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-27 17:39:06.189
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\System Volume Information\_restore{F065F383-0759-4156-9BC6-A0EFBCE6D21E}\RP261\A0055837.rbf because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Pentium® CPU G3240 @ 3.10GHz
Percentage of memory in use: 25%
Total physical RAM: 8068.76 MB
Available physical RAM: 6023.23 MB
Total Virtual: 16135.73 MB
Available Virtual: 13968.08 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.25 GB) (Free:33.06 GB) NTFS
Drive d: () (Fixed) (Total:465.75 GB) (Free:0.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 8507E427)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: E90BE90B)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Eddee

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:32 AM

Posted 15 October 2015 - 09:17 AM

The fix may not have worked because you are running the Farbar .exe tool from the Downloads folder.
C:\Users\admin\Downloads

Copy the Farbar tool to your Desktop.

I have created a revised FixList.txt file and it's attached this time.

Download the file and place it on the Desktop also.

Run the Farbar tool and click the Fix button.

Post the Fixlog.txt file for my review.

Attached Files



#5 ed-e-dee

ed-e-dee
  • Topic Starter

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:06:32 PM

Posted 15 October 2015 - 07:42 PM

I think i've got it right this time ???????????

Fix result of Farbar Recovery Scan Tool (x64) Version:15-10-2015 01
Ran by admin (2015-10-16 11:34:56) Run:1
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: admin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\igfxcui: igfxdev.dll [X]
GroupPolicy: Restriction - Chrome <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1382244373-2055223747-3369237834-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1382244373-2055223747-3369237834-1003 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1382244373-2055223747-3369237834-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKU\S-1-5-21-1382244373-2055223747-3369237834-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HomePage: Default -> hxxps://au.search.yahoo.com/?type=926458&fr=yo-yhp-ch
CHR StartupUrls: Default -> "hxxps://au.search.yahoo.com/?type=926458&fr=yo-yhp-ch"
S3 a2acc; \??\C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [X]
S1 A2DDA; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [X]
S1 a2injectiondriver; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [X]
S1 a2util; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
S3 LgBttPort; system32\DRIVERS\lgbtpt64.sys [X]
S3 lgbusenum; system32\DRIVERS\lgbtbs64.sys [X]
S3 LGVMODEM; system32\DRIVERS\lgvmdm64.sys [X]
Task: {09C6E53B-900D-4D46-AE2A-00F222B38D57} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {2DCCADBF-38CC-4B23-9081-1752A340D757} - System32\Tasks\{4B424C83-7F5B-4418-8056-84FC3D36667B} => pcalua.exe -a C:\Users\admin\AppData\Roaming\sweet-page\UninstallManager.exe -c  -ptid=sof
Task: {2EF16179-5321-4651-9E2F-4D6A614D007A} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {50290DEB-02C1-4B5C-99FD-4389394C64B4} - \LaunchSignup -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B964A74B-30D9-432D-B4AB-36C69C24A67B} - System32\Tasks\{071DEF7F-3080-47BF-9BF2-3AB7295EE456} => pcalua.exe -a C:\Users\admin\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=w3i <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
C:\Users\admin\AppData\Roaming\sweet-page
C:\Users\admin\AppData\Roaming\webssearches
End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => key removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1382244373-2055223747-3369237834-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-1382244373-2055223747-3369237834-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1382244373-2055223747-3369237834-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
HKU\S-1-5-21-1382244373-2055223747-3369237834-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
"HKCR\PROTOCOLS\Handler\livecall" => key removed successfully
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found.
"HKCR\PROTOCOLS\Handler\msnim" => key removed successfully
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
a2acc => service removed successfully
A2DDA => service removed successfully
a2injectiondriver => service removed successfully
a2util => service removed successfully
AndNetDiag => service removed successfully
ANDNetModem => service removed successfully
andnetndis => service removed successfully
catchme => service removed successfully
cleanhlp => service removed successfully
LgBttPort => service removed successfully
lgbusenum => service removed successfully
LGVMODEM => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{09C6E53B-900D-4D46-AE2A-00F222B38D57}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09C6E53B-900D-4D46-AE2A-00F222B38D57}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2DCCADBF-38CC-4B23-9081-1752A340D757}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2DCCADBF-38CC-4B23-9081-1752A340D757}" => key removed successfully
C:\Windows\System32\Tasks\{4B424C83-7F5B-4418-8056-84FC3D36667B} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4B424C83-7F5B-4418-8056-84FC3D36667B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2EF16179-5321-4651-9E2F-4D6A614D007A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2EF16179-5321-4651-9E2F-4D6A614D007A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{50290DEB-02C1-4B5C-99FD-4389394C64B4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{50290DEB-02C1-4B5C-99FD-4389394C64B4}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B964A74B-30D9-432D-B4AB-36C69C24A67B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B964A74B-30D9-432D-B4AB-36C69C24A67B}" => key removed successfully
C:\Windows\System32\Tasks\{071DEF7F-3080-47BF-9BF2-3AB7295EE456} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{071DEF7F-3080-47BF-9BF2-3AB7295EE456}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector" => key removed successfully
"C:\Users\admin\AppData\Roaming\sweet-page" => File/Folder not found.
"C:\Users\admin\AppData\Roaming\webssearches" => File/Folder not found.
EmptyTemp: => 520.7 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 11:35:11 ====

