Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Vista SP2 (32-bit) Certain programs have stopped working...


  • This topic is locked This topic is locked
29 replies to this topic

#1 Chris Weeks

Chris Weeks

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:43 PM

Posted 26 December 2015 - 04:41 PM

I've been receiving lots of advice in other Bleeping Computer threads about these issues, but so far nothing has managed to resolve them.

 

The latest log of all the things I've done is in this thread: http://www.bleepingcomputer.com/forums/t/600012/windows-vista-32-bit-sony-vaio-laptop-some-programs-wont-start/

 

The main issue that started me posting for help was that iTunes & Photoshop suddenly stopped working.

 

They still don't, in fact, I have completely uninstalled iTunes now, as I've tried numerous clean un/reinstall(s) and it's just not happening...

 

I can live without iTunes, but not Photoshop. I use it for work. It would be great if I could get both back.

 

I have run a ridiculous amount of scans for all sorts of issues. 

 

I have noticed, along the way, that certain programs I have been asked to install and run, either didn't install or just wouldn't run.

 

Whether this laptop is infected or not, or it's just knackered, I don't know. (it is 8+ years old)

 

Here is my FRST log, any help would be much appreciated.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-12-2015
Ran by admin (administrator) on CHRISWEEKSMUSIC (26-12-2015 21:25:43)
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: admin & KB)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(UPEK Inc.) C:\Program Files\Protector Suite QL\upeksvr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-26] (AVAST Software)
Winlogon\Notify\psfus: C:\Windows\system32\psqlpwd.dll [2008-06-19] (UPEK Inc.)
Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll [2008-07-16] (Sony Corporation)
HKU\S-1-5-21-2526120626-3347230282-2708207307-1000\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner.exe [6602152 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-2526120626-3347230282-2708207307-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [294912 2008-01-21] (Microsoft Corporation)
Lsa: [Notification Packages] scecli psqlpwd
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-12-26] (AVAST Software)
ShellIconOverlayIdentifiers: [UEAFOverlay] -> {F2F31467-B1AC-4df0-AE79-FD5FA085E22B} => C:\Program Files\Protector Suite QL\farchns.dll [2008-06-19] (UPEK Inc.)
ShellIconOverlayIdentifiers: [UEAFOverlayOpen] -> {A3E208F7-0E3A-4182-A7A6-B169D5D691AA} => C:\Program Files\Protector Suite QL\farchns.dll [2008-06-19] (UPEK Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{9ED9A523-F519-4E76-9D71-0260CDEE306C}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{9ED9A523-F519-4E76-9D71-0260CDEE306C}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2526120626-3347230282-2708207307-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2526120626-3347230282-2708207307-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2526120626-3347230282-2708207307-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKLM -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM -> {04AC67CA-CEC5-44DC-BF66-52D1201ED2F2} URL = hxxp://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-2526120626-3347230282-2708207307-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-12-23] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-26] (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-23] (Oracle Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_65-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0065-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_65-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_65-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2008-02-20] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
 
FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\he6py3vh.default
FF DefaultSearchUrl: hxxp://www.bing.com/search
FF SearchEngineOrder.1: Microsoft (Bing)
FF Homepage: hxxps://www.google.co.uk/
FF Keyword.URL: hxxp://www.bing.com/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.)
FF Plugin: @bittorrent.com/BitTorrentDNA -> C:\Program Files\DNA\plugins\npbtdna.dll [2009-03-20] (BitTorrent, Inc.)
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll [No File]
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2526120626-3347230282-2708207307-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\admin\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npbittorrent.dll [2008-09-04] (BitTorrent, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2009-05-18] (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009-02-06] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Extension: FireFTP - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\he6py3vh.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}(192) [2015-12-17]
FF Extension: PitchDark - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\he6py3vh.default\Extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}(53) [2010-12-12] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-24] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-26]
 
