Jump to content

WebProtect Ads!


Neamiah
 Share

Recommended Posts

I have picked up this WebProtect Ads program that I cannot get rid of. While searching to find a way to get rid of it I found that Malwarebytes is supposed to be one of the best answers to the problem. However, so far it has not worked. Is there anything specific that I need to do to get at this thing?

Link to post
Share on other sites

Welcome to the forum. (Do what you can)

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

2. If you have illegal/cracked software (MS Office, Adobe Products), cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

 

<====><====><====><====><====><====><====><====>

 

Please run a Threat Scan with Malwarebytes (if possible)

Start Malwarebytes 2.0.........

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

Post the log (save the log as a .txt file not .xml)

Then......

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. (make sure the Addition box is checked)
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

Last................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Wait for the Prescan to finish

Click Scan to scan the system.

When the scan completes > Don't Fix anything! > Click on the Report Button > Copy and paste the Report back here.

Don't run any other options, they're not all bad!!!!!!!

RogueKiller logs will also be located here:

%programdata%/RogueKiller/Logs <-------W7

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <-------XP

(please don't put logs in code or quotes and use the default font)

 

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

Link to post
Share on other sites

I have the Malewarebytes settings just as you have said, but it does not pick up anything.

 

FRST Log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2014 02
Ran by Mine (administrator) on GREG on 01-09-2014 12:59:41
Running from C:\Users\Mine\Downloads
Platform: Microsoft® Windows Vista™ Home Premium  (X86) OS Language: English (United States)
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
( ) C:\Windows\System32\lxczcoms.exe
(Lexmark International, Inc.) C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Lexmark International, Inc.) C:\Program Files\Lexmark 1200 Series\LXCZbmon.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
() C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(New Boundary Technologies, Inc.) C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(MyOSCompany) C:\Program Files\Web Protect\MyOSProtect.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Farbar) C:\Users\Mine\Downloads\FRST(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1006264 2013-11-28] (Microsoft Corporation)
HKLM\...\Run: [lxczbmgr.exe] => C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [74672 2007-04-19] (Lexmark International, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-29] (AVAST Software)
HKLM\...\Command Processor:  <======= ATTENTION
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-446210937-1492631538-2402945498-1006\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125440 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-21-446210937-1492631538-2402945498-1006\...\MountPoints2: {bc00e5f3-585d-11e3-9389-001676b89a72} - I:\autorun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk
ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
Winsock: Catalog9 01 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 02 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 03 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 04 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 27 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Mine\AppData\Roaming\Mozilla\Firefox\Profiles\lmkav7d2.default-1409459547997
FF Homepage: hxxp://xfinity.comcast.net/?cid=mtmh08302014
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-11-28]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-29]

