Jump to content

Shotzi21

Members
  • Posts

    18
  • Joined

  • Last visited

Reputation

0 Neutral
  1. It is not allowing me to check for errors but is telling me to use system restore. My word 2010 program will not open as the windows installer now continues to pop up every time I try. I did not have the windows installer pop up before using the Farbar tool as administrator. Do you happen to know what I can do to fix this? I have a lot of documents saved and need some of them for a Monday meeting. I do not have the Word disk or the windows disk as they came preinstalled by my computer guy when he built my computer. Thank You.
  2. Hi and thank you for responding. For some reason, iexplorer jammed when I tried to upload the files after running Farbar again. Windows installer come up....1st time that happened. Restarted comp. & is ok now. FRST.txt Addition.txt
  3. Hi; I cannot do a full scan with Malwarebytes, Avast or Eset online scanner. Evidently, something is wrong and hoping someone can help fix it. Thank You. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-07-2015 Ran by user (administrator) on USER-PC (29-07-2015 22:28:48) Running from C:\Users\user\Desktop Loaded Profiles: user (Available Profiles: user) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Gadwin Systems, Inc) C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe () C:\Users\user\AppData\Local\Amazon Music\Amazon Music Helper.exe () C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6463592 2012-02-10] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-07] (Realtek Semiconductor) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-29] (AVAST Software) HKU\S-1-5-21-1391047636-372100706-1968810174-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.) HKU\S-1-5-21-1391047636-372100706-1968810174-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.) HKU\S-1-5-21-1391047636-372100706-1968810174-1000\...\Run: [Gadwin PrintScreen] => C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe [1842384 2012-05-30] (Gadwin Systems, Inc) HKU\S-1-5-21-1391047636-372100706-1968810174-1000\...\Run: [Amazon Music] => C:\Users\user\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-11-18] () HKU\S-1-5-21-1391047636-372100706-1968810174-1000\...\Run: [Adobe Acrobat Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2012-12-30] ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe () ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-29] (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1391047636-372100706-1968810174-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1391047636-372100706-1968810174-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-04-02] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-29] (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-02] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-29] (AVAST Software) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: HKLM-x32 {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{0EBA6662-D6CB-442D-BC5D-79872672EAB3}: [DhcpNameServer] 192.168.1.1 75.75.75.75 75.75.76.76 FireFox: ======== FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\spvigt56.default FF DefaultSearchEngine.US: Google FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-02] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-02] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] () FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-29] Chrome: ======= CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-29] CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-29] CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-29] CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-29] CHR Extension: (Avast Online Security) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-07-29] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-29] CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-29] CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-29] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-29] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-29] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-07-29] (Avast Software) R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [233328 2012-01-23] (DTS, Inc) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-29] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-29] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-29] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-29] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-07-29] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-29] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-07-29] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-29] (AVAST Software) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-29] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation) R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-07-29] (AVAST Software) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-29] (Avast Software) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-29 22:28 - 2015-07-29 22:29 - 00014958 _____ C:\Users\user\Desktop\FRST.txt 2015-07-29 22:27 - 2015-07-29 22:28 - 00000000 ____D C:\FRST 2015-07-29 22:27 - 2015-07-29 22:27 - 02169856 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe 2015-07-29 22:22 - 2015-07-29 22:25 - 00000000 ____D C:\Users\user\Desktop\Mutts 2015-07-29 22:12 - 2015-07-29 22:12 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-07-29 22:11 - 2015-07-29 22:11 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-07-29 22:11 - 2015-07-29 22:11 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk 2015-07-29 22:11 - 2015-07-29 22:11 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-07-29 21:51 - 2015-07-29 21:51 - 00000000 ____D C:\Program Files (x86)\ESET 2015-07-29 20:43 - 2015-07-29 22:02 - 00000224 _____ C:\Windows\setupact.log 2015-07-29 20:43 - 2015-07-29 20:43 - 00109296 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT 2015-07-29 20:43 - 2015-07-29 20:43 - 00000000 _____ C:\Windows\setuperr.log 2015-07-29 20:42 - 2015-07-29 21:00 - 00004576 _____ C:\Windows\PFRO.log 2015-07-29 20:42 - 2015-07-29 20:43 - 00421144 _____ C:\Windows\system32\FNTCACHE.DAT 2015-07-29 19:40 - 2015-07-29 19:40 - 00000000 ____D C:\Users\user\AppData\Roaming\AVAST Software 2015-07-29 19:39 - 2015-07-29 19:39 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2015-07-29 