Chrome: 
=======
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-10]
CHR Extension: (Google Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-10]
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (uBlock Origin) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-12-23]
CHR Extension: (Google Search) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Google Sheets) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-10]
CHR Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2015-07-10]
CHR Extension: (Google Docs Offline) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Music for every moment - Spotify) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfhbkmihfcbjcoimalmefbkbbepaloj [2015-07-10]
CHR Extension: (Ghostery) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-12-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR Extension: (iGetter) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\opdacacapbcpofeommlidogofjklldlm [2015-07-28]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-10]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-26]
CHR HKLM\...\Chrome\Extension: [opdacacapbcpofeommlidogofjklldlm] - C:\Program Files\iGetter\Integration\iGetterWinExt.crx [2012-08-16]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-26] (AVAST Software)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2008-07-25] (Macrovision Europe Ltd.) [File not signed]
S2 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [451904 2009-10-28] ()
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation) [File not signed]
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [4230144 2011-12-16] (Native Instruments GmbH) [File not signed]
S2 NSUService; C:\Program Files\Sony\Network Utility\NSUService.exe [299008 2008-07-30] (Sony Corporation) [File not signed]
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [114688 2009-04-02] (Sony Corporation) [File not signed]
S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2011-04-29] ()
S2 rsEngineSvc; C:\Program Files\Reason\Security\rsEngineSvc.exe [81656 2015-11-05] (Reason Software Company Inc.)
S2 RtkAudioService; C:\Windows\RtkAudioService.exe [98304 2008-07-11] (Realtek Semiconductor) [File not signed]
S4 SOHDBSvr; C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [72856 2012-03-06] (Sony Corporation)
S4 SOHPlMgr; C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [93336 2012-03-06] (Sony Corporation)
S3 SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation) [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S4 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-03-05] (Sony Corporation) [File not signed]
S2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182112 2008-07-16] (Sony Corporation)
S2 VAIO Power Management; C:\Program Files\Sony\VAIO Power Management\SPMService.exe [411488 2008-06-20] (Sony Corporation)
S2 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [480624 2009-09-16] (Sony Corporation)
S3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264 2009-03-05] (Sony Corporation)
S4 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1228336 2014-02-28] (Sony Corporation)
S2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2009-03-05] (Sony Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S4 ZAMSvc; "C:\Program Files\Zemana AntiMalware\ZAM.exe" /service [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-12-26] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [81168 2015-12-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-12-26] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-12-26] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [794952 2015-12-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436360 2015-12-26] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [165104 2015-12-26] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [58016 2015-12-26] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209432 2015-12-26] (AVAST Software)
S3 gbxavs; C:\Windows\System32\Drivers\gbxavs.sys [346192 2011-07-07] (Native Instruments GmbH)
S3 gbxusb_svc; C:\Windows\System32\Drivers\gbxusb.sys [68688 2011-07-07] (Native Instruments GmbH)
R3 JMCR_CFS; C:\Windows\System32\DRIVERS\jmcr_cfs.sys [52752 2008-07-02] (JMicron Technology Corporation)
S2 KorgBlkT; C:\Windows\System32\Drivers\korgblkt.sys [17240 2007-03-01] (KORG Inc.)
S3 KORGUMDS; C:\Windows\System32\Drivers\KORGUMDS.SYS [21720 2008-10-29] (KORG Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R3 NETwNv32; C:\Windows\System32\DRIVERS\NETwNv32.sys [7346176 2013-01-08] (Intel Corporation)
R3 NIWinCDEmu; C:\Windows\System32\DRIVERS\NIWinCDEmu.sys [62544 2011-12-09] ()
R3 nvlddmkm; C:\Windows\System32\DRIVERS\nvlddmkm.sys [9850016 2009-04-30] (NVIDIA Corporation) [File not signed]
S3 NvnUsbAudio; C:\Windows\System32\DRIVERS\nvnusbaudio.sys [42672 2013-06-10] (Novation DMS Ltd.)
S1 qutmipc; C:\Windows\system32\drivers\qutmipc.sys [53960 2015-12-24] (360.cn)
S3 RDID1079; C:\Windows\System32\Drivers\rdwm1079.sys [140160 2008-02-04] (Roland Corporation)
S3 RDID1103; C:\Windows\System32\Drivers\rdwm1103.sys [144256 2009-08-02] (Roland Corporation)
S3 RDID1110; C:\Windows\System32\Drivers\rdwm1110.sys [207232 2010-04-09] (Roland Corporation)
S3 RDID1143; C:\Windows\System32\Drivers\rdwm1143.sys [168832 2013-09-05] (Roland Corporation)
S3 RDID1144; C:\Windows\System32\Drivers\rdwm1144.sys [168576 2013-09-05] (Roland Corporation)
S3 RDID1145; C:\Windows\System32\Drivers\rdwm1145.sys [169216 2013-11-11] (Roland Corporation)
S3 SaiKF620; C:\Windows\System32\DRIVERS\SaiKF620.sys [106496 2008-10-22] (Saitek)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [56572 2008-11-02] (PowerISO Computing, Inc.) [File not signed]
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [23608 2013-01-08] (Synaptics Incorporated)
R0 TPkd; C:\Windows\system32\Drivers\TPkd.sys [93336 2012-11-17] (PACE Anti-Piracy, Inc.)
S3 ZTEusbnet; C:\Windows\System32\DRIVERS\ZTEusbnet.sys [114688 2010-03-25] (ZTE Corporation)
S3 ZTEusbvoice; C:\Windows\System32\DRIVERS\ZTEusbvoice.sys [105856 2010-04-19] (ZTE Incorporated)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\admin\AppData\Local\Temp\catchme.sys [X]
S3 eapihdrv; \??\C:\Users\admin\AppData\Local\Temp\ehdrv.sys [X]
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
S3 FreshIO; \??\C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Nvsr_seabnt; no ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-26 21:25 - 2015-12-26 21:26 - 00023817 _____ C:\Users\admin\Desktop\FRST.txt
2015-12-26 21:25 - 2015-12-26 21:25 - 00000000 ____D C:\FRST
2015-12-26 20:53 - 2015-12-26 20:54 - 00174492 _____ C:\Windows\ntbtlog.txt
2015-12-26 20:26 - 2015-12-26 20:26 - 00000819 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-12-26 20:16 - 2015-12-26 20:08 - 00322760 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-12-26 20:09 - 2015-12-26 20:09 - 00001789 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-12-26 20:09 - 2015-12-26 20:09 - 00000000 ____D C:\Users\admin\AppData\Roaming\AVAST Software