Chrome:
=======
CHR HomePage: Default -> 9B7B6EB9CE8065108ED8E18021C98A6B516F63CD53DE685AD2D931536EC543A3
CHR DefaultSearchKeyword: Default -> 606B541C4399023170102B5090D58A10EC5AE16ECF214504BED337732FC5A953
CHR DefaultSearchProvider: Default -> D56FE927DAF895A67F8681DE1657078E28E2017D5C8E47BD77596A9377335CB6
CHR DefaultSearchURL: Default -> D44BA351EA76489E63347E5C5678B62EDFB9DA9386846B43452530E03998ECB6
CHR CustomProfile: C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-29]
CHR Extension: (Google Drive) - C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-29]
CHR Extension: (YouTube) - C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-29]
CHR Extension: (Google Search) - C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-29]
CHR Extension: (Gmail) - C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-29]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-29] (AVAST Software)
R2 lxcz_device; C:\Windows\system32\lxczcoms.exe [537520 2007-04-19] ( )
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 MHN; C:\Windows\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
R3 MyOSProtect; C:\Program Files\Web Protect\MyOSProtect.exe [1317848 2014-08-20] (MyOSCompany) [File not signed]
R2 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [65536 2006-06-19] (New Boundary Technologies, Inc.) [File not signed]
S2 ProtectMonitor; C:\monitorsvc.exe [34244 2014-08-25] () [File not signed]
R2 WSWNDA3100v2; C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 abp480n5; C:\Windows\System32\DRIVERS\ABP480N5.SYS [23552 2004-08-10] (Microsoft Corporation) [File not signed]
R0 Aha154x; C:\Windows\System32\DRIVERS\aha154x.sys [12800 2004-08-10] (Microsoft Corporation) [File not signed]
R0 aic78u2; C:\Windows\System32\DRIVERS\aic78u2.sys [55168 2004-08-10] (Microsoft Corporation) [File not signed]
R0 amacpi; C:\Windows\System32\DRIVERS\null.sys [4608 2006-11-02] (Microsoft Corporation)
R0 amsint; C:\Windows\System32\DRIVERS\amsint.sys [12032 2004-08-10] (Microsoft Corporation) [File not signed]
R0 asc; C:\Windows\System32\DRIVERS\asc.sys [26496 2004-08-10] (Advanced System Products, Inc.) [File not signed]
R0 asc3350p; C:\Windows\System32\DRIVERS\asc3350p.sys [22400 2004-08-10] (Microsoft Corporation) [File not signed]
R0 asc3550; C:\Windows\System32\DRIVERS\asc3550.sys [14848 2004-08-10] (Advanced System Products, Inc.) [File not signed]
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-29] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-08-29] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-29] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-29] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-29] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-08-29] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-29] ()
R3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [1074944 2011-12-12] (Broadcom Corporation)
R0 cd20xrnt; C:\Windows\System32\DRIVERS\cd20xrnt.sys [7680 2004-08-10] (Microsoft Corporation) [File not signed]
S3 CmBatt; C:\Windows\System32\DRIVERS\CmBatt.sys [14080 2004-08-03] (Microsoft Corporation) [File not signed]
R0 Cpqarray; C:\Windows\System32\DRIVERS\cpqarray.sys [14976 2004-08-10] (Microsoft Corporation) [File not signed]
R0 dac2w2k; C:\Windows\System32\DRIVERS\dac2w2k.sys [179584 2004-08-10] (Mylex Corporation) [File not signed]
R0 dac960nt; C:\Windows\System32\DRIVERS\dac960nt.sys [14720 2004-08-10] (Microsoft Corporation) [File not signed]
R0 dpti2o; C:\Windows\System32\DRIVERS\dpti2o.sys [20192 2004-08-10] (Microsoft Corporation) [File not signed]
R3 hcwPP2; C:\Windows\System32\DRIVERS\hcwPP2.sys [185728 2007-02-06] (Hauppauge Computer Works, Inc.)
R0 hpn; C:\Windows\System32\DRIVERS\hpn.sys [25952 2004-08-10] (Microsoft Corporation) [File not signed]
R0 ini910u; C:\Windows\System32\DRIVERS\ini910u.sys [16000 2004-08-10] (Microsoft Corporation) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-01] (Malwarebytes Corporation)
S3 MHNDRV; C:\Windows\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [50704 2010-02-03] (CACE Technologies, Inc.)
R1 pcwatch; C:\Windows\system32\Drivers\pcwatch.sys [19840 2014-08-20] () [File not signed] <==== ATTENTION
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [20576 2005-05-13] (Sonic Solutions) [File not signed]
R0 ql1080; C:\Windows\System32\DRIVERS\ql1080.sys [40320 2004-08-10] (QLogic Corporation) [File not signed]
R0 Ql10wnt; C:\Windows\System32\DRIVERS\ql10wnt.sys [33152 2004-08-10] (Microsoft Corporation) [File not signed]
R0 ql12160; C:\Windows\System32\DRIVERS\ql12160.sys [45312 2004-08-10] (QLogic Corporation) [File not signed]
R0 ql1240; C:\Windows\System32\DRIVERS\ql1240.sys [40448 2004-08-10] (Microsoft Corporation) [File not signed]
R0 ql1280; C:\Windows\System32\DRIVERS\ql1280.sys [49024 2004-08-10] (QLogic Corporation) [File not signed]
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows ® Codename Longhorn DDK provider)
R0 Sparrow; C:\Windows\System32\DRIVERS\sparrow.sys [19072 2004-08-10] (Adaptec, Inc.) [File not signed]
R0 symc810; C:\Windows\System32\DRIVERS\symc810.sys [16256 2004-08-10] (Symbios Logic Inc.) [File not signed]
R0 TosIde; C:\Windows\System32\DRIVERS\toside.sys [4992 2004-08-10] (Microsoft Corporation) [File not signed]
R0 ultra; C:\Windows\System32\DRIVERS\ultra.sys [36736 2004-08-10] (Promise Technology, Inc.) [File not signed]
S0 AVG Anti-Rootkit; System32\DRIVERS\avgarkt.sys [X]
S1 AvgArCln; System32\DRIVERS\AvgArCln.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-01 12:59 - 2014-09-01 13:00 - 00014749 _____ () C:\Users\Mine\Downloads\FRST.txt
2014-09-01 12:59 - 2014-09-01 12:59 - 00000000 ____D () C:\FRST
2014-09-01 12:58 - 2014-09-01 12:58 - 01096704 _____ (Farbar) C:\Users\Mine\Downloads\FRST.exe
2014-09-01 12:58 - 2014-09-01 12:58 - 01096704 _____ (Farbar) C:\Users\Mine\Downloads\FRST(1).exe
2014-08-31 21:13 - 2014-08-31 21:13 - 00000079 _____ () C:\Windows\wininit.ini
2014-08-31 20:28 - 2014-09-01 12:13 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-31 20:27 - 2014-08-31 20:27 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-31 20:27 - 2014-08-31 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-31 20:27 - 2014-08-31 20:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-31 20:27 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-31 20:27 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-31 20:27 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-31 20:26 - 2014-08-31 20:26 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mine\Downloads\mbam-setup-2.0.2.1012(2).exe
2014-08-31 20:07 - 2014-08-31 20:07 - 00000074 _____ () C:\lxcz.log
2014-08-31 18:06 - 2014-08-31 18:06 - 00707664 _____ (iS3, Inc.) C:\Users\Mine\Downloads\SZSetup_AID10121_AV.exe
2014-08-31 17:37 - 2014-08-31 17:49 - 00000000 __SHD () C:\Windows\system32\AI_RecycleBin
2014-08-31 17:36 - 2014-08-31 17:36 - 02177424 _____ (Reason Software Company Inc.) C:\Users\Mine\Downloads\ShouldIRemoveIt_Setup.exe
2014-08-30 21:27 - 2014-08-31 21:15 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-08-30 21:27 - 2014-08-31 21:13 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-30 21:26 - 2014-08-30 21:26 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Mine\Downloads\spybot-2.4.exe
2014-08-30 21:21 - 2014-08-30 21:21 - 02806920 _____ () C:\Users\Mine\Downloads\Adaware_Installer(4).exe
2014-08-30 21:18 - 2014-08-30 21:19 - 02806920 _____ () C:\Users\Mine\Downloads\Adaware_Installer(3).exe
2014-08-30 21:17 - 2014-08-30 21:17 - 02806920 _____ () C:\Users\Mine\Downloads\Adaware_Installer(2).exe
2014-08-30 21:15 - 2014-08-30 21:16 - 02806920 _____ () C:\Users\Mine\Downloads\Adaware_Installer(1).exe
2014-08-30 21:14 - 2014-08-30 21:14 - 02806920 _____ () C:\Users\Mine\Downloads\Adaware_Installer.exe
2014-08-30 21:14 - 2014-08-30 21:14 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-08-29 17:16 - 2014-08-29 17:16 - 00000000 ____D () C:\Users\Mine\AppData\Roaming\AVAST Software
2014-08-29 17:12 - 2014-08-29 20:22 - 00000000 ____D () C:\Program Files\Google
2014-08-29 17:12 - 2014-08-29 17:15 - 00000000 ____D () C:\Users\Mine\AppData\Local\Google
2014-08-29 17:11 - 2014-08-29 17:13 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-29 17:11 - 2014-08-29 17:11 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-29 17:11 - 2014-08-29 17:11 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-29 17:11 - 2014-08-29 17:11 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-29 17:11 - 2014-08-29 17:11 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-29 17:11 - 2014-08-29 17:11 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-08-29 17:11 - 2014-08-29 17:11 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-08-29 17:11 - 2014-08-29 17:11 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-29 17:11 - 2014-08-29 17:11 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-29 17:11 - 2014-08-29 17:11 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-29 17:09 - 2014-08-29 17:09 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-29 17:07 - 2014-08-29 17:09 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-29 17:07 - 2014-08-29 17:07 - 04862664 _____ (AVAST Software) C:\Users\Mine\Downloads\avast_free_antivirus_setup_online.exe
2014-08-29 15:28 - 2014-08-29 15:28 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mine\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-08-29 15:23 - 2014-08-29 15:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mine\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-29 10:10 - 2014-08-29 10:10 - 00000000 ____D () C:\Users\Mine\AppData\Local\Adobe
2014-08-29 00:32 - 2014-08-29 00:32 - 00423736 _____ () C:\Users\Mine\Downloads\avgarkt-setup-1.1.0.42.exe
2014-08-28 18:13 - 2014-08-28 18:13 - 00009744 _____ () C:\Windows\system32\MyOSProtect.ini
2014-08-28 18:13 - 2014-08-28 18:13 - 00002312 _____ () C:\Windows\system32\MyOSProtectOff.ini
2014-08-28 18:13 - 2014-08-20 12:48 - 00019840 _____ () C:\Windows\system32\Drivers\pcwatch.sys
2014-08-28 18:13 - 2014-08-20 12:36 - 00304776 _____ (MyOSCompany) C:\Windows\system32\MyOSProtect.dll
2014-08-28 18:12 - 2014-08-29 17:27 - 00000000 ____D () C:\Program Files\Web Protect
2014-08-25 12:30 - 2014-08-25 12:30 - 00034244 _____ () C:\monitorsvc.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-01 13:00 - 2014-09-01 12:59 - 00014749 _____ () C:\Users\Mine\Downloads\FRST.txt
2014-09-01 12:59 - 2014-09-01 12:59 - 00000000 ____D () C:\FRST
2014-09-01 12:58 - 2014-09-01 12:58 - 01096704 _____ (Farbar) C:\Users\Mine\Downloads\FRST.exe
2014-09-01 12:58 - 2014-09-01 12:58 - 01096704 _____ (Farbar) C:\Users\Mine\Downloads\FRST(1).exe
2014-09-01 12:19 - 2013-11-28 22:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-01 12:15 - 2013-11-28 13:35 - 00003120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-01 12:15 - 2013-11-28 13:35 - 00003120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-01 12:13 - 2014-08-31 20:28 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-01 11:20 - 2006-11-02 07:52 - 01587535 _____ () C:\Windows\WindowsUpdate.log
2014-08-31 21:22 - 2006-11-02 05:33 - 00747936 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-31 21:15 - 2014-08-30 21:27 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-08-31 21:15 - 2013-11-28 13:49 - 00046628 _____ () C:\Windows\PFRO.log
2014-08-31 21:15 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-31 21:14 - 2006-06-17 04:45 - 00028188 _____ () C:\Windows\SchedLgU.Txt
2014-08-31 21:13 - 2014-08-31 21:13 - 00000079 _____ () C:\Windows\wininit.ini
2014-08-31 21:13 - 2014-08-30 21:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-31 20:27 - 2014-08-31 20:27 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-31 20:27 - 2014-08-31 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-31 20:27 - 2014-08-31 20:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-31 20:26 - 2014-08-31 20:26 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mine\Downloads\mbam-setup-2.0.2.1012(2).exe
2014-08-31 20:07 - 2014-08-31 20:07 - 00000074 _____ () C:\lxcz.log
2014-08-31 18:18 - 2014-04-15 17:12 - 00000000 ____D () C:\Windows\Minidump
2014-08-31 18:06 - 2014-08-31 18:06 - 00707664 _____ (iS3, Inc.) C:\Users\Mine\Downloads\SZSetup_AID10121_AV.exe
2014-08-31 17:49 - 2014-08-31 17:37 - 00000000 __SHD () C:\Windows\system32\AI_RecycleBin
2014-08-31 17:36 - 2014-08-31 17:36 - 02177424 _____ (Reason Software Company Inc.) C:\Users\Mine\Downloads\ShouldIRemoveIt_Setup.exe
2014-08-30 23:32 - 2013-12-05 00:39 - 00000000 ____D () C:\Users\Mine\Desktop\Old Firefox Data
2014-08-30 21:26 - 2014-08-30 21:26 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Mine\Downloads\spybot-2.4.exe
2014-08-30 21:21 - 2014-08-30 21:21 - 02806920 _____ () C:\Users\Mine\Downloads\Adaware_Installer(4).exe
2014-08-30 21:19 - 2014-08-30 21:18 - 02806920 _____ () C:\Users\Mine\Downloads\Adaware_Installer(3).exe
2014-08-30 21:17 - 2014-08-30 21:17 - 02806920 _____ () C:\Users\Mine\Downloads\Adaware_Installer(2).exe
2014-08-30 21:16 - 2014-08-30 21:15 - 02806920 _____ () C:\Users\Mine\Downloads\Adaware_Installer(1).exe
2014-08-30 21:14 - 2014-08-30 21:14 - 02806920 _____ () C:\Users\Mine\Downloads\Adaware_Installer.exe
2014-08-30 21:14 - 2014-08-30 21:14 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-08-30 19:32 - 2013-11-28 22:20 - 00000000 ____D () C:\ProgramData\AVG2014
2014-08-30 19:32 - 2013-11-28 22:18 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-29 20:22 - 2014-08-29 17:12 - 00000000 ____D () C:\Program Files\Google
2014-08-29 17:27 - 2014-08-28 18:12 - 00000000 ____D () C:\Program Files\Web Protect
2014-08-29 17:16 - 2014-08-29 17:16 - 00000000 ____D () C:\Users\Mine\AppData\Roaming\AVAST Software
2014-08-29 17:15 - 2014-08-29 17:12 - 00000000 ____D () C:\Users\Mine\AppData\Local\Google
2014-08-29 17:13 - 2014-08-29 17:11 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-29 17:11 - 2014-08-29 17:11 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-29 17:11 - 2014-08-29 17:11 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-29 17:11 - 2014-08-29 17:11 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-29 17:11 - 2014-08-29 17:11 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-29 17:11 - 2014-08-29 17:11 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-08-29 17:11 - 2014-08-29 17:11 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-08-29 17:11 - 2014-08-29 17:11 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-29 17:11 - 2014-08-29 17:11 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-29 17:11 - 2014-08-29 17:11 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-29 17:09 - 2014-08-29 17:09 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-29 17:09 - 2014-08-29 17:07 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-29 17:07 - 2014-08-29 17:07 - 04862664 _____ (AVAST Software) C:\Users\Mine\Downloads\avast_free_antivirus_setup_online.exe
2014-08-29 15:42 - 2006-11-02 07:37 - 00000000 ____D () C:\Windows\ShellNew
2014-08-29 15:28 - 2014-08-29 15:28 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mine\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-08-29 15:23 - 2014-08-29 15:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mine\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-29 10:10 - 2014-08-29 10:10 - 00000000 ____D () C:\Users\Mine\AppData\Local\Adobe
2014-08-29 00:57 - 2013-12-05 16:07 - 00000000 ____D () C:\Users\Mine\AppData\Local\Microsoft Games
2014-08-29 00:32 - 2014-08-29 00:32 - 00423736 _____ () C:\Users\Mine\Downloads\avgarkt-setup-1.1.0.42.exe
2014-08-28 18:13 - 2014-08-28 18:13 - 00009744 _____ () C:\Windows\system32\MyOSProtect.ini
2014-08-28 18:13 - 2014-08-28 18:13 - 00002312 _____ () C:\Windows\system32\MyOSProtectOff.ini
2014-08-25 21:05 - 2014-03-28 17:26 - 00000000 ____D () C:\Users\Mine\AppData\Local\Battle.net
2014-08-25 19:42 - 2013-11-28 23:10 - 00000000 ____D () C:\Program Files\World of Warcraft
2014-08-25 12:30 - 2014-08-25 12:30 - 00034244 _____ () C:\monitorsvc.exe
2014-08-22 00:00 - 2014-03-28 17:26 - 00000000 ____D () C:\Program Files\Battle.net
2014-08-20 12:48 - 2014-08-28 18:13 - 00019840 _____ () C:\Windows\system32\Drivers\pcwatch.sys
2014-08-20 12:36 - 2014-08-28 18:13 - 00304776 _____ (MyOSCompany) C:\Windows\system32\MyOSProtect.dll
2014-08-18 23:39 - 2014-03-28 17:29 - 00000000 ____D () C:\Program Files\Hearthstone
2014-08-15 13:51 - 2013-11-28 22:06 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-08-15 13:51 - 2013-11-28 22:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-08-15 13:49 - 2013-12-05 20:13 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-15 13:49 - 2013-11-28 21:48 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-14 03:08 - 2013-11-28 22:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-14 03:07 - 2013-11-28 21:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 03:03 - 2006-11-02 05:24 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-08-05 09:20 - 2013-11-28 15:30 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Mine\AppData\Local\Temp\rtdrvmon.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-01 09:27

