Jump to content

Time Sensitive: MyOSProtect.dll


Recommended Posts

This is causing the browsers to not work. Even though we have Internet and we can ping with a reply back. I have the trial version of MWB with the proper settings enabled. MWB cannot find the problem. Here is the log from the scan.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/13/2014
Scan Time: 5:38:12 PM
Logfile: MBLOG1.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.03.04.09
Rootkit Database: v2014.02.20.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Administrator
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 253828
Time Elapsed: 27 min, 46 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 

After that I ran Farbar Recovery Scan Tool (FRST) here are the FRST and ADDITION log files.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-10-2014 01
Ran by Administrator (administrator) on BKEAN-PC on 13-10-2014 18:13:23
Running from C:\Users\Administrator.bkean-PC\Desktop\frst
Loaded Profile: Administrator (Available profiles: bkean & Administrator)
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SigmaTel, Inc.) C:\Windows\System32\stacsv.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-10-12] (AVAST Software)
HKLM\...\Run: [sDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5580752 2013-12-19] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1856854788-2929793367-565492105-500\...\Run: [DellSupport] => C:\Program Files\DellSupport\DSAgnt.exe [460784 2007-03-15] (Gteko Ltd.)
HKU\S-1-5-21-1856854788-2929793367-565492105-500\...\Run: [WindowexeAllkiller] => C:\Users\Administrator.bkean-PC\Desktop\WindowexeAllkiller\WindowexeAllkiller.exe [403664 2014-08-21] (WindowexeAllkiller.com)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: localhost:21320
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP51
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Winsock: Catalog9 01 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 02 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 03 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 04 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 57 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 24.178.162.3 24.247.15.53
Tcpip\..\Interfaces\{07FCF1A5-1B02-4C0B-8479-BC87C30CC936}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{96B2CC7A-5268-43A0-866B-F1F9897A73B6}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\Administrator.bkean-PC\AppData\Roaming\Mozilla\Firefox\Profiles\upyxnmoa.default
FF Homepage: www.google.com
FF NetworkProxy: "type", 0
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-11-12]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-12]
 