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:15-10-2015 01
Ran by admin (2015-10-16 11:34:24)
Running from C:\Users\admin\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-09-17 03:09:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

admin (S-1-5-21-1382244373-2055223747-3369237834-1003 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-1382244373-2055223747-3369237834-500 - Administrator - Disabled)
Guest (S-1-5-21-1382244373-2055223747-3369237834-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1382244373-2055223747-3369237834-1005 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security 2015 (Disabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.207 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{A50679D9-6CBD-4FCD-BACB-62EF3894F6F3}) (Version: 4.0.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{1F72FDD5-A069-45B4-928F-D0F16492DC69}) (Version: 4.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6172 - AVG Technologies)
AVG 2015 (Version: 15.0.4447 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6172 - AVG Technologies) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-J430W (HKLM-x32\...\{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}) (Version: 1.0.10.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
eM Client (HKLM-x32\...\{6D1C3187-2820-44F9-B64F-83FD3DEE0201}) (Version: 6.0.22344.0 - eM Client Inc.)
Etron USB3.0 Host Controller (x32 Version: 0.115 - Etron Technology) Hidden
Google Photos Backup (HKU\S-1-5-21-1382244373-2055223747-3369237834-1003\...\Google Photos Backup) (Version: 1.1.0.239 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{96984DE8-1DB8-425C-AC8C-3098BC696F04}) (Version: 12.3.0.44 - Apple Inc.)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
K-Lite Codec Pack 9.9.9 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.9.9 - )
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1382244373-2055223747-3369237834-1003\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 2015 (HKLM-x32\...\{E6626251-ED62-469C-821F-D75C50154C48}) (Version: 16.0.02800 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG)
ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.239 - Google, Inc.)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Prerequisite installer (x32 Version: 16.0.0000 - Nero AG) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7076 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.6.1 - Tweaking.com)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1382244373-2055223747-3369237834-1003_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1382244373-2055223747-3369237834-1003_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1382244373-2055223747-3369237834-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

10-10-2015 13:29:36 Windows Modules Installer
11-10-2015 16:35:32 Windows Update
12-10-2015 19:26:47 Installed Microsoft Fix it 50123
14-10-2015 13:14:46 Windows Update
14-10-2015 14:26:24 Installed iTunes

