Jump to content

Neamiah

Members
  • Posts

    8
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2014 02 Ran by Mine (administrator) on GREG on 01-09-2014 17:18:32 Running from C:\Users\Mine\Downloads Platform: Microsoft® Windows Vista™ Home Premium (X86) OS Language: English (United States) Internet Explorer Version 7 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\audiodg.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (AMD) C:\Windows\System32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe ( ) C:\Windows\System32\lxczcoms.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Lexmark International, Inc.) C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Lexmark International, Inc.) C:\Program Files\Lexmark 1200 Series\LXCZbmon.exe () C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe (New Boundary Technologies, Inc.) C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS () C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Farbar) C:\Users\Mine\Downloads\FRST(2).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1006264 2013-11-28] (Microsoft Corporation) HKLM\...\Run: [lxczbmgr.exe] => C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [74672 2007-04-19] (Lexmark International, Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-29] (AVAST Software) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-446210937-1492631538-2402945498-1006\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125440 2006-11-02] (Microsoft Corporation) HKU\S-1-5-21-446210937-1492631538-2402945498-1006\...\MountPoints2: {bc00e5f3-585d-11e3-9389-001676b89a72} - I:\autorun.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe () ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) BootExecute: autocheck autochk * sdnclean.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home Winsock: Catalog9 01 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany) Winsock: Catalog9 02 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany) Winsock: Catalog9 03 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany) Winsock: Catalog9 04 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany) Winsock: Catalog9 27 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox: ======== FF ProfilePath: C:\Users\Mine\AppData\Roaming\Mozilla\Firefox\Profiles\lmkav7d2.default-1409459547997 FF Homepage: hxxp://xfinity.comcast.net/?cid=mtmh08302014 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-11-28] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-29] Chrome: ======= CHR HomePage: Default -> 9B7B6EB9CE8065108ED8E18021C98A6B516F63CD53DE685AD2D931536EC543A3 CHR DefaultSearchKeyword: Default -> 606B541C4399023170102B5090D58A10EC5AE16ECF214504BED337732FC5A953 CHR DefaultSearchProvider: Default -> D56FE927DAF895A67F8681DE1657078E28E2017D5C8E47BD77596A9377335CB6 CHR DefaultSearchURL: Default -> D44BA351EA76489E63347E5C5678B62EDFB9DA9386846B43452530E03998ECB6 CHR CustomProfile: C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Docs) - C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-29] CHR Extension: (Google Drive) - C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-29] CHR Extension: (YouTube) - C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-29] CHR Extension: (Google Search) - C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-29] CHR Extension: (Gmail) - C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-29] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-29] (AVAST Software) R2 lxcz_device; C:\Windows\system32\lxczcoms.exe [537520 2007-04-19] ( ) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 MHN; C:\Windows\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed] R2 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [65536 2006-06-19] (New Boundary Technologies, Inc.) [File not signed] R2 WSWNDA3100v2; C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] () S3 MyOSProtect; C:\Program Files\Web Protect\MyOSProtect.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 abp480n5; C:\Windows\System32\DRIVERS\ABP480N5.SYS [23552 2004-08-10] (Microsoft Corporation) [File not signed] R0 Aha154x; C:\Windows\System32\DRIVERS\aha154x.sys [12800 2004-08-10] (Microsoft Corporation) [File not signed] R0 aic78u2; C:\Windows\System32\DRIVERS\aic78u2.sys [55168 2004-08-10] (Microsoft Corporation) [File not signed] R0 amacpi; C:\Windows\System32\DRIVERS\null.sys [4608 2006-11-02] (Microsoft Corporation) R0 amsint; C:\Windows\System32\DRIVERS\amsint.sys [12032 2004-08-10] (Microsoft Corporation) [File not signed] R0 asc; C:\Windows\System32\DRIVERS\asc.sys [26496 2004-08-10] (Advanced System Products, Inc.) [File not signed] R0 asc3350p; C:\Windows\System32\DRIVERS\asc3350p.sys [22400 2004-08-10] (Microsoft Corporation) [File not signed] R0 asc3550; C:\Windows\System32\DRIVERS\asc3550.sys [14848 2004-08-10] (Advanced System Products, Inc.) [File not signed] R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-29] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-29] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-08-29] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-29] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-29] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-29] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-08-29] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-29] () R3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [1074944 2011-12-12] (Broadcom Corporation) R0 cd20xrnt; C:\Windows\System32\DRIVERS\cd20xrnt.sys [7680 2004-08-10] (Microsoft Corporation) [File not signed] S3 CmBatt; C:\Windows\System32\DRIVERS\CmBatt.sys [14080 2004-08-03] (Microsoft Corporation) [File not signed] R0 Cpqarray; C:\Windows\System32\DRIVERS\cpqarray.sys [14976 2004-08-10] (Microsoft Corporation) [File not signed] R0 dac2w2k; C:\Windows\System32\DRIVERS\dac2w2k.sys [179584 2004-08-10] (Mylex Corporation) [File not signed] R0 dac960nt; C:\Windows\System32\DRIVERS\dac960nt.sys [14720 2004-08-10] (Microsoft Corporation) [File not signed] R0 dpti2o; C:\Windows\System32\DRIVERS\dpti2o.sys [20192 2004-08-10] (Microsoft Corporation) [File not signed] R3 hcwPP2; C:\Windows\System32\DRIVERS\hcwPP2.sys [185728 2007-02-06] (Hauppauge Computer Works, Inc.) R0 hpn; C:\Windows\System32\DRIVERS\hpn.sys [25952 2004-08-10] (Microsoft Corporation) [File not signed] R0 ini910u; C:\Windows\System32\DRIVERS\ini910u.sys [16000 2004-08-10] (Microsoft Corporation) [File not signed] R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-01] (Malwarebytes Corporation) S3 MHNDRV; C:\Windows\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed] S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [50704 2010-02-03] (CACE Technologies, Inc.) R1 pcwatch; C:\Windows\system32\Drivers\pcwatch.sys [19840 2014-08-20] () [File not signed] <==== ATTENTION R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [20576 2005-05-13] (Sonic Solutions) [File not signed] R0 ql1080; C:\Windows\System32\DRIVERS\ql1080.sys [40320 2004-08-10] (QLogic Corporation) [File not signed] R0 Ql10wnt; C:\Windows\System32\DRIVERS\ql10wnt.sys [33152 2004-08-10] (Microsoft Corporation) [File not signed] R0 ql12160; C:\Windows\System32\DRIVERS\ql12160.sys [45312 2004-08-10] (QLogic Corporation) [File not signed] R0 ql1240; C:\Windows\System32\DRIVERS\ql1240.sys [40448 2004-08-10] (Microsoft Corporation) [File not signed] R0 ql1280; C:\Windows\System32\DRIVERS\ql1280.sys [49024 2004-08-10] (QLogic Corporation) [File not signed] R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows ® Codename Longhorn DDK provider) R0 Sparrow; C:\Windows\System32\DRIVERS\sparrow.sys [19072 2004-08-10] (Adaptec, Inc.) [File not signed] R0 symc810; C:\Windows\System32\DRIVERS\symc810.sys [16256 2004-08-10] (Symbios Logic Inc.) [File not signed] R0 TosIde; C:\Windows\System32\DRIVERS\toside.sys [4992 2004-08-10] (Microsoft Corporation) [File not signed] U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [33512 2014-09-01] () R0 ultra; C:\Windows\System32\DRIVERS\ultra.sys [36736 2004-08-10] (Promise Technology, Inc.) [File not signed] S0 AVG Anti-Rootkit; System32\DRIVERS\avgarkt.sys [X] S1 AvgArCln; System32\DRIVERS\AvgArCln.sys [X] S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S2 sbapifs; system32\DRIVERS\sbapifs.