19:39 - 2015-07-29 19:39 - 00001882 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2015-07-29 19:39 - 2015-07-29 19:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-07-29 19:38 - 2015-07-29 19:38 - 01048856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2015-07-29 19:38 - 2015-07-29 19:38 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2015-07-29 19:38 - 2015-07-29 19:38 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2015-07-29 19:38 - 2015-07-29 19:38 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2015-07-29 19:38 - 2015-07-29 19:38 - 00150672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2015-07-29 19:38 - 2015-07-29 19:38 - 00115152 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys 2015-07-29 19:38 - 2015-07-29 19:38 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2015-07-29 19:38 - 2015-07-29 19:38 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-07-29 19:38 - 2015-07-29 19:38 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2015-07-29 19:38 - 2015-07-29 19:38 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr 2015-07-29 19:38 - 2015-07-29 19:38 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2015-07-29 19:37 - 2015-07-29 19:37 - 00000000 ____D C:\Program Files\AVAST Software 2015-07-29 19:36 - 2015-07-29 19:36 - 05685584 _____ (AVAST Software) C:\Users\user\Downloads\avast_free_antivirus_setup_online.exe 2015-07-29 19:30 - 2015-07-29 19:30 - 00003288 ____N C:\bootsqm.dat 2015-07-29 19:30 - 2015-07-29 19:30 - 00000000 __SHD C:\found.000 2015-07-21 20:55 - 2015-07-21 20:55 - 00000802 _____ C:\Users\user\Desktop\paypal button.txt 2015-07-20 14:45 - 2015-07-20 14:45 - 00000197 _____ C:\Windows\system32\2015-07-20-18-45-18.015-AvastVBoxSVC.exe-4876.log 2015-07-20 05:50 - 2015-07-20 05:53 - 00000000 ____D C:\Users\user\Documents\Mutt's Cove Stuff 2015-07-20 03:09 - 2015-07-20 03:09 - 00000197 _____ C:\Windows\system32\2015-07-20-07-09-40.004-AvastVBoxSVC.exe-2884.log 2015-07-19 19:45 - 2015-07-19 19:46 - 00000197 _____ C:\Windows\system32\2015-07-19-23-45-48.032-AvastVBoxSVC.exe-4880.log 2015-07-19 10:30 - 2015-07-19 10:30 - 00000197 _____ C:\Windows\system32\2015-07-19-14-30-19.028-AvastVBoxSVC.exe-4156.log 2015-07-19 08:18 - 2015-07-19 08:18 - 00000197 _____ C:\Windows\system32\2015-07-19-12-18-35.065-AvastVBoxSVC.exe-4176.log 2015-07-18 23:40 - 2015-07-18 23:40 - 00000197 _____ C:\Windows\system32\2015-07-19-03-40-32.024-AvastVBoxSVC.exe-2236.log 2015-07-18 17:05 - 2015-07-18 17:05 - 00000197 _____ C:\Windows\system32\2015-07-18-21-05-04.087-AvastVBoxSVC.exe-5000.log 2015-07-18 06:37 - 2015-07-18 06:38 - 00000197 _____ C:\Windows\system32\2015-07-18-10-37-48.020-AvastVBoxSVC.exe-2336.log 2015-07-17 18:03 - 2015-07-17 18:03 - 00000197 _____ C:\Windows\system32\2015-07-17-22-03-51.099-AvastVBoxSVC.exe-4976.log 2015-07-17 06:21 - 2015-07-17 06:22 - 00000197 _____ C:\Windows\system32\2015-07-17-10-21-39.030-AvastVBoxSVC.exe-4592.log 2015-07-16 17:55 - 2015-07-16 17:55 - 00000197 _____ C:\Windows\system32\2015-07-16-21-55-09.056-AvastVBoxSVC.exe-4384.log 2015-07-16 07:23 - 2015-07-16 07:23 - 00000197 _____ C:\Windows\system32\2015-07-16-11-23-11.065-AvastVBoxSVC.exe-4204.log 2015-07-16 00:44 - 2015-07-16 00:44 - 00000197 _____ C:\Windows\system32\2015-07-16-04-44-38.012-AvastVBoxSVC.exe-4328.log 2015-07-15 18:55 - 2015-07-15 18:55 - 00000000 ____D C:\Users\user\AppData\Local\CEF 2015-07-15 17:54 - 2015-07-15 17:55 - 00000197 _____ C:\Windows\system32\2015-07-15-21-54-47.060-AvastVBoxSVC.exe-3984.log 2015-07-15 05:07 - 2015-07-15 05:07 - 00000197 _____ C:\Windows\system32\2015-07-15-09-07-06.095-AvastVBoxSVC.exe-2612.log 2015-07-14 18:43 - 2015-07-14 18:44 - 00000197 _____ C:\Windows\system32\2015-07-14-22-43-42.094-AvastVBoxSVC.exe-3792.log 2015-07-14 08:36 - 2015-07-14 08:37 - 00000197 _____ C:\Windows\system32\2015-07-14-12-36-46.077-AvastVBoxSVC.exe-4008.log 2015-07-13 23:57 - 2015-07-13 23:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-07-13 19:31 - 2015-07-13 19:32 - 00000197 _____ C:\Windows\system32\2015-07-13-23-31-37.041-AvastVBoxSVC.exe-4584.log 2015-07-13 03:59 - 2015-07-13 03:59 - 00000197 _____ C:\Windows\system32\2015-07-13-07-59-00.027-AvastVBoxSVC.exe-4628.log 2015-07-12 19:21 - 2015-07-12 19:21 - 00000197 _____ C:\Windows\system32\2015-07-12-23-21-42.025-AvastVBoxSVC.exe-4516.log 2015-07-12 15:30 - 2015-07-12 15:31 - 00000197 _____ C:\Windows\system32\2015-07-12-19-30-42.049-AvastVBoxSVC.exe-4792.log 2015-07-12 07:26 - 2015-07-12 07:27 - 00000197 _____ C:\Windows\system32\2015-07-12-11-26-26.047-AvastVBoxSVC.exe-2760.log 2015-07-11 17:54 - 2015-07-11 17:54 - 00000197 _____ C:\Windows\system32\2015-07-11-21-54-03.075-AvastVBoxSVC.exe-4504.log 2015-07-11 07:25 - 2015-07-11 07:25 - 00000197 _____ C:\Windows\system32\2015-07-11-11-25-19.095-AvastVBoxSVC.exe-4112.log 2015-07-10 20:03 - 2015-07-10 20:03 - 00000197 _____ C:\Windows\system32\2015-07-11-00-03-24.046-AvastVBoxSVC.exe-4320.log 2015-07-10 19:12 - 2015-07-10 19:13 - 00000197 _____ C:\Windows\system32\2015-07-10-23-12-43.086-AvastVBoxSVC.exe-4084.log 2015-07-10 09:40 - 2015-07-10 09:40 - 00000197 _____ C:\Windows\system32\2015-07-10-13-40-38.083-AvastVBoxSVC.exe-3984.log 2015-07-10 01:38 - 2015-07-10 01:38 - 00000197 _____ C:\Windows\system32\2015-07-10-05-38-43.087-AvastVBoxSVC.exe-4680.log 2015-07-09 15:03 - 2015-07-09 15:03 - 00000197 _____ C:\Windows\system32\2015-07-09-19-03-22.008-AvastVBoxSVC.exe-4568.log 2015-07-09 06:21 - 2015-07-09 06:21 - 00000197 _____ C:\Windows\system32\2015-07-09-10-21-00.064-AvastVBoxSVC.exe-4300.log 2015-07-08 19:24 - 2015-07-08 19:25 - 00000197 _____ C:\Windows\system32\2015-07-08-23-24-44.083-AvastVBoxSVC.exe-4264.log 2015-07-07 18:44 - 2015-07-07 18:44 - 00000197 _____ C:\Windows\system32\2015-07-07-22-44-08.098-AvastVBoxSVC.exe-4324.log 2015-07-07 08:32 - 2015-07-07 08:32 - 00000197 _____ C:\Windows\system32\2015-07-07-12-32-04.049-AvastVBoxSVC.exe-3352.log 2015-07-06 22:00 - 2015-07-06 22:00 - 00000197 _____ C:\Windows\system32\2015-07-07-02-00-49.004-AvastVBoxSVC.exe-3912.log 2015-07-06 16:30 - 2015-07-06 16:31 - 00000197 _____ C:\Windows\system32\2015-07-06-20-30-59.044-AvastVBoxSVC.exe-2840.log 2015-07-06 09:54 - 2015-07-06 09:55 - 00000197 _____ C:\Windows\system32\2015-07-06-13-54-29.034-AvastVBoxSVC.exe-4020.log 2015-07-05 22:34 - 2015-07-05 22:34 - 00000197 _____ C:\Windows\system32\2015-07-06-02-34-33.058-AvastVBoxSVC.exe-3932.log 2015-07-05 17:44 - 2015-07-05 17:45 - 00000197 _____ C:\Windows\system32\2015-07-05-21-44-35.021-AvastVBoxSVC.exe-4368.log 2015-07-05 08:29 - 2015-07-05 08:29 - 00000197 _____ C:\Windows\system32\2015-07-05-12-29-00.070-AvastVBoxSVC.exe-2892.log 2015-07-04 23:10 - 2015-07-04 23:10 - 00000197 _____ C:\Windows\system32\2015-07-05-03-10-10.016-AvastVBoxSVC.exe-4320.log 2015-07-04 20:09 - 2015-07-04 20:10 - 00000197 _____ C:\Windows\system32\2015-07-05-00-09-42.072-AvastVBoxSVC.exe-2468.log 2015-07-04 14:53 - 2015-07-04 14:53 - 00000197 _____ C:\Windows\system32\2015-07-04-18-53-42.051-AvastVBoxSVC.exe-4444.log 2015-07-04 08:13 - 2015-07-04 08:14 - 00000197 _____ C:\Windows\system32\2015-07-04-12-13-34.015-AvastVBoxSVC.exe-4904.log 2015-07-03 22:04 - 2015-07-03 22:04 - 00000197 _____ C:\Windows\system32\2015-07-04-02-04-12.073-AvastVBoxSVC.exe-4048.log 2015-07-03 17:57 - 2015-07-03 17:57 - 00000197 _____ C:\Windows\system32\2015-07-03-21-57-27.006-AvastVBoxSVC.exe-5076.log 2015-07-03 07:46 - 2015-07-03 07:47 - 00000197 _____ C:\Windows\system32\2015-07-03-11-46-47.056-AvastVBoxSVC.exe-4128.log 2015-07-03 01:40 - 2015-07-03 01:40 - 00000197 _____ C:\Windows\system32\2015-07-03-05-40-57.017-AvastVBoxSVC.exe-4456.log 2015-07-02 20:14 - 2015-07-02 20:14 - 00000197 _____ C:\Windows\system32\2015-07-03-00-14-21.042-AvastVBoxSVC.exe-4472.log 2015-07-02 08:07 - 2015-07-02 08:08 - 00000197 _____ C:\Windows\system32\2015-07-02-12-07-41.021-AvastVBoxSVC.exe-5108.log 2015-07-02 01:38 - 2015-07-02 01:38 - 00000197 _____ C:\Windows\system32\2015-07-02-05-38-30.087-AvastVBoxSVC.exe-3040.log 2015-07-01 18:03 - 2015-07-01 18:03 - 00000197 _____ C:\Windows\system32\2015-07-01-22-03-00.060-AvastVBoxSVC.exe-4876.log 2015-07-01 05:49 - 2015-07-01 05:50 - 00000197 _____ C:\Windows\system32\2015-07-01-09-49-26.033-AvastVBoxSVC.exe-364.log 2015-06-30 19:10 - 2015-06-30 19:10 - 00004096 ____H C:\Users\user\AppData\Local\keyfile3.drm 2015-06-30 18:15 - 2015-06-30 18:16 - 00000197 _____ C:\Windows\system32\2015-06-30-22-15-37.010-AvastVBoxSVC.exe-4388.log 2015-06-30 05:31 - 2015-06-30 05:31 - 00000197 _____ C:\Windows\system32\2015-06-30-09-31-04.068-AvastVBoxSVC.exe-4584.log 2015-06-29 16:39 - 2015-06-29 16:39 - 00000247 _____ C:\Windows\system32\2015-06-29-20-39-04.022-aswFe.exe-3516.log 2015-06-29 16:29 - 2015-06-29 16:38 - 00000247 _____ C:\Windows\system32\2015-06-29-20-29-13.077-aswFe.exe-2784.log 2015-06-29 16:29 - 2015-06-29 16:29 - 00000197 _____ C:\Windows\system32\2015-06-29-20-29-03.096-AvastVBoxSVC.exe-4304.log 2015-06-29 08:50 - 2015-06-29 08:51 - 00000000 ____D C:\Users\user\AppData\Local\UmmyVideoDownloader 2015-06-29 08:50 - 2015-06-29 08:50 - 00001196 _____ C:\Users\Public\Desktop\UmmyVideoDownloader.lnk 2015-06-29 08:50 - 2015-06-29 08:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UmmyVideoDownloader 2015-06-29 08:48 - 2015-06-29 08:48 - 00411008 _____ C:\Users\user\Downloads\UmmyVD-Web-Loader-[113].exe 2015-06-29 08:34 - 2015-06-29 08:34 - 00000197 _____ C:\Windows\system32\2015-06-29-12-34-50.037-AvastVBoxSVC.exe-3268.log 2015-06-29 07:59 - 2015-06-29 08:00 - 00000197 _____ C:\Windows\system32\2015-06-29-11-59-52.014-AvastVBoxSVC.exe-3952.log ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-29 22:12 - 2012-12-22 18:45 - 00000000 ____D C:\Users\user\AppData\Local\Adobe 2015-07-29 22:10 - 2009-07-14 00:45 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-07-29 22:10 - 2009-07-14 00:45 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-07-29 22:08 - 2012-12-20 10:21 - 00000000 ____D C:\ProgramData\Adobe 2015-07-29 22:06 - 2014-12-12 23:07 - 02057347 _____ C:\Windows\WindowsUpdate.log 2015-07-29 22:03 - 2014-08-31 18:16 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-07-29 22:03 - 2013-01-10 23:12 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-29 22:02 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-29 21:06 - 2014-08-31 18:16 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-07-29 21:06 - 2014-08-31 18:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-07-29 21:06 - 2014-08-31 18:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-07-29 20:00 - 2013-01-10 23:12 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-29 19:42 - 2013-01-10 23:12 - 00000000 ____D C:\Program Files (x86)\Google 2015-07-29 19:40 - 2013-01-10 23:12 - 00000000 ____D C:\Users\user\AppData\Local\Google 2015-07-29 19:40 - 2012-12-13 05:34 - 00000000 ____D C:\Users\user\AppData\Local\VirtualStore 2015-07-29 19:36 - 2012-12-22 19:36 - 00000000 ____D C:\ProgramData\AVAST Software 2015-07-23 02:00 - 2012-12-22 19:11 - 00000000 ____D C:\Users\user\Documents\Outlook Files 2015-07-22 10:47 - 2014-01-26 15:08 - 00000000 ____D C:\Users\user\Documents\PrintScreen Files 2015-07-20 18:28 - 2015-01-16 23:08 - 00000000 ____D C:\Windows\SysWOW64\vbox 2015-07-20 18:28 - 2015-01-16 23:08 - 00000000 ____D C:\Windows\system32\vbox 2015-07-15 17:55 - 2013-01-10 23:12 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-07-15 17:55 - 2013-01-10 23:12 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-07-15 05:05 - 2015-03-13 01:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-07-06 05:47 - 2013-09-09 13:24 - 00000000 ____D C:\Users\user\AppData\Local\Windows Live 2015-07-03 07:44 - 2009-07-14 01:08 - 00032588 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-06-30 18:55 - 2012-12-20 10:41 - 00000000 ____D C:\Users\user\AppData\Local\Microsoft Help ==================== Files in the root of some directories ======= 2013-06-10 08:58 - 2013-06-10 08:58 - 4096000 _____ () C:\Program Files (x86)\GUT754F.tmp 2014-08-31 17:56 - 2014-08-31 17:56 - 0000055 _____ () C:\Users\user\AppData\Roaming\mbam.context.scan 2015-06-30 19:10 - 2015-06-30 19:10 - 0004096 ____H () C:\Users\user\AppData\Local\keyfile3.drm 2012-12-26 10:05 - 2012-12-26 10:20 - 0007604 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg 2012-12-22 19:27 - 2012-12-22 19:27 - 0000057 _____ () C:\ProgramData\Ament.ini ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-24 08:59 ==================== End of log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-07-2015 Ran by user (2015-07-29 22:29:23) Running from C:\Users\user\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1391047636-372100706-1968810174-500 - Administrator - Disabled) Guest (S-1-5-21-1391047636-372100706-1968810174-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1391047636-372100706-1968810174-1170 - Limited - Enabled) user (S-1-5-21-1391047636-372100706-1968810174-1000 - Administrator - Enabled) => C:\Users\user ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 3Planesoft Screensaver Manager 1.0 (HKLM-x32\...