Chrome: 
=======
CHR Profile: C:\Users\Administrator.bkean-PC\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-12]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-12] (AVAST Software)
S4 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2007-03-19] () [File not signed]
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
U3 MyOSProtect; C:\Program Files\PCTRunner\MyOSProtect.exe [1317096 2014-09-01] (MyOSCompany) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3666392 2013-12-19] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2729432 2013-12-19] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-12-19] (Safer-Networking Ltd.)
R2 STacSV; C:\Windows\system32\STacSV.exe [90112 2007-03-06] (SigmaTel, Inc.) [File not signed]
S4 wltrysvc; C:\Windows\System32\bcmwltry.exe [1724416 2007-03-21] (Dell Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-10-12] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-10-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-10-12] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-10-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-10-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414392 2014-10-12] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-10-12] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-10-12] ()
S3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-10-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R1 MpKsl03dfe17e; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0D7D8CCE-2102-4E59-ADDC-3883F01FD87F}\MpKsl03dfe17e.sys [39464 2014-10-13] (Microsoft Corporation)
S3 NB762_XP; C:\Windows\System32\DRIVERS\WlanUZXP.sys [437760 2006-11-09] (ZyDAS Technology Corporation) [File not signed]
R1 pcwatch; C:\Windows\system32\Drivers\pcwatch.sys [19840 2014-09-01] () [File not signed] <==== ATTENTION
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [323584 2007-03-06] (SigmaTel, Inc.)
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 ssnfd; system32\drivers\ssnfd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-13 18:09 - 2014-10-13 18:13 - 00000000 ____D () C:\FRST
2014-10-13 18:08 - 2014-10-13 18:13 - 00000000 ____D () C:\Users\Administrator.bkean-PC\Desktop\frst
2014-10-13 17:36 - 2014-10-13 17:37 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-13 17:36 - 2014-10-13 17:36 - 00000861 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-13 17:36 - 2014-10-13 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-13 17:35 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-13 17:35 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-13 17:35 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-13 17:24 - 2014-10-13 17:24 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-10-13 16:31 - 2014-10-13 17:35 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-13 16:08 - 2014-10-13 16:08 - 00000000 ____D () C:\Users\Administrator.bkean-PC\AppData\Roaming\Macromedia
2014-10-13 15:44 - 2014-10-13 13:17 - 00000768 _____ () C:\Windows\system32\Drivers\etc\hosts.20141013-154423.backup
2014-10-13 14:46 - 2014-10-13 14:46 - 00059464 _____ () C:\Users\Administrator.bkean-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-13 14:33 - 2014-10-13 14:34 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-10-13 14:33 - 2014-10-13 14:33 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-10-13 14:33 - 2014-10-13 14:33 - 00000446 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-10-13 14:29 - 2014-10-13 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-10-13 14:29 - 2014-10-13 14:29 - 00001932 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-10-13 14:29 - 2014-10-13 14:29 - 00001920 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-10-13 14:26 - 2013-09-20 09:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2014-10-13 14:25 - 2014-10-13 15:55 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-13 14:24 - 2014-10-13 16:07 - 00000000 ____D () C:\Users\Administrator.bkean-PC\Desktop\WindowexeAllkiller
2014-10-13 14:22 - 2014-10-13 14:32 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-10-13 14:17 - 2014-10-13 14:24 - 00000000 ____D () C:\Users\Administrator.bkean-PC\AppData\Roaming\WinRAR
2014-10-13 14:17 - 2014-10-13 14:17 - 00000000 ____D () C:\Users\Administrator.bkean-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-10-13 14:17 - 2014-10-13 14:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-10-13 14:16 - 2014-10-13 14:17 - 00000000 ____D () C:\Program Files\WinRAR
2014-10-13 14:15 - 2014-10-13 14:12 - 62839880 _____ (Safer-Networking Ltd. ) C:\Users\Administrator.bkean-PC\Desktop\spybot-2.3-beta1.exe
2014-10-13 14:15 - 2014-10-13 14:08 - 00130995 _____ () C:\Users\Administrator.bkean-PC\Desktop\WindowexeAllkiller.zip
2014-10-13 13:53 - 2014-10-13 17:36 - 00000000 ____D () C:\Users\Administrator.bkean-PC\AppData\Local\CrashDumps
2014-10-13 13:32 - 2014-10-13 13:32 - 00000000 ____D () C:\Users\Administrator.bkean-PC\AppData\Roaming\Mozilla
2014-10-13 13:32 - 2014-10-13 13:32 - 00000000 ____D () C:\Users\Administrator.bkean-PC\AppData\Local\Mozilla
2014-10-13 13:31 - 2014-10-13 13:31 - 00000820 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-13 13:31 - 2014-10-13 13:31 - 00000808 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-13 13:31 - 2014-10-13 13:31 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-13 13:28 - 2014-10-13 13:28 - 00004144 _____ () C:\Windows\system32\MyOSProtect.ini
2014-10-13 13:28 - 2014-10-13 13:28 - 00002072 _____ () C:\Windows\system32\MyOSProtectOff.ini
2014-10-13 13:27 - 2014-10-13 13:25 - 21840856 _____ (Mozilla) C:\Users\Administrator.bkean-PC\Desktop\Firefox Setup 22.0.exe
2014-10-13 13:02 - 2014-10-13 13:02 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-13 13:02 - 2014-10-13 13:02 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-13 12:59 - 2014-10-13 12:58 - 00186880 _____ (CEXX.ORG) C:\Users\Administrator.bkean-PC\Desktop\LSPFix.exe
2014-10-13 12:51 - 2014-10-13 12:52 - 00002517 _____ () C:\Users\Administrator.bkean-PC\Desktop\HiJackThis.lnk
2014-10-13 12:51 - 2014-10-13 12:51 - 00000000 ____D () C:\Users\Administrator.bkean-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-10-13 12:51 - 2014-10-13 12:51 - 00000000 ____D () C:\Program Files\Trend Micro
2014-10-13 12:50 - 2014-10-13 12:48 - 15677528 _____ () C:\Users\Administrator.bkean-PC\Desktop\RogueKiller.exe
2014-10-13 12:50 - 2014-10-13 11:00 - 01976320 _____ () C:\Users\Administrator.bkean-PC\Desktop\AdwCleaner.exe
2014-10-13 12:38 - 2014-10-13 12:38 - 00000000 ____D () C:\Users\Administrator.bkean-PC\AppData\Roaming\AVAST Software
2014-10-13 12:38 - 2014-10-13 12:38 - 00000000 ____D () C:\Users\Administrator.bkean-PC\AppData\Roaming\Adobe
2014-10-13 12:38 - 2014-10-13 12:38 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-13 12:38 - 2014-10-13 12:38 - 00000000 _____ () C:\Windows\setupact.log
2014-10-13 12:37 - 2014-10-13 13:25 - 00000906 _____ () C:\Users\Administrator.bkean-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-13 12:37 - 2014-10-13 12:37 - 00000911 _____ () C:\Users\Administrator.bkean-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-13 12:37 - 2014-10-13 12:37 - 00000000 ___HD () C:\Users\Administrator.bkean-PC\AppData\Roaming\GTek
2014-10-13 12:37 - 2014-10-13 12:37 - 00000000 ____D () C:\Users\Administrator.bkean-PC\AppData\Local\Google
2014-10-13 12:36 - 2014-10-13 12:37 - 00000000 ____D () C:\Users\Administrator.bkean-PC
2014-10-13 12:36 - 2014-10-13 12:36 - 00000877 _____ () C:\Users\Administrator.bkean-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-10-13 12:36 - 2014-10-13 12:36 - 00000258 __RSH () C:\Users\Administrator.bkean-PC\ntuser.pol
2014-10-13 12:36 - 2014-10-13 12:36 - 00000020 ___SH () C:\Users\Administrator.bkean-PC\ntuser.ini
2014-10-13 12:36 - 2011-12-12 04:36 - 00000000 ____D () C:\Users\Administrator.bkean-PC\AppData\Local\Microsoft Help
2014-10-13 12:36 - 2011-12-09 11:00 - 00000000 ___RD () C:\Users\Administrator.bkean-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-13 12:36 - 2011-12-09 11:00 - 00000000 ___RD () C:\Users\Administrator.bkean-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-13 11:14 - 2014-10-13 13:24 - 00010930 _____ () C:\Windows\PFRO.log
2014-10-13 11:03 - 2014-10-13 13:23 - 00000000 ____D () C:\AdwCleaner
2014-10-13 11:02 - 2014-10-13 11:00 - 01976320 _____ () C:\Users\bkean\Desktop\AdwCleaner.exe
2014-10-13 10:48 - 2014-10-13 10:47 - 00244136 _____ () C:\Users\bkean\Desktop\Firefox Setup Stub 32.0.3.exe
2014-10-12 22:26 - 2014-10-12 22:26 - 00000829 _____ () C:\Users\bkean\Desktop\iexplore - Shortcut.lnk
2014-10-12 19:00 - 2014-10-12 19:00 - 00000000 ____D () C:\Users\bkean\AppData\Roaming\AVAST Software
2014-10-12 18:58 - 2014-10-12 18:58 - 00001875 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-10-12 18:58 - 2014-10-12 18:58 - 00000350 ____H () C:\Windows\Tasks\avast! Emergency Update.job
2014-10-12 18:58 - 2014-10-12 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-10-12 18:58 - 2014-10-12 18:57 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-10-12 18:58 - 2014-10-12 18:57 - 00414392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-10-12 18:58 - 2014-10-12 18:57 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-10-12 18:58 - 2014-10-12 18:57 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-10-12 18:58 - 2014-10-12 18:57 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-10-12 18:58 - 2014-10-12 18:57 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-10-12 18:58 - 2014-10-12 18:57 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-10-12 18:58 - 2014-10-12 18:57 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-10-12 18:57 - 2014-10-12 18:57 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-10-12 18:57 - 2014-10-12 18:57 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-10-12 18:57 - 2014-10-12 18:57 - 00000000 ____D () C:\Program Files\AVAST Software
2014-10-11 20:59 - 2014-10-11 20:59 - 00414392 _____ (AVAST Software) C:\Windows\system32\Drivers\kdxltkyp.sys
2014-10-11 20:48 - 2014-10-13 17:53 - 00199943 _____ () C:\Windows\WindowsUpdate.log
2014-10-11 19:03 - 2014-10-11 19:03 - 00000806 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-11 19:03 - 2014-10-11 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-11 19:03 - 2014-10-11 19:03 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-11 19:01 - 2014-10-12 18:57 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-10-11 18:49 - 2014-10-13 17:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-11 18:16 - 2014-10-11 18:16 - 00000004 _____ () C:\Users\bkean\AppData\Roaming\appdataFr2.bin
2014-09-25 00:24 - 2014-09-09 01:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-25 00:22 - 2014-09-25 00:22 - 00000000 ____D () C:\Users\bkean\AppData\Local\ICSharpCode.net
2014-09-23 20:02 - 2014-09-23 20:02 - 03675824 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-09-22 18:44 - 2014-09-22 18:44 - 00000000 ____D () C:\Users\bkean\AppData\Local\SmartWeb
2014-09-22 01:44 - 2014-10-12 19:36 - 00000000 ____D () C:\Users\bkean\AppData\Local\17394
2014-09-22 01:23 - 2014-09-22 01:23 - 00000000 ____D () C:\ProgramData\COMODO
2014-09-22 01:23 - 2014-09-22 01:23 - 00000000 ____D () C:\Program Files\COMODO
2014-09-22 00:39 - 2014-09-26 03:52 - 00000000 ____D () C:\Program Files\OfferBoulevard
2014-09-21 21:41 - 2014-09-01 13:29 - 00019840 _____ () C:\Windows\system32\Drivers\pcwatch.sys
2014-09-21 21:40 - 2014-09-01 13:28 - 00304776 _____ (MyOSCompany) C:\Windows\system32\MyOSProtect.dll
2014-09-21 21:35 - 2014-09-21 21:35 - 00000000 ____D () C:\Users\bkean\AppData\Roaming\Compete
2014-09-21 21:33 - 2014-10-10 12:30 - 00000000 ___HD () C:\Users\Public\Temp
2014-09-21 21:30 - 2014-10-13 11:12 - 00000000 ____D () C:\Program Files\PCTRunner
2014-09-20 13:47 - 2014-09-20 13:47 - 00000000 ____D () C:\Windows\Sun
2014-09-17 11:48 - 2014-09-17 11:48 - 00000000 ____D () C:\ProgramData\WindowsSearch
2014-09-17 09:28 - 2014-09-17 09:28 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-17 09:27 - 2014-09-17 09:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-17 09:27 - 2014-09-17 09:27 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-17 09:27 - 2014-07-25 12:55 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-09-17 09:27 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-17 09:27 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-17 09:27 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-17 09:26 - 2014-09-17 09:27 - 00006095 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
2014-09-17 00:34 - 2014-09-05 04:53 - 00094208 _____ () C:\Users\bkean\AppData\Local\ChromeHitoryDB
2014-09-13 13:33 - 2014-08-15 09:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-13 13:33 - 2014-08-15 09:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-13 13:33 - 2014-08-15 09:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-13 13:33 - 2014-08-15 09:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-13 13:33 - 2014-08-15 09:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-13 13:33 - 2014-08-15 09:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-13 13:33 - 2014-08-15 09:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-13 13:33 - 2014-08-15 09:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-13 13:33 - 2014-08-15 09:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-13 13:33 - 2014-08-15 09:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-13 13:33 - 2014-08-15 09:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-13 13:33 - 2014-08-15 09:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-09-13 13:33 - 2014-08-15 09:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-13 13:33 - 2014-08-15 09:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-13 13:33 - 2014-08-15 09:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-13 13:33 - 2014-08-15 09:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-09-13 13:33 - 2014-08-15 09:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-13 13:33 - 2014-08-15 09:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-13 13:33 - 2014-08-15 09:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-13 13:33 - 2014-08-15 09:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-09-13 13:33 - 2014-08-15 09:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-13 18:02 - 2014-09-03 08:03 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-13 17:25 - 2006-11-02 07:45 - 00005120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-13 17:25 - 2006-11-02 07:45 - 00005120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-13 17:16 - 2014-09-03 08:03 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-13 13:30 - 2014-08-01 09:39 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-13 13:25 - 2006-11-02 07:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-13 13:24 - 2006-11-02 07:58 - 00032600 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-13 11:23 - 2006-11-02 05:33 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-13 11:13 - 2014-09-03 08:06 - 00001037 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-13 11:13 - 2014-09-03 08:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-12 21:53 - 2007-08-08 03:44 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-10-12 21:46 - 2007-08-08 03:46 - 00000000 ____D () C:\Program Files\Dell
2014-10-12 21:25 - 2014-09-03 08:03 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-12 19:24 - 2014-09-05 05:13 - 00000000 ____D () C:\Program Files\Browser Features
2014-10-12 19:24 - 2014-08-21 15:46 - 00000000 ____D () C:\Program Files\B021CBBD-E38E-4F8C-8E93-6624B0597A23
2014-10-12 19:23 - 2014-08-21 15:45 - 00000000 ____D () C:\Program Files\005
2014-10-12 19:00 - 2012-02-14 05:26 - 00001356 _____ () C:\Users\bkean\AppData\Local\d3d9caps.dat
2014-10-11 20:47 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\registration
2014-10-11 20:24 - 2011-11-08 19:21 - 00000000 ____D () C:\Users\bkean
2014-10-11 20:24 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\spool
2014-10-11 20:24 - 2006-11-02 05:22 - 40370176 _____ () C:\Windows\system32\config\software_previous
2014-10-11 20:24 - 2006-11-02 05:22 - 18612224 _____ () C:\Windows\system32\config\system_previous
2014-10-11 19:09 - 2013-09-30 12:30 - 00000000 ____D () C:\Windows\Minidump
2014-10-11 19:09 - 2006-11-10 16:59 - 00000000 ____D () C:\Windows\Panther
2014-10-11 19:09 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-10-11 18:48 - 2011-11-08 21:07 - 00032256 _____ () C:\Users\bkean\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-11 18:46 - 2006-11-02 05:22 - 44302336 _____ () C:\Windows\system32\config\components_previous
2014-10-11 18:46 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-10-11 17:56 - 2014-08-21 16:22 - 00000000 ____D () C:\Windows\pss
2014-10-10 12:30 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\default_previous
2014-10-10 12:19 - 2011-11-08 20:10 - 00000000 ____D () C:\Users\bkean\AppData\Roaming\Google
2014-10-07 18:58 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-10-01 04:24 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-09-26 03:54 - 2014-08-21 15:54 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-09-26 03:38 - 2014-08-21 15:54 - 00000000 ____D () C:\ProgramData\e652d9ad20bc418d
2014-09-25 12:43 - 2013-10-10 13:22 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-25 00:41 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache
2014-09-23 20:02 - 2014-09-03 08:02 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-23 20:02 - 2014-09-03 08:02 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-22 01:41 - 2012-01-26 02:01 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-22 01:26 - 2006-11-02 06:18 - 00000000 ____D () C:\Program Files\Common Files\System
2014-09-21 21:45 - 2014-08-23 01:33 - 00000000 ____D () C:\Users\bkean\AppData\Local\com
2014-09-21 21:33 - 2006-11-02 06:18 - 00000000 ___RD () C:\Users\Public
2014-09-20 13:58 - 2014-09-05 06:07 - 00000520 _____ () C:\Users\bkean\.swfinfo
2014-09-17 12:51 - 2012-01-29 22:23 - 00000000 ____D () C:\Users\bkean\AppData\Local\Microsoft Games
2014-09-17 09:27 - 2014-09-03 10:47 - 00000000 ____D () C:\Program Files\Java
2014-09-13 14:04 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-13 13:30 - 2013-08-30 02:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-13 13:13 - 2012-04-29 03:07 - 00001828 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-13 13:13 - 2012-01-26 01:28 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-09-13 13:13 - 2006-11-02 05:24 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-09-13 13:11 - 2012-01-26 01:27 - 00000000 ____D () C:\Program Files\Microsoft Security Client
 