==================== End Of Log ============================

 

Addition:
 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-08-2014 02
Ran by Mine at 2014-09-01 13:00:29
Running from C:\Users\Mine\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
Hearthstone (HKLM\...\Hearthstone) (Version:  - Blizzard Entertainment)
Intel® Management Engine Interface (HKLM\...\HECI) (Version:  - )
Lexmark 1200 Series (HKLM\...\Lexmark 1200 Series) (Version:  - Lexmark International, Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB953297) (HKLM\...\M953297) (Version:  - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2007 (HKLM\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.03.000 - NETGEAR)
PCI Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_HSF) (Version:  - )
Sonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_PROR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_PROR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{B2260BC9-D561-46EE-B33D-739CF760A2A9}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_PROR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_PROR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version: 3.1 - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (Version: 3.1 - Microsoft Corporation) Hidden
World of Warcraft (HKLM\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

14-08-2014 06:20:45 Scheduled Checkpoint
14-08-2014 08:03:03 Windows Update
15-08-2014 05:08:53 Scheduled Checkpoint
15-08-2014 20:42:48 Scheduled Checkpoint
17-08-2014 05:00:03 Scheduled Checkpoint
18-08-2014 05:18:38 Scheduled Checkpoint
19-08-2014 05:16:11 Scheduled Checkpoint
20-08-2014 05:00:03 Scheduled Checkpoint
21-08-2014 05:00:03 Scheduled Checkpoint
22-08-2014 06:51:33 Scheduled Checkpoint
22-08-2014 23:39:06 Scheduled Checkpoint
24-08-2014 05:06:27 Scheduled Checkpoint
25-08-2014 05:07:35 Scheduled Checkpoint
26-08-2014 05:00:02 Scheduled Checkpoint
27-08-2014 05:17:50 Scheduled Checkpoint
28-08-2014 05:19:11 Scheduled Checkpoint
29-08-2014 00:30:29 Scheduled Checkpoint
29-08-2014 22:08:42 avast! antivirus system restore point
30-08-2014 14:10:33 Scheduled Checkpoint
31-08-2014 00:16:42 Removed AVG 2014
31-08-2014 00:21:31 Removed AVG 2014
31-08-2014 00:23:56 Removed AVG 2014
31-08-2014 02:07:16 Windows Update
31-08-2014 22:36:55 Installed Should I Remove It
31-08-2014 22:49:11 Removed Should I Remove It
31-08-2014 23:08:14 Installed STOPzilla
01-09-2014 01:03:21 Removed STOPzilla

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2006-11-02] (Microsoft Corporation)
Task: {9EB44560-63F6-4CA3-8294-048D3F7D340B} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {D24CD63C-98C1-48C1-AA9E-68D032EB32E5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-29] (AVAST Software)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2006-11-02] ()
Task: {F376EAF7-9C2A-4F10-9861-5C21DEE499DE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-15] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-08-29 17:11 - 2014-08-29 17:11 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-01 05:16 - 2014-09-01 05:16 - 02805248 _____ () C:\Program Files\AVAST Software\Avast\defs\14090100\algo.dll
2009-05-16 04:22 - 2009-05-16 04:22 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2014-08-29 17:11 - 2014-08-29 17:11 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-11-28 14:39 - 2011-12-14 18:55 - 08453376 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
2013-11-28 14:39 - 2011-12-14 11:43 - 00278528 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WifiSvcLib.dll
2006-03-07 13:59 - 2006-03-07 13:59 - 00061440 _____ () C:\Windows\system32\lxczcnv6.dll
2013-11-28 14:39 - 2011-12-14 18:53 - 00303360 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
2013-11-28 14:39 - 2011-12-14 11:22 - 00368640 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WifiLib.dll
2014-08-13 12:44 - 2014-08-13 12:44 - 00823296 _____ () C:\Program Files\web protect\pcproxydll.dll
2014-07-29 14:25 - 2014-07-29 14:26 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-08-15 13:51 - 2014-08-15 13:51 - 17048240 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Mine\Downloads\White Rabbit Jefferson Airplane 2987 NV.wav:TOC.WMV

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pcwatch.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\pcwatch.sys => ""="Driver" <==== ATTENTION

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)



HKU\S-1-5-21-446210937-1492631538-2402945498-1006\Software\Classes\.exe: exefile =>  <===== ATTENTION!
HKU\S-1-5-21-446210937-1492631538-2402945498-1006\Software\Classes\exefile:  <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/31/2014 06:17:53 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Program Files\STOPzilla!\SZScanner.exe Files\STOPzilla!\SZScanner.exe" ; Descripton = STOPzilla Restore Point.; Hr = 0x80042319).

Error: (08/31/2014 06:17:53 PM) (Source: VSS) (EventID: 12301) (User: )
Description: Volume Shadow Copy Service error: Writer MSSearch Service Writer did not respond to a GatherWriterStatus call.


Operation:
   Gather writers' status
   Executing Asynchronous Operation

Context:
   Current State: GatherWriterStatus

Error: (08/31/2014 06:17:28 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {f1ad52c9-8192-4de3-ac33-b6dfe2b7e91a}

Error: (08/30/2014 07:19:08 PM) (Source: MsiInstaller) (EventID: 10005) (User: GREG)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 27054. CA_Error27054: SetupAction(0xC0070642): Installation failed.

Error: (08/29/2014 05:08:40 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {5ed897f5-28ef-40d4-91f2-774c42eba7be}

Error: (08/29/2014 04:08:02 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 8007043c from line 45 of d:\vista_gdr\com\complus\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.

Error: (08/28/2014 06:14:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MPlayer_Setup.exe version 3.7.1.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: bffe8
Start Time: 01cfc31565f5ece7
Termination Time: 0

Error: (08/28/2014 06:13:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 31.0.0.5310, time stamp 0x53c75e91, faulting module mozalloc.dll, version 31.0.0.5310, time stamp 0x53c72e91, exception code 0x80000003, fault offset 0x0000141b,
process id 0xbfdf0, application start time 0xplugin-container.exe0.