\3Planesoft Screensaver Manager_is1) (Version: 1.0 - 3Planesoft) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated) Amazon Music (HKU\S-1-5-21-1391047636-372100706-1968810174-1000\...\Amazon Amazon Music) (Version: 3.7.0.693 - Amazon Services LLC) AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology) Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Canon PowerShot SX260 HS and SX240 HS Camera User Guide (HKLM-x32\...\CameraUserGuide-PSSX260HSandSX240HS) (Version: 1.0.0.9 - Canon Inc.) Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.7.0.11 - Canon Inc.) Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.1.1.19 - Canon Inc.) Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 3.25 - Piriform) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation) DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Gadwin PrintScreen (HKLM-x32\...\Gadwin PrintScreen) (Version: 4.7 - Gadwin Systems, Inc.) Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{FB555BCF-9202-4886-9203-88C9A210D727}) (Version: 25.0.571.0 - Hewlett-Packard Co.) HP Deskjet 3050A J611 series Help (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard) HP Deskjet 3050A J611 series Product Improvement Study (HKLM\...\{710D4D91-1924-4A6B-8659-9CDE02DC7207}) (Version: 25.0.571.0 - Hewlett-Packard Co.) HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard) iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.) iTunes (HKLM\...\{A535111D-95C8-487F-869E-CE4C239972D2}) (Version: 11.1.1.11 - Apple Inc.) Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation) Lightning Storm (HKLM-x32\...\{B2B7CAD5-6032-416A-9049-1E9C2721CBF6}) (Version: 1.0.2 - InstallX, LLC) <==== ATTENTION Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Mechanical Clock 3D Screensaver 1.0 (HKLM-x32\...\Mechanical Clock 3D Screensaver_is1) (Version: 1.0 - 3Planesoft) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla) Quick PDF Converter v4.1 (HKLM-x32\...\Quick PDF Converter v4.1) (Version: 4.1.0.0 - QuickPDFtoWord) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.52.203.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6570 - Realtek Semiconductor Corp.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.) UmmyVideoDownloader (HKLM-x32\...\{E028DBDA-EEE7-48A0-ADF7-D250589A02C5}_is1) (Version: 1.4.0.2 - ) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 29-07-2015 20:05:15 Removed Adobe Acrobat DC. 29-07-2015 20:18:10 Removed Adobe Reader XI (11.0.12). 29-07-2015 22:25:00 Installed Microsoft Office Single Image 2010 ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2014-08-31 20:41 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1520D9C5-3D05-4013-A5E7-485A927C927B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-10] (Google Inc.) Task: {494A0EA8-7BCD-45D9-B722-BC586DE22ED3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-29] (AVAST Software) Task: {73DA1A9F-1EB7-4887-81CC-CDF7F560F885} - System32\Tasks\{E3CE908C-D94D-446F-9C7B-3AEB16FB16A8} => pcalua.exe -a C:\Users\user\Downloads\Dogwaffle_Install_1_2_free.exe -d C:\Users\user\Downloads Task: {7D0294F1-C8CC-4F27-A7A4-F5111774CF8A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated) Task: {9E9B011E-8DA8-4576-A5BF-D4DD2683C360} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-06-08] (Hewlett-Packard Co.) Task: {B0916554-ED13-4DA2-82E4-E8DB7CEC29C6} - System32\Tasks\{6EBBC16E-AFA3-49D4-BADA-E87E45858E93} => pcalua.exe -a "C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U0KULTN1\WM9Codecs.exe" -d C:\Users\user\Desktop Task: {B0C007DF-8C14-4BDF-A27A-74EA07C6C8E7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-11-23] (Piriform Ltd) Task: {E61A516C-B099-4D8A-BC4B-63822A641874} - System32\Tasks\hpUrlLauncher.exe_{677713FF-4D4B-4013-98E2-64B5F18DDEF7} => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\utils\hpUrlLauncher.exe [2011-06-08] (Hewlett-Packard Co.) Task: {FBFFD425-0D54-46E1-B86C-F324782448B0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-10] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2014-09-15 19:13 - 2014-09-15 19:13 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2014-02-11 08:08 - 2014-02-11 08:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2014-02-11 08:08 - 2014-02-11 08:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2014-12-11 01:50 - 2014-11-18 20:55 - 06277952 _____ () C:\Users\user\AppData\Local\Amazon Music\Amazon Music Helper.exe 2012-12-30 15:54 - 2012-11-27 14:48 - 00069120 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe 2011-06-08 17:57 - 2011-06-08 17:57 - 02812776 _____ () C:\Windows\system32\HPScanTRDrv_DJ3050A_J611.dll 2014-09-15 19:13 - 2014-09-15 19:13 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2015-07-29 19:38 - 2015-07-29 19:38 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-07-29 19:38 - 2015-07-29 19:38 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-07-29 19:38 - 2015-07-29 19:38 - 02960384 _____ () C:\Program Files\AVAST Software\Avast\defs\15072900\algo.dll 2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll 2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll 2012-11-28 15:13 - 2012-11-28 15:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2012-11-28 15:13 - 2012-11-28 15:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2012-12-30 15:54 - 2012-11-27 14:38 - 00112128 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll 2015-07-29 19:38 - 2015-07-29 19:38 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1391047636-372100706-1968810174-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 - 75.75.75.75 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{FD009A5A-E381-4C5A-AFC5-EC854929F0DD}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe FirewallRules: [{6731399B-BFF9-40AC-A01D-74EF37B8CABF}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe FirewallRules: [{76783037-FB16-4D77-A12D-0F5A2F82C18C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [{FBC4DC8E-BA59-4C83-9768-BA240070DC9D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{316A3BAB-B313-470D-B0E1-B6F4CBAB2628}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{DCA05BDF-BF15-4639-AC3E-AE8C68630BDB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{24B25074-7D0F-4730-9942-2892A97DE138}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [TCP Query User{61C4838C-C8AB-43D5-9CEC-5BB0CD892AF3}C:\program files (x86)\divx\divx media server\divxmediaserver.exe] => (Allow) C:\program files (x86)\divx\divx media server\divxmediaserver.exe FirewallRules: [uDP Query User{81D50C34-7293-435A-83BA-610CE980A295}C:\program files (x86)\divx\divx media server\divxmediaserver.exe] => (Allow) C:\program files (x86)\divx\divx media server\divxmediaserver.exe FirewallRules: [{D36E5559-1080-4431-9711-12950EF5C2C7}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [{31F9BECE-6782-4BDF-8324-74860E8366BE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{A8CE65C6-1FDA-4592-8181-0C0C6F37BA51}] => (Allow) LPort=2869 FirewallRules: [{C69B522A-2591-41A8-B105-28B895E7E7E8}] => (Allow) LPort=1900 FirewallRules: [TCP Query User{F43B8B84-B7B9-474F-A220-AD00646478DF}C:\program files\easy-hide-ip\easy-hide-ip.exe] => (Allow) C:\program files\easy-hide-ip\easy-hide-ip.exe FirewallRules: [uDP Query User{97730C78-E20F-4878-8273-95FB58417D82}C:\program files\easy-hide-ip\easy-hide-ip.exe] => (Allow) C:\program files\easy-hide-ip\easy-hide-ip.exe FirewallRules: [{0F07AD7E-A6E0-4E79-A209-1747481F4C08}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{50040F81-1DE5-4DAB-8363-4F5052156AA0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{DCBBC747-5CC9-4694-BEBB-1447AB2C5E40}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{C1EDFF70-4311-48CE-BEC4-0C06F0D12A22}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/29/2015 10:03:45 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/29/2015 09:32:27 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: The index cannot be initialized. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (07/29/2015 09:32:27 PM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: The application cannot be initialized. Context: Windows Application Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (07/29/2015 09:32:27 PM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: The gatherer object cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (07/29/2015 09:32:27 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: The plug-in in <Search.TripoliIndexer> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: Element not found. (HRESULT : 0x80070490) (0x80070490) Error: (07/29/2015 09:32:27 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: The plug-in in <Search.JetPropStore> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (07/29/2015 09:32:27 PM) (Source: Windows Search Service) (EventID: 9002) (User: ) Description: The Windows Search Service cannot load the property store information. Context: Windows Application, SystemIndex Catalog Details: The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800) Error: (07/29/2015 09:32:27 PM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (07/29/2015 09:32:27 PM) (Source: Windows Search Service) (EventID: 7040) (User: ) Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (07/29/2015 09:32:27 PM) (Source: Windows Search Service) (EventID: 9000) (User: ) Description: The Windows Search Service cannot open the Jet property store. Details: 0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800)) System errors: ============= Error: (07/29/2015 10:02:08 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 10:00:20 PM on ‎7/‎29/‎2015 was unexpected. Error: (07/29/2015 09:55:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: %%1275 Error: (07/29/2015 09:55:01 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\user\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (07/29/2015 09:55:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: %%1275 Error: (07/29/2015 09:55:00 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\user\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (07/29/2015 09:55:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: %%1275 Error: (07/29/2015 09:55:00 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\user\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (07/29/2015 09:52:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: %%1275 Error: (07/29/2015 09:52:36 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\user\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (07/29/2015 09:52:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: %%1275 Microsoft Office: ========================= Error: (07/29/2015 10:03:45 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/29/2015 09:32:27 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (07/29/2015 09:32:27 PM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: Context: Windows Application Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (07/29/2015 09:32:27 PM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (07/29/2015 09:32:27 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: Context: Windows Application, SystemIndex Catalog Details: Element not found. (HRESULT : 0x80070490) (0x80070490) Search.TripoliIndexer Error: (07/29/2015 09:32:27 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Search.JetPropStore Error: (07/29/2015 09:32:27 PM) (Source: Windows Search Service) (EventID: 9002) (User: ) Description: Context: Windows Application, SystemIndex Catalog Details: The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800) Error: (07/29/2015 09:32:27 PM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) The catalog is corrupt Error: (07/29/2015 09:32:27 PM) (Source: Windows Search Service) (EventID: 7040) (User: ) Description: Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) 4700 Error: (07/29/2015 09:32:27 PM) (Source: Windows Search Service) (EventID: 9000) (User: ) Description: Details: 0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800)) CodeIntegrity: =================================== Date: 2015-07-29 22:19:48.944 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. Date: 2015-07-29 22:03:58.090 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. Date: 2015-07-29 21:51:13.036 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. Date: 2015-07-29 21:40:06.711 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. Date: 2015-07-29 21:32:23.000 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. Date: 2015-07-29 21:21:48.859 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. Date: 2015-07-29 21:03:20.849 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. Date: 2015-07-29 20:45:04.004 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. Date: 2015-07-29 20:25:05.046 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. Date: 2015-07-29 19:58:54.832 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD FX-8350 Eight-Core Processor Percentage of memory in use: 27% Total physical RAM: 8120.4 MB Available physical RAM: 5849.43 MB Total Virtual: 16238.98 MB Available Virtual: 13632.22 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.41 GB) (Free:849.25 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 806951DB) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS) ==================== End of log ============================