Some content of TEMP:
====================
C:\Users\Administrator.bkean-PC\AppData\Local\Temp\Quarantine.exe
C:\Users\Administrator.bkean-PC\AppData\Local\Temp\sqlite3.dll
C:\Users\bkean\AppData\Local\Temp\sqlite3.dll
C:\Users\bkean\AppData\Local\Temp\_is564C.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-13 13:32
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-10-2014 01
Ran by Administrator at 2014-10-13 18:15:57
Running from C:\Users\Administrator.bkean-PC\Desktop\frst
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 1.007.0323.1740 - )
ATI PCI Express (3GIO) Filter Driver (HKLM\...\{E713653C-8312-4BC6-AFC9-ADE1F2F04AB9}) (Version: 1.00.0000. - AMD)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
Broadcom Management Programs (HKLM\...\{C99C0593-3B48-41D9-B42F-6E035B320449}) (Version: 10.15.03 - Broadcom Corporation)
Catalyst Control Center Core Implementation (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Localization Danish (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Localization Dutch (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Localization Finnish (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Localization Norwegian (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Localization Russian (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Localization Swedish (Version: 2007.0320.2223.38170 - ATI) Hidden
CCC Help Chinese Standard (Version: 2007.0320.2222.38170 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2007.0320.2222.38170 - ATI) Hidden
CCC Help Danish (Version: 2007.0320.2222.38170 - ATI) Hidden
CCC Help Dutch (Version: 2007.0320.2222.38170 - ATI) Hidden
CCC Help English (Version: 2007.0320.2222.38170 - ATI) Hidden
CCC Help Finnish (Version: 2007.0320.2222.38170 - ATI) Hidden
CCC Help French (Version: 2007.0320.2222.38170 - ATI) Hidden
CCC Help German (Version: 2007.0320.2222.38170 - ATI) Hidden
CCC Help Italian (Version: 2007.0320.2222.38170 - ATI) Hidden
CCC Help Japanese (Version: 2007.0320.2222.38170 - ATI) Hidden
CCC Help Korean (Version: 2007.0320.2222.38170 - ATI) Hidden
CCC Help Norwegian (Version: 2007.0320.2222.38170 - ATI) Hidden
CCC Help Portuguese (Version: 2007.0320.2222.38170 - ATI) Hidden
CCC Help Russian (Version: 2007.0320.2222.38170 - ATI) Hidden
CCC Help Spanish (Version: 2007.0320.2222.38170 - ATI) Hidden
CCC Help Swedish (Version: 2007.0320.2222.38170 - ATI) Hidden
ccc-Branding (HKLM\...\{4F5A53E6-3CBE-44D7-91AD-2E535348484F}) (Version: 1.00.0000 - ATI)
ccc-core-static (Version: 2007.0320.2223.38170 - ATI) Hidden
ccc-utility (Version: 2007.0320.2223.38170 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform)
Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version:  - )
Consumer Complete Care Services Agreement (HKLM\...\{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}) (Version: 1.10.0000 - Dell)
Dell DataSafe Online (HKLM\...\{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}) (Version: 1.0.15 - Dell, Inc.)
Dell Support Center (HKLM\...\{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}) (Version: 1.0.07131 - Dell)
Dell System Customization Wizard (HKLM\...\{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}) (Version: 1.00.0000 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 9.1.18.6 - Synaptics)
Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.102.15.61 - Dell Inc.)
DellSupport (HKLM\...\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}) (Version: 6.0.3075 - Dell)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
Games, Music, & Photos Launcher (HKLM\...\{3E25E350-949F-4DB7-8288-2A60E018B4C1}) (Version: 1.00.0000 - Dell Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.7 - Dell)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 22.0 (x86 en-US) (HKLM\...\Mozilla Firefox 22.0 (x86 en-US)) (Version: 22.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 22.0 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
QualxServ Service Agreement (HKLM\...\{0F756CD9-4A1E-409B-B101-601DDC4C03AA}) (Version: 1.11.0000 - Dell Inc.)
QuickSet (HKLM\...\{7F0C4457-8E64-491B-8D7B-991504365D1E}) (Version: 8.0.11 - Dell Inc.)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5102.0 - SigmaTel)
Skins (Version: 2007.0320.2223.38170 - ATI) Hidden
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.14 - Piriform)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.37 - Safer-Networking Ltd.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
25-09-2014 05:23:36 Windows Update
26-09-2014 08:39:57 Removed GeekBuddy.
27-09-2014 09:55:19 Scheduled Checkpoint
28-09-2014 09:30:07 Windows Update
01-10-2014 08:24:34 Scheduled Checkpoint
01-10-2014 09:20:15 Restore Operation
01-10-2014 10:14:35 Windows Update
04-10-2014 08:43:19 Scheduled Checkpoint
08-10-2014 00:37:49 Scheduled Checkpoint
08-10-2014 15:45:21 Scheduled Checkpoint
10-10-2014 17:27:44 Windows Update
12-10-2014 05:04:00 Scheduled Checkpoint
13-10-2014 02:39:18 Removed 926plv32
13-10-2014 02:40:10 Windows Update
13-10-2014 02:42:28 Removed Internet Service Offers Launcher.
13-10-2014 02:46:53 Removed MySafeProxy for Internet Explorer
13-10-2014 02:49:30 Removed Modem Diagnostic Tool.
13-10-2014 02:51:46 Removed NetWaiting
13-10-2014 02:53:09 Removed NetWaiting
13-10-2014 17:50:43 Installed HiJackThis
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 05:23 - 2014-10-13 15:44 - 00450601 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {16A00A5D-43D2-424E-AFC2-354332994E90} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {36DA7BDB-6C90-4C3B-9B31-C2B78FDA8FDA} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {462F054E-3E65-4598-ADC8-2BBCE91D34EF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {54DE66ED-DEB0-4DE9-81BE-60260AB0F601} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {5798B473-F07E-4DDB-9DAC-D2CC733EDE5F} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2011-11-09] ()
Task: {71719949-936C-4082-B8C7-AED5120C3ECE} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {88CAD997-00CA-42E7-9ECA-DABF1EE7D8EC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-03] (Google Inc.)
Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {8D8FA5DB-2487-4AA5-8AA4-4F03F317FE33} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-19] (Microsoft Corporation)
Task: {8DA54437-56E3-4812-BF23-2E4B7421ED43} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {9DDE8FDD-C699-49C7-B78B-6E52A604104F} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {FE3AE11A-DB0F-454E-9ACE-34EC02334A82} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-03] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-10-12 18:57 - 2014-10-12 18:57 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-13 02:27 - 2014-10-13 02:27 - 02873856 _____ () C:\Program Files\AVAST Software\Avast\defs\14101300\algo.dll
2014-10-13 17:27 - 2014-10-13 17:27 - 02873856 _____ () C:\Program Files\AVAST Software\Avast\defs\14101301\algo.dll
2007-08-08 03:46 - 2007-03-21 14:33 - 00065536 _____ () C:\Windows\system32\bcmwlrmt.dll
2006-12-19 19:16 - 2006-12-19 19:16 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
2007-08-08 11:26 - 2007-03-21 01:03 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2014-10-12 18:57 - 2014-10-12 18:57 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-13 14:24 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-10-13 14:24 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pcwatch.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\pcwatch.sys => ""="Driver" <==== ATTENTION
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AllDaySavingsService => 2
MSCONFIG\Services: consumerinput_update => 2
MSCONFIG\Services: consumerinput_updatem => 3
MSCONFIG\Services: cyycfhtzro32 => 2
MSCONFIG\Services: DSBrokerService => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: IePluginServices => 2
MSCONFIG\Services: MyOSProtect => 3
MSCONFIG\Services: MySafeProxyMonitor => 2
MSCONFIG\Services: ProtectMonitor => 2
MSCONFIG\Services: scores => 2
MSCONFIG\Services: wltrysvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk => C:\Windows\pss\QuickSet.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^bkean^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupreg: BManager => C:\Program Files\Browser Features\BManager.exe
MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Windows\system32\WLTRAY.exe
MSCONFIG\startupreg: BrowseIgnite => rundll32 "C:\Program Files\Common Files\System\1048\biapp.dll",CallHandler hk
MSCONFIG\startupreg: Browser Features => C:\Program Files\Browser Features\BManager.exe
MSCONFIG\startupreg: DellSupport => "C:\Program Files\DellSupport\DSAgnt.exe" /startup
MSCONFIG\startupreg: DellSystemDetect => C:\Users\bkean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
MSCONFIG\startupreg: Easy Speed PC => C:\Program Files\Probit Software\Easy Speed PC\ESPCLauncher.exe
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: OfferBoulevard => C:\Program Files\OfferBoulevard\OfferBoulevardW.exe
MSCONFIG\startupreg: Optimizer Pro => C:\Program Files\Optimizer Pro\OptProLauncher.exe
MSCONFIG\startupreg: PCMService => "C:\Program Files\Dell\MediaDirect\PCMService.exe"
MSCONFIG\startupreg: SigmatelSysTrayApp => sttray.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: YTDownloader => "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1856854788-2929793367-565492105-500 - Administrator - Enabled) => C:\Users\Administrator.bkean-PC
bkean (S-1-5-21-1856854788-2929793367-565492105-1000 - Administrator - Enabled) => C:\Users\bkean
Guest (S-1-5-21-1856854788-2929793367-565492105-501 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Dell Wireless 1505 Draft 802.11n WLAN Mini-Card
Description: Dell Wireless 1505 Draft 802.11n WLAN Mini-Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: 802.11g Wireless LAN USB Adapter #8
Description: 802.11g Wireless LAN USB Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer:  
Service: NB762_XP
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/13/2014 05:36:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.0.532, time stamp 0x53518532, faulting module MSCTF.dll, version 6.0.6002.18005, time stamp 0x49e03793, exception code 0xc0000005, fault offset 0x0000a89c,
process id 0x1128, application start time 0xmbam.exe0.
 
Error: (10/13/2014 05:25:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.0.532, time stamp 0x53518532, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,
process id 0x11a0, application start time 0xmbam.exe0.
 
Error: (10/13/2014 02:34:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application SDWelcome.exe, version 2.3.37.130, time stamp 0x52b2f6af, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000005, fault offset 0x00042bfe,
process id 0x160, application start time 0xSDWelcome.exe0.
 
Error: (10/13/2014 01:52:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 37.0.2062.120, time stamp 0x5407bf0e, faulting module chrome.exe, version 37.0.2062.120, time stamp 0x5407bf0e, exception code 0xc0000005, fault offset 0x00037fed,
process id 0x1150, application start time 0xchrome.exe0.
 
Error: (10/13/2014 00:54:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 37.0.2062.120, time stamp 0x5407bf0e, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x39de69d8,
process id 0x10ac, application start time 0xchrome.exe0.
 
Error: (10/13/2014 11:30:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application AdwCleaner.exe, version 4.0.0.0, time stamp 0x543ab366, faulting module AdwCleaner.exe, version 4.0.0.0, time stamp 0x543ab366, exception code 0xc0000005, fault offset 0x0000e07e,
process id 0x105c, application start time 0xAdwCleaner.exe0.
 
Error: (10/13/2014 11:18:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application AdwCleaner.exe, version 4.0.0.0, time stamp 0x543ab366, faulting module MSCTF.dll, version 6.0.6002.18005, time stamp 0x49e03793, exception code 0xc0000005, fault offset 0x00005612,
process id 0x94c, application start time 0xAdwCleaner.exe0.
 