Error: (08/19/2014 03:36:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application FlashPlayerPlugin_14_0_0_179.exe, version 14.0.0.179, time stamp 0x53dc28d1, faulting module ShimEng.dll_unloaded, version 0.0.0.0, time stamp 0x4549bdb7, exception code 0xc0000005, fault offset 0x703a4618,
process id 0x7f5e8, application start time 0xFlashPlayerPlugin_14_0_0_179.exe0.

Error: (08/19/2014 03:36:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application FlashPlayerPlugin_14_0_0_179.exe, version 14.0.0.179, time stamp 0x53dc28d1, faulting module ShimEng.dll_unloaded, version 0.0.0.0, time stamp 0x4549bdb7, exception code 0xc0000005, fault offset 0x703a4618,
process id 0x7f524, application start time 0xFlashPlayerPlugin_14_0_0_179.exe0.


System errors:
=============
Error: (08/31/2014 08:21:41 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AVG Anti-Rootkit
AvgArCln
Null

Error: (08/31/2014 08:21:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Protect Monitor service failed to start due to the following error:
%%1053

Error: (08/31/2014 08:21:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Protect Monitor service to connect.

Error: (08/31/2014 08:21:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The sbapifs service failed to start due to the following error:
%%2

Error: (08/31/2014 08:09:00 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AVG Anti-Rootkit
AvgArCln
Null

Error: (08/31/2014 08:09:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Protect Monitor service failed to start due to the following error:
%%1053

Error: (08/31/2014 08:09:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Protect Monitor service to connect.

Error: (08/31/2014 08:09:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The sbapifs service failed to start due to the following error:
%%2

Error: (08/31/2014 08:07:24 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: C:\Windows\System32\bcmihvsrv.dll

Error: (08/31/2014 08:07:24 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: C:\Windows\System32\bcmihvsrv.dll


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-09-01 13:00:22.708
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-01 13:00:22.555
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-01 13:00:22.412
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-01 13:00:22.278
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-01 13:00:21.984
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-01 13:00:21.854
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-01 13:00:21.726
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-01 13:00:21.588
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-01 12:21:40.159
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-01 12:21:40.022
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core2 CPU 6300 @ 1.86GHz
Percentage of memory in use: 73%
Total physical RAM: 2029.2 MB
Available physical RAM: 538.47 MB
Total Pagefile: 4273.43 MB
Available Pagefile: 2511.35 MB
Total Virtual: 2047.88 MB
Available Virtual: 1922.97 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:298.09 GB) (Free:206.67 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: EDAAEDAA)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================

RogueKiller Report:

 

RogueKiller V9.2.9.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : https://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6000 ) 32 bits version
Started in : Normal mode
User : Mine [Admin rights]
Mode : Scan -- Date : 09/01/2014  13:16:13

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[PUM.StartMenu] HKEY_USERS\S-1-5-21-446210937-1492631538-2402945498-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 2  -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
[C:\Windows\System32\drivers\etc\hosts] ::1             localhost

¤¤¤ Antirootkit : 15 (Driver: LOADED) ¤¤¤
[sSDT:Addr(Hook.SSDT)] NtCreateFile[60] : C:\Windows\system32\Drivers\pcwatch.sys @ 0x88e19178
[sSDT:Addr(Hook.SSDT)] NtCreateKey[64] : C:\Windows\system32\Drivers\pcwatch.sys @ 0x88e199f8
[sSDT:Addr(Hook.SSDT)] NtDeleteFile[122] : C:\Windows\system32\Drivers\pcwatch.sys @ 0x88e1910c
[sSDT:Addr(Hook.SSDT)] NtDeleteValueKey[126] : C:\Windows\system32\Drivers\pcwatch.sys @ 0x88e19c7e
[sSDT:Addr(Hook.SSDT)] NtOpenFile[186] : C:\Windows\system32\Drivers\pcwatch.sys @ 0x88e1924e
[sSDT:Addr(Hook.SSDT)] NtOpenKey[189] : C:\Windows\system32\Drivers\pcwatch.sys @ 0x88e19aea
[sSDT:Addr(Hook.SSDT)] NtOpenProcess[194] : C:\Windows\system32\Drivers\pcwatch.sys @ 0x88e19df8
[sSDT:Addr(Hook.SSDT)] NtQueryDirectoryFile[218] : C:\Windows\system32\Drivers\pcwatch.sys @ 0x88e194b4
[sSDT:Addr(Hook.SSDT)] NtSetInformationFile[305] : C:\Windows\system32\Drivers\pcwatch.sys @ 0x88e18f46
[sSDT:Addr(Hook.SSDT)] NtSetValueKey[328] : C:\Windows\system32\Drivers\pcwatch.sys @ 0x88e19b72
[sSDT:Addr(Hook.SSDT)] NtTerminateProcess[338] : C:\Windows\system32\Drivers\pcwatch.sys @ 0x88e19e94
[EAT:Addr] (explorer.exe) wscntfy.dll - CPlApplet : C:\Windows\System32\srchadmin.dll @ 0x6bfe3f7e
[EAT:Addr] (explorer.exe) wscntfy.dll - DllCanUnloadNow : C:\Windows\System32\srchadmin.dll @ 0x6bfd14b0
[EAT:Addr] (explorer.exe) wscntfy.dll - DllGetClassObject : C:\Windows\System32\srchadmin.dll @ 0x6bfd38a1
[EAT:Addr] (explorer.exe) wscntfy.dll - ProcessGroupPolicy : C:\Windows\System32\srchadmin.dll @ 0x6bfe1319

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] lmkav7d2.default-1409459547997 : user_pref("browser.startup.homepage", "http://xfinity.comcast.net/?cid=mtmh08302014"); -> FOUND

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD3200AAKS-00V1A0 +++++
--- User ---
[MBR] f5e1b45a02fa983a2bc29e353851f0af
[bSP] 04889ef46140248b49c5ed8a74da1b1c : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 305242 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic USB SM Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 

Link to post
Share on other sites

Make sure you have created a restore point and.....

bwebb7v.jpgDownload Delfix from Here and save it to your desktop.

  • Place a check mark in front of .......
  • Create registry backup <---only!
  • Uncheck the rest!
  • Click the Run button.

    Close the tool out when it's done....we'll use it later.

    ============================

    Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.

    Run FRST.exe/FRST64.exe and click Fix only once and wait

    The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

    =============================

    Please download AdwCleaner from HERE or HERE to your desktop.

    • Double click on AdwCleaner.exe to run the tool.

      Vista/Windows 7/8 users right-click and select Run As Administrator

    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
    • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • Look over the log especially under Files/Folders for any program you want to save.
    • If there's a program you may want to save, just uncheck it from AdwCleaner.
    • If you're not sure, post the log for review. (all items found are either adware/spyware/foistware)
    • If you're ready to clean it all up.....click the Clean button.
    • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
    • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
    • To restore an item that has been deleted:
    • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
    Next..................

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.

    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    Next.........

    Please run a Threat Scan

    Click on settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

    Same for PUM (Potentially Unwanted Modifications)

    Quarantine All that's found

    MrC

Link to post
Share on other sites

Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:31-08-2014 02
Ran by Mine at 2014-09-01 15:57:43 Run:1
Running from C:\Users\Mine\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Program Files\Web Protect\MyOSProtect.exe
HKLM\...\Command Processor:  <======= ATTENTION
Winsock: Catalog9 01 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 02 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 03 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 04 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 27 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R3 MyOSProtect; C:\Program Files\Web Protect\MyOSProtect.exe [1317848 2014-08-20] (MyOSCompany) [File not signed]
S2 ProtectMonitor; C:\monitorsvc.exe
R1 pcwatch; C:\Windows\system32\Drivers\pcwatch.sys
C:\Windows\system32\Drivers\pcwatch.sys
C:\monitorsvc.exe
C:\Windows\system32\MyOSProtect.ini
C:\Windows\system32\MyOSProtectOff.ini
C:\Windows\system32\Drivers\pcwatch.sys
C:\Windows\system32\MyOSProtect.dll
C:\Program Files\Web Protect
C:\Users\Mine\AppData\Local\Temp\rtdrvmon.exe
HKU\S-1-5-21-446210937-1492631538-2402945498-1006\Software\Classes\.exe: exefile =>  <===== ATTENTION!
HKU\S-1-5-21-446210937-1492631538-2402945498-1006\Software\Classes\exefile:  <===== ATTENTION!
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pcwatch.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\pcwatch.sys => ""="Driver" <==== ATTENTION
C:\Program Files\Web Protect
cmd: netsh winsock reset