  4. Hi; I'm having a problem with internet explorer. I keep getting a message from one of the sites I use that I have to enable "local storage". Wondering if this has something to do with resetting setting when I removed everything or with the java update? \ The problem is with explorer...firefox is fine. Thank you, Shotzi21
  5. Yes, you can close out the thread. Thank you very for your time and all your help. I appreciate it....a lot. Thank you again. Have a great day! Shotzi21
  6. Hi I followed the steps and I still have "Microsoft malicious software removal tool" and "CF Uninstall" on my desktop. Also, they are not in my add/remove programs so I can't remove them that way. My Java is now up to date , thank you! Also, I will check the processor, heat sink and thermal paste this weekend. Thank you for that info. Much appreciated. Shotzi21
  7. To add to my above post...it happens with both explorer and firefox, they are the two I have installed
  8. Hi, The first program...s/CF UNINST.exe would not run correctly. It ran less then 1 second and done. But I downloaded it to my desktop, tried running as administrator, then tried just clicking and just running, neither worked. Combofix and logs are still there, even after restart. Box popped up when done and asked if I wanted to reinstall with "recommended settings". I didn't choose that and posted here instead. Was I supposed to installed it as regular program in my program file or something? I didn't remove my processor, just opened my computer case, vacuumed the fan and air vents to get any dust off, thinking that could be the problem. I'm going to have to call my computer guy after removing these programs so he can check it and fix if it is hardware as I don't want to make things worse by trying myself.. I don't know what the thermal paste or heatsink is. lol. Thank you. Shotzi21
  9. Yes, busier websites speed up my processor, causing a whining sound that gets louder and louder which forces me off site. Have no idea what is causing this. I took it apart when this started and cleaned out any dust on the fan, air vents, etc. No help. My system is quieter when on regular uncluttered sites such as this one, though. I do not game, don't download music. I mostly do research and post in comment sections on newspaper articles, chat rooms, etc. My system is about 2 years old, was built my computer guy and ran with no issues until recently. It is the 3rd system he built for me and all ran fine. Thank you. Shotzi21
  10. ComboFix 14-08-31.01 - user 09/01/2014 12:04:29.3.8 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8120.6039 [GMT -4:00] Running from: c:\users\user\Desktop\ComboFix.exe Command switches used :: c:\users\user\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2014-08-01 to 2014-09-01 ))))))))))))))))))))))))))))))) . . 2014-09-01 16:08 . 2014-09-01 16:08 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-09-01 14:57 . 2014-09-01 14:57 -------- d-----w- c:\program files (x86)\ESET 2014-08-31 22:42 . 2014-08-31 22:42 -------- d-----w- c:\windows\ERUNT 2014-08-31 22:34 . 2014-08-31 22:36 -------- d-----w- C:\AdwCleaner 2014-08-31 22:16 . 2014-08-31 23:01 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-08-31 22:16 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-08-31 22:16 . 2014-05-12 11:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-08-31 22:16 . 2014-05-12 11:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-08-31 22:16 . 2014-08-31 22:16 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2014-08-31 22:16 . 2014-08-31 22:16 -------- d-----w- c:\programdata\Malwarebytes 2014-08-31 15:42 . 2014-08-31 15:43 -------- d-----w- C:\FRST 2014-08-31 13:29 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C4EF799-6D1C-4B5C-A6C4-CFF13DB3F69D}\mpengine.dll 2014-08-31 06:09 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll 2014-08-31 06:09 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll 2014-08-28 12:03 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys 2014-08-13 02:46 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll 2014-08-13 02:46 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe 2014-08-13 02:46 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll 2014-08-13 02:46 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe 2014-08-13 02:46 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll 2014-08-13 02:46 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll 2014-08-13 02:45 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe 2014-08-13 02:45 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe 2014-08-12 21:59 . 2014-07-25 13:42 48128 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-08-05 13:20 . 2010-11-21 03:27 270496 ----a-w- c:\windows\system32\MpSigStub.exe 2014-08-01 03:41 . 2012-12-12 22:14 99218768 ----a-w- c:\windows\system32\MRT.exe 2014-07-11 23:25 . 2012-12-20 14:21 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-07-11 23:25 . 2012-12-20 14:21 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-06-18 02:18 . 2014-07-09 02:48 692736 ----a-w- c:\windows\system32\osk.exe 2014-06-18 01:51 . 2014-07-09 02:48 646144 ----a-w- c:\windows\SysWow64\osk.exe 2014-06-17 13:05 . 2012-07-17 18:37 23264 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2014-06-06 10:10 . 2014-07-09 02:48 624128 ----a-w- c:\windows\system32\qedit.dll 2014-06-06 09:44 . 2014-07-09 02:48 509440 ----a-w- c:\windows\SysWow64\qedit.dll 2014-06-05 14:45 . 