Error: (10/13/2014 11:03:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 37.0.2062.120, time stamp 0x5407bf0e, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000005, fault offset 0x00039211,
process id 0xeb0, application start time 0xchrome.exe0.
 
Error: (10/13/2014 10:27:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 37.0.2062.120, time stamp 0x5407bf0e, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0xd9ce3a3d,
process id 0x678, application start time 0xchrome.exe0.
 
Error: (10/13/2014 10:03:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 37.0.2062.120, time stamp 0x5407bf0e, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000005, fault offset 0x00039211,
process id 0xb90, application start time 0xchrome.exe0.
 
 
System errors:
=============
Error: (10/13/2014 02:32:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spybot-S&D 2 Scanner Service%%1053
 
Error: (10/13/2014 02:32:40 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Spybot-S&D 2 Scanner Service
 
Error: (10/13/2014 01:26:35 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ssnfd
 
Error: (10/13/2014 01:25:28 PM) (Source: Microsoft-Windows-ResourcePublication) (EventID: 1002) (User: NT AUTHORITY)
Description: Provider\Microsoft.Base.Publication/Publication/Computer
 
Error: (10/13/2014 01:25:23 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: 2147942402
 
Error: (10/13/2014 01:23:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Software Licensing11200001Restart the service
 
Error: (10/13/2014 01:23:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Search1300001Restart the service
 
Error: (10/13/2014 01:23:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: XAudioService1
 
Error: (10/13/2014 01:23:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: SigmaTel Audio Service1
 
Error: (10/13/2014 01:23:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Print Spooler1600001Restart the service
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-10-13 18:15:29.964
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-13 18:15:27.952
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-13 18:15:25.893
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-13 18:15:23.896
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-13 18:15:21.322
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-13 18:15:19.263
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-13 18:15:17.266
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-13 18:15:15.207
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-13 18:14:01.434
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-13 18:13:59.437
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD Turion 64 X2 Mobile Technology TL-56
Percentage of memory in use: 55%
Total physical RAM: 1917.42 MB
Available physical RAM: 861.02 MB
Total Pagefile: 4089.36 MB
Available Pagefile: 2485.71 MB
Total Virtual: 2047.88 MB
Available Virtual: 1888.24 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:136.49 GB) (Free:82.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.9 GB) NTFS
Drive f: (Elements) (Fixed) (Total:698.63 GB) (Free:44.81 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 98000000)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=136.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2.5 GB) - (Type=OF Extended)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 698.6 GB) (Disk ID: 00027032)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 

Then I ran RougeKiller here is the report log generated.

 

RogueKiller V10.0.1.0 [Oct 10 2014] by Adlice Software
 
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Administrator [Administrator]
Mode : Scan -- Date : 10/13/2014  19:19:58
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 13 ¤¤¤
[suspicious.Path] HKEY_USERS\S-1-5-21-1856854788-2929793367-565492105-500\Software\Microsoft\Windows\CurrentVersion\Run | WindowexeAllkiller : C:\Users\Administrator.bkean-PC\Desktop\WindowexeAllkiller\WindowexeAllkiller.exe  -> Found
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] HKEY_USERS\S-1-5-21-1856854788-2929793367-565492105-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:13081  -> Found
[PUM.Proxy] HKEY_USERS\S-1-5-21-1856854788-2929793367-565492105-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:21320  -> Found
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:13081  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 8.8.8.8 24.178.162.3 24.247.15.53  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 8.8.8.8 24.178.162.3 24.247.15.53  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{07FCF1A5-1B02-4C0B-8479-BC87C30CC936} | DhcpNameServer : 8.8.8.8 24.178.162.3 24.247.15.53  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A53FD3C-6B54-44B9-A734-FF8621791F57} | DhcpNameServer : 8.8.8.8 24.178.162.3 24.247.15.53  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{07FCF1A5-1B02-4C0B-8479-BC87C30CC936} | DhcpNameServer : 8.8.8.8 24.178.162.3 24.247.15.53  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8A53FD3C-6B54-44B9-A734-FF8621791F57} | DhcpNameServer : 8.8.8.8 24.178.162.3 24.247.15.53  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
 
¤¤¤ Antirootkit : 11 (Driver: Loaded) ¤¤¤
[sSDT:Addr()] NtCreateFile[60] : C:\Windows\system32\Drivers\pcwatch.sys @ 0x8d045178
[sSDT:Addr()] NtCreateKey[64] : C:\Windows\system32\Drivers\pcwatch.sys @ 0x8d0459f8
[sSDT:Addr()] NtDeleteFile[122] : C:\Windows\system32\Drivers\pcwatch.sys @ 0x8d04510c
[sSDT:Addr()] NtDeleteValueKey[126] : C:\Windows\system32\Drivers\pcwatch.sys @ 0x8d045c7e
[sSDT:Addr()] NtOpenFile[186] : C:\Windows\system32\Drivers\pcwatch.sys @ 0x8d04524e
[sSDT:Addr()] NtOpenKey[189] : C:\Windows\system32\Drivers\pcwatch.sys @ 0x8d045aea
[sSDT:Addr()] NtOpenProcess[194] : C:\Windows\system32\Drivers\pcwatch.sys @ 0x8d045df8
[sSDT:Addr()] NtQueryDirectoryFile[218] : C:\Windows\system32\Drivers\pcwatch.sys @ 0x8d0454b4
[sSDT:Addr()] NtSetInformationFile[301] : C:\Windows\system32\Drivers\pcwatch.sys @ 0x8d044f46
[sSDT:Addr()] NtSetValueKey[324] : C:\Windows\system32\Drivers\pcwatch.sys @ 0x8d045b72
[sSDT:Addr()] NtTerminateProcess[334] : C:\Windows\system32\Drivers\pcwatch.sys @ 0x8d045e94
 
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] upyxnmoa.default : user_pref("browser.startup.homepage", "www.google.com"); -> Found
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9160821AS ATA Device +++++
--- User ---
[MBR] 9c07d9de0ae77bdfdde0ba19da87d1bd
[bSP] 0bbd13b5d76695bb505e813c44c7894b : HP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 129024 | Size: 10240 MB
2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 21100544 | Size: 139763 MB
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 307335168 | Size: 2560 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: WD Elements 1023 USB Device +++++
--- User ---
[MBR] 48317413c10337227bf9b5b1c901a873
[bSP] bb0cbb531d0c38de4f3ecca66127dd8b : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 715401 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
============================================
RKreport_DEL_10132014_131805.log - RKreport_SCN_10132014_131518.log

 

Then I ran DelFix with a checkmark in front of Registry Backup only and closed it.

 

Now I believe I am to the point where I need a fixlist file and then I would run that in Farbar. (I know this because I have seen MrC fix this exact issue before I am now just waiting on a reply from him to tell me what to do next now and to get that fixlist file)

Thanks in advance, let's fight malware together!

Link to post
Share on other sites

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
     
    
Before we start please read and note the following:

  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything unexpected happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 
 
 

FRST.gif Fix with Farbar Recovery Scan Tool
 


icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.
 
 
 
 

adwcleaner_new.png Fix with AdwCleaner
 
Please download AdwCleaner by Xplode and save the file to your desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait until the database is updated.
  • Accept the Terms of use and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[s*].txt) will open.

Please include the contents of that file in your reply.
 
Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

fixlist.txt

Link to post
Share on other sites

Here is the fixlog from FRST

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-10-2014 01

Ran by Administrator at 2014-10-14 13:36:59 Run:1
Running from C:\Users\Administrator.bkean-PC\Desktop\frst
Loaded Profile: Administrator (Available profiles: bkean & Administrator)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
closeprocesses:
emptytemp:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: localhost:21320
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=EIE9HP&PC=UP51
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
Winsock: Catalog9 01 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 02 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 03 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 04 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 57 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
C:\Windows\system32\MyOSProtect.dll
cmd: netsh winsock reset
reg: reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
U3 MyOSProtect; C:\Program Files\PCTRunner\MyOSProtect.exe [1317096 2014-09-01] (MyOSCompany) [File not signed]
C:\Program Files\PCTRunner
R1 pcwatch; C:\Windows\system32\Drivers\pcwatch.sys [19840 2014-09-01] () [File not signed] <==== ATTENTION
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [323584 2007-03-06] (SigmaTel, Inc.)
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 ssnfd; system32\drivers\ssnfd.sys [X]
C:\Windows\system32\Drivers\pcwatch.sysTask: {36DA7BDB-6C90-4C3B-9B31-C2B78FDA8FDA} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {54DE66ED-DEB0-4DE9-81BE-60260AB0F601} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pcwatch.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\pcwatch.sys => ""="Driver" <==== ATTENTION
 
*****************
 
Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}" => Key deleted successfully.
"HKCR\CLSID\{80c554b9-c7f8-4a21-9471-06d606da78a2}" => Key not found.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001" => Error deleting key. The key could be protected.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002" => Error deleting key. The key could be protected.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003" => Error deleting key. The key could be protected.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004" => Error deleting key. The key could be protected.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000057" => Error deleting key. The key could be protected.
Could not move "C:\Windows\system32\MyOSProtect.dll" => Scheduled to move on reboot.
 
=========  netsh winsock reset =========
 
Access is denied.
 
 
 
========= End of CMD: =========
 
 
========= reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
MyOSProtect => Error deleting Service
C:\Program Files\PCTRunner => Moved successfully.
pcwatch => Unable to stop service
pcwatch => Error deleting Service
STHDA => Unable to stop service
STHDA => Service deleted successfully.
andnetadb => Service deleted successfully.
blbdrive => Service deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
ssnfd => Service deleted successfully.
"C:\Windows\system32\Drivers\pcwatch.sysTask: {36DA7BDB-6C90-4C3B-9B31-C2B78FDA8FDA} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{54DE66ED-DEB0-4DE9-81BE-60260AB0F601}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54DE66ED-DEB0-4DE9-81BE-60260AB0F601}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SMupdate3" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\pcwatch.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\pcwatch.sys" => Key deleted successfully.
EmptyTemp: => Removed 55.1 MB temporary data.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-10-14 13:44:10)<=
 
"C:\Windows\system32\MyOSProtect.dll" => File could not move.
 