2015-12-26 20:09 - 2015-12-26 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-12-26 20:08 - 2015-12-26 20:09 - 00436360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-12-26 20:08 - 2015-12-26 20:09 - 00081168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-12-26 20:08 - 2015-12-26 20:08 - 00794952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-12-26 20:08 - 2015-12-26 20:08 - 00209432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-12-26 20:08 - 2015-12-26 20:08 - 00165104 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2015-12-26 20:08 - 2015-12-26 20:08 - 00058016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2015-12-26 20:08 - 2015-12-26 20:08 - 00055200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2015-12-26 20:08 - 2015-12-26 20:08 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-12-26 20:08 - 2015-12-26 20:08 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-12-26 20:08 - 2015-12-26 20:08 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-12-26 20:02 - 2015-12-26 20:02 - 00000000 ____D C:\Program Files\AVAST Software
2015-12-26 19:59 - 2015-12-26 20:01 - 21102368 _____ (Tweaking.com) C:\Users\admin\Desktop\tweaking.com_windows_repair_aio_setup.exe
2015-12-26 18:44 - 2015-12-26 18:44 - 00000000 ____D C:\ProgramData\CAT
2015-12-26 18:03 - 2015-12-26 18:03 - 01721856 _____ (Farbar) C:\Users\admin\Desktop\FRST.exe
2015-12-26 17:50 - 2015-12-26 17:50 - 00000000 ____D C:\CYDELogs
2015-12-26 17:38 - 2015-12-26 17:49 - 00000000 ____D C:\CAT-Logs
2015-12-26 17:36 - 2015-12-26 17:36 - 01242562 _____ C:\Users\admin\Desktop\CAT.exe
2015-12-26 17:29 - 2015-12-26 17:31 - 00008224 _____ C:\Users\KB.CHRISWEEKSMUSIC\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-26 17:29 - 2015-12-26 17:31 - 00000000 ____D C:\Users\KB.CHRISWEEKSMUSIC\AppData\Local\CrashDumps
2015-12-26 17:29 - 2015-12-26 17:29 - 00000000 _SHDL C:\Users\KB.CHRISWEEKSMUSIC\My Documents
2015-12-26 17:29 - 2015-12-26 17:29 - 00000000 _SHDL C:\Users\KB.CHRISWEEKSMUSIC\Documents\My Videos
2015-12-26 17:29 - 2015-12-26 17:29 - 00000000 _SHDL C:\Users\KB.CHRISWEEKSMUSIC\Documents\My Pictures
2015-12-26 17:29 - 2015-12-26 17:29 - 00000000 _SHDL C:\Users\KB.CHRISWEEKSMUSIC\Documents\My Music
2015-12-26 17:29 - 2015-12-26 17:29 - 00000000 ____D C:\Users\KB.CHRISWEEKSMUSIC\AppData\Local\VirtualStore
2015-12-26 17:29 - 2008-08-06 21:23 - 00002032 _____ C:\Users\KB.CHRISWEEKSMUSIC\AppData\Local\d3d9caps.dat
2015-12-26 17:28 - 2015-12-26 17:30 - 00000000 ____D C:\Users\KB.CHRISWEEKSMUSIC\AppData\Roaming\Adobe
2015-12-26 17:28 - 2015-12-26 17:29 - 00000909 _____ C:\Users\KB.CHRISWEEKSMUSIC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-26 17:28 - 2015-12-26 17:29 - 00000904 _____ C:\Users\KB.CHRISWEEKSMUSIC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-26 17:28 - 2015-12-26 17:29 - 00000000 ____D C:\Users\KB.CHRISWEEKSMUSIC\AppData\Local\Google
2015-12-26 17:28 - 2015-12-26 17:29 - 00000000 ____D C:\Users\KB.CHRISWEEKSMUSIC
2015-12-26 17:28 - 2011-11-03 06:26 - 00000000 ____D C:\Users\KB.CHRISWEEKSMUSIC\AppData\Local\Trusteer
2015-12-26 17:28 - 2010-02-27 08:07 - 00000000 ____D C:\Users\KB.CHRISWEEKSMUSIC\AppData\Roaming\Trusteer
2015-12-26 17:28 - 2008-08-19 14:57 - 00000000 ____D C:\Users\KB.CHRISWEEKSMUSIC\Documents\My Google Gadgets
2015-12-26 17:28 - 2008-08-19 14:57 - 00000000 ____D C:\Users\KB.CHRISWEEKSMUSIC\AppData\Roaming\Sony Corporation
2015-12-26 17:28 - 2008-08-19 14:35 - 00000000 ____D C:\Users\KB.CHRISWEEKSMUSIC\AppData\Roaming\Macromedia
2015-12-26 17:28 - 2008-08-19 14:35 - 00000000 ____D C:\Users\KB.CHRISWEEKSMUSIC\AppData\Roaming\Google
2015-12-26 17:28 - 2008-08-19 14:19 - 00000000 ____D C:\Users\KB.CHRISWEEKSMUSIC\AppData\Local\Seven Zip
2015-12-26 17:28 - 2008-08-19 14:17 - 00000000 ____D C:\Users\KB.CHRISWEEKSMUSIC\AppData\Local\Microsoft Help
2015-12-26 17:28 - 2008-07-25 04:13 - 00000000 ____D C:\Users\KB.CHRISWEEKSMUSIC\AppData\LocalLow\Sun
2015-12-26 17:28 - 2008-07-25 04:12 - 00000000 ____D C:\Users\KB.CHRISWEEKSMUSIC\AppData\Local\Adobe
2015-12-26 17:28 - 2008-07-25 03:00 - 00000000 ____D C:\Users\KB.CHRISWEEKSMUSIC\Documents\Bluetooth Exchange Folder
2015-12-26 17:28 - 2008-07-25 03:00 - 00000000 ____D C:\Users\KB.CHRISWEEKSMUSIC\Bluetooth Software
2015-12-26 17:28 - 2008-01-21 02:43 - 00000921 _____ C:\Users\KB.CHRISWEEKSMUSIC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2015-12-26 17:28 - 2008-01-21 01:42 - 00000020 ___SH C:\Users\KB.CHRISWEEKSMUSIC\ntuser.ini
2015-12-26 17:28 - 2006-11-02 12:37 - 00000000 ____D C:\Users\KB.CHRISWEEKSMUSIC\AppData\Roaming\Media Center Programs
2015-12-26 17:13 - 2015-12-26 17:13 - 00000000 ____D C:\SFCFix
2015-12-26 17:08 - 2015-12-26 17:08 - 00000000 ____D C:\ProgramData\AVAST Software
2015-12-26 17:07 - 2015-12-26 17:08 - 05066104 _____ (AVAST Software) C:\Users\admin\Desktop\avast_free_antivirus_setup_online_cnet2.exe
2015-12-26 11:48 - 2015-12-26 11:48 - 00001745 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2015-12-26 11:47 - 2015-12-26 11:48 - 06293872 _____ (Tim Kosse) C:\Users\admin\Downloads\FileZilla_3.14.1_win32-setup.exe
2015-12-26 10:51 - 2015-12-26 10:51 - 00000000 ____D C:\Program Files\MSXML 4.0
2015-12-26 10:50 - 2010-04-21 17:47 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\tapisrv.dll
2015-12-26 10:38 - 2015-12-24 10:55 - 00053960 _____ (360.cn) C:\Windows\system32\Drivers\qutmipc.sys
2015-12-26 10:34 - 2015-12-26 11:45 - 00000000 ____D C:\Program Files\360
2015-12-24 23:12 - 2015-12-24 23:16 - 43048568 _____ C:\Users\admin\Downloads\360TS_Setup_8.2.0.1056.exe
2015-12-24 22:34 - 2015-12-24 22:34 - 00003744 _____ C:\Windows\system32\7B296FB0-376B-497E-B012-9C450E1B7327-2P-1.C7483456-A289-439D-8115-601632D005A0.TMP
2015-12-24 20:22 - 2015-12-24 20:22 - 00473291 _____ () C:\Users\admin\Desktop\Everything-1.3.4.686.x86-Setup.exe
2015-12-24 20:15 - 2015-12-24 20:15 - 03480040 _____ (McAfee, Inc.) C:\Users\admin\Desktop\MCPR.exe
2015-12-24 20:14 - 2015-12-24 20:18 - 00000000 ____D C:\Users\admin\Desktop\whatinstartup
2015-12-24 20:14 - 2015-12-24 20:14 - 00000000 ____D C:\ProgramData\Panda Security
2015-12-24 17:40 - 2015-12-24 20:11 - 00000000 ____D C:\Users\admin\Desktop\Autoruns
2015-12-24 17:33 - 2015-12-24 17:33 - 01319424 _____ (niemiro) C:\Users\admin\Desktop\SFCFix.exe
2015-12-24 13:56 - 2015-12-24 13:56 - 00000040 _____ C:\Windows\system32\IVIREG.IVR.TMP
2015-12-24 13:55 - 2015-12-24 22:34 - 00003744 _____ C:\Windows\system32\7B296FB0-376B-497E-B012-9C450E1B7327-2P-0.C7483456-A289-439D-8115-601632D005A0.TMP
2015-12-24 08:50 - 2015-12-24 08:50 - 00000000 ____D C:\Users\admin\Desktop\tweaking.com_windows_repair_aio
2015-12-24 08:47 - 2015-12-24 08:49 - 18797528 _____ C:\Users\admin\Desktop\tweaking.com_windows_repair_aio.zip
2015-12-23 23:32 - 2015-12-23 23:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-12-23 23:32 - 2015-12-23 23:32 - 00000000 ____D C:\Program Files\Tweaking.com
2015-12-23 23:17 - 2015-12-23 23:18 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\admin\Desktop\rkill.exe
2015-12-23 17:30 - 2015-12-23 17:31 - 00696320 _____ (Speed Guide Inc.) C:\Users\admin\Desktop\TCPOptimizer.exe