*****************

Could not move "C:\Program Files\Web Protect\MyOSProtect.exe" => Scheduled to move on reboot.
HKLM\Software\Microsoft\Command Processor\\AutoRun => value deleted successfully.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001" => Error deleting key. The key could be protected.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002" => Error deleting key. The key could be protected.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003" => Error deleting key. The key could be protected.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004" => Error deleting key. The key could be protected.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000027" => Error deleting key. The key could be protected.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKCU\SOFTWARE\Policies\Google" => Key deleted successfully.
MyOSProtect => Service stopped successfully.
MyOSProtect => Error deleting Service
ProtectMonitor => Service deleted successfully.
pcwatch => Unable to stop service
pcwatch => Error deleting Service
Could not move "C:\Windows\system32\Drivers\pcwatch.sys" => Scheduled to move on reboot.
Could not move "C:\monitorsvc.exe" => Scheduled to move on reboot.
C:\Windows\system32\MyOSProtect.ini => Moved successfully.
C:\Windows\system32\MyOSProtectOff.ini => Moved successfully.
Could not move "C:\Windows\system32\Drivers\pcwatch.sys" => Scheduled to move on reboot.
Could not move "C:\Windows\system32\MyOSProtect.dll" => Scheduled to move on reboot.
C:\Program Files\Web Protect => Moved successfully.
C:\Users\Mine\AppData\Local\Temp\rtdrvmon.exe => Moved successfully.
"HKU\S-1-5-21-446210937-1492631538-2402945498-1006\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-21-446210937-1492631538-2402945498-1006\Software\Classes\.exe" => Key deleted successfully.
"HKU\S-1-5-21-446210937-1492631538-2402945498-1006\Software\Classes\exefile" => Key not found.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\pcwatch.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\pcwatch.sys" => Key deleted successfully.
"C:\Program Files\Web Protect" => File/Directory not found.

=========  netsh winsock reset =========

Access is denied.



========= End of CMD: =========


=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-09-01 16:00:37)<=

C:\Program Files\Web Protect\MyOSProtect.exe => Is moved successfully.
"C:\Windows\system32\Drivers\pcwatch.sys" => File could not move.
"C:\monitorsvc.exe" => File could not move.
"C:\Windows\system32\Drivers\pcwatch.sys" => File could not move.
"C:\Windows\system32\MyOSProtect.dll" => File could not move.

==== End of Fixlog ====

 

Adw:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:31-08-2014 02
Ran by Mine at 2014-09-01 15:57:43 Run:1
Running from C:\Users\Mine\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Program Files\Web Protect\MyOSProtect.exe
HKLM\...\Command Processor:  <======= ATTENTION
Winsock: Catalog9 01 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 02 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 03 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 04 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 27 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R3 MyOSProtect; C:\Program Files\Web Protect\MyOSProtect.exe [1317848 2014-08-20] (MyOSCompany) [File not signed]
S2 ProtectMonitor; C:\monitorsvc.exe
R1 pcwatch; C:\Windows\system32\Drivers\pcwatch.sys
C:\Windows\system32\Drivers\pcwatch.sys
C:\monitorsvc.exe
C:\Windows\system32\MyOSProtect.ini
C:\Windows\system32\MyOSProtectOff.ini
C:\Windows\system32\Drivers\pcwatch.sys
C:\Windows\system32\MyOSProtect.dll
C:\Program Files\Web Protect
C:\Users\Mine\AppData\Local\Temp\rtdrvmon.exe
HKU\S-1-5-21-446210937-1492631538-2402945498-1006\Software\Classes\.exe: exefile =>  <===== ATTENTION!
HKU\S-1-5-21-446210937-1492631538-2402945498-1006\Software\Classes\exefile:  <===== ATTENTION!
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pcwatch.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\pcwatch.sys => ""="Driver" <==== ATTENTION
C:\Program Files\Web Protect
cmd: netsh winsock reset


*****************

Could not move "C:\Program Files\Web Protect\MyOSProtect.exe" => Scheduled to move on reboot.
HKLM\Software\Microsoft\Command Processor\\AutoRun => value deleted successfully.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001" => Error deleting key. The key could be protected.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002" => Error deleting key. The key could be protected.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003" => Error deleting key. The key could be protected.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004" => Error deleting key. The key could be protected.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000027" => Error deleting key. The key could be protected.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKCU\SOFTWARE\Policies\Google" => Key deleted successfully.
MyOSProtect => Service stopped successfully.
MyOSProtect => Error deleting Service
ProtectMonitor => Service deleted successfully.
pcwatch => Unable to stop service
pcwatch => Error deleting Service
Could not move "C:\Windows\system32\Drivers\pcwatch.sys" => Scheduled to move on reboot.
Could not move "C:\monitorsvc.exe" => Scheduled to move on reboot.
C:\Windows\system32\MyOSProtect.ini => Moved successfully.
C:\Windows\system32\MyOSProtectOff.ini => Moved successfully.
Could not move "C:\Windows\system32\Drivers\pcwatch.sys" => Scheduled to move on reboot.
Could not move "C:\Windows\system32\MyOSProtect.dll" => Scheduled to move on reboot.
C:\Program Files\Web Protect => Moved successfully.
C:\Users\Mine\AppData\Local\Temp\rtdrvmon.exe => Moved successfully.
"HKU\S-1-5-21-446210937-1492631538-2402945498-1006\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-21-446210937-1492631538-2402945498-1006\Software\Classes\.exe" => Key deleted successfully.
"HKU\S-1-5-21-446210937-1492631538-2402945498-1006\Software\Classes\exefile" => Key not found.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\pcwatch.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\pcwatch.sys" => Key deleted successfully.
"C:\Program Files\Web Protect" => File/Directory not found.

=========  netsh winsock reset =========

Access is denied.



========= End of CMD: =========


=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-09-01 16:00:37)<=

C:\Program Files\Web Protect\MyOSProtect.exe => Is moved successfully.
"C:\Windows\system32\Drivers\pcwatch.sys" => File could not move.
"C:\monitorsvc.exe" => File could not move.
"C:\Windows\system32\Drivers\pcwatch.sys" => File could not move.
"C:\Windows\system32\MyOSProtect.dll" => File could not move.

==== End of Fixlog ====

 

JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows Vista Home Premium x86
Ran by Mine on Mon 09/01/2014 at 16:21:56.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values