==== End of Fixlog ====
 
Here is the AdwCleaner log
 
# AdwCleaner v4.000 - Report created 14/10/2014 at 13:56:54
# DB v
# Updated 12/10/2014 by Xplode
# Operating System : Windows Vista Home Basic Service Pack 2 (32 b ?s)
# Username : Administrator - BKEAN-PC
# Running from : C:\Users\Administrator.bkean-PC\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : pcwatch
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Windows\system32\drivers\pcwatch.sys
File Deleted : C:\monitorsvc.exe
File Deleted : C:\Windows\system32\MyOSProtect.dll
File Deleted : C:\Windows\system32\MyOSProtect.ini
File Deleted : C:\Windows\system32\MyOSProtectOff.ini
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16575
 
 
-\\ Mozilla Firefox v22.0 (en-US)
 
 
-\\ Google Chrome v37.0.2062.120
 
 
*************************
 
AdwCleaner[R0].txt - [12945 octets] - [13/10/2014 11:03:48]
AdwCleaner[R1].txt - [1295 octets] - [13/10/2014 11:22:21]
AdwCleaner[R2].txt - [1415 octets] - [13/10/2014 11:36:41]
AdwCleaner[R3].txt - [1294 octets] - [13/10/2014 13:18:42]
AdwCleaner[R4].txt - [2269 octets] - [14/10/2014 13:49:55]
AdwCleaner[s0].txt - [13082 octets] - [13/10/2014 11:12:36]
AdwCleaner[s1].txt - [1297 octets] - [13/10/2014 11:30:20]
AdwCleaner[s2].txt - [1368 octets] - [13/10/2014 13:23:42]
AdwCleaner[s3].txt - [2207 octets] - [14/10/2014 13:56:54]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [2267 octets] ##########
 
I would like to add that both times the computer restarted, after logging in, the task manager, internet explorer and "Deleting Browser History" has popped up each time.
Link to post
Share on other sites

Still no Internet via the browsers, but I am able to ping with a reply back so I am connected to the network and have Internet but something is still keeping the browsers from working and according to the AdwCleaner log all those files that it said it deleted still appear to be there, I have browsed all those locations and it doesn't look like it really deleted them even though the log says it did.

Link to post
Share on other sites

FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

Link to post
Share on other sites

FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-10-2014 01
Ran by Administrator (administrator) on BKEAN-PC on 14-10-2014 14:36:56
Running from C:\Users\Administrator.bkean-PC\Desktop\frst
Loaded Profile: Administrator (Available profiles: bkean & Administrator)
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-10-12] (AVAST Software)
HKLM\...\Run: [sDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5580752 2013-12-19] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1856854788-2929793367-565492105-500\...\Run: [DellSupport] => C:\Program Files\DellSupport\DSAgnt.exe [460784 2007-03-15] (Gteko Ltd.)
HKU\S-1-5-21-1856854788-2929793367-565492105-500\...\Run: [WindowexeAllkiller] => C:\Users\Administrator.bkean-PC\Desktop\WindowexeAllkiller\WindowexeAllkiller.exe [403664 2014-08-21] (WindowexeAllkiller.com)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Winsock: Catalog9 01 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 02 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 03 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 04 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 57 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 24.178.162.3 24.247.15.53
Tcpip\..\Interfaces\{07FCF1A5-1B02-4C0B-8479-BC87C30CC936}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{96B2CC7A-5268-43A0-866B-F1F9897A73B6}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\Administrator.bkean-PC\AppData\Roaming\Mozilla\Firefox\Profiles\upyxnmoa.default
FF Homepage: www.google.com
FF NetworkProxy: "type", 0
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-11-12]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-12]
 