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-01 17:18 - 2014-09-01 17:18 - 01096704 _____ (Farbar) C:\Users\Mine\Downloads\FRST(2).exe 2014-09-01 16:32 - 2014-09-01 16:32 - 00000880 _____ () C:\Users\Mine\Desktop\JRT.txt 2014-09-01 16:17 - 2014-09-01 16:17 - 01016261 _____ (Thisisu) C:\Users\Mine\Downloads\JRT.exe 2014-09-01 16:16 - 2014-09-01 16:16 - 00002438 _____ () C:\Users\Mine\Desktop\AdwCleaner[s0].txt 2014-09-01 16:10 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll 2014-09-01 16:08 - 2014-09-01 16:12 - 00000000 ____D () C:\AdwCleaner 2014-09-01 16:06 - 2014-09-01 16:07 - 01364531 _____ () C:\Users\Mine\Downloads\AdwCleaner.exe 2014-09-01 16:05 - 2014-09-01 16:05 - 00709564 _____ () C:\Users\Mine\Downloads\delfix_10.8(1).exe 2014-09-01 15:45 - 2014-09-01 16:18 - 00000000 ____D () C:\Windows\ERUNT 2014-09-01 15:45 - 2014-09-01 16:05 - 00000250 _____ () C:\DelFix.txt 2014-09-01 15:43 - 2014-09-01 15:43 - 00709564 _____ () C:\Users\Mine\Downloads\delfix_10.8.exe 2014-09-01 13:09 - 2014-09-01 13:09 - 00028857 _____ () C:\Users\Mine\Desktop\FRST.txt 2014-09-01 13:08 - 2014-09-01 13:08 - 00023100 _____ () C:\Users\Mine\Desktop\Addition.txt 2014-09-01 13:03 - 2014-09-01 13:03 - 00033512 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-09-01 13:03 - 2014-09-01 13:03 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-09-01 13:02 - 2014-09-01 13:02 - 04857944 _____ () C:\Users\Mine\Downloads\RogueKiller.exe 2014-09-01 13:00 - 2014-09-01 13:01 - 00023100 _____ () C:\Users\Mine\Downloads\Addition.txt 2014-09-01 12:59 - 2014-09-01 17:19 - 00014185 _____ () C:\Users\Mine\Downloads\FRST.txt 2014-09-01 12:59 - 2014-09-01 17:18 - 00000000 ____D () C:\FRST 2014-09-01 12:58 - 2014-09-01 12:58 - 01096704 _____ (Farbar) C:\Users\Mine\Downloads\FRST.exe 2014-09-01 12:58 - 2014-09-01 12:58 - 01096704 _____ (Farbar) C:\Users\Mine\Downloads\FRST(1).exe 2014-08-31 21:13 - 2014-08-31 21:13 - 00000079 _____ () C:\Windows\wininit.ini 2014-08-31 20:28 - 2014-09-01 16:21 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-31 20:27 - 2014-08-31 20:27 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-08-31 20:27 - 2014-08-31 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-08-31 20:27 - 2014-08-31 20:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-08-31 20:27 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-31 20:27 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-31 20:27 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-08-31 20:26 - 2014-08-31 20:26 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mine\Downloads\mbam-setup-2.0.2.1012(2).exe 2014-08-31 20:07 - 2014-08-31 20:07 - 00000074 _____ () C:\lxcz.log 2014-08-31 18:06 - 2014-08-31 18:06 - 00707664 _____ (iS3, Inc.) C:\Users\Mine\Downloads\SZSetup_AID10121_AV.exe 2014-08-31 17:36 - 2014-08-31 17:36 - 02177424 _____ (Reason Software Company Inc.) C:\Users\Mine\Downloads\ShouldIRemoveIt_Setup.exe 2014-08-30 21:27 - 2014-08-31 21:15 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2 2014-08-30 21:27 - 2014-08-31 21:13 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-08-30 21:26 - 2014-08-30 21:26 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Mine\Downloads\spybot-2.4.exe 2014-08-30 21:21 - 2014-08-30 21:21 - 02806920 _____ () C:\Users\Mine\Downloads\Adaware_Installer(4).exe 2014-08-30 21:18 - 2014-08-30 21:19 - 02806920 _____ () C:\Users\Mine\Downloads\Adaware_Installer(3).exe 2014-08-30 21:17 - 2014-08-30 21:17 - 02806920 _____ () C:\Users\Mine\Downloads\Adaware_Installer(2).exe 2014-08-30 21:15 - 2014-08-30 21:16 - 02806920 _____ () C:\Users\Mine\Downloads\Adaware_Installer(1).exe 2014-08-30 21:14 - 2014-08-30 21:14 - 02806920 _____ () C:\Users\Mine\Downloads\Adaware_Installer.exe 2014-08-30 21:14 - 2014-08-30 21:14 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-08-29 17:16 - 2014-08-29 17:16 - 00000000 ____D () C:\Users\Mine\AppData\Roaming\AVAST Software 2014-08-29 17:12 - 2014-08-29 20:22 - 00000000 ____D () C:\Program Files\Google 2014-08-29 17:12 - 2014-08-29 17:15 - 00000000 ____D () C:\Users\Mine\AppData\Local\Google 2014-08-29 17:11 - 2014-08-29 17:13 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-08-29 17:11 - 2014-08-29 17:11 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-08-29 17:11 - 2014-08-29 17:11 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-08-29 17:11 - 2014-08-29 17:11 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-08-29 17:11 - 2014-08-29 17:11 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-08-29 17:11 - 2014-08-29 17:11 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2014-08-29 17:11 - 2014-08-29 17:11 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys 2014-08-29 17:11 - 2014-08-29 17:11 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-08-29 17:11 - 2014-08-29 17:11 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-08-29 17:11 - 2014-08-29 17:11 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-08-29 17:09 - 2014-08-29 17:09 - 00000000 ____D () C:\Program Files\AVAST Software 2014-08-29 17:07 - 2014-08-29 17:09 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-08-29 17:07 - 2014-08-29 17:07 - 04862664 _____ (AVAST Software) C:\Users\Mine\Downloads\avast_free_antivirus_setup_online.exe 2014-08-29 15:28 - 2014-08-29 15:28 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mine\Downloads\mbam-setup-2.0.2.1012(1).exe 2014-08-29 15:23 - 2014-08-29 15:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mine\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-29 10:10 - 2014-08-29 10:10 - 00000000 ____D () C:\Users\Mine\AppData\Local\Adobe 2014-08-29 00:32 - 2014-08-29 00:32 - 00423736 _____ () C:\Users\Mine\Downloads\avgarkt-setup-1.1.0.42.exe 2014-08-28 18:13 - 2014-09-01 15:57 - 00004144 _____ () C:\Windows\system32\MyOSProtect.ini 2014-08-28 18:13 - 2014-09-01 15:57 - 00002072 _____ () C:\Windows\system32\MyOSProtectOff.ini 2014-08-28 18:13 - 2014-08-20 12:48 - 00019840 _____ () C:\Windows\system32\Drivers\pcwatch.sys 2014-08-28 18:13 - 2014-08-20 12:36 - 00304776 _____ (MyOSCompany) C:\Windows\system32\MyOSProtect.dll 2014-08-25 12:30 - 2014-08-25 12:30 - 00034244 _____ () C:\monitorsvc.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-01 17:19 - 2014-09-01 12:59 - 00014185 _____ () C:\Users\Mine\Downloads\FRST.txt 2014-09-01 17:19 - 2013-11-28 22:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-01 17:18 - 2014-09-01 17:18 - 01096704 _____ (Farbar) C:\Users\Mine\Downloads\FRST(2).exe 2014-09-01 17:18 - 2014-09-01 12:59 - 00000000 ____D () C:\FRST 2014-09-01 16:32 - 2014-09-01 16:32 - 00000880 _____ () C:\Users\Mine\Desktop\JRT.txt 2014-09-01 16:28 - 2006-11-02 05:33 - 00747936 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-01 16:24 - 2006-11-02 07:52 - 01610793 _____ () C:\Windows\WindowsUpdate.log 2014-09-01 16:21 - 2014-08-31 20:28 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-01 16:21 - 2013-11-28 13:35 - 00003120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-01 16:21 - 2013-11-28 13:35 - 00003120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-01 16:21 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-01 16:19 - 2006-06-17 04:45 - 00029286 _____ () C:\Windows\SchedLgU.Txt 2014-09-01 16:18 - 2014-09-01 15:45 - 00000000 ____D () C:\Windows\ERUNT 2014-09-01 16:17 - 2014-09-01 16:17 - 01016261 _____ (Thisisu) C:\Users\Mine\Downloads\JRT.exe 2014-09-01 16:16 - 2014-09-01 16:16 - 00002438 _____ () C:\Users\Mine\Desktop\AdwCleaner[s0].txt 2014-09-01 16:13 - 2013-11-28 13:49 - 00047890 _____ () C:\Windows\PFRO.log 2014-09-01 16:12 - 2014-09-01 16:08 - 00000000 ____D () C:\AdwCleaner 2014-09-01 16:07 - 2014-09-01 16:06 - 01364531 _____ () C:\Users\Mine\Downloads\AdwCleaner.exe 2014-09-01 16:05 - 2014-09-01 16:05 - 00709564 _____ () C:\Users\Mine\Downloads\delfix_10.8(1).exe 2014-09-01 16:05 - 2014-09-01 15:45 - 00000250 _____ () C:\DelFix.txt 2014-09-01 15:57 - 2014-08-28 18:13 - 00004144 _____ () C:\Windows\system32\MyOSProtect.ini 2014-09-01 15:57 - 2014-08-28 18:13 - 00002072 _____ () C:\Windows\system32\MyOSProtectOff.ini 2014-09-01 15:43 - 2014-09-01 15:43 - 00709564 _____ () C:\Users\Mine\Downloads\delfix_10.8.exe 2014-09-01 15:41 - 2014-03-28 17:26 - 00000000 ____D () C:\Users\Mine\AppData\Local\Battle.net 2014-09-01 13:32 - 2013-11-28 23:10 - 00000000 ____D () C:\Program Files\World of Warcraft 2014-09-01 13:09 - 2014-09-01 13:09 - 00028857 _____ () C:\Users\Mine\Desktop\FRST.txt 2014-09-01 13:08 - 2014-09-01 13:08 - 00023100 _____ () C:\Users\Mine\Desktop\Addition.txt 2014-09-01 13:03 - 2014-09-01 13:03 - 00033512 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-09-01 13:03 - 2014-09-01 13:03 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-09-01 13:02 - 2014-09-01 13:02 - 04857944 _____ () C:\Users\Mine\Downloads\RogueKiller.exe 2014-09-01 13:01 - 2014-09-01 13:00 - 00023100 _____ () C:\Users\Mine\Downloads\Addition.txt 2014-09-01 12:58 - 2014-09-01 12:58 - 01096704 _____ (Farbar) C:\Users\Mine\Downloads\FRST.exe 2014-09-01 12:58 - 2014-09-01 12:58 - 01096704 _____ (Farbar) C:\Users\Mine\Downloads\FRST(1).exe 2014-08-31 21:15 - 2014-08-30 21:27 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2 2014-08-31 21:13 - 2014-08-31 21:13 - 00000079 _____ () C:\Windows\wininit.ini 2014-08-31 21:13 - 2014-08-30 21:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-08-31 20:27 - 2014-08-31 20:27 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-08-31 20:27 - 2014-08-31 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-08-31 20:27 - 2014-08-31 20:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-08-31 20:26 - 2014-08-31 20:26 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mine\Downloads\mbam-setup-2.0.2.1012(2).exe 2014-08-31 20:07 - 2014-08-31 20:07 - 00000074 _____ () C:\lxcz.log 2014-08-31 18:18 - 2014-04-15 17:12 - 00000000 ____D () C:\Windows\Minidump 2014-08-31 18:06 - 2014-08-31 18:06 - 00707664 _____ (iS3, Inc.) C:\Users\Mine\Downloads\SZSetup_AID10121_AV.exe 2014-08-31 17:36 - 2014-08-31 17:36 - 02177424 _____ (Reason Software Company Inc.) C:\Users\Mine\Downloads\ShouldIRemoveIt_Setup.exe 2014-08-30 23:32 - 2013-12-05 00:39 - 00000000 ____D () C:\Users\Mine\Desktop\Old Firefox Data 2014-08-30 21:26 - 2014-08-30 21:26 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Mine\Downloads\spybot-2.4.exe 2014-08-30 21:21 - 2014-08-30 21:21 - 02806920 _____ () C:\Users\Mine\Downloads\Adaware_Installer(4).exe 2014-08-30 21:19 - 2014-08-30 21:18 - 02806920 _____ () C:\Users\Mine\Downloads\Adaware_Installer(3).exe 2014-08-30 21:17 - 2014-08-30 21:17 - 02806920 _____ () C:\Users\Mine\Downloads\Adaware_Installer(2).exe 2014-08-30 21:16 - 2014-08-30 21:15 - 02806920 _____ () C:\Users\Mine\Downloads\Adaware_Installer(1).exe 2014-08-30 21:14 - 2014-08-30 21:14 - 02806920 _____ () C:\Users\Mine\Downloads\Adaware_Installer.exe 2014-08-30 21:14 - 2014-08-30 21:14 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-08-30 19:32 - 2013-11-28 22:20 - 00000000 ____D () C:\ProgramData\AVG2014 2014-08-30 19:32 - 2013-11-28 22:18 - 00000000 ____D () C:\ProgramData\MFAData 2014-08-29 20:22 - 2014-08-29 17:12 - 00000000 ____D () C:\Program Files\Google 2014-08-29 17:16 - 2014-08-29 17:16 - 00000000 ____D () C:\Users\Mine\AppData\Roaming\AVAST Software 2014-08-29 17:15 - 2014-08-29 17:12 - 00000000 ____D () C:\Users\Mine\AppData\Local\Google 2014-08-29 17:13 - 2014-08-29 17:11 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-08-29 17:11 - 2014-08-29 17:11 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-08-29 17:11 - 2014-08-29 17:11 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-08-29 17:11 - 2014-08-29 17:11 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-08-29 17:11 - 2014-08-29 17:11 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-08-29 17:11 - 2014-08-29 17:11 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2014-08-29 17:11 - 2014-08-29 17:11 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys 2014-08-29 17:11 - 2014-08-29 17:11 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-08-29 17:11 - 2014-08-29 17:11 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-08-29 17:11 - 2014-08-29 17:11 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-08-29 17:09 - 2014-08-29 17:09 - 00000000 ____D () C:\Program Files\AVAST Software 2014-08-29 17:09 - 2014-08-29 17:07 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-08-29 17:07 - 2014-08-29 17:07 - 04862664 _____ (AVAST Software) C:\Users\Mine\Downloads\avast_free_antivirus_setup_online.exe 2014-08-29 15:42 - 2006-11-02 07:37 - 00000000 ____D () C:\Windows\ShellNew 2014-08-29 15:28 - 2014-08-29 15:28 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mine\Downloads\mbam-setup-2.0.2.1012(1).exe 2014-08-29 15:23 - 2014-08-29 15:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mine\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-29 10:10 - 2014-08-29 10:10 - 00000000 ____D () C:\Users\Mine\AppData\Local\Adobe 2014-08-29 00:57 - 2013-12-05 16:07 - 00000000 ____D () C:\Users\Mine\AppData\Local\Microsoft Games 2014-08-29 00:32 - 2014-08-29 00:32 - 00423736 _____ () C:\Users\Mine\Downloads\avgarkt-setup-1.1.0.42.exe 2014-08-25 12:30 - 2014-08-25 12:30 - 00034244 _____ () C:\monitorsvc.exe 2014-08-22 00:00 - 2014-03-28 17:26 - 00000000 ____D () C:\Program Files\Battle.net 2014-08-20 12:48 - 2014-08-28 18:13 - 00019840 _____ () C:\Windows\system32\Drivers\pcwatch.sys 2014-08-20 12:36 - 2014-08-28 18:13 - 00304776 _____ (MyOSCompany) C:\Windows\system32\MyOSProtect.dll 2014-08-18 23:39 - 2014-03-28 17:29 - 00000000 ____D () C:\Program Files\Hearthstone 2014-08-15 13:51 - 2013-11-28 22:06 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-08-15 13:51 - 2013-11-28 22:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-08-15 13:49 - 2013-12-05 20:13 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-08-15 13:49 - 2013-11-28 21:48 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-08-14 03:08 - 2013-11-28 22:49 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-08-14 03:07 - 2013-11-28 21:03 - 00000000 ____D () C:\Windows\system32\MRT 2014-08-14 03:03 - 2006-11-02 05:24 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-08-05 09:20 - 2013-11-28 15:30 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe Some content of TEMP: ==================== C:\Users\Mine\AppData\Local\Temp\ERUNT.exe C:\Users\Mine\AppData\Local\Temp\Quarantine.exe C:\Users\Mine\AppData\Local\Temp\rtdrvmon.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-01 16:26 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-08-2014 02 Ran by Mine at 2014-09-01 17:19:25 Running from C:\Users\Mine\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated) Adobe Reader X (10.1.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated) avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software) Battle.net (HKLM\...\Battle.net) (Version: - Blizzard Entertainment) Hearthstone (HKLM\...\Hearthstone) (Version: - Blizzard Entertainment) Intel® Management Engine Interface (HKLM\...\HECI) (Version: - ) Lexmark 1200 Series (HKLM\...\Lexmark 1200 Series) (Version: - Lexmark International, Inc.) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden Microsoft .NET Framework 1.1 Security Update (KB953297) (HKLM\...\M953297) (Version: - ) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Professional 2007 (HKLM\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Professional 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.03.000 - NETGEAR) PCI Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: - ) Sonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_PROR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft) Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_PROR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{B2260BC9-D561-46EE-B33D-739CF760A2A9}) (Version: - Microsoft) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_PROR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft) Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft) Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft) Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_PROR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft) Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version: 3.1 - Microsoft Corporation) Windows Installer 3.1 (KB893803) (Version: 3.1 - Microsoft Corporation) Hidden World of Warcraft (HKLM\...\World of Warcraft) (Version: - Blizzard Entertainment) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 14-08-2014 06:20:45 Scheduled Checkpoint 14-08-2014 08:03:03 Windows Update 15-08-2014 05:08:53 Scheduled Checkpoint 15-08-2014 20:42:48 Scheduled Checkpoint 17-08-2014 05:00:03 Scheduled Checkpoint 18-08-2014 05:18:38 Scheduled Checkpoint 19-08-2014 05:16:11 Scheduled Checkpoint 20-08-2014 05:00:03 Scheduled Checkpoint 21-08-2014 05:00:03 Scheduled Checkpoint 22-08-2014 06:51:33 Scheduled Checkpoint 22-08-2014 23:39:06 Scheduled Checkpoint 24-08-2014 05:06:27 Scheduled Checkpoint 25-08-2014 05:07:35 Scheduled Checkpoint 26-08-2014 05:00:02 Scheduled Checkpoint 27-08-2014 05:17:50 Scheduled Checkpoint 28-08-2014 05:19:11 Scheduled Checkpoint 29-08-2014 00:30:29 Scheduled Checkpoint 29-08-2014 22:08:42 avast! antivirus system restore point 30-08-2014 14:10:33 Scheduled Checkpoint 31-08-2014 00:16:42 Removed AVG 2014 31-08-2014 00:21:31 Removed AVG 2014 31-08-2014 00:23:56 Removed AVG 2014 31-08-2014 02:07:16 Windows Update 31-08-2014 22:36:55 Installed Should I Remove It 31-08-2014 22:49:11 Removed Should I Remove It 31-08-2014 23:08:14 Installed STOPzilla 01-09-2014 01:03:21 Removed STOPzilla ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2006-11-02] (Microsoft Corporation) Task: {9EB44560-63F6-4CA3-8294-048D3F7D340B} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries Task: {D24CD63C-98C1-48C1-AA9E-68D032EB32E5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-29] (AVAST Software) Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2006-11-02] () Task: {F376EAF7-9C2A-4F10-9861-5C21DEE499DE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-15] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2014-08-29 17:11 - 2014-08-29 17:11 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll 2014-09-01 15:54 - 2014-09-01 15:54 - 02806272 _____ () C:\Program Files\AVAST Software\Avast\defs\14090102\algo.dll 2009-05-16 04:22 - 2009-05-16 04:22 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll 2014-08-29 17:11 - 2014-08-29 17:11 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2013-11-28 14:39 - 2011-12-14 18:55 - 08453376 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe 2013-11-28 14:39 - 2011-12-14 11:43 - 00278528 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WifiSvcLib.dll 2006-03-07 13:59 - 2006-03-07 13:59 - 00061440 _____ () C:\Windows\system32\lxczcnv6.dll 2013-11-28 14:39 - 2011-12-14 18:53 - 00303360 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe 2013-11-28 14:39 - 2011-12-14 11:22 - 00368640 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WifiLib.dll 2014-07-29 14:25 - 2014-07-29 14:26 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Mine\Downloads\White Rabbit Jefferson Airplane 2987 NV.wav:TOC.WMV ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Error: (09/01/2014 05:20:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MyOSProtect service failed to start due to the following error: %%2 Error: (09/01/2014 05:20:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MyOSProtect service failed to start due to the following error: %%2 Error: (09/01/2014 05:20:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MyOSProtect service failed to start due to the following error: %%2 Error: (09/01/2014 05:20:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MyOSProtect service failed to start due to the following error: %%2 Error: (09/01/2014 05:19:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MyOSProtect service failed to start due to the following error: %%2 Error: (09/01/2014 05:19:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MyOSProtect service failed to start due to the following error: %%2 Error: (09/01/2014 05:19:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MyOSProtect service failed to start due to the following error: %%2 Error: (09/01/2014 05:19:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MyOSProtect service failed to start due to the following error: %%2 Error: (09/01/2014 05:18:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MyOSProtect service failed to start due to the following error: %%2 Error: (09/01/2014 05:18:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MyOSProtect service failed to start due to the following error: %%2 Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-09-01 17:19:18.418 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-01 17:19:18.295 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-01 17:19:18.171 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-01 17:19:18.045 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-01 17:19:17.780 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-01 17:19:17.656 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-01 17:19:17.531 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-01 17:19:17.406 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-01 17:08:44.361 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-01 17:08:44.225 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core2 CPU 6300 @ 1.86GHz Percentage of memory in use: 61% Total physical RAM: 2029.2 MB Available physical RAM: 780.15 MB Total Pagefile: 4273.43 MB Available Pagefile: 2826.61 MB Total Virtual: 2047.88 MB Available Virtual: 1942.45 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:298.09 GB) (Free:206.62 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: EDAAEDAA) Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  2. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 9/1/2014 Scan Time: 5:05:00 PM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.09.01.08 Rootkit Database: v2014.08.21.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows Vista CPU: x86 File System: NTFS User: Mine Scan Type: Threat Scan Result: Completed Objects Scanned: 305868 Time Elapsed: 8 min, 4 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  3. Here it is. Thought I added it before: # AdwCleaner v3.308 - Report created 01/09/2014 at 16:12:12 # Updated 20/08/2014 by Xplode # Operating System : Windows Vista Home Premium (32 bits) # Username : Mine - GREG # Running from : C:\Users\Mine\Downloads\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD} Key Deleted : HKCU\Software\AVG SafeGuard toolbar Key Deleted : HKCU\Software\WebProtect Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar Key Deleted : HKLM\SOFTWARE\WebProtect ***** [ Browsers ] ***** -\\ Internet Explorer v7.0.6000.16982 -\\ Mozilla Firefox v31.0 (x86 en-US) [ File : C:\Users\Mine\AppData\Roaming\Mozilla\Firefox\Profiles\lmkav7d2.default-1409459547997\prefs.js ] -\\ Google Chrome v [ File : C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} ************************* AdwCleaner[R0].txt - [2337 octets] - [01/09/2014 16:08:42] AdwCleaner[s0].txt - [2298 octets] - [01/09/2014 16:12:12] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2358 octets] ##########
  4. I am running a scan now, but it looks like we got it. Thank you.
  5. Fixlog: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:31-08-2014 02 Ran by Mine at 2014-09-01 15:57:43 Run:1 Running from C:\Users\Mine\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Program Files\Web Protect\MyOSProtect.exe HKLM\...\Command Processor: <======= ATTENTION Winsock: Catalog9 01 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany) Winsock: Catalog9 02 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany) Winsock: Catalog9 03 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany) Winsock: Catalog9 04 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany) Winsock: Catalog9 27 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION R3 MyOSProtect; C:\Program Files\Web Protect\MyOSProtect.exe [1317848 2014-08-20] (MyOSCompany) [File not signed] S2 ProtectMonitor; C:\monitorsvc.exe R1 pcwatch; C:\Windows\system32\Drivers\pcwatch.sys C:\Windows\system32\Drivers\pcwatch.sys C:\monitorsvc.exe C:\Windows\system32\MyOSProtect.ini C:\Windows\system32\MyOSProtectOff.ini C:\Windows\system32\Drivers\pcwatch.sys C:\Windows\system32\MyOSProtect.dll C:\Program Files\Web Protect C:\Users\Mine\AppData\Local\Temp\rtdrvmon.exe HKU\S-1-5-21-446210937-1492631538-2402945498-1006\Software\Classes\.exe: exefile => <===== ATTENTION! HKU\S-1-5-21-446210937-1492631538-2402945498-1006\Software\Classes\exefile: <===== ATTENTION! HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pcwatch.sys => ""="Driver" <==== ATTENTION HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\pcwatch.sys => ""="Driver" <==== ATTENTION C:\Program Files\Web Protect cmd: netsh winsock reset ***************** Could not move "C:\Program Files\Web Protect\MyOSProtect.exe" => Scheduled to move on reboot. HKLM\Software\Microsoft\Command Processor\\AutoRun => value deleted successfully. "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001" => Error deleting key. The key could be protected. "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002" => Error deleting key. The key could be protected. "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003" => Error deleting key. The key could be protected. "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004" => Error deleting key. The key could be protected. "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000027" => Error deleting key. The key could be protected. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. "HKCU\SOFTWARE\Policies\Google" => Key deleted successfully. MyOSProtect => Service stopped successfully. MyOSProtect => Error deleting Service ProtectMonitor => Service deleted successfully. pcwatch => Unable to stop service pcwatch => Error deleting Service Could not move "C:\Windows\system32\Drivers\pcwatch.sys" => Scheduled to move on reboot. Could not move "C:\monitorsvc.exe" => Scheduled to move on reboot. C:\Windows\system32\MyOSProtect.ini => Moved successfully. C:\Windows\system32\MyOSProtectOff.ini => Moved successfully. Could not move "C:\Windows\system32\Drivers\pcwatch.sys" => Scheduled to move on reboot. Could not move "C:\Windows\system32\MyOSProtect.dll" => Scheduled to move on reboot. C:\Program Files\Web Protect => Moved successfully. C:\Users\Mine\AppData\Local\Temp\rtdrvmon.exe => Moved successfully. "HKU\S-1-5-21-446210937-1492631538-2402945498-1006\Software\Classes\exefile" => Key deleted successfully. "HKU\S-1-5-21-446210937-1492631538-2402945498-1006\Software\Classes\.exe" => Key deleted successfully. "HKU\S-1-5-21-446210937-1492631538-2402945498-1006\Software\Classes\exefile" => Key not found. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\pcwatch.sys" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\pcwatch.sys" => Key deleted successfully. "C:\Program Files\Web Protect" => File/Directory not found. ========= netsh winsock reset ========= Access is denied. ========= End of CMD: ========= => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-09-01 16:00:37)<= C:\Program Files\Web Protect\MyOSProtect.exe => Is moved successfully. "C:\Windows\system32\Drivers\pcwatch.sys" => File could not move. "C:\monitorsvc.exe" => File could not move. "C:\Windows\system32\Drivers\pcwatch.sys" => File could not move. "C:\Windows\system32\MyOSProtect.dll" => File could not move. ==== End of Fixlog ==== Adw: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:31-08-2014 02 Ran by Mine at 2014-09-01 15:57:43 Run:1 Running from C:\Users\Mine\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Program Files\Web Protect\MyOSProtect.exe HKLM\...\Command Processor: <======= ATTENTION Winsock: Catalog9 01 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany) Winsock: Catalog9 02 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany) Winsock: Catalog9 03 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany) Winsock: Catalog9 04 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany) Winsock: Catalog9 27 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION R3 MyOSProtect; C:\Program Files\Web Protect\MyOSProtect.exe [1317848 2014-08-20] (MyOSCompany) [File not signed] S2 ProtectMonitor; C:\monitorsvc.exe R1 pcwatch; C:\Windows\system32\Drivers\pcwatch.sys C:\Windows\system32\Drivers\pcwatch.sys C:\monitorsvc.exe C:\Windows\system32\MyOSProtect.ini C:\Windows\system32\MyOSProtectOff.ini C:\Windows\system32\Drivers\pcwatch.sys C:\Windows\system32\MyOSProtect.dll C:\Program Files\Web Protect C:\Users\Mine\AppData\Local\Temp\rtdrvmon.exe HKU\S-1-5-21-446210937-1492631538-2402945498-1006\Software\Classes\.exe: exefile => <===== ATTENTION! HKU\S-1-5-21-446210937-1492631538-2402945498-1006\Software\Classes\exefile: <===== ATTENTION! HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pcwatch.sys => ""="Driver" <==== ATTENTION HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\pcwatch.sys => ""="Driver" <==== ATTENTION C:\Program Files\Web Protect cmd: netsh winsock reset ***************** Could not move "C:\Program Files\Web Protect\MyOSProtect.exe" => Scheduled to move on reboot. HKLM\Software\Microsoft\Command Processor\\AutoRun => value deleted successfully. "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001" => Error deleting key. The key could be protected. "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002" => Error deleting key. The key could be protected. "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003" => Error deleting key. The key could be protected. "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004" => Error deleting key. The key could be protected. "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000027" => Error deleting key. The key could be protected. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. "HKCU\SOFTWARE\Policies\Google" => Key deleted successfully. MyOSProtect => Service stopped successfully. MyOSProtect => Error deleting Service ProtectMonitor => Service deleted successfully. pcwatch => Unable to stop service pcwatch => Error deleting Service Could not move "C:\Windows\system32\Drivers\pcwatch.sys" => Scheduled to move on reboot. Could not move "C:\monitorsvc.exe" => Scheduled to move on reboot. C:\Windows\system32\MyOSProtect.ini => Moved successfully. C:\Windows\system32\MyOSProtectOff.ini => Moved successfully. Could not move "C:\Windows\system32\Drivers\pcwatch.sys" => Scheduled to move on reboot. Could not move "C:\Windows\system32\MyOSProtect.dll" => Scheduled to move on reboot. C:\Program Files\Web Protect => Moved successfully. C:\Users\Mine\AppData\Local\Temp\rtdrvmon.exe => Moved successfully. "HKU\S-1-5-21-446210937-1492631538-2402945498-1006\Software\Classes\exefile" => Key deleted successfully. "HKU\S-1-5-21-446210937-1492631538-2402945498-1006\Software\Classes\.exe" => Key deleted successfully. "HKU\S-1-5-21-446210937-1492631538-2402945498-1006\Software\Classes\exefile" => Key not found. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\pcwatch.sys" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\pcwatch.sys" => Key deleted successfully. "C:\Program Files\Web Protect" => File/Directory not found. ========= netsh winsock reset ========= Access is denied. ========= End of CMD: ========= => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-09-01 16:00:37)<= C:\Program Files\Web Protect\MyOSProtect.exe => Is moved successfully. "C:\Windows\system32\Drivers\pcwatch.sys" => File could not move. "C:\monitorsvc.exe" => File could not move. "C:\Windows\system32\Drivers\pcwatch.sys" => File could not move. "C:\Windows\system32\MyOSProtect.dll" => File could not move. ==== End of Fixlog ==== JRT: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.3 (03.23.2014:1) OS: Windows Vista Home Premium x86 Ran by Mine on Mon 09/01/2014 at 16:21:56.37 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin" ~~~ FireFox Emptied folder: C:\Users\Mine\AppData\Roaming\mozilla\firefox\profiles\lmkav7d2.default-1409459547997\minidumps [2 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Mon 09/01/2014 at 16:32:18.03 Computer was rebooted End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  6. I have the Malewarebytes settings just as you have said, but it does not pick up anything. FRST Log: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2014 02 Ran by Mine (administrator) on GREG on 01-09-2014 12:59:41 Running from C:\Users\Mine\Downloads Platform: Microsoft® Windows Vista™ Home Premium (X86) OS Language: English (United States) Internet Explorer Version 7 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\audiodg.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (AMD) C:\Windows\System32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe ( ) C:\Windows\System32\lxczcoms.exe (Lexmark International, Inc.) C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Lexmark International, Inc.) C:\Program Files\Lexmark 1200 Series\LXCZbmon.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe () C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (New Boundary Technologies, Inc.) C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe () C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (MyOSCompany) C:\Program Files\Web Protect\MyOSProtect.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe (Farbar) C:\Users\Mine\Downloads\FRST(1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1006264 2013-11-28] (Microsoft Corporation) HKLM\...\Run: [lxczbmgr.exe] => C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [74672 2007-04-19] (Lexmark International, Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-29] (AVAST Software) HKLM\...\Command Processor: <======= ATTENTION HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-446210937-1492631538-2402945498-1006\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125440 2006-11-02] (Microsoft Corporation) HKU\S-1-5-21-446210937-1492631538-2402945498-1006\...\MountPoints2: {bc00e5f3-585d-11e3-9389-001676b89a72} - I:\autorun.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe () ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) BootExecute: autocheck autochk * sdnclean.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home Winsock: Catalog9 01 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany) Winsock: Catalog9 02 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany) Winsock: Catalog9 03 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany) Winsock: Catalog9 04 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany) Winsock: Catalog9 27 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox: ======== FF ProfilePath: C:\Users\Mine\AppData\Roaming\Mozilla\Firefox\Profiles\lmkav7d2.default-1409459547997 FF Homepage: hxxp://xfinity.comcast.net/?cid=mtmh08302014 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-11-28] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-29] Chrome: ======= CHR HomePage: Default -> 9B7B6EB9CE8065108ED8E18021C98A6B516F63CD53DE685AD2D931536EC543A3 CHR DefaultSearchKeyword: Default -> 606B541C4399023170102B5090D58A10EC5AE16ECF214504BED337732FC5A953 CHR DefaultSearchProvider: Default -> D56FE927DAF895A67F8681DE1657078E28E2017D5C8E47BD77596A9377335CB6 CHR DefaultSearchURL: Default -> D44BA351EA76489E63347E5C5678B62EDFB9DA9386846B43452530E03998ECB6 CHR CustomProfile: C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Docs) - C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-29] CHR Extension: (Google Drive) - C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-29] CHR Extension: (YouTube) - C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-29] CHR Extension: (Google Search) - C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-29] CHR Extension: (Gmail) - C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-29] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-29] (AVAST Software) R2 lxcz_device; C:\Windows\system32\lxczcoms.exe [537520 2007-04-19] ( ) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 MHN; C:\Windows\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed] R3 MyOSProtect; C:\Program Files\Web Protect\MyOSProtect.exe [1317848 2014-08-20] (MyOSCompany) [File not signed] R2 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [65536 2006-06-19] (New Boundary Technologies, Inc.) [File not signed] S2 ProtectMonitor; C:\monitorsvc.exe [34244 2014-08-25] () [File not signed] R2 WSWNDA3100v2; C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 abp480n5; C:\Windows\System32\DRIVERS\ABP480N5.SYS [23552 2004-08-10] (Microsoft Corporation) [File not signed] R0 Aha154x; C:\Windows\System32\DRIVERS\aha154x.sys [12800 2004-08-10] (Microsoft Corporation) [File not signed] R0 aic78u2; C:\Windows\System32\DRIVERS\aic78u2.sys [55168 2004-08-10] (Microsoft Corporation) [File not signed] R0 amacpi; C:\Windows\System32\DRIVERS\null.sys [4608 2006-11-02] (Microsoft Corporation) R0 amsint; C:\Windows\System32\DRIVERS\amsint.sys [12032 2004-08-10] (Microsoft Corporation) [File not signed] R0 asc; C:\Windows\System32\DRIVERS\asc.sys [26496 2004-08-10] (Advanced System Products, Inc.) [File not signed] R0 asc3350p; C:\Windows\System32\DRIVERS\asc3350p.sys [22400 2004-08-10] (Microsoft Corporation) [File not signed] R0 asc3550; C:\Windows\System32\DRIVERS\asc3550.sys [14848 2004-08-10] (Advanced System Products, Inc.) [File not signed] R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-29] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-29] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-08-29] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-29] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-29] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-29] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-08-29] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-29] () R3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [1074944 2011-12-12] (Broadcom Corporation) R0 cd20xrnt; C:\Windows\System32\DRIVERS\cd20xrnt.sys [7680 2004-08-10] (Microsoft Corporation) [File not signed] S3 CmBatt; C:\Windows\System32\DRIVERS\CmBatt.sys [14080 2004-08-03] (Microsoft Corporation) [File not signed] R0 Cpqarray; C:\Windows\System32\DRIVERS\cpqarray.sys [14976 2004-08-10] (Microsoft Corporation) [File not signed] R0 dac2w2k; C:\Windows\System32\DRIVERS\dac2w2k.sys [179584 2004-08-10] (Mylex Corporation) [File not signed] R0 