~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"



~~~ FireFox

Emptied folder: C:\Users\Mine\AppData\Roaming\mozilla\firefox\profiles\lmkav7d2.default-1409459547997\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 09/01/2014 at 16:32:18.03
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

Here it is. Thought I added it before:

 

# AdwCleaner v3.308 - Report created 01/09/2014 at 16:12:12
# Updated 20/08/2014 by Xplode
# Operating System : Windows Vista Home Premium  (32 bits)
# Username : Mine - GREG
# Running from : C:\Users\Mine\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\WebProtect
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\WebProtect

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.16982


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Mine\AppData\Roaming\Mozilla\Firefox\Profiles\lmkav7d2.default-1409459547997\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [2337 octets] - [01/09/2014 16:08:42]
AdwCleaner[s0].txt - [2298 octets] - [01/09/2014 16:12:12]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2358 octets] ##########
 

Link to post
Share on other sites

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/1/2014
Scan Time: 5:05:00 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.01.08
Rootkit Database: v2014.08.21.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows Vista
CPU: x86
File System: NTFS
User: Mine

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 305868
Time Elapsed: 8 min, 4 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2014 02
Ran by Mine (administrator) on GREG on 01-09-2014 17:18:32
Running from C:\Users\Mine\Downloads
Platform: Microsoft® Windows Vista™ Home Premium  (X86) OS Language: English (United States)
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
( ) C:\Windows\System32\lxczcoms.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Lexmark International, Inc.) C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Lexmark International, Inc.) C:\Program Files\Lexmark 1200 Series\LXCZbmon.exe
() C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
(New Boundary Technologies, Inc.) C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
() C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Mine\Downloads\FRST(2).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1006264 2013-11-28] (Microsoft Corporation)
HKLM\...\Run: [lxczbmgr.exe] => C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [74672 2007-04-19] (Lexmark International, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-29] (AVAST Software)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-446210937-1492631538-2402945498-1006\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125440 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-21-446210937-1492631538-2402945498-1006\...\MountPoints2: {bc00e5f3-585d-11e3-9389-001676b89a72} - I:\autorun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk
ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
Winsock: Catalog9 01 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 02 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 03 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 04 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 27 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Mine\AppData\Roaming\Mozilla\Firefox\Profiles\lmkav7d2.default-1409459547997
FF Homepage: hxxp://xfinity.comcast.net/?cid=mtmh08302014
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-11-28]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-29]

Chrome:
=======
CHR HomePage: Default -> 9B7B6EB9CE8065108ED8E18021C98A6B516F63CD53DE685AD2D931536EC543A3
CHR DefaultSearchKeyword: Default -> 606B541C4399023170102B5090D58A10EC5AE16ECF214504BED337732FC5A953
CHR DefaultSearchProvider: Default -> D56FE927DAF895A67F8681DE1657078E28E2017D5C8E47BD77596A9377335CB6
CHR DefaultSearchURL: Default -> D44BA351EA76489E63347E5C5678B62EDFB9DA9386846B43452530E03998ECB6
CHR CustomProfile: C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-29]
CHR Extension: (Google Drive) - C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-29]
CHR Extension: (YouTube) - C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-29]
CHR Extension: (Google Search) - C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-29]
CHR Extension: (Gmail) - C:\Users\Mine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-29]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-29] (AVAST Software)
R2 lxcz_device; C:\Windows\system32\lxczcoms.exe [537520 2007-04-19] ( )
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 MHN; C:\Windows\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
R2 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [65536 2006-06-19] (New Boundary Technologies, Inc.) [File not signed]
R2 WSWNDA3100v2; C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] ()
S3 MyOSProtect; C:\Program Files\Web Protect\MyOSProtect.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 abp480n5; C:\Windows\System32\DRIVERS\ABP480N5.SYS [23552 2004-08-10] (Microsoft Corporation) [File not signed]
R0 Aha154x; C:\Windows\System32\DRIVERS\aha154x.sys [12800 2004-08-10] (Microsoft Corporation) [File not signed]
R0 aic78u2; C:\Windows\System32\DRIVERS\aic78u2.sys [55168 2004-08-10] (Microsoft Corporation) [File not signed]
R0 amacpi; C:\Windows\System32\DRIVERS\null.sys [4608 2006-11-02] (Microsoft Corporation)
R0 amsint; C:\Windows\System32\DRIVERS\amsint.sys [12032 2004-08-10] (Microsoft Corporation) [File not signed]
R0 asc; C:\Windows\System32\DRIVERS\asc.sys [26496 2004-08-10] (Advanced System Products, Inc.) [File not signed]
R0 asc3350p; C:\Windows\System32\DRIVERS\asc3350p.sys [22400 2004-08-10] (Microsoft Corporation) [File not signed]
R0 asc3550; C:\Windows\System32\DRIVERS\asc3550.sys [14848 2004-08-10] (Advanced System Products, Inc.) [File not signed]
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-29] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-08-29] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-29] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-29] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-29] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-08-29] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-29] ()
R3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [1074944 2011-12-12] (Broadcom Corporation)
R0 cd20xrnt; C:\Windows\System32\DRIVERS\cd20xrnt.sys [7680 2004-08-10] (Microsoft Corporation) [File not signed]
S3 CmBatt; C:\Windows\System32\DRIVERS\CmBatt.sys [14080 2004-08-03] (Microsoft Corporation) [File not signed]
R0 Cpqarray; C:\Windows\System32\DRIVERS\cpqarray.sys [14976 2004-08-10] (Microsoft Corporation) [File not signed]
R0 dac2w2k; C:\Windows\System32\DRIVERS\dac2w2k.sys [179584 2004-08-10] (Mylex Corporation) [File not signed]
R0 dac960nt; C:\Windows\System32\DRIVERS\dac960nt.sys [14720 2004-08-10] (Microsoft Corporation) [File not signed]
R0 dpti2o; C:\Windows\System32\DRIVERS\dpti2o.sys [20192 2004-08-10] (Microsoft Corporation) [File not signed]
R3 hcwPP2; C:\Windows\System32\DRIVERS\hcwPP2.sys [185728 2007-02-06] (Hauppauge Computer Works, Inc.)
R0 hpn; C:\Windows\System32\DRIVERS\hpn.sys [25952 2004-08-10] (Microsoft Corporation) [File not signed]
R0 ini910u; C:\Windows\System32\DRIVERS\ini910u.sys [16000 2004-08-10] (Microsoft Corporation) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-01] (Malwarebytes Corporation)
S3 MHNDRV; C:\Windows\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [50704 2010-02-03] (CACE Technologies, Inc.)
R1 pcwatch; C:\Windows\system32\Drivers\pcwatch.sys [19840 2014-08-20] () [File not signed] <==== ATTENTION
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [20576 2005-05-13] (Sonic Solutions) [File not signed]
R0 ql1080; C:\Windows\System32\DRIVERS\ql1080.sys [40320 2004-08-10] (QLogic Corporation) [File not signed]
R0 Ql10wnt; C:\Windows\System32\DRIVERS\ql10wnt.sys [33152 2004-08-10] (Microsoft Corporation) [File not signed]
R0 ql12160; C:\Windows\System32\DRIVERS\ql12160.sys [45312 2004-08-10] (QLogic Corporation) [File not signed]
R0 ql1240; C:\Windows\System32\DRIVERS\ql1240.sys [40448 2004-08-10] (Microsoft Corporation) [File not signed]
R0 ql1280; C:\Windows\System32\DRIVERS\ql1280.sys [49024 2004-08-10] (QLogic Corporation) [File not signed]
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows ® Codename Longhorn DDK provider)
R0 Sparrow; C:\Windows\System32\DRIVERS\sparrow.sys [19072 2004-08-10] (Adaptec, Inc.) [File not signed]
R0 symc810; C:\Windows\System32\DRIVERS\symc810.sys [16256 2004-08-10] (Symbios Logic Inc.) [File not signed]
R0 TosIde; C:\Windows\System32\DRIVERS\toside.sys [4992 2004-08-10] (Microsoft Corporation) [File not signed]
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [33512 2014-09-01] ()
R0 ultra; C:\Windows\System32\DRIVERS\ultra.sys [36736 2004-08-10] (Promise Technology, Inc.) [File not signed]
S0 AVG Anti-Rootkit; System32\DRIVERS\avgarkt.sys [X]
S1 AvgArCln; System32\DRIVERS\AvgArCln.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-01 17:18 - 2014-09-01 17:18 - 01096704 _____ (Farbar) C:\Users\Mine\Downloads\FRST(2).exe
2014-09-01 16:32 - 2014-09-01 16:32 - 00000880 _____ () C:\Users\Mine\Desktop\JRT.txt
2014-09-01 16:17 - 2014-09-01 16:17 - 01016261 _____ (Thisisu) C:\Users\Mine\Downloads\JRT.exe
2014-09-01 16:16 - 2014-09-01 16:16 - 00002438 _____ () C:\Users\Mine\Desktop\AdwCleaner[s0].txt
2014-09-01 16:10 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-09-01 16:08 - 2014-09-01 16:12 - 00000000 ____D () C:\AdwCleaner
2014-09-01 16:06 - 2014-09-01 16:07 - 01364531 _____ () C:\Users\Mine\Downloads\AdwCleaner.exe
2014-09-01 16:05 - 2014-09-01 16:05 - 00709564 _____ () C:\Users\Mine\Downloads\delfix_10.8(1).exe
2014-09-01 15:45 - 2014-09-01 16:18 - 00000000 ____D () C:\Windows\ERUNT
2014-09-01 15:45 - 2014-09-01 16:05 - 00000250 _____ () C:\DelFix.txt
2014-09-01 15:43 - 2014-09-01 15:43 - 00709564 _____ () C:\Users\Mine\Downloads\delfix_10.8.exe
2014-09-01 13:09 - 2014-09-01 13:09 - 00028857 _____ () C:\Users\Mine\Desktop\FRST.txt
2014-09-01 13:08 - 2014-09-01 13:08 - 00023100 _____ () C:\Users\Mine\Desktop\Addition.txt