Chrome: 
=======
CHR Profile: C:\Users\Administrator.bkean-PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (avast! Online Security) - C:\Users\Administrator.bkean-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-14]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-12]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-12] (AVAST Software)
S4 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2007-03-19] () [File not signed]
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3666392 2013-12-19] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2729432 2013-12-19] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-12-19] (Safer-Networking Ltd.)
S2 STacSV; C:\Windows\system32\STacSV.exe [90112 2007-03-06] (SigmaTel, Inc.) [File not signed]
S4 wltrysvc; C:\Windows\System32\bcmwltry.exe [1724416 2007-03-21] (Dell Inc.) [File not signed]
U3 MyOSProtect; C:\Program Files\PCTRunner\MyOSProtect.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-10-12] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-10-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-10-12] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-10-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-10-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414392 2014-10-12] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-10-12] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-10-12] ()
S3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-10-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
S3 NB762_XP; C:\Windows\System32\DRIVERS\WlanUZXP.sys [437760 2006-11-09] (ZyDAS Technology Corporation) [File not signed]
R1 pcwatch; C:\Windows\system32\Drivers\pcwatch.sys [19840 2014-09-01] () [File not signed] <==== ATTENTION
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-13 18:09 - 2014-10-14 14:37 - 00000000 ____D () C:\FRST
2014-10-13 18:08 - 2014-10-14 14:36 - 00000000 ____D () C:\Users\Administrator.bkean-PC\Desktop\frst
2014-10-13 17:36 - 2014-10-14 13:29 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-13 17:36 - 2014-10-13 17:36 - 00000861 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-13 17:36 - 2014-10-13 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-13 17:35 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-13 17:35 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-13 17:35 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-13 17:24 - 2014-10-13 17:24 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-10-13 16:31 - 2014-10-13 17:35 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-13 16:08 - 2014-10-13 16:08 - 00000000 ____D () C:\Users\Administrator.bkean-PC\AppData\Roaming\Macromedia
2014-10-13 15:44 - 2014-10-13 13:17 - 00000768 _____ () C:\Windows\system32\Drivers\etc\hosts.20141013-154423.backup
2014-10-13 14:46 - 2014-10-13 14:46 - 00059464 _____ () C:\Users\Administrator.bkean-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-13 14:33 - 2014-10-14 14:00 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-10-13 14:33 - 2014-10-14 13:24 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-10-13 14:33 - 2014-10-14 13:24 - 00000446 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-10-13 14:29 - 2014-10-13 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-10-13 14:29 - 2014-10-13 14:29 - 00001932 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-10-13 14:29 - 2014-10-13 14:29 - 00001920 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-10-13 14:26 - 2013-09-20 09:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2014-10-13 14:25 - 2014-10-13 15:55 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-13 14:24 - 2014-10-13 16:07 - 00000000 ____D () C:\Users\Administrator.bkean-PC\Desktop\WindowexeAllkiller
2014-10-13 14:22 - 2014-10-13 14:32 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-10-13 14:17 - 2014-10-13 14:24 - 00000000 ____D () C:\Users\Administrator.bkean-PC\AppData\Roaming\WinRAR
2014-10-13 14:17 - 2014-10-13 14:17 - 00000000 ____D () C:\Users\Administrator.bkean-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-10-13 14:17 - 2014-10-13 14:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-10-13 14:16 - 2014-10-13 14:17 - 00000000 ____D () C:\Program Files\WinRAR
2014-10-13 14:15 - 2014-10-13 14:12 - 62839880 _____ (Safer-Networking Ltd. ) C:\Users\Administrator.bkean-PC\Desktop\spybot-2.3-beta1.exe
2014-10-13 14:15 - 2014-10-13 14:08 - 00130995 _____ () C:\Users\Administrator.bkean-PC\Desktop\WindowexeAllkiller.zip
2014-10-13 13:53 - 2014-10-14 14:20 - 00000000 ____D () C:\Users\Administrator.bkean-PC\AppData\Local\CrashDumps
2014-10-13 13:32 - 2014-10-13 13:32 - 00000000 ____D () C:\Users\Administrator.bkean-PC\AppData\Roaming\Mozilla
2014-10-13 13:32 - 2014-10-13 13:32 - 00000000 ____D () C:\Users\Administrator.bkean-PC\AppData\Local\Mozilla
2014-10-13 13:31 - 2014-10-13 13:31 - 00000820 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-13 13:31 - 2014-10-13 13:31 - 00000808 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-13 13:31 - 2014-10-13 13:31 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-13 13:27 - 2014-10-13 13:25 - 21840856 _____ (Mozilla) C:\Users\Administrator.bkean-PC\Desktop\Firefox Setup 22.0.exe
2014-10-13 13:02 - 2014-10-13 19:05 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-13 13:02 - 2014-10-13 13:02 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-13 12:59 - 2014-10-13 12:58 - 00186880 _____ (CEXX.ORG) C:\Users\Administrator.bkean-PC\Desktop\LSPFix.exe
2014-10-13 12:51 - 2014-10-13 12:52 - 00002517 _____ () C:\Users\Administrator.bkean-PC\Desktop\HiJackThis.lnk
2014-10-13 12:51 - 2014-10-13 12:51 - 00000000 ____D () C:\Users\Administrator.bkean-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-10-13 12:51 - 2014-10-13 12:51 - 00000000 ____D () C:\Program Files\Trend Micro
2014-10-13 12:50 - 2014-10-13 12:48 - 15677528 _____ () C:\Users\Administrator.bkean-PC\Desktop\RogueKiller.exe
2014-10-13 12:50 - 2014-10-13 11:00 - 01976320 _____ () C:\Users\Administrator.bkean-PC\Desktop\AdwCleaner.exe
2014-10-13 12:38 - 2014-10-13 12:38 - 00000000 ____D () C:\Users\Administrator.bkean-PC\AppData\Roaming\AVAST Software
2014-10-13 12:38 - 2014-10-13 12:38 - 00000000 ____D () C:\Users\Administrator.bkean-PC\AppData\Roaming\Adobe
2014-10-13 12:38 - 2014-10-13 12:38 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-13 12:38 - 2014-10-13 12:38 - 00000000 _____ () C:\Windows\setupact.log
2014-10-13 12:37 - 2014-10-13 13:25 - 00000906 _____ () C:\Users\Administrator.bkean-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-13 12:37 - 2014-10-13 12:37 - 00000911 _____ () C:\Users\Administrator.bkean-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-13 12:37 - 2014-10-13 12:37 - 00000000 ___HD () C:\Users\Administrator.bkean-PC\AppData\Roaming\GTek
2014-10-13 12:37 - 2014-10-13 12:37 - 00000000 ____D () C:\Users\Administrator.bkean-PC\AppData\Local\Google
2014-10-13 12:36 - 2014-10-14 13:43 - 00000008 __RSH () C:\Users\Administrator.bkean-PC\ntuser.pol
2014-10-13 12:36 - 2014-10-14 13:43 - 00000000 ____D () C:\Users\Administrator.bkean-PC
2014-10-13 12:36 - 2014-10-13 12:36 - 00000877 _____ () C:\Users\Administrator.bkean-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-10-13 12:36 - 2014-10-13 12:36 - 00000020 ___SH () C:\Users\Administrator.bkean-PC\ntuser.ini
2014-10-13 12:36 - 2011-12-12 04:36 - 00000000 ____D () C:\Users\Administrator.bkean-PC\AppData\Local\Microsoft Help
2014-10-13 12:36 - 2011-12-09 11:00 - 00000000 ___RD () C:\Users\Administrator.bkean-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-13 12:36 - 2011-12-09 11:00 - 00000000 ___RD () C:\Users\Administrator.bkean-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-13 11:14 - 2014-10-14 13:58 - 00030562 _____ () C:\Windows\PFRO.log
2014-10-13 11:03 - 2014-10-14 13:56 - 00000000 ____D () C:\AdwCleaner
2014-10-13 11:02 - 2014-10-13 11:00 - 01976320 _____ () C:\Users\bkean\Desktop\AdwCleaner.exe
2014-10-13 10:48 - 2014-10-13 10:47 - 00244136 _____ () C:\Users\bkean\Desktop\Firefox Setup Stub 32.0.3.exe
2014-10-12 22:26 - 2014-10-12 22:26 - 00000829 _____ () C:\Users\bkean\Desktop\iexplore - Shortcut.lnk
2014-10-12 19:00 - 2014-10-12 19:00 - 00000000 ____D () C:\Users\bkean\AppData\Roaming\AVAST Software
2014-10-12 18:58 - 2014-10-12 18:58 - 00001875 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-10-12 18:58 - 2014-10-12 18:58 - 00000350 ____H () C:\Windows\Tasks\avast! Emergency Update.job
2014-10-12 18:58 - 2014-10-12 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-10-12 18:58 - 2014-10-12 18:57 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-10-12 18:58 - 2014-10-12 18:57 - 00414392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-10-12 18:58 - 2014-10-12 18:57 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-10-12 18:58 - 2014-10-12 18:57 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-10-12 18:58 - 2014-10-12 18:57 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-10-12 18:58 - 2014-10-12 18:57 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-10-12 18:58 - 2014-10-12 18:57 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-10-12 18:58 - 2014-10-12 18:57 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-10-12 18:57 - 2014-10-12 18:57 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-10-12 18:57 - 2014-10-12 18:57 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-10-12 18:57 - 2014-10-12 18:57 - 00000000 ____D () C:\Program Files\AVAST Software
2014-10-11 20:59 - 2014-10-11 20:59 - 00414392 _____ (AVAST Software) C:\Windows\system32\Drivers\kdxltkyp.sys
2014-10-11 20:48 - 2014-10-14 14:15 - 00255587 _____ () C:\Windows\WindowsUpdate.log
2014-10-11 19:03 - 2014-10-11 19:03 - 00000806 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-11 19:03 - 2014-10-11 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-11 19:03 - 2014-10-11 19:03 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-11 19:01 - 2014-10-12 18:57 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-10-11 18:49 - 2014-10-13 17:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-11 18:16 - 2014-10-11 18:16 - 00000004 _____ () C:\Users\bkean\AppData\Roaming\appdataFr2.bin
2014-09-25 00:24 - 2014-09-09 01:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-25 00:22 - 2014-09-25 00:22 - 00000000 ____D () C:\Users\bkean\AppData\Local\ICSharpCode.net
2014-09-23 20:02 - 2014-09-23 20:02 - 03675824 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-09-22 18:44 - 2014-09-22 18:44 - 00000000 ____D () C:\Users\bkean\AppData\Local\SmartWeb
2014-09-22 01:44 - 2014-10-12 19:36 - 00000000 ____D () C:\Users\bkean\AppData\Local\17394
2014-09-22 01:23 - 2014-09-22 01:23 - 00000000 ____D () C:\ProgramData\COMODO
2014-09-22 01:23 - 2014-09-22 01:23 - 00000000 ____D () C:\Program Files\COMODO
2014-09-22 00:39 - 2014-09-26 03:52 - 00000000 ____D () C:\Program Files\OfferBoulevard
2014-09-21 21:41 - 2014-09-01 13:29 - 00019840 _____ () C:\Windows\system32\Drivers\pcwatch.sys
2014-09-21 21:40 - 2014-09-01 13:28 - 00304776 _____ (MyOSCompany) C:\Windows\system32\MyOSProtect.dll
2014-09-21 21:35 - 2014-09-21 21:35 - 00000000 ____D () C:\Users\bkean\AppData\Roaming\Compete
2014-09-21 21:33 - 2014-10-10 12:30 - 00000000 ___HD () C:\Users\Public\Temp
2014-09-20 13:47 - 2014-09-20 13:47 - 00000000 ____D () C:\Windows\Sun
2014-09-17 11:48 - 2014-09-17 11:48 - 00000000 ____D () C:\ProgramData\WindowsSearch
2014-09-17 09:28 - 2014-09-17 09:28 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-17 09:27 - 2014-09-17 09:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-17 09:27 - 2014-09-17 09:27 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-17 09:27 - 2014-07-25 12:55 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-09-17 09:27 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-17 09:27 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-17 09:27 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-17 09:26 - 2014-09-17 09:27 - 00006095 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
2014-09-17 00:34 - 2014-09-05 04:53 - 00094208 _____ () C:\Users\bkean\AppData\Local\ChromeHitoryDB
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-14 14:17 - 2014-09-03 08:03 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-14 14:02 - 2014-09-03 08:03 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-14 13:59 - 2006-11-02 07:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-14 13:59 - 2006-11-02 07:45 - 00005120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-14 13:59 - 2006-11-02 07:45 - 00005120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-14 13:57 - 2006-11-02 07:58 - 00032600 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-14 13:43 - 2014-08-21 15:54 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-10-14 13:37 - 2006-11-02 06:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-14 13:24 - 2006-11-02 07:44 - 00271648 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-13 13:30 - 2014-08-01 09:39 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-13 11:23 - 2006-11-02 05:33 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-13 11:13 - 2014-09-03 08:06 - 00001037 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-13 11:13 - 2014-09-03 08:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-12 21:53 - 2007-08-08 03:44 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-10-12 21:46 - 2007-08-08 03:46 - 00000000 ____D () C:\Program Files\Dell
2014-10-12 21:25 - 2014-09-03 08:03 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-12 19:24 - 2014-09-05 05:13 - 00000000 ____D () C:\Program Files\Browser Features
2014-10-12 19:24 - 2014-08-21 15:46 - 00000000 ____D () C:\Program Files\B021CBBD-E38E-4F8C-8E93-6624B0597A23
2014-10-12 19:23 - 2014-08-21 15:45 - 00000000 ____D () C:\Program Files\005
2014-10-12 19:00 - 2012-02-14 05:26 - 00001356 _____ () C:\Users\bkean\AppData\Local\d3d9caps.dat
2014-10-11 20:47 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\registration
2014-10-11 20:24 - 2011-11-08 19:21 - 00000000 ____D () C:\Users\bkean
2014-10-11 20:24 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\spool
2014-10-11 20:24 - 2006-11-02 05:22 - 40370176 _____ () C:\Windows\system32\config\software_previous
2014-10-11 20:24 - 2006-11-02 05:22 - 18612224 _____ () C:\Windows\system32\config\system_previous
2014-10-11 19:09 - 2013-09-30 12:30 - 00000000 ____D () C:\Windows\Minidump
2014-10-11 19:09 - 2006-11-10 16:59 - 00000000 ____D () C:\Windows\Panther
2014-10-11 19:09 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-10-11 18:48 - 2011-11-08 21:07 - 00032256 _____ () C:\Users\bkean\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-11 18:46 - 2006-11-02 05:22 - 44302336 _____ () C:\Windows\system32\config\components_previous
2014-10-11 18:46 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-10-11 17:56 - 2014-08-21 16:22 - 00000000 ____D () C:\Windows\pss
2014-10-10 12:30 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\default_previous
2014-10-10 12:19 - 2011-11-08 20:10 - 00000000 ____D () C:\Users\bkean\AppData\Roaming\Google
2014-10-07 18:58 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-10-01 04:24 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-09-26 03:38 - 2014-08-21 15:54 - 00000000 ____D () C:\ProgramData\e652d9ad20bc418d
2014-09-25 12:43 - 2013-10-10 13:22 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-25 00:41 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache
2014-09-23 20:02 - 2014-09-03 08:02 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-23 20:02 - 2014-09-03 08:02 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-22 01:41 - 2012-01-26 02:01 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-22 01:26 - 2006-11-02 06:18 - 00000000 ____D () C:\Program Files\Common Files\System
2014-09-21 21:45 - 2014-08-23 01:33 - 00000000 ____D () C:\Users\bkean\AppData\Local\com
2014-09-21 21:33 - 2006-11-02 06:18 - 00000000 ___RD () C:\Users\Public
2014-09-20 13:58 - 2014-09-05 06:07 - 00000520 _____ () C:\Users\bkean\.swfinfo
2014-09-17 12:51 - 2012-01-29 22:23 - 00000000 ____D () C:\Users\bkean\AppData\Local\Microsoft Games
2014-09-17 09:27 - 2014-09-03 10:47 - 00000000 ____D () C:\Program Files\Java
 
Some content of TEMP:
====================
C:\Users\Administrator.bkean-PC\AppData\Local\Temp\Quarantine.exe
C:\Users\Administrator.bkean-PC\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-14 14:09
 
==================== End Of Log ============================

 