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 13:34 - 2015-10-10 12:57 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09C6E53B-900D-4D46-AE2A-00F222B38D57} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {1E4FA9AB-60A7-4CEE-83CF-35D9D70DCF42} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-17] (Piriform Ltd)
Task: {2DCCADBF-38CC-4B23-9081-1752A340D757} - System32\Tasks\{4B424C83-7F5B-4418-8056-84FC3D36667B} => pcalua.exe -a C:\Users\admin\AppData\Roaming\sweet-page\UninstallManager.exe -c  -ptid=sof
Task: {2EF16179-5321-4651-9E2F-4D6A614D007A} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {38E3FF1C-3EBA-45A3-983C-3A32AA55BEDA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {3B6EF8A2-EB0E-4F09-8799-AC5256523F65} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-12] (Tweaking.com)
Task: {3BFC7575-F499-437F-9395-B80B8F6010AF} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2014-07-21] (Nero AG)
Task: {4AFDE148-4A79-41B9-BEBB-E3E709BD1C63} - System32\Tasks\Java™ Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-08-04] (Oracle Corporation)
Task: {50290DEB-02C1-4B5C-99FD-4389394C64B4} - \LaunchSignup -> No File <==== ATTENTION
Task: {5AD36195-400D-4199-850B-9755CCD48C22} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-15] (Adobe Systems Incorporated)
Task: {629E1CFE-AEB8-4ED0-92E6-17841F82A111} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1382244373-2055223747-3369237834-1003Core => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2015-07-28] (Google Inc.)
Task: {8A8A8C04-621A-4B50-94B5-19515777E42F} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B49311F2-B63D-43BF-B6B1-5F85F2B142BB} - System32\Tasks\{7547D37E-CD86-486F-A4CA-FEAB2DACD1BE} => C:\Program Files (x86)\eM Client\MailClient.exe [2015-04-23] (eM Client, Inc.)
Task: {B964A74B-30D9-432D-B4AB-36C69C24A67B} - System32\Tasks\{071DEF7F-3080-47BF-9BF2-3AB7295EE456} => pcalua.exe -a C:\Users\admin\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=w3i <==== ATTENTION
Task: {BC6D9983-2200-4941-A254-4204C96F99D7} - System32\Tasks\{8F89AEC2-DBE7-4111-8A04-5E1C0A871CA6} => pcalua.exe -a C:\ProgramData\LGMOBILEAX\LGMLauncher.exe -d C:\ProgramData\LGMOBILEAX
Task: {BC9638A9-3559-4299-9538-C084D91A3380} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {C1A620F7-8D14-4AC5-BCFF-F8829ED14DB8} - System32\Tasks\{4E642B1D-5C2A-4AFF-9A0B-A67BB64CBA9D} => pcalua.exe -a E:\setup.exe -d E:\
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {D9390939-DDBB-4AEA-8352-608FDC39FA74} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1382244373-2055223747-3369237834-1003UA => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2015-07-28] (Google Inc.)
Task: {F97D4AFE-C859-475F-A7C0-36A5116B44CE} - System32\Tasks\{0A009F85-A859-48F7-AC59-3E487161BD6D} => pcalua.exe -a "C:\Users\admin\Downloads\B2CAppSetup (1).exe" -d C:\Users\admin\Desktop
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {FD240B49-381E-4CE3-B763-24E195318611} - System32\Tasks\{F55D658D-A66D-48EE-83B8-F4321FD3DD61} => pcalua.exe -a "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIYR1A8O\Adobe_Air_v15.0.0.356.exe" -d C:\Users\admin\Desktop