2014-09-01 13:03 - 2014-09-01 13:03 - 00033512 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-09-01 13:03 - 2014-09-01 13:03 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-01 13:02 - 2014-09-01 13:02 - 04857944 _____ () C:\Users\Mine\Downloads\RogueKiller.exe
2014-09-01 13:00 - 2014-09-01 13:01 - 00023100 _____ () C:\Users\Mine\Downloads\Addition.txt
2014-09-01 12:59 - 2014-09-01 17:19 - 00014185 _____ () C:\Users\Mine\Downloads\FRST.txt
2014-09-01 12:59 - 2014-09-01 17:18 - 00000000 ____D () C:\FRST
2014-09-01 12:58 - 2014-09-01 12:58 - 01096704 _____ (Farbar) C:\Users\Mine\Downloads\FRST.exe
2014-09-01 12:58 - 2014-09-01 12:58 - 01096704 _____ (Farbar) C:\Users\Mine\Downloads\FRST(1).exe
2014-08-31 21:13 - 2014-08-31 21:13 - 00000079 _____ () C:\Windows\wininit.ini
2014-08-31 20:28 - 2014-09-01 16:21 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-31 20:27 - 2014-08-31 20:27 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-31 20:27 - 2014-08-31 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-31 20:27 - 2014-08-31 20:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-31 20:27 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-31 20:27 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-31 20:27 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-31 20:26 - 2014-08-31 20:26 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mine\Downloads\mbam-setup-2.0.2.1012(2).exe
2014-08-31 20:07 - 2014-08-31 20:07 - 00000074 _____ () C:\lxcz.log
2014-08-31 18:06 - 2014-08-31 18:06 - 00707664 _____ (iS3, Inc.) C:\Users\Mine\Downloads\SZSetup_AID10121_AV.exe
2014-08-31 17:36 - 2014-08-31 17:36 - 02177424 _____ (Reason Software Company Inc.) C:\Users\Mine\Downloads\ShouldIRemoveIt_Setup.exe
2014-08-30 21:27 - 2014-08-31 21:15 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-08-30 21:27 - 2014-08-31 21:13 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-30 21:26 - 2014-08-30 21:26 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Mine\Downloads\spybot-2.4.exe
2014-08-30 21:21 - 2014-08-30 21:21 - 02806920 _____ () C:\Users\Mine\Downloads\Adaware_Installer(4).exe
2014-08-30 21:18 - 2014-08-30 21:19 - 02806920 _____ () C:\Users\Mine\Downloads\Adaware_Installer(3).exe
2014-08-30 21:17 - 2014-08-30 21:17 - 02806920 _____ () C:\Users\Mine\Downloads\Adaware_Installer(2).exe
2014-08-30 21:15 - 2014-08-30 21:16 - 02806920 _____ () C:\Users\Mine\Downloads\Adaware_Installer(1).exe
2014-08-30 21:14 - 2014-08-30 21:14 - 02806920 _____ () C:\Users\Mine\Downloads\Adaware_Installer.exe
2014-08-30 21:14 - 2014-08-30 21:14 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-08-29 17:16 - 2014-08-29 17:16 - 00000000 ____D () C:\Users\Mine\AppData\Roaming\AVAST Software
2014-08-29 17:12 - 2014-08-29 20:22 - 00000000 ____D () C:\Program Files\Google
2014-08-29 17:12 - 2014-08-29 17:15 - 00000000 ____D () C:\Users\Mine\AppData\Local\Google
2014-08-29 17:11 - 2014-08-29 17:13 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-29 17:11 - 2014-08-29 17:11 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-29 17:11 - 2014-08-29 17:11 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-29 17:11 - 2014-08-29 17:11 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-29 17:11 - 2014-08-29 17:11 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-29 17:11 - 2014-08-29 17:11 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-08-29 17:11 - 2014-08-29 17:11 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-08-29 17:11 - 2014-08-29 17:11 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-29 17:11 - 2014-08-29 17:11 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-29 17:11 - 2014-08-29 17:11 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-29 17:09 - 2014-08-29 17:09 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-29 17:07 - 2014-08-29 17:09 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-29 17:07 - 2014-08-29 17:07 - 04862664 _____ (AVAST Software) C:\Users\Mine\Downloads\avast_free_antivirus_setup_online.exe
2014-08-29 15:28 - 2014-08-29 15:28 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mine\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-08-29 15:23 - 2014-08-29 15:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mine\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-29 10:10 - 2014-08-29 10:10 - 00000000 ____D () C:\Users\Mine\AppData\Local\Adobe
2014-08-29 00:32 - 2014-08-29 00:32 - 00423736 _____ () C:\Users\Mine\Downloads\avgarkt-setup-1.1.0.42.exe
2014-08-28 18:13 - 2014-09-01 15:57 - 00004144 _____ () C:\Windows\system32\MyOSProtect.ini
2014-08-28 18:13 - 2014-09-01 15:57 - 00002072 _____ () C:\Windows\system32\MyOSProtectOff.ini
2014-08-28 18:13 - 2014-08-20 12:48 - 00019840 _____ () C:\Windows\system32\Drivers\pcwatch.sys
2014-08-28 18:13 - 2014-08-20 12:36 - 00304776 _____ (MyOSCompany) C:\Windows\system32\MyOSProtect.dll
2014-08-25 12:30 - 2014-08-25 12:30 - 00034244 _____ () C:\monitorsvc.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-01 17:19 - 2014-09-01 12:59 - 00014185 _____ () C:\Users\Mine\Downloads\FRST.txt
2014-09-01 17:19 - 2013-11-28 22:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-01 17:18 - 2014-09-01 17:18 - 01096704 _____ (Farbar) C:\Users\Mine\Downloads\FRST(2).exe
2014-09-01 17:18 - 2014-09-01 12:59 - 00000000 ____D () C:\FRST
2014-09-01 16:32 - 2014-09-01 16:32 - 00000880 _____ () C:\Users\Mine\Desktop\JRT.txt
2014-09-01 16:28 - 2006-11-02 05:33 - 00747936 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-01 16:24 - 2006-11-02 07:52 - 01610793 _____ () C:\Windows\WindowsUpdate.log
2014-09-01 16:21 - 2014-08-31 20:28 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-01 16:21 - 2013-11-28 13:35 - 00003120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-01 16:21 - 2013-11-28 13:35 - 00003120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-01 16:21 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-01 16:19 - 2006-06-17 04:45 - 00029286 _____ () C:\Windows\SchedLgU.Txt
2014-09-01 16:18 - 2014-09-01 15:45 - 00000000 ____D () C:\Windows\ERUNT
2014-09-01 16:17 - 2014-09-01 16:17 - 01016261 _____ (Thisisu) C:\Users\Mine\Downloads\JRT.exe
2014-09-01 16:16 - 2014-09-01 16:16 - 00002438 _____ () C:\Users\Mine\Desktop\AdwCleaner[s0].txt
2014-09-01 16:13 - 2013-11-28 13:49 - 00047890 _____ () C:\Windows\PFRO.log
2014-09-01 16:12 - 2014-09-01 16:08 - 00000000 ____D () C:\AdwCleaner
2014-09-01 16:07 - 2014-09-01 16:06 - 01364531 _____ () C:\Users\Mine\Downloads\AdwCleaner.exe
2014-09-01 16:05 - 2014-09-01 16:05 - 00709564 _____ () C:\Users\Mine\Downloads\delfix_10.8(1).exe
2014-09-01 16:05 - 2014-09-01 15:45 - 00000250 _____ () C:\DelFix.txt
2014-09-01 15:57 - 2014-08-28 18:13 - 00004144 _____ () C:\Windows\system32\MyOSProtect.ini
2014-09-01 15:57 - 2014-08-28 18:13 - 00002072 _____ () C:\Windows\system32\MyOSProtectOff.ini
2014-09-01 15:43 - 2014-09-01 15:43 - 00709564 _____ () C:\Users\Mine\Downloads\delfix_10.8.exe
2014-09-01 15:41 - 2014-03-28 17:26 - 00000000 ____D () C:\Users\Mine\AppData\Local\Battle.net
2014-09-01 13:32 - 2013-11-28 23:10 - 00000000 ____D () C:\Program Files\World of Warcraft
2014-09-01 13:09 - 2014-09-01 13:09 - 00028857 _____ () C:\Users\Mine\Desktop\FRST.txt
2014-09-01 13:08 - 2014-09-01 13:08 - 00023100 _____ () C:\Users\Mine\Desktop\Addition.txt
2014-09-01 13:03 - 2014-09-01 13:03 - 00033512 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-09-01 13:03 - 2014-09-01 13:03 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-01 13:02 - 2014-09-01 13:02 - 04857944 _____ () C:\Users\Mine\Downloads\RogueKiller.exe
2014-09-01 13:01 - 2014-09-01 13:00 - 00023100 _____ () C:\Users\Mine\Downloads\Addition.txt
2014-09-01 12:58 - 2014-09-01 12:58 - 01096704 _____ (Farbar) C:\Users\Mine\Downloads\FRST.exe
2014-09-01 12:58 - 2014-09-01 12:58 - 01096704 _____ (Farbar) C:\Users\Mine\Downloads\FRST(1).exe
2014-08-31 21:15 - 2014-08-30 21:27 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-08-31 21:13 - 2014-08-31 21:13 - 00000079 _____ () C:\Windows\wininit.ini
2014-08-31 21:13 - 2014-08-30 21:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-31 20:27 - 2014-08-31 20:27 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-31 20:27 - 2014-08-31 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-31 20:27 - 2014-08-31 20:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-31 20:26 - 2014-08-31 20:26 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mine\Downloads\mbam-setup-2.0.2.1012(2).exe
2014-08-31 20:07 - 2014-08-31 20:07 - 00000074 _____ () C:\lxcz.log
2014-08-31 18:18 - 2014-04-15 17:12 - 00000000 ____D () C:\Windows\Minidump
2014-08-31 18:06 - 2014-08-31 18:06 - 00707664 _____ (iS3, Inc.) C:\Users\Mine\Downloads\SZSetup_AID10121_AV.exe
2014-08-31 17:36 - 2014-08-31 17:36 - 02177424 _____ (Reason Software Company Inc.) C:\Users\Mine\Downloads\ShouldIRemoveIt_Setup.exe
2014-08-30 23:32 - 2013-12-05 00:39 - 00000000 ____D () C:\Users\Mine\Desktop\Old Firefox Data
2014-08-30 21:26 - 2014-08-30 21:26 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Mine\Downloads\spybot-2.4.exe
2014-08-30 21:21 - 2014-08-30 21:21 - 02806920 _____ () C:\Users\Mine\Downloads\Adaware_Installer(4).exe
2014-08-30 21:19 - 2014-08-30 21:18 - 02806920 _____ () C:\Users\Mine\Downloads\Adaware_Installer(3).exe
2014-08-30 21:17 - 2014-08-30 21:17 - 02806920 _____ () C:\Users\Mine\Downloads\Adaware_Installer(2).exe
2014-08-30 21:16 - 2014-08-30 21:15 - 02806920 _____ () C:\Users\Mine\Downloads\Adaware_Installer(1).exe
2014-08-30 21:14 - 2014-08-30 21:14 - 02806920 _____ () C:\Users\Mine\Downloads\Adaware_Installer.exe
2014-08-30 21:14 - 2014-08-30 21:14 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-08-30 19:32 - 2013-11-28 22:20 - 00000000 ____D () C:\ProgramData\AVG2014
2014-08-30 19:32 - 2013-11-28 22:18 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-29 20:22 - 2014-08-29 17:12 - 00000000 ____D () C:\Program Files\Google
2014-08-29 17:16 - 2014-08-29 17:16 - 00000000 ____D () C:\Users\Mine\AppData\Roaming\AVAST Software
2014-08-29 17:15 - 2014-08-29 17:12 - 00000000 ____D () C:\Users\Mine\AppData\Local\Google