Addition log

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-10-2014 01
Ran by Administrator at 2014-10-14 14:39:24
Running from C:\Users\Administrator.bkean-PC\Desktop\frst
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 1.007.0323.1740 - )
ATI PCI Express (3GIO) Filter Driver (HKLM\...\{E713653C-8312-4BC6-AFC9-ADE1F2F04AB9}) (Version: 1.00.0000. - AMD)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
Broadcom Management Programs (HKLM\...\{C99C0593-3B48-41D9-B42F-6E035B320449}) (Version: 10.15.03 - Broadcom Corporation)
Catalyst Control Center Core Implementation (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Localization Danish (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Localization Dutch (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Localization Finnish (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Localization Norwegian (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Localization Russian (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Localization Swedish (Version: 2007.0320.2223.38170 - ATI) Hidden
CCC Help Chinese Standard (Version: 2007.0320.2222.38170 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2007.0320.2222.38170 - ATI) Hidden
CCC Help Danish (Version: 2007.0320.2222.38170 - ATI) Hidden
CCC Help Dutch (Version: 2007.0320.2222.38170 - ATI) Hidden
CCC Help English (Version: 2007.0320.2222.38170 - ATI) Hidden
CCC Help Finnish (Version: 2007.0320.2222.38170 - ATI) Hidden
CCC Help French (Version: 2007.0320.2222.38170 - ATI) Hidden
CCC Help German (Version: 2007.0320.2222.38170 - ATI) Hidden
CCC Help Italian (Version: 2007.0320.2222.38170 - ATI) Hidden
CCC Help Japanese (Version: 2007.0320.2222.38170 - ATI) Hidden
CCC Help Korean (Version: 2007.0320.2222.38170 - ATI) Hidden
CCC Help Norwegian (Version: 2007.0320.2222.38170 - ATI) Hidden
CCC Help Portuguese (Version: 2007.0320.2222.38170 - ATI) Hidden
CCC Help Russian (Version: 2007.0320.2222.38170 - ATI) Hidden
CCC Help Spanish (Version: 2007.0320.2222.38170 - ATI) Hidden
CCC Help Swedish (Version: 2007.0320.2222.38170 - ATI) Hidden
ccc-Branding (HKLM\...\{4F5A53E6-3CBE-44D7-91AD-2E535348484F}) (Version: 1.00.0000 - ATI)
ccc-core-static (Version: 2007.0320.2223.38170 - ATI) Hidden
ccc-utility (Version: 2007.0320.2223.38170 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform)
Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version:  - )
Consumer Complete Care Services Agreement (HKLM\...\{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}) (Version: 1.10.0000 - Dell)
Dell DataSafe Online (HKLM\...\{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}) (Version: 1.0.15 - Dell, Inc.)
Dell Support Center (HKLM\...\{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}) (Version: 1.0.07131 - Dell)
Dell System Customization Wizard (HKLM\...\{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}) (Version: 1.00.0000 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 9.1.18.6 - Synaptics)
Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.102.15.61 - Dell Inc.)
DellSupport (HKLM\...\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}) (Version: 6.0.3075 - Dell)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
Games, Music, & Photos Launcher (HKLM\...\{3E25E350-949F-4DB7-8288-2A60E018B4C1}) (Version: 1.00.0000 - Dell Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.7 - Dell)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 22.0 (x86 en-US) (HKLM\...\Mozilla Firefox 22.0 (x86 en-US)) (Version: 22.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 22.0 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
QualxServ Service Agreement (HKLM\...\{0F756CD9-4A1E-409B-B101-601DDC4C03AA}) (Version: 1.11.0000 - Dell Inc.)
QuickSet (HKLM\...\{7F0C4457-8E64-491B-8D7B-991504365D1E}) (Version: 8.0.11 - Dell Inc.)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5102.0 - SigmaTel)
Skins (Version: 2007.0320.2223.38170 - ATI) Hidden
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.14 - Piriform)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.37 - Safer-Networking Ltd.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
25-09-2014 05:23:36 Windows Update
26-09-2014 08:39:57 Removed GeekBuddy.
27-09-2014 09:55:19 Scheduled Checkpoint
28-09-2014 09:30:07 Windows Update
01-10-2014 08:24:34 Scheduled Checkpoint
01-10-2014 09:20:15 Restore Operation
01-10-2014 10:14:35 Windows Update
04-10-2014 08:43:19 Scheduled Checkpoint
08-10-2014 00:37:49 Scheduled Checkpoint
08-10-2014 15:45:21 Scheduled Checkpoint
10-10-2014 17:27:44 Windows Update
12-10-2014 05:04:00 Scheduled Checkpoint
13-10-2014 02:39:18 Removed 926plv32
13-10-2014 02:40:10 Windows Update
13-10-2014 02:42:28 Removed Internet Service Offers Launcher.
13-10-2014 02:46:53 Removed MySafeProxy for Internet Explorer
13-10-2014 02:49:30 Removed Modem Diagnostic Tool.
13-10-2014 02:51:46 Removed NetWaiting
13-10-2014 02:53:09 Removed NetWaiting
13-10-2014 17:50:43 Installed HiJackThis
14-10-2014 17:58:20 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 05:23 - 2014-10-13 15:44 - 00450601 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {16A00A5D-43D2-424E-AFC2-354332994E90} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {36DA7BDB-6C90-4C3B-9B31-C2B78FDA8FDA} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {462F054E-3E65-4598-ADC8-2BBCE91D34EF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {5798B473-F07E-4DDB-9DAC-D2CC733EDE5F} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2011-11-09] ()
Task: {71719949-936C-4082-B8C7-AED5120C3ECE} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {88CAD997-00CA-42E7-9ECA-DABF1EE7D8EC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-03] (Google Inc.)
Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {8D8FA5DB-2487-4AA5-8AA4-4F03F317FE33} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-19] (Microsoft Corporation)
Task: {8DA54437-56E3-4812-BF23-2E4B7421ED43} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {9DDE8FDD-C699-49C7-B78B-6E52A604104F} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {FE3AE11A-DB0F-454E-9ACE-34EC02334A82} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-03] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-10-12 18:57 - 2014-10-12 18:57 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-14 12:58 - 2014-10-14 12:58 - 02873856 _____ () C:\Program Files\AVAST Software\Avast\defs\14101400\algo.dll
2007-08-08 11:26 - 2007-03-21 01:03 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2014-10-12 18:57 - 2014-10-12 18:57 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-13 14:24 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-10-13 14:24 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AllDaySavingsService => 2
MSCONFIG\Services: consumerinput_update => 2
MSCONFIG\Services: consumerinput_updatem => 3
MSCONFIG\Services: cyycfhtzro32 => 2
MSCONFIG\Services: DSBrokerService => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: IePluginServices => 2
MSCONFIG\Services: MyOSProtect => 3
MSCONFIG\Services: MySafeProxyMonitor => 2
MSCONFIG\Services: ProtectMonitor => 2
MSCONFIG\Services: scores => 2
MSCONFIG\Services: wltrysvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk => C:\Windows\pss\QuickSet.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^bkean^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupreg: BManager => C:\Program Files\Browser Features\BManager.exe
MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Windows\system32\WLTRAY.exe
MSCONFIG\startupreg: BrowseIgnite => rundll32 "C:\Program Files\Common Files\System\1048\biapp.dll",CallHandler hk
MSCONFIG\startupreg: Browser Features => C:\Program Files\Browser Features\BManager.exe
MSCONFIG\startupreg: DellSupport => "C:\Program Files\DellSupport\DSAgnt.exe" /startup
MSCONFIG\startupreg: DellSystemDetect => C:\Users\bkean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
MSCONFIG\startupreg: Easy Speed PC => C:\Program Files\Probit Software\Easy Speed PC\ESPCLauncher.exe
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: OfferBoulevard => C:\Program Files\OfferBoulevard\OfferBoulevardW.exe
MSCONFIG\startupreg: Optimizer Pro => C:\Program Files\Optimizer Pro\OptProLauncher.exe
MSCONFIG\startupreg: PCMService => "C:\Program Files\Dell\MediaDirect\PCMService.exe"
MSCONFIG\startupreg: SigmatelSysTrayApp => sttray.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: YTDownloader => "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1856854788-2929793367-565492105-500 - Administrator - Enabled) => C:\Users\Administrator.bkean-PC
bkean (S-1-5-21-1856854788-2929793367-565492105-1000 - Administrator - Enabled) => C:\Users\bkean
Guest (S-1-5-21-1856854788-2929793367-565492105-501 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Dell Wireless 1505 Draft 802.11n WLAN Mini-Card
Description: Dell Wireless 1505 Draft 802.11n WLAN Mini-Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: SigmaTel High Definition Audio CODEC
Description: SigmaTel High Definition Audio CODEC
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: SigmaTel
Service: STHDA
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/14/2014 02:20:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 37.0.2062.120, time stamp 0x5407bf0e, faulting module chrome.dll, version 37.0.2062.120, time stamp 0x5407bc49, exception code 0xc0000005, fault offset 0x007bfaf2,
process id 0x106c, application start time 0xchrome.exe0.
 
Error: (10/14/2014 02:20:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 37.0.2062.120, time stamp 0x5407bf0e, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000005, fault offset 0x00039211,
process id 0x106c, application start time 0xchrome.exe0.
 
Error: (10/14/2014 02:03:49 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\ADMINISTRATOR.BKEAN-PC\APPDATA\ROAMING\MICROSOFT\WINDOWS\RECENT\ADWCLEANER[s3].LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (10/14/2014 02:03:49 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\ADMINISTRATOR.BKEAN-PC\APPDATA\ROAMING\MICROSOFT\WINDOWS\RECENT\ADWCLEANER[s3].LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (10/14/2014 02:02:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16575 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: cf0
Start Time: 01cfe7e163e92aab
Termination Time: 15
 
Error: (10/13/2014 09:36:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.0.532, time stamp 0x53518532, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,
process id 0x85c, application start time 0xmbam.exe0.
 
Error: (10/13/2014 05:36:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.0.532, time stamp 0x53518532, faulting module MSCTF.dll, version 6.0.6002.18005, time stamp 0x49e03793, exception code 0xc0000005, fault offset 0x0000a89c,
process id 0x1128, application start time 0xmbam.exe0.
 
Error: (10/13/2014 05:25:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.0.532, time stamp 0x53518532, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,
process id 0x11a0, application start time 0xmbam.exe0.
 
Error: (10/13/2014 02:34:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application SDWelcome.exe, version 2.3.37.130, time stamp 0x52b2f6af, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000005, fault offset 0x00042bfe,
process id 0x160, application start time 0xSDWelcome.exe0.
 
Error: (10/13/2014 01:52:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 37.0.2062.120, time stamp 0x5407bf0e, faulting module chrome.exe, version 37.0.2062.120, time stamp 0x5407bf0e, exception code 0xc0000005, fault offset 0x00037fed,
process id 0x1150, application start time 0xchrome.exe0.
 