2015-12-23 16:24 - 2015-12-26 19:10 - 00000000 ____D C:\Program Files\9-lab
2015-12-23 16:24 - 2015-12-23 16:24 - 00000882 _____ C:\Users\Public\Desktop\Removal Tool.lnk
2015-12-23 16:24 - 2015-12-23 16:24 - 00000000 ____D C:\Users\admin\AppData\Roaming\9-lab
2015-12-23 16:24 - 2015-12-23 16:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\9-lab Removal Tool
2015-12-23 16:24 - 2015-12-23 16:24 - 00000000 ____D C:\ProgramData\9-lab
2015-12-23 16:21 - 2015-12-23 16:22 - 06193744 _____ C:\Users\admin\Desktop\rmtool-setup-x86.exe
2015-12-23 16:06 - 2015-12-23 16:06 - 00000000 ____D C:\Users\admin\Desktop\vlc-2.2.1-win32
2015-12-23 16:03 - 2015-12-23 16:03 - 00001804 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-12-23 15:54 - 2015-12-23 15:54 - 00095840 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-12-23 15:54 - 2015-12-23 15:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-12-23 15:54 - 2015-12-23 15:54 - 00000000 ____D C:\Program Files\Common Files\Java
2015-12-23 15:45 - 2015-12-23 15:46 - 07022816 _____ (Microsoft Corporation) C:\Users\admin\Desktop\Silverlight.exe
2015-12-23 15:16 - 2015-12-23 15:17 - 02870984 _____ (ESET) C:\Users\admin\Desktop\esetsmartinstaller_enu.exe
2015-12-23 15:06 - 2015-12-23 19:35 - 00000000 ____D C:\SecurityCheck
2015-12-23 13:38 - 2015-12-23 13:38 - 00891392 _____ (Farbar) C:\Users\admin\Desktop\MiniToolBox.exe
2015-12-23 13:26 - 2015-12-26 20:58 - 00008224 _____ C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-23 13:22 - 2015-12-23 13:26 - 03867936 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-23 09:03 - 2015-12-23 09:03 - 00484869 _____ (glax24 (safezone.cc)) C:\Users\admin\Desktop\SecurityCheck.exe
2015-12-23 01:01 - 2015-12-23 01:02 - 07599240 _____ (Goversoft LLC) C:\Users\admin\Desktop\privazer_free.exe
2015-12-23 00:48 - 2015-12-23 00:59 - 00000851 _____ C:\Users\Public\Desktop\Reason Core Security.lnk
2015-12-23 00:48 - 2015-12-23 00:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reason Core Security
2015-12-23 00:41 - 2015-12-23 00:48 - 00000000 ____D C:\Program Files\Reason
2015-12-22 23:33 - 2015-12-23 00:39 - 00000000 ____D C:\Users\admin\Desktop\mbar
2015-12-22 23:32 - 2015-12-22 23:32 - 00065668 _____ C:\Users\admin\Documents\cc_20151222_233207.reg
2015-12-22 23:25 - 2015-12-22 23:28 - 16563352 _____ (Malwarebytes Corp.) C:\Users\admin\Desktop\mbar-1.09.3.1001.exe
2015-12-22 23:24 - 2015-12-22 23:26 - 02827152 _____ (Reason Company Software Inc.) C:\Users\admin\Desktop\herdProtectScan_Portable.exe
2015-12-22 20:32 - 2015-12-26 19:18 - 00000285 _____ C:\Windows\ZAM_Guard.krnl.trace
2015-12-22 20:32 - 2015-12-26 19:02 - 00000620 _____ C:\Windows\ZAM.krnl.trace
2015-12-22 20:31 - 2015-12-26 19:21 - 00000000 ____D C:\Program Files\Zemana AntiMalware
2015-12-22 20:31 - 2015-12-22 20:31 - 00000000 ____D C:\Users\admin\AppData\Local\Zemana
2015-12-22 19:41 - 2015-12-22 19:49 - 00000000 ____D C:\AdwCleaner
2015-12-22 19:37 - 2015-12-22 19:37 - 01743360 _____ C:\Users\admin\Desktop\adwcleaner_5.026.exe
2015-12-22 19:37 - 2015-12-22 19:37 - 00700584 _____ C:\Users\admin\Desktop\Adware_Removal_Tool_by_TSA.exe
2015-12-22 19:36 - 2015-12-22 19:37 - 01599336 _____ (Malwarebytes) C:\Users\admin\Desktop\JRT.exe
2015-12-21 19:00 - 2015-12-21 19:00 - 00000000 ____D C:\Users\admin\Desktop\backups
2015-12-20 20:50 - 2015-12-20 20:51 - 00000000 ____D C:\Users\admin\Desktop\TMRBLog
2015-12-20 20:50 - 2015-12-20 20:50 - 00000000 ____D C:\Users\admin\Desktop\log
2015-12-20 20:46 - 2015-12-20 20:47 - 10078720 _____ (Trend Micro Inc.) C:\Users\admin\Desktop\RootkitBusterV5.0-1198.exe
2015-12-20 18:11 - 2015-12-20 19:58 - 00000000 ____D C:\Users\admin\Doctor Web
2015-12-20 17:56 - 2015-12-20 17:56 - 00586131 _____ C:\Users\admin\AppData\Local\ars.cache
2015-12-20 17:56 - 2015-12-20 17:56 - 00423835 _____ C:\Users\admin\AppData\Local\census.cache
2015-12-20 17:37 - 2015-12-20 17:37 - 00000010 _____ C:\Users\admin\AppData\Local\sponge.last.runtime.cache
2015-12-20 17:13 - 2015-08-27 13:19 - 00305928 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2015-12-20 17:12 - 2015-12-20 17:12 - 02086200 _____ (Trend Micro Inc.) C:\Users\admin\Desktop\HousecallLauncher.exe
2015-12-20 17:12 - 2015-12-20 17:12 - 00000036 _____ C:\Users\admin\AppData\Local\housecall.guid.cache
2015-12-20 17:11 - 2015-12-20 17:11 - 00000000 ____D C:\Quarantine
2015-12-20 17:10 - 2015-12-20 17:34 - 179241480 _____ C:\Users\admin\Desktop\mrnb3t8l.exe
2015-12-20 16:58 - 2015-12-20 17:00 - 15665008 _____ (McAfee Inc) C:\Users\admin\Desktop\stinger32.exe
2015-12-20 16:55 - 2015-12-20 16:56 - 00165686 _____ C:\Users\admin\Documents\cc_20151220_165554.reg
2015-12-18 22:46 - 2015-12-23 16:37 - 00000444 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-12-18 22:34 - 2015-12-18 22:34 - 00027616 _____ C:\ComboFix.txt
2015-12-18 21:51 - 2015-12-18 21:52 - 05639940 ____R (Swearware) C:\Users\admin\Desktop\ComboFix.exe
2015-12-18 21:07 - 2015-12-23 09:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBee
2015-12-18 21:07 - 2015-12-18 21:07 - 00000000 ____D C:\Users\admin\Desktop\MusicBeeSetup_2_5_update1
2015-12-18 21:00 - 2015-12-18 21:00 - 00000000 ____D C:\Users\admin\AppData\Local\iMobie_Inc
2015-12-18 20:59 - 2015-12-18 21:00 - 00000000 ____D C:\Users\admin\AppData\Roaming\iMobie
2015-12-18 20:50 - 2015-12-18 20:50 - 00001745 _____ C:\Users\Public\Desktop\PodTrans.lnk
2015-12-18 20:50 - 2015-12-18 20:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie
2015-12-18 20:50 - 2015-12-18 20:50 - 00000000 ____D C:\Program Files\iMobie
2015-12-18 20:46 - 2015-12-21 12:26 - 00000000 ____D C:\Users\admin\AppData\Roaming\Syncios
2015-12-18 20:46 - 2015-12-18 20:46 - 00000000 ____D C:\Users\admin\Documents\Syncios
2015-12-18 20:45 - 2015-12-18 20:45 - 00000748 _____ C:\Users\Public\Desktop\Syncios.lnk
2015-12-18 20:45 - 2015-12-18 20:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Syncios
2015-12-18 20:45 - 2015-12-18 20:45 - 00000000 ____D C:\Program Files\Syncios
2015-12-18 19:12 - 2015-12-26 11:49 - 00000000 ____D C:\5055946779751
2015-12-18 12:25 - 2015-12-20 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-12-18 11:56 - 2015-12-18 16:19 - 00000000 ____D C:\Program Files\Bonjour(15)
2015-12-17 22:13 - 2015-12-17 22:22 - 00000000 ____D C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB(134)
2015-12-17 21:17 - 2015-12-17 21:19 - 00000000 ____D C:\Users\KB\AppData\Local\CrashDumps
2015-12-17 21:17 - 2015-12-17 21:18 - 00000000 ____D C:\Users\KB\AppData\Roaming\Apple Computer
2015-12-17 21:17 - 2015-12-17 21:17 - 00000000 ____D C:\Users\KB\AppData\Local\Apple Computer
2015-12-17 21:16 - 2015-12-18 16:19 - 00000000 ____D C:\Users\KB
2015-12-17 21:16 - 2015-12-17 21:18 - 00008224 _____ C:\Users\KB\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-17 21:16 - 2015-12-17 21:17 - 00000000 ____D C:\Users\KB\AppData\Local\Google
2015-12-17 21:16 - 2015-12-17 21:16 - 00000000 ____D C:\Users\KB\AppData\Local\VirtualStore
2015-12-17 21:16 - 2011-11-03 06:26 - 00000000 ____D C:\Users\KB\AppData\Local\Trusteer