2014-08-29 17:13 - 2014-08-29 17:11 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-29 17:11 - 2014-08-29 17:11 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-29 17:11 - 2014-08-29 17:11 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-29 17:11 - 2014-08-29 17:11 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-29 17:11 - 2014-08-29 17:11 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-29 17:11 - 2014-08-29 17:11 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-08-29 17:11 - 2014-08-29 17:11 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-08-29 17:11 - 2014-08-29 17:11 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-29 17:11 - 2014-08-29 17:11 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-29 17:11 - 2014-08-29 17:11 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-29 17:09 - 2014-08-29 17:09 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-29 17:09 - 2014-08-29 17:07 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-29 17:07 - 2014-08-29 17:07 - 04862664 _____ (AVAST Software) C:\Users\Mine\Downloads\avast_free_antivirus_setup_online.exe
2014-08-29 15:42 - 2006-11-02 07:37 - 00000000 ____D () C:\Windows\ShellNew
2014-08-29 15:28 - 2014-08-29 15:28 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mine\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-08-29 15:23 - 2014-08-29 15:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mine\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-29 10:10 - 2014-08-29 10:10 - 00000000 ____D () C:\Users\Mine\AppData\Local\Adobe
2014-08-29 00:57 - 2013-12-05 16:07 - 00000000 ____D () C:\Users\Mine\AppData\Local\Microsoft Games
2014-08-29 00:32 - 2014-08-29 00:32 - 00423736 _____ () C:\Users\Mine\Downloads\avgarkt-setup-1.1.0.42.exe
2014-08-25 12:30 - 2014-08-25 12:30 - 00034244 _____ () C:\monitorsvc.exe
2014-08-22 00:00 - 2014-03-28 17:26 - 00000000 ____D () C:\Program Files\Battle.net
2014-08-20 12:48 - 2014-08-28 18:13 - 00019840 _____ () C:\Windows\system32\Drivers\pcwatch.sys
2014-08-20 12:36 - 2014-08-28 18:13 - 00304776 _____ (MyOSCompany) C:\Windows\system32\MyOSProtect.dll
2014-08-18 23:39 - 2014-03-28 17:29 - 00000000 ____D () C:\Program Files\Hearthstone
2014-08-15 13:51 - 2013-11-28 22:06 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-08-15 13:51 - 2013-11-28 22:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-08-15 13:49 - 2013-12-05 20:13 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-15 13:49 - 2013-11-28 21:48 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-14 03:08 - 2013-11-28 22:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-14 03:07 - 2013-11-28 21:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 03:03 - 2006-11-02 05:24 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-08-05 09:20 - 2013-11-28 15:30 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Mine\AppData\Local\Temp\ERUNT.exe
C:\Users\Mine\AppData\Local\Temp\Quarantine.exe
C:\Users\Mine\AppData\Local\Temp\rtdrvmon.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-01 16:26

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-08-2014 02
Ran by Mine at 2014-09-01 17:19:25
Running from C:\Users\Mine\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
Hearthstone (HKLM\...\Hearthstone) (Version:  - Blizzard Entertainment)
Intel® Management Engine Interface (HKLM\...\HECI) (Version:  - )
Lexmark 1200 Series (HKLM\...\Lexmark 1200 Series) (Version:  - Lexmark International, Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB953297) (HKLM\...\M953297) (Version:  - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2007 (HKLM\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.03.000 - NETGEAR)
PCI Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_HSF) (Version:  - )
Sonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_PROR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_PROR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{B2260BC9-D561-46EE-B33D-739CF760A2A9}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_PROR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_PROR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version: 3.1 - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (Version: 3.1 - Microsoft Corporation) Hidden
World of Warcraft (HKLM\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

14-08-2014 06:20:45 Scheduled Checkpoint
14-08-2014 08:03:03 Windows Update
15-08-2014 05:08:53 Scheduled Checkpoint
15-08-2014 20:42:48 Scheduled Checkpoint
17-08-2014 05:00:03 Scheduled Checkpoint
18-08-2014 05:18:38 Scheduled Checkpoint
19-08-2014 05:16:11 Scheduled Checkpoint
20-08-2014 05:00:03 Scheduled Checkpoint
21-08-2014 05:00:03 Scheduled Checkpoint
22-08-2014 06:51:33 Scheduled Checkpoint
22-08-2014 23:39:06 Scheduled Checkpoint
24-08-2014 05:06:27 Scheduled Checkpoint
25-08-2014 05:07:35 Scheduled Checkpoint
26-08-2014 05:00:02 Scheduled Checkpoint
27-08-2014 05:17:50 Scheduled Checkpoint
28-08-2014 05:19:11 Scheduled Checkpoint
29-08-2014 00:30:29 Scheduled Checkpoint
29-08-2014 22:08:42 avast! antivirus system restore point
30-08-2014 14:10:33 Scheduled Checkpoint
31-08-2014 00:16:42 Removed AVG 2014
31-08-2014 00:21:31 Removed AVG 2014
31-08-2014 00:23:56 Removed AVG 2014
31-08-2014 02:07:16 Windows Update
31-08-2014 22:36:55 Installed Should I Remove It
31-08-2014 22:49:11 Removed Should I Remove It
31-08-2014 23:08:14 Installed STOPzilla
01-09-2014 01:03:21 Removed STOPzilla

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2006-11-02] (Microsoft Corporation)
Task: {9EB44560-63F6-4CA3-8294-048D3F7D340B} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {D24CD63C-98C1-48C1-AA9E-68D032EB32E5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-29] (AVAST Software)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2006-11-02] ()
Task: {F376EAF7-9C2A-4F10-9861-5C21DEE499DE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-15] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-08-29 17:11 - 2014-08-29 17:11 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-01 15:54 - 2014-09-01 15:54 - 02806272 _____ () C:\Program Files\AVAST Software\Avast\defs\14090102\algo.dll
2009-05-16 04:22 - 2009-05-16 04:22 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2014-08-29 17:11 - 2014-08-29 17:11 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-11-28 14:39 - 2011-12-14 18:55 - 08453376 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
2013-11-28 14:39 - 2011-12-14 11:43 - 00278528 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WifiSvcLib.dll
2006-03-07 13:59 - 2006-03-07 13:59 - 00061440 _____ () C:\Windows\system32\lxczcnv6.dll
2013-11-28 14:39 - 2011-12-14 18:53 - 00303360 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
2013-11-28 14:39 - 2011-12-14 11:22 - 00368640 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WifiLib.dll
2014-07-29 14:25 - 2014-07-29 14:26 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Mine\Downloads\White Rabbit Jefferson Airplane 2987 NV.wav:TOC.WMV

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (09/01/2014 05:20:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MyOSProtect service failed to start due to the following error:
%%2

Error: (09/01/2014 05:20:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MyOSProtect service failed to start due to the following error:
%%2

Error: (09/01/2014 05:20:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MyOSProtect service failed to start due to the following error:
%%2

Error: (09/01/2014 05:20:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MyOSProtect service failed to start due to the following error:
%%2

Error: (09/01/2014 05:19:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MyOSProtect service failed to start due to the following error:
%%2

Error: (09/01/2014 05:19:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MyOSProtect service failed to start due to the following error:
%%2

Error: (09/01/2014 05:19:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MyOSProtect service failed to start due to the following error:
%%2

Error: (09/01/2014 05:19:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MyOSProtect service failed to start due to the following error:
%%2

Error: (09/01/2014 05:18:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MyOSProtect service failed to start due to the following error:
%%2

Error: (09/01/2014 05:18:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MyOSProtect service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-09-01 17:19:18.418
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-01 17:19:18.295
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-01 17:19:18.171
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-01 17:19:18.045
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-01 17:19:17.780
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-01 17:19:17.656
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-01 17:19:17.531
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-01 17:19:17.406
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-01 17:08:44.361
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-01 17:08:44.225
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core2 CPU 6300 @ 1.86GHz
Percentage of memory in use: 61%
Total physical RAM: 2029.2 MB
Available physical RAM: 780.15 MB
Total Pagefile: 4273.43 MB
Available Pagefile: 2826.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1942.45 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:298.09 GB) (Free:206.62 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: EDAAEDAA)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

We still have soon work to do.

Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.
Run FRST.exe/FRST64.exe and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

===================

Please upload these files to VirusTotal for a free scan.
Let me know the results...just copy back the URLs.

C:\Windows\system32\Drivers\pcwatch.sys

C:\monitorsvc.exe

Rescan with FRST, just need the FRST.txt log.

MrC

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.