2014-07-09 02:47 1460736 ----a-w- c:\windows\system32\lsasrv.dll 2014-06-05 14:26 . 2014-07-09 02:47 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2014-06-05 14:25 . 2014-07-09 02:47 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2013-06-10 12:58 . 2013-06-10 12:58 4096000 ----a-w- c:\program files (x86)\GUT754F.tmp . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-09-15 59720] "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-09-14 59720] "Gadwin PrintScreen"="c:\program files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe" [2012-05-30 1842384] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ ImageBrowser EX Agent.lnk - c:\program files (x86)\Canon\ImageBrowser EX\MFManager.exe [2012-12-30 69120] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x] S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x] S0 aswRvrt;aswRvrt; [x] S0 aswVmm;aswVmm; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x] S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2014-09-01 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-20 23:25] . 2014-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-11 03:12] . 2014-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-11 03:12] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-02-10 6463592] "RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-08 1158248] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76 FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\spvigt56.default\ . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.14" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-09-01 12:10:13 ComboFix-quarantined-files.txt 2014-09-01 16:10 ComboFix2.txt 2014-09-01 14:48 ComboFix3.txt 2014-09-01 00:43 . Pre-Run: 911,203,491,840 bytes free Post-Run: 911,139,532,800 bytes free . - - End Of File - - 44A33DB82480545AD038457AEC1D9151 A36C5E4F47E84449FF07ED3517B43A31 C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application
  11. I just noticed Windows Defender was on in the results I posted. I didn't even remember I had this program. I will do the scanning again and post. Sorry
  12. ComboFix 14-08-31.01 - user 09/01/2014 10:42:37.2.8 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8120.6311 [GMT -4:00] Running from: c:\users\user\Desktop\ComboFix.exe Command switches used :: c:\users\user\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2014-08-01 to 2014-09-01 ))))))))))))))))))))))))))))))) . . 2014-09-01 14:47 . 2014-09-01 14:47 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-08-31 22:42 . 2014-08-31 22:42 -------- d-----w- c:\windows\ERUNT 2014-08-31 22:34 . 2014-08-31 22:36 -------- d-----w- C:\AdwCleaner 2014-08-31 22:16 . 2014-08-31 23:01 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-08-31 22:16 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-08-31 22:16 . 2014-05-12 11:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-08-31 22:16 . 2014-05-12 11:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-08-31 22:16 . 2014-08-31 22:16 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2014-08-31 22:16 . 2014-08-31 22:16 -------- d-----w- c:\programdata\Malwarebytes 2014-08-31 15:42 . 2014-08-31 15:43 -------- d-----w- C:\FRST 2014-08-31 13:29 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C4EF799-6D1C-4B5C-A6C4-CFF13DB3F69D}\mpengine.dll 2014-08-31 06:09 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll 2014-08-31 06:09 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll 2014-08-28 12:03 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys 2014-08-13 02:46 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll 2014-08-13 02:46 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe 2014-08-13 02:46 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll 2014-08-13 02:46 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe 2014-08-13 02:46 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll 2014-08-13 02:46 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll 2014-08-13 02:45 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe 2014-08-13 02:45 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe 2014-08-12 21:59 . 2014-07-25 13:42 48128 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-08-05 13:20 . 2010-11-21 03:27 270496 ----a-w- c:\windows\system32\MpSigStub.exe 2014-08-01 03:41 . 2012-12-12 22:14 99218768 ----a-w- c:\windows\system32\MRT.exe 2014-07-11 23:25 . 2012-12-20 14:21 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-07-11 23:25 . 2012-12-20 14:21 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-06-18 02:18 . 2014-07-09 02:48 692736 ----a-w- c:\windows\system32\osk.exe 2014-06-18 01:51 . 2014-07-09 02:48 646144 ----a-w- c:\windows\SysWow64\osk.exe 2014-06-17 13:05 . 2012-07-17 18:37 23264 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2014-06-06 10:10 . 2014-07-09 02:48 624128 ----a-w- c:\windows\system32\qedit.dll 2014-06-06 09:44 . 2014-07-09 02:48 509440 ----a-w- c:\windows\SysWow64\qedit.dll 2014-06-05 14:45 . 2014-07-09 02:47 1460736 ----a-w- c:\windows\system32\lsasrv.dll 2014-06-05 14:26 . 2014-07-09 02:47 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2014-06-05 14:25 . 2014-07-09 02:47 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2013-06-10 12:58 . 2013-06-10 12:58 4096000 ----a-w- c:\program files (x86)\GUT754F.tmp . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-09-15 59720] "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-09-14 59720] "Gadwin PrintScreen"="c:\program files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe" [2012-05-30 1842384] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ ImageBrowser EX Agent.lnk - c:\program files (x86)\Canon\ImageBrowser EX\MFManager.exe [2012-12-30 69120] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x] S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x] S0 aswRvrt;aswRvrt; [x] S0 aswVmm;aswVmm; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x] S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2014-09-01 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-20 23:25] . 2014-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-11 03:12] . 2014-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-11 03:12] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-02-10 6463592] "RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-08 1158248] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76 FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\spvigt56.default\ . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.14" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-09-01 10:48:27 ComboFix-quarantined-files.txt 2014-09-01 14:48 ComboFix2.txt 2014-09-01 00:43 . Pre-Run: 911,432,704,000 bytes free Post-Run: 911,362,490,368 bytes free . - - End Of File - - 7CFEA14EC914EB652D75A6FB736F899E A36C5E4F47E84449FF07ED3517B43A31 C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application