dac960nt; C:\Windows\System32\DRIVERS\dac960nt.sys [14720 2004-08-10] (Microsoft Corporation) [File not signed] R0 dpti2o; C:\Windows\System32\DRIVERS\dpti2o.sys [20192 2004-08-10] (Microsoft Corporation) [File not signed] R3 hcwPP2; C:\Windows\System32\DRIVERS\hcwPP2.sys [185728 2007-02-06] (Hauppauge Computer Works, Inc.) R0 hpn; C:\Windows\System32\DRIVERS\hpn.sys [25952 2004-08-10] (Microsoft Corporation) [File not signed] R0 ini910u; C:\Windows\System32\DRIVERS\ini910u.sys [16000 2004-08-10] (Microsoft Corporation) [File not signed] R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-01] (Malwarebytes Corporation) S3 MHNDRV; C:\Windows\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed] S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [50704 2010-02-03] (CACE Technologies, Inc.) R1 pcwatch; C:\Windows\system32\Drivers\pcwatch.sys [19840 2014-08-20] () [File not signed] <==== ATTENTION R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [20576 2005-05-13] (Sonic Solutions) [File not signed] R0 ql1080; C:\Windows\System32\DRIVERS\ql1080.sys [40320 2004-08-10] (QLogic Corporation) [File not signed] R0 Ql10wnt; C:\Windows\System32\DRIVERS\ql10wnt.sys [33152 2004-08-10] (Microsoft Corporation) [File not signed] R0 ql12160; C:\Windows\System32\DRIVERS\ql12160.sys [45312 2004-08-10] (QLogic Corporation) [File not signed] R0 ql1240; C:\Windows\System32\DRIVERS\ql1240.sys [40448 2004-08-10] (Microsoft Corporation) [File not signed] R0 ql1280; C:\Windows\System32\DRIVERS\ql1280.sys [49024 2004-08-10] (QLogic Corporation) [File not signed] R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows ® Codename Longhorn DDK provider) R0 Sparrow; C:\Windows\System32\DRIVERS\sparrow.sys [19072 2004-08-10] (Adaptec, Inc.) [File not signed] R0 symc810; C:\Windows\System32\DRIVERS\symc810.sys [16256 2004-08-10] (Symbios Logic Inc.) [File not signed] R0 TosIde; C:\Windows\System32\DRIVERS\toside.sys [4992 2004-08-10] (Microsoft Corporation) [File not signed] R0 ultra; C:\Windows\System32\DRIVERS\ultra.sys [36736 2004-08-10] (Promise Technology, Inc.) [File not signed] S0 AVG Anti-Rootkit; System32\DRIVERS\avgarkt.sys [X] S1 AvgArCln; System32\DRIVERS\AvgArCln.sys [X] S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S2 sbapifs; system32\DRIVERS\sbapifs.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-01 12:59 - 2014-09-01 13:00 - 00014749 _____ () C:\Users\Mine\Downloads\FRST.txt 2014-09-01 12:59 - 2014-09-01 12:59 - 00000000 ____D () C:\FRST 2014-09-01 12:58 - 2014-09-01 12:58 - 01096704 _____ (Farbar) C:\Users\Mine\Downloads\FRST.exe 2014-09-01 12:58 - 2014-09-01 12:58 - 01096704 _____ (Farbar) C:\Users\Mine\Downloads\FRST(1).exe 2014-08-31 21:13 - 2014-08-31 21:13 - 00000079 _____ () C:\Windows\wininit.ini 2014-08-31 20:28 - 2014-09-01 12:13 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-31 20:27 - 2014-08-31 20:27 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-08-31 20:27 - 2014-08-31 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-08-31 20:27 - 2014-08-31 20:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-08-31 20:27 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-31 20:27 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-31 20:27 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-08-31 20:26 - 2014-08-31 20:26 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mine\Downloads\mbam-setup-2.0.2.1012(2).exe 2014-08-31 20:07 - 2014-08-31 20:07 - 00000074 _____ () C:\lxcz.log 2014-08-31 18:06 - 2014-08-31 18:06 - 00707664 _____ (iS3, Inc.) C:\Users\Mine\Downloads\SZSetup_AID10121_AV.exe 2014-08-31 17:37 - 2014-08-31 17:49 - 00000000 __SHD () C:\Windows\system32\AI_RecycleBin 2014-08-31 17:36 - 2014-08-31 17:36 - 02177424 _____ (Reason Software Company Inc.) C:\Users\Mine\Downloads\ShouldIRemoveIt_Setup.exe 2014-08-30 21:27 - 2014-08-31 21:15 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2 2014-08-30 21:27 - 2014-08-31 21:13 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-08-30 21:26 - 2014-08-30 21:26 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Mine\Downloads\spybot-2.4.exe 2014-08-30 21:21 - 2014-08-30 21:21 - 02806920 _____ () C:\Users\Mine\Downloads\Adaware_Installer(4).exe 2014-08-30 21:18 - 2014-08-30 21:19 - 02806920 _____ () C:\Users\Mine\Downloads\Adaware_Installer(3).exe 2014-08-30 21:17 - 2014-08-30 21:17 - 02806920 _____ () C:\Users\Mine\Downloads\Adaware_Installer(2).exe 2014-08-30 21:15 - 2014-08-30 21:16 - 02806920 _____ () C:\Users\Mine\Downloads\Adaware_Installer(1).exe 2014-08-30 21:14 - 2014-08-30 21:14 - 02806920 _____ () C:\Users\Mine\Downloads\Adaware_Installer.exe 2014-08-30 21:14 - 2014-08-30 21:14 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-08-29 17:16 - 2014-08-29 17:16 - 00000000 ____D () C:\Users\Mine\AppData\Roaming\AVAST Software 2014-08-29 17:12 - 2014-08-29 20:22 - 00000000 ____D () C:\Program Files\Google 2014-08-29 17:12 - 2014-08-29 17:15 - 00000000 ____D () C:\Users\Mine\AppData\Local\Google 2014-08-29 17:11 - 2014-08-29 17:13 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-08-29 17:11 - 2014-08-29 17:11 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-08-29 17:11 - 2014-08-29 17:11 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-08-29 17:11 - 2014-08-29 17:11 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-08-29 17:11 - 2014-08-29 17:11 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-08-29 17:11 - 2014-08-29 17:11 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2014-08-29 17:11 - 2014-08-29 17:11 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys 2014-08-29 17:11 - 2014-08-29 17:11 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-08-29 17:11 - 2014-08-29 17:11 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-08-29 17:11 - 2014-08-29 17:11 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-08-29 17:09 - 2014-08-29 17:09 - 00000000 ____D () C:\Program Files\AVAST Software 2014-08-29 17:07 - 2014-08-29 17:09 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-08-29 17:07 - 2014-08-29 17:07 - 04862664 _____ (AVAST Software) C:\Users\Mine\Downloads\avast_free_antivirus_setup_online.exe 2014-08-29 15:28 - 2014-08-29 15:28 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mine\Downloads\mbam-setup-2.0.2.1012(1).exe 2014-08-29 15:23 - 2014-08-29 15:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mine\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-29 10:10 - 2014-08-29 10:10 - 00000000 ____D () C:\Users\Mine\AppData\Local\Adobe 2014-08-29 00:32 - 2014-08-29 00:32 - 00423736 _____ () C:\Users\Mine\Downloads\avgarkt-setup-1.1.0.42.exe 2014-08-28 18:13 - 2014-08-28 18:13 - 00009744 _____ () C:\Windows\system32\MyOSProtect.ini 2014-08-28 18:13 - 2014-08-28 18:13 - 00002312 _____ () C:\Windows\system32\MyOSProtectOff.ini 2014-08-28 18:13 - 2014-08-20 12:48 - 00019840 _____ () C:\Windows\system32\Drivers\pcwatch.sys 2014-08-28 18:13 - 2014-08-20 12:36 - 00304776 _____ (MyOSCompany) C:\Windows\system32\MyOSProtect.dll 2014-08-28 18:12 - 2014-08-29 17:27 - 00000000 ____D () C:\Program Files\Web Protect 2014-08-25 12:30 - 2014-08-25 12:30 - 00034244 _____ () C:\monitorsvc.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-01 13:00 - 2014-09-01 12:59 - 00014749 _____ () C:\Users\Mine\Downloads\FRST.txt 2014-09-01 12:59 - 2014-09-01 12:59 - 00000000 ____D () C:\FRST 2014-09-01 12:58 - 2014-09-01 12:58 - 01096704 _____ (Farbar) C:\Users\Mine\Downloads\FRST.exe 2014-09-01 12:58 - 2014-09-01 12:58 - 01096704 _____ (Farbar) C:\Users\Mine\Downloads\FRST(1).exe 2014-09-01 12:19 - 2013-11-28 22:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-01 12:15 - 2013-11-28 13:35 - 00003120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-01 12:15 - 2013-11-28 13:35 - 00003120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-01 12:13 - 2014-08-31 20:28 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-01 11:20 - 2006-11-02 07:52 - 01587535 _____ () C:\Windows\WindowsUpdate.log 2014-08-31 21:22 - 2006-11-02 05:33 - 00747936 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-31 21:15 - 2014-08-30 21:27 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2 2014-08-31 21:15 - 2013-11-28 13:49 - 00046628 _____ () C:\Windows\PFRO.log 2014-08-31 21:15 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-31 21:14 - 2006-06-17 04:45 - 00028188 _____ () C:\Windows\SchedLgU.Txt 2014-08-31 21:13 - 2014-08-31 21:13 - 00000079 _____ () C:\Windows\wininit.ini 2014-08-31 21:13 - 2014-08-30 21:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-08-31 20:27 - 2014-08-31 20:27 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-08-31 20:27 - 2014-08-31 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-08-31 20:27 - 2014-08-31 20:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-08-31 20:26 - 2014-08-31 20:26 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mine\Downloads\mbam-setup-2.0.2.1012(2).exe 2014-08-31 20:07 - 2014-08-31 20:07 - 00000074 _____ () C:\lxcz.log 2014-08-31 18:18 - 2014-04-15 17:12 - 00000000 ____D () C:\Windows\Minidump 2014-08-31 18:06 - 2014-08-31 18:06 - 00707664 _____ (iS3, Inc.) C:\Users\Mine\Downloads\SZSetup_AID10121_AV.exe 2014-08-31 17:49 - 2014-08-31 17:37 - 00000000 __SHD () C:\Windows\system32\AI_RecycleBin 2014-08-31 17:36 - 2014-08-31 17:36 - 02177424 _____ (Reason Software Company Inc.) C:\Users\Mine\Downloads\ShouldIRemoveIt_Setup.exe 