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1382244373-2055223747-3369237834-1003Core.job => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1382244373-2055223747-3369237834-1003UA.job => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-03-20 19:12 - 2015-03-20 19:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-23 16:47 - 2015-09-23 16:47 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-14 01:24 - 2015-08-09 05:50 - 00404376 _____ () C:\Windows\system32\igfxTray.exe
2014-08-16 16:07 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-06-12 14:01 - 2013-09-16 13:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1382244373-2055223747-3369237834-1003\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-1382244373-2055223747-3369237834-1003\...\driversupport.com -> hxxps://apps.driversupport.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1382244373-2055223747-3369237834-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{FE85E2B5-F6B2-4E13-BA1A-06494C2501B5}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{8484F680-E1E6-4833-83C2-E51BE9CA776E}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{1FC3ABBD-77B0-4ACE-ADAF-021748EEA2EA}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{5C681607-FF00-4085-85DB-8553DEA6770A}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{BC52A77E-AC29-4FD0-8A3C-00E0B3607386}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{0517F63E-1E2B-4CD3-BEF2-FDC2933DBBF9}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{9522E27A-F336-416B-AD22-6E6CD6DF9E39}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{E9FF7ADA-D775-4A65-AB21-D53287FB24B6}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{EAD5B423-15BB-45B7-B576-43BE7599A91F}] => (Allow) LPort=1900
FirewallRules: [{C3B4A850-6FD4-44AE-93BC-8A37F756A62E}] => (Allow) LPort=2869
FirewallRules: [{EF1E8478-33C5-4356-84FD-C9270AD2E346}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{43E77EBE-2758-4ACA-BCBD-9630EF83F6D0}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{BE72903B-1301-4870-B3A2-9239306D4534}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{29C34187-D1B2-485C-B43A-1E901AD12967}] => (Allow) C:\Program Files (x86)\Nero\Nero 2015\Nero Burning ROM\StartNBR.exe
FirewallRules: [{EB17CD25-86A5-4BB1-8FD8-D65BFB6FB962}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{DAABEE07-4E95-46D9-89F5-13CB9929BD18}] => (Allow) C:\Program Files (x86)\Nero\Nero 2015\Nero Burning ROM\nero.exe
FirewallRules: [{B40C1266-BBCD-4275-ABA1-BD080B614E00}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{9BE0B790-958C-4EF6-A170-A7DA558F5EC7}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{1C55834D-2696-45C9-9AAB-31AF93D7E24D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{50997362-A349-41EF-9A09-66DBEDF4BAE9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{014373D0-F946-46AF-85BF-D172904527C4}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{5BB7CAE0-25EF-4CFC-B0E4-91A1A3030CB3}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{7694A6D0-759F-4204-82DD-10D2D2531279}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{6393F4F0-4D66-4CCC-9902-4FFBA943D4E6}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{63B9000B-76E7-4924-9F8A-24558C588A09}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{3F2464A7-321A-4D91-BC10-89440778B7F9}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{599FFCF9-A612-4736-B795-790D83D5F5AD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F2777696-3BAD-4480-BA89-A76A8FAB7159}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{31FFCD48-4932-4E3C-B8B8-1E9B20AEDEB8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0D04F826-ED3D-4C86-A0F6-85B84ADD4B7F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C06A6166-EA34-4ACA-81C9-3B0930EBE5A9}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/14/2015 09:41:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24

Error: (10/14/2015 09:41:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23

Error: (10/14/2015 09:41:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22

Error: (10/14/2015 09:41:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 21

Error: (10/14/2015 09:41:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 20

Error: (10/14/2015 09:41:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 19

Error: (10/14/2015 09:41:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 18

Error: (10/14/2015 09:41:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 17

Error: (10/14/2015 09:41:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 16

Error: (10/14/2015 09:41:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 15


System errors:
=============
Error: (10/16/2015 09:18:24 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (10/16/2015 09:18:22 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (10/16/2015 09:08:40 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (10/16/2015 09:08:40 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

    Feature: %%886

    Error Code: 0x80070005

    Error description: Access is denied.

    Reason: %%892

Error: (10/16/2015 09:08:38 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
a2injectiondriver

Error: (10/16/2015 12:40:21 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (10/16/2015 12:40:19 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (10/16/2015 12:30:37 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (10/16/2015 12:30:37 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

    Feature: %%886

    Error Code: 0x80070005

    Error description: Access is denied.