2015-12-17 21:16 - 2010-10-03 19:14 - 00000000 ____D C:\Users\KB\AppData\Roaming\Adobe
2015-12-17 21:16 - 2008-08-19 14:57 - 00000000 ____D C:\Users\KB\Documents\My Google Gadgets
2015-12-17 21:16 - 2008-08-19 14:37 - 00000000 ____D C:\Users\KB\AppData\Roaming\SiteAdvisor
2015-12-17 21:16 - 2008-08-19 14:35 - 00000000 ____D C:\Users\KB\AppData\Roaming\Macromedia
2015-12-17 21:16 - 2008-08-19 14:35 - 00000000 ____D C:\Users\KB\AppData\Roaming\Google
2015-12-17 21:16 - 2008-08-19 14:17 - 00000000 ____D C:\Users\KB\AppData\Local\Microsoft Help
2015-12-17 21:16 - 2008-08-06 21:23 - 00002032 _____ C:\Users\KB\AppData\Local\d3d9caps.dat
2015-12-17 21:16 - 2008-07-25 04:12 - 00000000 ____D C:\Users\KB\AppData\Local\Adobe
2015-12-17 21:16 - 2008-07-25 03:00 - 00000000 ____D C:\Users\KB\Documents\Bluetooth Exchange Folder
2015-12-17 21:16 - 2008-07-25 03:00 - 00000000 ____D C:\Users\KB\Bluetooth Software
2015-12-17 21:16 - 2006-11-02 12:37 - 00000000 ____D C:\Users\KB\AppData\Roaming\Media Center Programs
2015-12-14 12:37 - 2015-12-14 12:37 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-09 12:57 - 2015-11-06 17:05 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-09 12:57 - 2015-11-06 16:32 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-12-09 12:57 - 2015-11-06 16:32 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-12-09 12:57 - 2015-11-06 16:32 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-12-09 12:57 - 2015-11-06 16:32 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-12-09 12:57 - 2015-11-06 15:27 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-12-09 12:57 - 2015-11-06 15:26 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-12-09 12:57 - 2015-11-06 15:24 - 02068480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-09 12:57 - 2015-11-06 15:20 - 01073152 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-09 12:57 - 2015-11-06 15:20 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-12-09 12:57 - 2015-11-06 15:19 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-09 12:53 - 2015-11-02 17:04 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-09 12:50 - 2015-11-10 17:03 - 01208832 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-09 12:50 - 2015-11-10 17:03 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-09 12:50 - 2015-11-05 07:26 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-12-09 12:49 - 2015-11-05 07:34 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-09 10:38 - 2015-11-12 20:39 - 01814528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-09 10:38 - 2015-11-12 20:37 - 12389376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-09 10:38 - 2015-11-12 20:36 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-09 10:38 - 2015-11-12 20:34 - 09753088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-09 10:38 - 2015-11-12 20:34 - 01140224 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-09 10:38 - 2015-11-12 20:33 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-09 10:38 - 2015-11-12 20:32 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-09 10:38 - 2015-11-12 20:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-09 10:38 - 2015-11-12 20:32 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-09 10:38 - 2015-11-12 20:32 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-09 10:38 - 2015-11-12 20:32 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-09 10:38 - 2015-11-12 20:32 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-12-09 10:38 - 2015-11-12 20:32 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-09 10:38 - 2015-11-12 20:32 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-09 10:38 - 2015-11-12 20:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-12-09 10:38 - 2015-11-12 20:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-12-09 10:38 - 2015-11-12 20:31 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-09 10:38 - 2015-11-12 20:31 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-09 10:38 - 2015-11-12 20:31 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-09 10:38 - 2015-11-12 20:31 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-09 10:38 - 2015-11-12 20:31 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-09 10:38 - 2015-11-12 20:31 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-12-04 16:43 - 2015-12-26 17:23 - 00000000 ____D C:\Users\admin\Desktop\DESKTOP MISC 2015
2015-12-04 16:42 - 2015-12-10 20:07 - 00000000 ____D C:\Users\admin\Desktop\8mm
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-26 21:25 - 2006-11-02 11:18 - 00000000 ____D C:\Windows
2015-12-26 21:00 - 2006-11-02 13:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-26 21:00 - 2006-11-02 12:47 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-26 21:00 - 2006-11-02 12:47 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-26 20:58 - 2015-03-29 19:38 - 00000000 ____D C:\Users\admin\AppData\Local\CrashDumps
2015-12-26 20:52 - 2006-11-02 13:01 - 00032544 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-26 20:46 - 2006-11-02 11:18 - 00000000 ____D C:\Windows\inf
2015-12-26 20:30 - 2013-04-24 18:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-12-26 20:30 - 2013-04-24 18:27 - 00000000 ____D C:\Program Files\7-Zip
2015-12-26 20:29 - 2015-09-08 13:46 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-12-26 20:26 - 2012-01-18 21:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-12-26 17:37 - 2009-04-05 20:58 - 00000000 ____D C:\Windows\pss
2015-12-26 17:32 - 2008-08-06 21:27 - 00340919 _____ C:\ProgramData\nvModes.001
2015-12-26 17:32 - 2008-08-06 21:26 - 00341012 _____ C:\ProgramData\nvModes.dat
2015-12-26 17:25 - 2013-08-05 17:56 - 00000000 ____D C:\Users\admin\AppData\Roaming\FileZilla
2015-12-26 11:48 - 2013-08-05 17:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-12-26 11:48 - 2013-08-05 17:56 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2015-12-26 11:35 - 2009-12-23 10:12 - 00000000 ____D C:\ProgramData\Avira
2015-12-24 22:43 - 2006-11-02 11:18 - 00000000 ____D C:\Windows\system32\config\Journal
2015-12-24 22:35 - 2015-07-10 10:06 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-24 22:35 - 2015-07-10 10:06 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-24 22:35 - 2015-06-22 20:19 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2526120626-3347230282-2708207307-1000UA.job
2015-12-24 22:35 - 2015-06-22 20:19 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2526120626-3347230282-2708207307-1000Core.job
2015-12-24 22:35 - 2013-11-27 20:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-24 22:28 - 2008-08-19 14:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-24 17:27 - 2010-03-07 22:54 - 00000000 ____D C:\Program Files\TruePianos
2015-12-24 14:41 - 2009-03-18 13:07 - 00009160 _____ C:\Users\admin\AppData\Local\d3d9caps.dat
2015-12-23 18:47 - 2011-05-01 19:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinUndelete
2015-12-23 18:47 - 2011-05-01 19:16 - 00000000 ____D C:\Program Files\WinUndelete
2015-12-23 18:47 - 2009-03-18 13:07 - 00000000 ____D C:\Users\admin