2014-08-30 23:32 - 2013-12-05 00:39 - 00000000 ____D () C:\Users\Mine\Desktop\Old Firefox Data 2014-08-30 21:26 - 2014-08-30 21:26 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Mine\Downloads\spybot-2.4.exe 2014-08-30 21:21 - 2014-08-30 21:21 - 02806920 _____ () C:\Users\Mine\Downloads\Adaware_Installer(4).exe 2014-08-30 21:19 - 2014-08-30 21:18 - 02806920 _____ () C:\Users\Mine\Downloads\Adaware_Installer(3).exe 2014-08-30 21:17 - 2014-08-30 21:17 - 02806920 _____ () C:\Users\Mine\Downloads\Adaware_Installer(2).exe 2014-08-30 21:16 - 2014-08-30 21:15 - 02806920 _____ () C:\Users\Mine\Downloads\Adaware_Installer(1).exe 2014-08-30 21:14 - 2014-08-30 21:14 - 02806920 _____ () C:\Users\Mine\Downloads\Adaware_Installer.exe 2014-08-30 21:14 - 2014-08-30 21:14 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-08-30 19:32 - 2013-11-28 22:20 - 00000000 ____D () C:\ProgramData\AVG2014 2014-08-30 19:32 - 2013-11-28 22:18 - 00000000 ____D () C:\ProgramData\MFAData 2014-08-29 20:22 - 2014-08-29 17:12 - 00000000 ____D () C:\Program Files\Google 2014-08-29 17:27 - 2014-08-28 18:12 - 00000000 ____D () C:\Program Files\Web Protect 2014-08-29 17:16 - 2014-08-29 17:16 - 00000000 ____D () C:\Users\Mine\AppData\Roaming\AVAST Software 2014-08-29 17:15 - 2014-08-29 17:12 - 00000000 ____D () C:\Users\Mine\AppData\Local\Google 2014-08-29 17:13 - 2014-08-29 17:11 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-08-29 17:11 - 2014-08-29 17:11 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-08-29 17:11 - 2014-08-29 17:11 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-08-29 17:11 - 2014-08-29 17:11 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-08-29 17:11 - 2014-08-29 17:11 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-08-29 17:11 - 2014-08-29 17:11 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2014-08-29 17:11 - 2014-08-29 17:11 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys 2014-08-29 17:11 - 2014-08-29 17:11 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-08-29 17:11 - 2014-08-29 17:11 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-08-29 17:11 - 2014-08-29 17:11 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-08-29 17:09 - 2014-08-29 17:09 - 00000000 ____D () C:\Program Files\AVAST Software 2014-08-29 17:09 - 2014-08-29 17:07 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-08-29 17:07 - 2014-08-29 17:07 - 04862664 _____ (AVAST Software) C:\Users\Mine\Downloads\avast_free_antivirus_setup_online.exe 2014-08-29 15:42 - 2006-11-02 07:37 - 00000000 ____D () C:\Windows\ShellNew 2014-08-29 15:28 - 2014-08-29 15:28 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mine\Downloads\mbam-setup-2.0.2.1012(1).exe 2014-08-29 15:23 - 2014-08-29 15:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mine\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-29 10:10 - 2014-08-29 10:10 - 00000000 ____D () C:\Users\Mine\AppData\Local\Adobe 2014-08-29 00:57 - 2013-12-05 16:07 - 00000000 ____D () C:\Users\Mine\AppData\Local\Microsoft Games 2014-08-29 00:32 - 2014-08-29 00:32 - 00423736 _____ () C:\Users\Mine\Downloads\avgarkt-setup-1.1.0.42.exe 2014-08-28 18:13 - 2014-08-28 18:13 - 00009744 _____ () C:\Windows\system32\MyOSProtect.ini 2014-08-28 18:13 - 2014-08-28 18:13 - 00002312 _____ () C:\Windows\system32\MyOSProtectOff.ini 2014-08-25 21:05 - 2014-03-28 17:26 - 00000000 ____D () C:\Users\Mine\AppData\Local\Battle.net 2014-08-25 19:42 - 2013-11-28 23:10 - 00000000 ____D () C:\Program Files\World of Warcraft 2014-08-25 12:30 - 2014-08-25 12:30 - 00034244 _____ () C:\monitorsvc.exe 2014-08-22 00:00 - 2014-03-28 17:26 - 00000000 ____D () C:\Program Files\Battle.net 2014-08-20 12:48 - 2014-08-28 18:13 - 00019840 _____ () C:\Windows\system32\Drivers\pcwatch.sys 2014-08-20 12:36 - 2014-08-28 18:13 - 00304776 _____ (MyOSCompany) C:\Windows\system32\MyOSProtect.dll 2014-08-18 23:39 - 2014-03-28 17:29 - 00000000 ____D () C:\Program Files\Hearthstone 2014-08-15 13:51 - 2013-11-28 22:06 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-08-15 13:51 - 2013-11-28 22:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-08-15 13:49 - 2013-12-05 20:13 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-08-15 13:49 - 2013-11-28 21:48 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-08-14 03:08 - 2013-11-28 22:49 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-08-14 03:07 - 2013-11-28 21:03 - 00000000 ____D () C:\Windows\system32\MRT 2014-08-14 03:03 - 2006-11-02 05:24 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-08-05 09:20 - 2013-11-28 15:30 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe Some content of TEMP: ==================== C:\Users\Mine\AppData\Local\Temp\rtdrvmon.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-01 09:27 ==================== End Of Log ============================ Addition: Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-08-2014 02 Ran by Mine at 2014-09-01 13:00:29 Running from C:\Users\Mine\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated) Adobe Reader X (10.1.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated) avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software) Battle.net (HKLM\...\Battle.net) (Version: - Blizzard Entertainment) Hearthstone (HKLM\...\Hearthstone) (Version: - Blizzard Entertainment) Intel® Management Engine Interface (HKLM\...\HECI) (Version: - ) Lexmark 1200 Series (HKLM\...\Lexmark 1200 Series) (Version: - Lexmark International, Inc.) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden Microsoft .NET Framework 1.1 Security Update (KB953297) (HKLM\...\M953297) (Version: - ) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Professional 2007 (HKLM\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Professional 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.03.000 - NETGEAR) PCI Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: - ) Sonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_PROR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft) Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_PROR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{B2260BC9-D561-46EE-B33D-739CF760A2A9}) (Version: - Microsoft) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_PROR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft) Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft) Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft) Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_PROR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft) Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version: 3.1 - Microsoft Corporation) Windows Installer 3.1 (KB893803) (Version: 3.1 - Microsoft Corporation) Hidden World of Warcraft (HKLM\...\World of Warcraft) (Version: - Blizzard Entertainment) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 14-08-2014 06:20:45 Scheduled Checkpoint 14-08-2014 08:03:03 Windows Update 15-08-2014 05:08:53 Scheduled Checkpoint 15-08-2014 20:42:48 Scheduled Checkpoint 17-08-2014 05:00:03 Scheduled Checkpoint 18-08-2014 05:18:38 Scheduled Checkpoint 19-08-2014 05:16:11 Scheduled Checkpoint 20-08-2014 05:00:03 Scheduled Checkpoint 21-08-2014 05:00:03 Scheduled Checkpoint 22-08-2014 06:51:33 Scheduled Checkpoint 22-08-2014 23:39:06 Scheduled Checkpoint 24-08-2014 05:06:27 Scheduled Checkpoint 25-08-2014 05:07:35 Scheduled Checkpoint 26-08-2014 05:00:02 Scheduled Checkpoint 27-08-2014 05:17:50 Scheduled Checkpoint 28-08-2014 05:19:11 Scheduled Checkpoint 29-08-2014 00:30:29 Scheduled Checkpoint 29-08-2014 22:08:42 avast! antivirus system restore point 30-08-2014 14:10:33 Scheduled Checkpoint 31-08-2014 00:16:42 Removed AVG 2014 31-08-2014 00:21:31 Removed AVG 2014 31-08-2014 00:23:56 Removed AVG 2014 31-08-2014 02:07:16 Windows Update 31-08-2014 22:36:55 Installed Should I Remove It 31-08-2014 22:49:11 Removed Should I Remove It 31-08-2014 23:08:14 Installed STOPzilla 01-09-2014 01:03:21 Removed STOPzilla ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2006-11-02] (Microsoft Corporation) Task: {9EB44560-63F6-4CA3-8294-048D3F7D340B} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries Task: {D24CD63C-98C1-48C1-AA9E-68D032EB32E5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-29] (AVAST Software) Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2006-11-02] () Task: {F376EAF7-9C2A-4F10-9861-5C21DEE499DE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-15] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2014-08-29 17:11 - 2014-08-29 17:11 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll 2014-09-01 05:16 - 2014-09-01 05:16 - 02805248 _____ () C:\Program Files\AVAST Software\Avast\defs\14090100\algo.dll 2009-05-16 04:22 - 2009-05-16 04:22 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll 2014-08-29 17:11 - 2014-08-29 17:11 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2013-11-28 14:39 - 2011-12-14 18:55 - 08453376 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe 2013-11-28 14:39 - 2011-12-14 11:43 - 00278528 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WifiSvcLib.dll 2006-03-07 13:59 - 2006-03-07 13:59 - 00061440 _____ () C:\Windows\system32\lxczcnv6.dll 2013-11-28 14:39 - 2011-12-14 18:53 - 00303360 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe 2013-11-28 14:39 - 2011-12-14 11:22 - 00368640 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WifiLib.dll 2014-08-13 12:44 - 2014-08-13 12:44 - 00823296 _____ () C:\Program Files\web protect\pcproxydll.dll 2014-07-29 14:25 - 2014-07-29 14:26 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2014-08-15 13:51 - 2014-08-15 13:51 - 17048240 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Mine\Downloads\White Rabbit Jefferson Airplane 2987 NV.wav:TOC.WMV ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pcwatch.sys => ""="Driver" <==== ATTENTION HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\pcwatch.sys => ""="Driver" <==== ATTENTION ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) HKU\S-1-5-21-446210937-1492631538-2402945498-1006\Software\Classes\.exe: exefile => <===== ATTENTION! HKU\S-1-5-21-446210937-1492631538-2402945498-1006\Software\Classes\exefile: <===== ATTENTION! ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/31/2014 06:17:53 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point on volume (Process = C:\Program Files\STOPzilla!\SZScanner.exe Files\STOPzilla!\SZScanner.exe" ; Descripton = STOPzilla Restore Point.; Hr = 0x80042319). Error: (08/31/2014 06:17:53 PM) (Source: VSS) (EventID: 12301) (User: ) Description: Volume Shadow Copy Service error: Writer MSSearch Service Writer did not respond to a GatherWriterStatus call. Operation: Gather writers' status Executing Asynchronous Operation Context: Current State: GatherWriterStatus Error: (08/31/2014 06:17:28 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {f1ad52c9-8192-4de3-ac33-b6dfe2b7e91a} Error: (08/30/2014 07:19:08 PM) (Source: MsiInstaller) (EventID: 10005) (User: GREG) Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 27054. CA_Error27054: SetupAction(0xC0070642): Installation failed. Error: (08/29/2014 05:08:40 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {5ed897f5-28ef-40d4-91f2-774c42eba7be} Error: (08/29/2014 04:08:02 PM) (Source: EventSystem) (EventID: 4609) (User: ) Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\vista_gdr\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error. Error: (08/28/2014 06:14:41 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program MPlayer_Setup.exe version 3.7.1.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: bffe8 Start Time: 01cfc31565f5ece7 Termination Time: 0 Error: (08/28/2014 06:13:00 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application plugin-container.exe, version 31.0.0.5310, time stamp 0x53c75e91, faulting module mozalloc.dll, version 31.0.0.5310, time stamp 0x53c72e91, exception code 0x80000003, fault offset 0x0000141b, process id 0xbfdf0, application start time 0xplugin-container.exe0. Error: (08/19/2014 03:36:47 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application FlashPlayerPlugin_14_0_0_179.exe, version 14.0.0.179, time stamp 0x53dc28d1, faulting module ShimEng.dll_unloaded, version 0.0.0.0, time stamp 0x4549bdb7, exception code 0xc0000005, fault offset 0x703a4618, process id 0x7f5e8, application start time 0xFlashPlayerPlugin_14_0_0_179.exe0. Error: (08/19/2014 03:36:44 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application FlashPlayerPlugin_14_0_0_179.exe, version 14.0.0.179, time stamp 0x53dc28d1, faulting module ShimEng.dll_unloaded, version 0.0.0.0, time stamp 0x4549bdb7, exception code 0xc0000005, fault offset 0x703a4618, process id 0x7f524, application start time 0xFlashPlayerPlugin_14_0_0_179.exe0. System errors: ============= Error: (08/31/2014 08:21:41 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: AVG Anti-Rootkit AvgArCln Null Error: (08/31/2014 08:21:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Protect Monitor service failed to start due to the following error: %%1053 Error: (08/31/2014 08:21:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Timeout (30000 milliseconds) waiting for the Protect Monitor service to connect. Error: (08/31/2014 08:21:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The sbapifs service failed to start due to the following error: %%2 Error: (08/31/2014 08:09:00 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: AVG Anti-Rootkit AvgArCln Null Error: (08/31/2014 08:09:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Protect Monitor service failed to start due to the following error: %%1053 Error: (08/31/2014 08:09:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Timeout (30000 milliseconds) waiting for the Protect Monitor service to connect. Error: (08/31/2014 08:09:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The sbapifs service failed to start due to the following error: %%2 Error: (08/31/2014 08:07:24 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: C:\Windows\System32\bcmihvsrv.dll Error: (08/31/2014 08:07:24 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: C:\Windows\System32\bcmihvsrv.dll Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-09-01 13:00:22.708 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-01 13:00:22.555 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-01 13:00:22.412 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-01 13:00:22.278 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-01 13:00:21.984 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-01 13:00:21.854 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-01 13:00:21.726 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-01 13:00:21.588 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-01 12:21:40.159 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-01 12:21:40.022 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core2 CPU 6300 @ 1.86GHz Percentage of memory in use: 73% Total physical RAM: 2029.2 MB Available physical RAM: 538.47 MB Total Pagefile: 4273.43 MB Available Pagefile: 2511.35 MB Total Virtual: 2047.88 MB Available Virtual: 1922.97 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:298.09 GB) (Free:206.67 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: EDAAEDAA) Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS) ==================== End Of Log ============================ RogueKiller Report: RogueKiller V9.2.9.0 [Jul 11 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : https://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows Vista (6.0.6000 ) 32 bits version Started in : Normal mode User : Mine [Admin rights] Mode : Scan -- Date : 09/01/2014 13:16:13 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [PUM.StartMenu] HKEY_USERS\S-1-5-21-446210937-1492631538-2402945498-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 2 -> FOUND [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 2 ¤¤¤ [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost [C:\Windows\System32\drivers\etc\hosts] ::1 localhost ¤¤¤ Antirootkit : 15 (Driver: LOADED) ¤¤¤ [sSDT:Addr(Hook.SSDT)] NtCreateFile[60] : C:\Windows\system32\Drivers\pcwatch.sys @ 0x88e19178 [sSDT:Addr(Hook.SSDT)] NtCreateKey[64] : C:\Windows\system32\Drivers\pcwatch.sys @ 0x88e199f8 [sSDT:Addr(Hook.SSDT)] NtDeleteFile[122] : C:\Windows\system32\Drivers\pcwatch.sys @ 0x88e1910c [sSDT:Addr(Hook.SSDT)] NtDeleteValueKey[126] : C:\Windows\system32\Drivers\pcwatch.sys @ 0x88e19c7e [sSDT:Addr(Hook.SSDT)] NtOpenFile[186] : C:\Windows\system32\Drivers\pcwatch.sys @ 0x88e1924e [sSDT:Addr(Hook.SSDT)] NtOpenKey[189] : C:\Windows\system32\Drivers\pcwatch.sys @ 0x88e19aea [sSDT:Addr(Hook.SSDT)] NtOpenProcess[194] : C:\Windows\system32\Drivers\pcwatch.sys @ 0x88e19df8 [sSDT:Addr(Hook.SSDT)] NtQueryDirectoryFile[218] : C:\Windows\system32\Drivers\pcwatch.sys @ 0x88e194b4 [sSDT:Addr(Hook.SSDT)] NtSetInformationFile[305] : C:\Windows\system32\Drivers\pcwatch.sys @ 0x88e18f46 [sSDT:Addr(Hook.SSDT)] NtSetValueKey[328] : C:\Windows\system32\Drivers\pcwatch.sys @ 0x88e19b72 [sSDT:Addr(Hook.SSDT)] NtTerminateProcess[338] : C:\Windows\system32\Drivers\pcwatch.sys @ 0x88e19e94 [EAT:Addr] (explorer.exe) wscntfy.dll - CPlApplet : C:\Windows\System32\srchadmin.dll @ 0x6bfe3f7e [EAT:Addr] (explorer.exe) wscntfy.dll - DllCanUnloadNow : C:\Windows\System32\srchadmin.dll @ 0x6bfd14b0 [EAT:Addr] (explorer.exe) wscntfy.dll - DllGetClassObject : C:\Windows\System32\srchadmin.dll @ 0x6bfd38a1 [EAT:Addr] (explorer.exe) wscntfy.dll - ProcessGroupPolicy : C:\Windows\System32\srchadmin.dll @ 0x6bfe1319 ¤¤¤ Web browsers : 1 ¤¤¤ [PUM.HomePage][FIREFX:Config] lmkav7d2.default-1409459547997 : user_pref("browser.startup.homepage", "http://xfinity.comcast.net/?cid=mtmh08302014"); -> FOUND ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: WDC WD3200AAKS-00V1A0 +++++ --- User --- [MBR] f5e1b45a02fa983a2bc29e353851f0af [bSP] 04889ef46140248b49c5ed8a74da1b1c : HP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 305242 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: Generic USB SD Reader USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive2: Generic USB CF Reader USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive3: Generic USB SM Reader USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive4: Generic USB MS Reader USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. )
  7. I have picked up this WebProtect Ads program that I cannot get rid of. While searching to find a way to get rid of it I found that Malwarebytes is supposed to be one of the best answers to the problem. However, so far it has not worked. Is there anything specific that I need to do to get at this thing?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.