  13. ComboFix 14-08-31.01 - user 08/31/2014 20:36:53.1.8 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8120.6088 [GMT -4:00] Running from: c:\users\user\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\user\AppData\Local\TempDIR c:\users\user\Documents\~WRL2274.tmp . . ((((((((((((((((((((((((( Files Created from 2014-08-01 to 2014-09-01 ))))))))))))))))))))))))))))))) . . 2014-09-01 00:41 . 2014-09-01 00:41 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-08-31 22:42 . 2014-08-31 22:42 -------- d-----w- c:\windows\ERUNT 2014-08-31 22:34 . 2014-08-31 22:36 -------- d-----w- C:\AdwCleaner 2014-08-31 22:16 . 2014-08-31 23:01 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-08-31 22:16 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-08-31 22:16 . 2014-05-12 11:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-08-31 22:16 . 2014-05-12 11:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-08-31 22:16 . 2014-08-31 22:16 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2014-08-31 22:16 . 2014-08-31 22:16 -------- d-----w- c:\programdata\Malwarebytes 2014-08-31 15:42 . 2014-08-31 15:43 -------- d-----w- C:\FRST 2014-08-31 13:29 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C4EF799-6D1C-4B5C-A6C4-CFF13DB3F69D}\mpengine.dll 2014-08-31 06:09 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll 2014-08-31 06:09 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll 2014-08-28 12:03 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys 2014-08-13 02:46 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll 2014-08-13 02:46 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe 2014-08-13 02:46 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll 2014-08-13 02:46 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe 2014-08-13 02:46 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll 2014-08-13 02:46 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll 2014-08-13 02:45 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe 2014-08-13 02:45 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe 2014-08-12 21:59 . 2014-07-25 13:42 48128 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-08-05 13:20 . 2010-11-21 03:27 270496 ----a-w- c:\windows\system32\MpSigStub.exe 2014-08-01 03:41 . 2012-12-12 22:14 99218768 ----a-w- c:\windows\system32\MRT.exe 2014-07-11 23:25 . 2012-12-20 14:21 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-07-11 23:25 . 2012-12-20 14:21 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-06-18 02:18 . 2014-07-09 02:48 692736 ----a-w- c:\windows\system32\osk.exe 2014-06-18 01:51 . 2014-07-09 02:48 646144 ----a-w- c:\windows\SysWow64\osk.exe 2014-06-17 13:05 . 2012-07-17 18:37 23264 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2014-06-06 10:10 . 2014-07-09 02:48 624128 ----a-w- c:\windows\system32\qedit.dll 2014-06-06 09:44 . 2014-07-09 02:48 509440 ----a-w- c:\windows\SysWow64\qedit.dll 2014-06-05 14:45 . 2014-07-09 02:47 1460736 ----a-w- c:\windows\system32\lsasrv.dll 2014-06-05 14:26 . 2014-07-09 02:47 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2014-06-05 14:25 . 2014-07-09 02:47 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2013-06-10 12:58 . 2013-06-10 12:58 4096000 ----a-w- c:\program files (x86)\GUT754F.tmp . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-09-15 59720] "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-09-14 59720] "Gadwin PrintScreen"="c:\program files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe" [2012-05-30 1842384] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ ImageBrowser EX Agent.lnk - c:\program files (x86)\Canon\ImageBrowser EX\MFManager.exe [2012-12-30 69120] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x] S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x] S0 aswRvrt;aswRvrt; [x] S0 aswVmm;aswVmm; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x] S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MBAMSWISSARMY . Contents of the 'Scheduled Tasks' folder . 2014-09-01 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-20 23:25] . 2014-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-11 03:12] . 2014-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-11 03:12] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-02-10 6463592] "RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-08 1158248] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76 FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\spvigt56.default\ . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-Easy-Hide-IP - c:\program files\Easy-Hide-IP\easy-hide-ip.exe Wow6432Node-HKLM-Run-<NO NAME> - (no file) Wow6432Node-HKLM-Run-DivXMediaServer - c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.14" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-08-31 20:43:05 ComboFix-quarantined-files.txt 2014-09-01 00:43 . Pre-Run: 912,057,782,272 bytes free Post-Run: 911,661,334,528 bytes free . - - End Of File - - EC98ECD21286D9453F843A1E92C33A01 A36C5E4F47E84449FF07ED3517B43A31
  14. My processor is quieter now when I'm just on sites such as this one....almost normal but not quite. When I go to busier webpages, it starts the whining again. Also, while running the "junkware removal tool", my processor started whining so loud, I thought it would shut down or blow. It didn't take very long to run that program....any longer, I doubt it would have made it through. I have all the results from all programs and oped another browser so I can post them on here. Anyway, I continue to get this message now.... "You have posted a message with more emoticons than this community allows. Please reduce the number of emoticons you've added to the message" I tried copying all the results at once and the message appeared, then tried breaking it up, sitll message appeared. Any other help would be highly appreciated.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.