2015-12-23 16:42 - 2015-09-08 11:14 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-12-23 16:39 - 2009-05-07 05:36 - 00000000 ____D C:\Users\admin\AppData\Roaming\Real
2015-12-23 16:39 - 2009-05-07 05:36 - 00000000 ____D C:\Program Files\Real
2015-12-23 16:19 - 2012-01-18 21:10 - 00000000 ____D C:\Users\admin\AppData\Roaming\vlc
2015-12-23 16:11 - 2012-01-26 09:16 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-23 16:06 - 2014-08-01 08:28 - 00000000 ____D C:\Users\admin\AppData\Local\Adobe
2015-12-23 16:03 - 2008-07-25 04:10 - 00000000 ____D C:\ProgramData\Adobe
2015-12-23 16:03 - 2008-07-25 04:10 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-12-23 16:03 - 2008-07-25 04:10 - 00000000 ____D C:\Program Files\Adobe
2015-12-23 16:02 - 2012-01-26 09:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-23 16:00 - 2008-08-19 14:42 - 00000000 ____D C:\ProgramData\Skype
2015-12-23 15:55 - 2009-03-22 13:57 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2015-12-23 15:54 - 2008-07-25 04:13 - 00000000 ____D C:\Program Files\Java
2015-12-23 15:37 - 2015-03-12 10:30 - 00000000 ____D C:\Users\admin\AppData\Roaming\BitTorrent
2015-12-23 09:19 - 2009-10-05 18:47 - 00000000 ____D C:\Users\admin\AppData\Roaming\Winamp
2015-12-23 09:16 - 2014-02-03 13:58 - 00000000 ____D C:\Users\admin\Desktop\WORD & EXCEL DOCS NEW
2015-12-23 09:15 - 2008-07-25 03:19 - 00000000 ____D C:\Windows\Panther
2015-12-23 00:39 - 2013-06-20 13:14 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-12-23 00:04 - 2009-03-22 19:58 - 00000000 ____D C:\Program Files\CCleaner
2015-12-22 23:35 - 2014-08-08 15:55 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-22 23:33 - 2013-06-20 13:12 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-21 19:09 - 2015-08-05 07:23 - 00000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2015-12-21 17:22 - 2009-03-20 12:19 - 00000000 ____D C:\ProgramData\Apple Computer
2015-12-20 22:54 - 2006-11-02 11:18 - 00000000 ____D C:\Windows\Provisioning
2015-12-20 20:29 - 2013-03-18 23:04 - 00000000 ____D C:\Users\admin\AppData\Local\Spotify
2015-12-20 20:27 - 2013-03-18 23:01 - 00000000 ____D C:\Users\admin\AppData\Roaming\Spotify
2015-12-20 17:11 - 2012-01-25 07:50 - 00000000 ____D C:\Program Files\stinger
2015-12-20 16:52 - 2012-09-24 11:22 - 00000764 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-12-20 11:47 - 2009-04-03 07:58 - 00000000 ____D C:\Users\admin\Documents\Sony ACID Pro 6.0 Projects
2015-12-18 22:34 - 2012-01-11 21:45 - 00000000 ____D C:\Qoobox
2015-12-18 22:29 - 2006-11-02 10:23 - 00000215 ____N C:\Windows\system.ini
2015-12-18 19:03 - 2015-09-28 17:28 - 00000000 ____D C:\5055946779737
2015-12-18 16:19 - 2006-11-02 11:18 - 00000000 ____D C:\Windows\system32\Msdtc
2015-12-18 16:18 - 2009-11-22 09:36 - 00000000 ____D C:\Users\Kingbastard
2015-12-18 16:18 - 2006-11-02 10:22 - 99352576 _____ C:\Windows\system32\config\software_previous
2015-12-18 16:18 - 2006-11-02 10:22 - 48758784 _____ C:\Windows\system32\config\components_previous
2015-12-18 16:18 - 2006-11-02 10:22 - 144703488 _____ C:\Windows\system32\config\system_previous
2015-12-18 16:18 - 2006-11-02 10:22 - 05767168 _____ C:\Windows\system32\config\default_previous
2015-12-18 16:18 - 2006-11-02 10:22 - 00262144 _____ C:\Windows\system32\config\security_previous
2015-12-18 16:18 - 2006-11-02 10:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
2015-12-18 16:17 - 2014-08-08 15:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-18 16:17 - 2014-08-08 15:54 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-12-18 16:17 - 2009-03-20 10:55 - 00000000 ____D C:\Program Files\Common Files\Windows Live
2015-12-18 16:17 - 2006-11-02 11:18 - 00000000 ____D C:\Windows\system32\spool
2015-12-18 16:16 - 2006-11-02 11:18 - 00000000 ____D C:\Windows\registration
2015-12-18 11:55 - 2009-03-20 12:18 - 00000000 ____D C:\ProgramData\Apple
2015-12-18 00:27 - 2006-11-02 11:18 - 00000000 ____D C:\Windows\Cursors
2015-12-17 23:05 - 2015-08-23 10:25 - 00000000 ____D C:\Users\admin\.oracle_jre_usage
2015-12-17 17:10 - 2009-12-20 20:10 - 00000000 ____D C:\Program Files\QuickTime
2015-12-17 15:16 - 2006-11-02 10:33 - 00865696 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-16 20:17 - 2015-07-10 10:11 - 00001931 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-14 12:38 - 2015-04-17 08:24 - 00000000 ____D C:\Users\admin\AppData\Roaming\Dropbox
2015-12-12 17:51 - 2010-10-10 16:40 - 00000132 _____ C:\Users\admin\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-12-10 15:58 - 2011-06-20 10:22 - 00000132 _____ C:\Users\admin\AppData\Roaming\Adobe BMP Format CS5 Prefs
2015-12-09 17:05 - 2013-11-27 20:01 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-12-09 17:05 - 2013-11-27 20:01 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-12-09 14:24 - 2006-11-02 11:18 - 00000000 ____D C:\Windows\rescache
2015-12-09 14:00 - 2006-11-02 12:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2015-12-09 12:49 - 2013-07-10 16:10 - 00000000 ____D C:\Windows\system32\MRT
2015-12-09 12:29 - 2006-11-02 10:24 - 137798368 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-12-02 13:25 - 2009-10-03 05:33 - 00247976 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2015-03-19 16:25 - 2015-03-19 16:25 - 0000132 _____ () C:\Users\admin\AppData\Roaming\Adobe AIFF Format CS5 Prefs
2011-06-20 10:22 - 2015-12-10 15:58 - 0000132 _____ () C:\Users\admin\AppData\Roaming\Adobe BMP Format CS5 Prefs
2010-10-20 09:31 - 2014-06-27 09:49 - 0000132 _____ () C:\Users\admin\AppData\Roaming\Adobe GIF Format CS5 Prefs
2010-10-10 16:40 - 2015-12-12 17:51 - 0000132 _____ () C:\Users\admin\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-07-18 08:22 - 2015-07-18 08:30 - 0000115 _____ () C:\Users\admin\AppData\Roaming\LogFile.txt
2009-03-27 14:10 - 2012-10-18 19:07 - 0022328 _____ () C:\Users\admin\AppData\Roaming\PnkBstrK.sys
2011-10-19 12:43 - 2011-10-19 12:44 - 0004646 _____ () C:\Users\admin\AppData\Roaming\transfer.log
2015-12-20 17:56 - 2015-12-20 17:56 - 0586131 _____ () C:\Users\admin\AppData\Local\ars.cache
2015-12-20 17:56 - 2015-12-20 17:56 - 0423835 _____ () C:\Users\admin\AppData\Local\census.cache
2009-03-18 13:07 - 2015-12-24 14:41 - 0009160 _____ () C:\Users\admin\AppData\Local\d3d9caps.dat
2009-03-20 14:12 - 2012-07-16 19:07 - 0078848 _____ () C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-03-03 13:24 - 2010-03-03 13:24 - 0000093 _____ () C:\Users\admin\AppData\Local\fusioncache.dat
2015-12-20 17:12 - 2015-12-20 17:12 - 0000036 _____ () C:\Users\admin\AppData\Local\housecall.guid.cache
2015-12-20 17:37 - 2015-12-20 17:37 - 0000010 _____ () C:\Users\admin\AppData\Local\sponge.last.runtime.cache
2015-08-10 14:56 - 2015-08-10 14:56 - 0000000 _____ () C:\Users\admin\AppData\Local\{BE6E12E4-5D12-4CFB-8C02-7DB77642976B}
2012-04-01 19:17 - 2012-04-01 19:17 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2008-08-06 21:27 - 2015-12-26 17:32 - 0340919 _____ () C:\ProgramData\nvModes.001
2008-08-06 21:26 - 2015-12-26 17:32 - 0341012 _____ () C:\ProgramData\nvModes.dat
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-26 21:07
 