    Reason: %%892

Error: (10/16/2015 12:30:35 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
a2injectiondriver


CodeIntegrity:
===================================
  Date: 2015-05-13 18:20:51.437
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-05-13 18:20:51.422
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-05-13 18:19:44.108
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\admin\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-05-13 18:19:44.092
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\admin\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-05-13 18:19:44.077
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\admin\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-05-13 18:19:44.045
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\admin\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-05-13 18:19:43.967
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\admin\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-05-13 18:19:43.952
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\admin\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-01-27 17:39:06.267
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\System Volume Information\_restore{F065F383-0759-4156-9BC6-A0EFBCE6D21E}\RP261\A0055837.rbf because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-27 17:39:06.189
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\System Volume Information\_restore{F065F383-0759-4156-9BC6-A0EFBCE6D21E}\RP261\A0055837.rbf because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Pentium® CPU G3240 @ 3.10GHz
Percentage of memory in use: 25%
Total physical RAM: 8068.76 MB
Available physical RAM: 6040.11 MB
Total Virtual: 16135.73 MB
Available Virtual: 14179.73 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.25 GB) (Free:31.86 GB) NTFS
Drive d: () (Fixed) (Total:465.75 GB) (Free:0.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 8507E427)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: E90BE90B)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Eddee

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:32 AM

Posted 16 October 2015 - 06:47 AM

Looking good.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Let me know of any remaining issues.

#7 ed-e-dee

ed-e-dee
  • Topic Starter

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:06:32 PM

Posted 16 October 2015 - 07:30 PM

Hi There,  There was nothing in the scan no issues at all,

 

# AdwCleaner v5.013 - Logfile created 17/10/2015 at 11:25:50
# Updated 09/10/2015 by Xplode
# Database : 2015-10-16.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : admin - COMPUTER
# Running from : C:\Users\admin\Desktop\adwcleaner_5.013.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C7].txt - [653 bytes] ##########


Eddee

#8 ed-e-dee

ed-e-dee
  • Topic Starter

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:06:32 PM

Posted 16 October 2015 - 07:54 PM

I just went back to Internet Explorer and it is still hopeless.......While in Facebook half the photos are blank      and then IE says.  Stop Running This Script.

A script on this page is causing web browser to run slowly. If it continues to run computer might become unresponsive....I don't have this problem in Firefox which I have been using since this trouble has happened.

 

So is IE the main cause to my problems????.Firefox is my browsed at the moment, I'm not too happy in using Firefox.


Eddee

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:32 AM

Posted 17 October 2015 - 08:18 AM

I suggest you update your Internet Explorer.

https://www.microsoft.com/en-ca/download/internet-explorer.aspx

Try the version 9. and if all is well then decide if you want possible 10 which is more secure.

Keep me posted.

#10 ed-e-dee

ed-e-dee
  • Topic Starter

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:06:32 PM

Posted 17 October 2015 - 11:29 PM

Hi nasdaq.    yes downloaded IE 9. and all seems to working well, how much differance would ver, 10 make.


Eddee

#11 ed-e-dee

ed-e-dee
  • Topic Starter

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:06:32 PM

Posted 18 October 2015 - 05:43 AM

Just started using my computer with IE 9  and went to facebook and a box popped up. Internet Explorer has stopped working, etc..

 

I will try downloading IE 10 and see what happends, what do you think.


Eddee

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:32 AM

Posted 18 October 2015 - 09:00 AM

Looking around with Google I found this page.
Try the suggested fix on the page below and let me know the out-come.


http://answers.microsoft.com/en-us/ie/forum/ie9-windows_7/error-stop-running-this-script-a-script-on-this/fe4b07b4-7bc8-4aa5-bfc6-6749b0fcc620?auth=1

#13 ed-e-dee

ed-e-dee
  • Topic Starter

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:06:32 PM

Posted 19 October 2015 - 06:17 PM

Hello, well I think everything is working as it should be, IE browser is still slow much slower then Firefox, but I'm not getting any pop up's in Facebook.

 

so I guess thats as far as we go??????.

 

Thank you for your patients  and you time.


Eddee

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:32 AM

Posted 20 October 2015 - 07:04 AM

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.


Clean the Internet Explorer Cache.
https://kb.wisc.edu/page.php?id=15141

For IE 10, 11 follow the following instructions.
http://refreshyourcache.com/en/internet-explorer-11/
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:32 AM

Posted 26 October 2015 - 08:09 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users