==================== End of FRST.txt ============================

Edited by Chris Weeks, 26 December 2015 - 05:13 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:43 PM

Posted 27 December 2015 - 11:04 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2526120626-3347230282-2708207307-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll [No File]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-26]
S3 catchme; \??\C:\Users\admin\AppData\Local\Temp\catchme.sys [X]
S3 eapihdrv; \??\C:\Users\admin\AppData\Local\Temp\ehdrv.sys [X]
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
S3 FreshIO; \??\C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Nvsr_seabnt; no ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt log.

Include the Addition.txt file that was created by the Farbar tool.

Let me know what problem persists.

#3 Chris Weeks

Chris Weeks
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:43 PM

Posted 27 December 2015 - 02:22 PM

Hi, thanks for your reply.

Here's the FRST Fixlog:

 

Fix result of Farbar Recovery Scan Tool (x86) Version:25-12-2015
Ran by admin (2015-12-27 18:56:06) Run:1
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: admin & KB)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2526120626-3347230282-2708207307-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll [No File]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-26]
S3 catchme; \??\C:\Users\admin\AppData\Local\Temp\catchme.sys [X]
S3 eapihdrv; \??\C:\Users\admin\AppData\Local\Temp\ehdrv.sys [X]
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
S3 FreshIO; \??\C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Nvsr_seabnt; no ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-2526120626-3347230282-2708207307-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKCR\PROTOCOLS\Handler\livecall" => key removed successfully.
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found. 
"HKCR\PROTOCOLS\Handler\msnim" => key removed successfully.
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found. 
"HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0" => key removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully.
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
catchme => service removed successfully.
eapihdrv => service removed successfully.
EsgScanner => service removed successfully.
FreshIO => service removed successfully.
IpInIp => service removed successfully.
Nvsr_seabnt => service removed successfully.
NwlnkFlt => service removed successfully.
NwlnkFwd => service removed successfully.
UIUSys => service removed successfully.
USBAAPL => service removed successfully.
VBoxAswDrv => service removed successfully.
ZAM => service removed successfully.
ZAM_Guard => service removed successfully.
EmptyTemp: => 302.3 MB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-12-27 19:17:49)
 
"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Could not move
 
==== End of Fixlog 19:17:50 ====


#4 Chris Weeks

Chris Weeks
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:43 PM

Posted 27 December 2015 - 02:25 PM

Here's the 'Addition' log... sendspace link, too big to post: https://www.sendspace.com/file/7o1jyr

 



#5 Chris Weeks

Chris Weeks
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:43 PM

Posted 27 December 2015 - 03:25 PM

I still can't use Photoshop or iTunes and my Antivirus will now not turn on after reboot.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:43 PM

Posted 27 December 2015 - 03:33 PM

What passwords should I be changing? E-Mail? Facebook? What does this infection encompass?


All your personal information. especially banks.
Better safe the sorry.

===

Run the RogueKiller tool and remove this.

[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Partner -> Found


===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Task: {A72E8AFD-975A-4156-A063-384171797A6B} - \Express FilesUpdate -> No File <==== ATTENTION
Task: {E12FAFE6-9C14-4675-98E6-5BD489158D73} - System32\Tasks\{64FD618A-8286-4148-ACE9-19EA1E892D0E} => pcalua.exe -a C:\Users\admin\AppData\Local\Temp\ubiFD49.tmp.exe -d "C:\Program Files\Ubisoft\Assassin's Creed"
AlternateDataStreams: C:\Users\admin\Local Settings:Tmxz966NnFUGbb0CEypzo4yd
AlternateDataStreams: C:\Users\admin\AppData\Local:Tmxz966NnFUGbb0CEypzo4yd
AlternateDataStreams: C:\Users\admin\AppData\Local\Application Data:Tmxz966NnFUGbb0CEypzo4yd
AlternateDataStreams: C:\Users\admin\AppData\Local\Temporary Internet Files:7IwZGTnXGpRf5onFWTR2lJoaw
AlternateDataStreams: C:\ProgramData\TEMP:07BF512B
C:\Users\admin\AppData\Local\Temp\ubiFD49.tmp.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?


p.s.
The reason your Addition.txt log is so big is that you have a good number of entries such as this one.
CustomCLSID: HKU\S-1-5-21-2526120626-3347230282-2708207307-1000_Classes\CLSID\{00000000-1132-001A-C4CD-00010321BD1D}\InprocServer32 -> C:\Program Files\Sony\Vegas 7.0\sfvstwrap.dll (Madison Media Software, Inc.)

The file sfvstwrap.dll
http://support.liutilities.com/products/wintaskspro/dlllibrary/sfvstwrap/

Check this link.
http://download.cnet.com/windows/madison-media-software/3260-20_4-10034231-1.html

It does not look like is't bad but why so many?
I do not know.

#7 Chris Weeks

Chris Weeks
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:43 PM

Posted 27 December 2015 - 03:38 PM

I'm confused as to who you are quoting at the top of the post?

 

I can see the end part relates to me, regarding the Addition.txt; are you suggesting I change all my passwords as I am infected?


Edited by Chris Weeks, 27 December 2015 - 03:52 PM.


#8 Chris Weeks

Chris Weeks
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:43 PM

Posted 27 December 2015 - 05:09 PM

Fix result of Farbar Recovery Scan Tool (x86) Version:25-12-2015
Ran by admin (2015-12-27 21:47:09) Run:2
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: admin & KB)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
Task: {A72E8AFD-975A-4156-A063-384171797A6B} - \Express FilesUpdate -> No File <==== ATTENTION
Task: {E12FAFE6-9C14-4675-98E6-5BD489158D73} - System32\Tasks\{64FD618A-8286-4148-ACE9-19EA1E892D0E} => pcalua.exe -a C:\Users\admin\AppData\Local\Temp\ubiFD49.tmp.exe -d "C:\Program Files\Ubisoft\Assassin's Creed"
AlternateDataStreams: C:\Users\admin\Local Settings:Tmxz966NnFUGbb0CEypzo4yd
AlternateDataStreams: C:\Users\admin\AppData\Local:Tmxz966NnFUGbb0CEypzo4yd
AlternateDataStreams: C:\Users\admin\AppData\Local\Application Data:Tmxz966NnFUGbb0CEypzo4yd
AlternateDataStreams: C:\Users\admin\AppData\Local\Temporary Internet Files:7IwZGTnXGpRf5onFWTR2lJoaw
AlternateDataStreams: C:\ProgramData\TEMP:07BF512B
C:\Users\admin\AppData\Local\Temp\ubiFD49.tmp.exe
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A72E8AFD-975A-4156-A063-384171797A6B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A72E8AFD-975A-4156-A063-384171797A6B}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Express FilesUpdate => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E12FAFE6-9C14-4675-98E6-5BD489158D73}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E12FAFE6-9C14-4675-98E6-5BD489158D73}" => key removed successfully.
C:\Windows\System32\Tasks\{64FD618A-8286-4148-ACE9-19EA1E892D0E} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{64FD618A-8286-4148-ACE9-19EA1E892D0E}" => key removed successfully.
"C:\Users\admin\Local Settings" => ":Tmxz966NnFUGbb0CEypzo4yd" ADS not found.
"C:\Users\admin\AppData\Local" => ":Tmxz966NnFUGbb0CEypzo4yd" ADS not found.
"C:\Users\admin\AppData\Local\Application Data" => ":Tmxz966NnFUGbb0CEypzo4yd" ADS not found.
"C:\Users\admin\AppData\Local\Temporary Internet Files" => ":7IwZGTnXGpRf5onFWTR2lJoaw" ADS not found.
C:\ProgramData\TEMP => ":07BF512B" ADS removed successfully..
"C:\Users\admin\AppData\Local\Temp\ubiFD49.tmp.exe" => not found.
EmptyTemp: => 11.6 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 21:51:02 ====


#9 Chris Weeks

Chris Weeks
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:43 PM

Posted 27 December 2015 - 05:33 PM

My computer is running OK in general. Most of my other programs I can open and use as normal.
However, I still can't run Photoshop or iTunes. 
I've uninstalled both now, even though I need them.
 
 (although I couldn't uninstall the Apple Application Support or Apple Software Update without using IObit Uninstaller)

 

I tried reinstalling iTunes. It installed OK, but still won't run.

 

My antivirus will now not turn on after reboot. I have to keep going to Control Panel, Right Click, Change, Repair, Restart... to get it to work.


Edited by Chris Weeks, 28 December 2015 - 06:07 AM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:43 PM

Posted 28 December 2015 - 08:28 AM


Lets find out if you have a policy restriction on these programs.
Photoshop and iTunes.

Lets look also in the Registry.

Please run the Farbar Recovery Scan Tool. Enter Photoshop;iTunes in the Search Box.
Click the Search Registry button, post the content of the Search.txt file in your next reply.

#11 Chris Weeks

Chris Weeks
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:43 PM

Posted 28 December 2015 - 09:16 AM

I have noticed that after running Rkill, this is the only erroneous issue in the log:

 

Checking Windows Service Integrity: 

 * DFSR [Missing Service]
 
Is this something that could be causing these issues?
 
Here's the FRST log: (sendspace link) https://www.sendspace.com/file/pz6xoh
 
I've tried reinstalling Photoshop, but the same issue persists. It starts to load, it appears in Processes, then 'Windows Problem Reporting' flashes up in Processes and they both vanish.

Edited by Chris Weeks, 28 December 2015 - 09:42 AM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:43 PM

Posted 28 December 2015 - 11:00 AM

Checking Windows Service Integrity:
* DFSR [Missing Service]


Not needed unless your Vista is used as a server.

http://www.blackviper.com/windows-services/dfs-replication/

===

I check your search log and there is no Registrly policy set to disable these programs.

Reset you iTune cache.

http://ccm.net/faq/11841-how-to-reset-the-itunes-store-cache
===

Do the same for Photoshop.
https://forums.adobe.com/thread/1288172?start=0&tstart=0

Hope that helps.

#13 Chris Weeks

Chris Weeks
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:43 PM

Posted 28 December 2015 - 01:09 PM

I don't know what's happened now, but I went to restart my laptop and all I get is a black screen after it boots and asks what user I want to log on as... It shows the mouse pointer (which moves) but on nothing but a black background. I can open Task Manager using Ctrl/Alt/Del

I'm currently on my iPad.

I was able to do a System Restore, but now Chrome or Firefox won't open. When I click on chrome nothing happens. When I click on Firefox I receive the message: "Your Firefox profile cannot be loaded. It may be missing or inaccessible". Any ideas?

I've also noticed that my Windows Search keeps failing to intialise.

Edited by Chris Weeks, 28 December 2015 - 01:19 PM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:43 PM

Posted 29 December 2015 - 07:56 AM

First remove and reinstall Chrome:

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

Re-install Chrome and the Bookmarks.

Test it and if all is well do the same for Firefox.

<<<>>>


Remove Firefox using the instructions one this page.
https://support.mozilla.org/en-US/kb/uninstall-firefox-from-your-computer

Before proceeding save your Bookmarks.
https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer

Install the latest version of the application.

You can then import them to the new version of Firefox.

Firefox Password manager -
Remember, delete and change saved passwords in Firefox
https://support.mozilla.org/en-US/kb/password-manager-remember-delete-change-passwords
<<<>>

Not sure why you are loosing these applications.
I only hope that your Hard Drive is not going bad on you

Make sure you have a good backup of all your important files.

#15 Chris Weeks

Chris Weeks
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:43 PM

Posted 29 December 2015 - 10:50 AM

I've already uninstalled Chrome, before saving Bookmarks. I couldn't get into it anyway, so there was no way to save them, although I probably should've looked in the program files;)

 

I tried reinstalling Chrome, but as Firefox won't open and IE won't let me download anything, I'm a little stuck!

 

I keep regular backups of important files on external drives, so that's one positive;)

 

Ok, so I found a workaround with IE and managed to finally download Chrome.

 

trying to install it now...


Edited by Chris Weeks, 29 December 2015 - 11:13 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users