 
System errors:
=============
Error: (10/14/2014 02:02:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: MyOSProtect%%2
 
Error: (10/14/2014 02:01:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: MyOSProtect%%2
 
Error: (10/14/2014 02:01:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: MyOSProtect%%2
 
Error: (10/14/2014 02:01:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: MyOSProtect%%2
 
Error: (10/14/2014 02:00:55 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 2MyOSProtect-Service{94B83936-77EA-4708-8FC5-F3BBC55C2A32}
 
Error: (10/14/2014 02:00:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: MyOSProtect%%2
 
Error: (10/14/2014 02:00:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spybot-S&D 2 Scanner Service%%1053
 
Error: (10/14/2014 02:00:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Spybot-S&D 2 Scanner Service
 
Error: (10/14/2014 01:59:24 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: 2147942402
 
Error: (10/14/2014 01:56:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Search1300001Restart the service
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-10-14 14:38:43.668
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-14 14:38:41.796
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-14 14:38:39.909
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-14 14:38:38.037
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-14 14:38:35.697
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-14 14:38:33.809
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-14 14:38:31.906
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-14 14:38:30.018
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-14 14:37:24.576
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-14 14:37:22.704
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD Turion 64 X2 Mobile Technology TL-56
Percentage of memory in use: 44%
Total physical RAM: 1917.42 MB
Available physical RAM: 1070.07 MB
Total Pagefile: 4089.41 MB
Available Pagefile: 2924.26 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.35 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:136.49 GB) (Free:81.98 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.9 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 98000000)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=136.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2.5 GB) - (Type=OF Extended)
 

 

==================== End Of Log ============================
Link to post
Share on other sites

AdwCleaner Log

 

# AdwCleaner v4.000 - Report created 14/10/2014 at 13:56:54
# DB v
# Updated 12/10/2014 by Xplode
# Operating System : Windows Vista Home Basic Service Pack 2 (32 b ?s)
# Username : Administrator - BKEAN-PC
# Running from : C:\Users\Administrator.bkean-PC\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : pcwatch
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Windows\system32\drivers\pcwatch.sys
File Deleted : C:\monitorsvc.exe
File Deleted : C:\Windows\system32\MyOSProtect.dll
File Deleted : C:\Windows\system32\MyOSProtect.ini
File Deleted : C:\Windows\system32\MyOSProtectOff.ini
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16575
 
 
-\\ Mozilla Firefox v22.0 (en-US)
 
 
-\\ Google Chrome v37.0.2062.120
 
 
*************************
 
AdwCleaner[R0].txt - [12945 octets] - [13/10/2014 11:03:48]
AdwCleaner[R1].txt - [1295 octets] - [13/10/2014 11:22:21]
AdwCleaner[R2].txt - [1415 octets] - [13/10/2014 11:36:41]
AdwCleaner[R3].txt - [1294 octets] - [13/10/2014 13:18:42]
AdwCleaner[R4].txt - [2269 octets] - [14/10/2014 13:49:55]
AdwCleaner[s0].txt - [13082 octets] - [13/10/2014 11:12:36]
AdwCleaner[s1].txt - [1297 octets] - [13/10/2014 11:30:20]
AdwCleaner[s2].txt - [1368 octets] - [13/10/2014 13:23:42]
AdwCleaner[s3].txt - [2207 octets] - [14/10/2014 13:56:54]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [2267 octets] ##########
# AdwCleaner v4.000 - Report created 14/10/2014 at 20:48:58
# DB v
# Updated 12/10/2014 by Xplode
# Operating System : Windows Vista Home Basic Service Pack 2 (32 bits)
# Username : Administrator - BKEAN-PC
# Running from : C:\Users\Administrator.bkean-PC\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : pcwatch
 
***** [ Files / Folders ] *****
 
[!] Folder Deleted : C:\Program Files\PCTRunner
File Deleted : C:\Windows\system32\drivers\pcwatch.sys
File Deleted : C:\monitorsvc.exe
File Deleted : C:\Windows\system32\MyOSProtect.dll
File Deleted : C:\Windows\system32\MyOSProtect.ini
File Deleted : C:\Windows\system32\MyOSProtectOff.ini
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16575
 
 
-\\ Google Chrome v37.0.2062.120
 
 
*************************
 
AdwCleaner[R0].txt - [12945 octets] - [13/10/2014 11:03:48]
AdwCleaner[R1].txt - [1295 octets] - [13/10/2014 11:22:21]
AdwCleaner[R2].txt - [1415 octets] - [13/10/2014 11:36:41]
AdwCleaner[R3].txt - [1294 octets] - [13/10/2014 13:18:42]
AdwCleaner[R4].txt - [4602 octets] - [14/10/2014 13:49:55]
AdwCleaner[s0].txt - [13082 octets] - [13/10/2014 11:12:36]
AdwCleaner[s1].txt - [1297 octets] - [13/10/2014 11:30:20]
AdwCleaner[s2].txt - [1368 octets] - [13/10/2014 13:23:42]
AdwCleaner[s3].txt - [3771 octets] - [14/10/2014 13:56:54]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [3831 octets] ##########
 
FRST Log
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-10-2014 01
Ran by Administrator (administrator) on BKEAN-PC on 14-10-2014 20:56:26
Running from C:\Users\Administrator.bkean-PC\Desktop\frst
Loaded Profile: Administrator (Available profiles: bkean & Administrator)
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SigmaTel, Inc.) C:\Windows\System32\stacsv.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Gteko Ltd.) C:\Program Files\DellSupport\DSAgnt.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(MyOSCompany) C:\Program Files\PCTRunner\MyOSProtect.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-10-12] (AVAST Software)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1856854788-2929793367-565492105-500\...\Run: [DellSupport] => C:\Program Files\DellSupport\DSAgnt.exe [460784 2007-03-15] (Gteko Ltd.)
HKU\S-1-5-21-1856854788-2929793367-565492105-500\...\Run: [WindowexeAllkiller] => C:\Users\Administrator.bkean-PC\Desktop\WindowexeAllkiller\WindowexeAllkiller.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP51
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Winsock: Catalog9 01 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 02 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 03 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 04 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 57 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 24.178.162.3 24.247.15.53
Tcpip\..\Interfaces\{07FCF1A5-1B02-4C0B-8479-BC87C30CC936}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{96B2CC7A-5268-43A0-866B-F1F9897A73B6}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-11-12]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-12]
 
Chrome: 
=======
CHR Profile: C:\Users\Administrator.bkean-PC\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-12]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-12] (AVAST Software)
S4 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2007-03-19] () [File not signed]
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 MyOSProtect; C:\Program Files\PCTRunner\MyOSProtect.exe [1317096 2014-09-01] (MyOSCompany) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 STacSV; C:\Windows\system32\STacSV.exe [90112 2007-03-06] (SigmaTel, Inc.) [File not signed]
S4 wltrysvc; C:\Windows\System32\bcmwltry.exe [1724416 2007-03-21] (Dell Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-10-12] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-10-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-10-12] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-10-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-10-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414392 2014-10-12] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-10-12] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-10-12] ()
S3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-10-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
S3 NB762_XP; C:\Windows\System32\DRIVERS\WlanUZXP.sys [437760 2006-11-09] (ZyDAS Technology Corporation) [File not signed]
R1 pcwatch; C:\Windows\system32\Drivers\pcwatch.sys [19840 2014-09-01] () [File not signed] <==== ATTENTION
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [323584 2007-03-06] (SigmaTel, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-13] ()
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 ssnfd; system32\drivers\ssnfd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-14 20:56 - 2014-10-14 20:56 - 00004112 _____ () C:\Windows\system32\MyOSProtect.ini
2014-10-14 20:56 - 2014-10-14 20:56 - 00002032 _____ () C:\Windows\system32\MyOSProtectOff.ini
2014-10-14 20:47 - 2014-10-14 20:48 - 00000079 _____ () C:\Windows\wininit.ini
2014-10-13 18:09 - 2014-10-14 20:56 - 00000000 ____D () C:\FRST
2014-10-13 18:08 - 2014-10-14 20:56 - 00000000 ____D () C:\Users\Administrator.bkean-PC\Desktop\frst
2014-10-13 17:36 - 2014-10-14 20:24 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-13 17:36 - 2014-10-13 17:36 - 00000861 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-13 17:36 - 2014-10-13 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-13 17:35 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-13 17:35 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-13 17:35 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-13 17:24 - 2014-10-13 17:24 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-10-13 16:31 - 2014-10-13 17:35 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-13 16:08 - 2014-10-13 16:08 - 00000000 ____D () C:\Users\Administrator.bkean-PC\AppData\Roaming\Macromedia
2014-10-13 15:44 - 2014-10-13 13:17 - 00000768 _____ () C:\Windows\system32\Drivers\etc\hosts.20141013-154423.backup
2014-10-13 14:46 - 2014-10-13 14:46 - 00059464 _____ () C:\Users\Administrator.bkean-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-13 14:25 - 2014-10-14 20:47 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-13 14:22 - 2014-10-14 20:52 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-10-13 14:17 - 2014-10-14 23:11 - 00000000 ____D () C:\Users\Administrator.bkean-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-10-13 14:17 - 2014-10-13 14:24 - 00000000 ____D () C:\Users\Administrator.bkean-PC\AppData\Roaming\WinRAR
2014-10-13 14:17 - 2014-10-13 14:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-10-13 14:16 - 2014-10-13 14:17 - 00000000 ____D () C:\Program Files\WinRAR
2014-10-13 14:15 - 2014-10-13 14:08 - 00130995 _____ () C:\Users\Administrator.bkean-PC\Desktop\WindowexeAllkiller.zip
2014-10-13 13:53 - 2014-10-14 14:20 - 00000000 ____D () C:\Users\Administrator.bkean-PC\AppData\Local\CrashDumps
2014-10-13 13:32 - 2014-10-13 13:32 - 00000000 ____D () C:\Users\Administrator.bkean-PC\AppData\Local\Mozilla
2014-10-13 13:02 - 2014-10-14 23:11 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-13 13:02 - 2014-10-13 19:05 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-13 12:51 - 2014-10-14 23:11 - 00000000 ____D () C:\Users\Administrator.bkean-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-10-13 12:51 - 2014-10-13 12:52 - 00002517 _____ () C:\Users\Administrator.bkean-PC\Desktop\HiJackThis.lnk
2014-10-13 12:51 - 2014-10-13 12:51 - 00000000 ____D () C:\Program Files\Trend Micro
2014-10-13 12:50 - 2014-10-13 12:48 - 15677528 _____ () C:\Users\Administrator.bkean-PC\Desktop\RogueKiller.exe
2014-10-13 12:50 - 2014-10-13 11:00 - 01976320 _____ () C:\Users\Administrator.bkean-PC\Desktop\AdwCleaner.exe
2014-10-13 12:38 - 2014-10-13 12:38 - 00000000 ____D () C:\Users\Administrator.bkean-PC\AppData\Roaming\AVAST Software
2014-10-13 12:38 - 2014-10-13 12:38 - 00000000 ____D () C:\Users\Administrator.bkean-PC\AppData\Roaming\Adobe
2014-10-13 12:38 - 2014-10-13 12:38 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-13 12:38 - 2014-10-13 12:38 - 00000000 _____ () C:\Windows\setupact.log
2014-10-13 12:37 - 2014-10-13 13:25 - 00000906 _____ () C:\Users\Administrator.bkean-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-13 12:37 - 2014-10-13 12:37 - 00000911 _____ () C:\Users\Administrator.bkean-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-13 12:37 - 2014-10-13 12:37 - 00000000 ___HD () C:\Users\Administrator.bkean-PC\AppData\Roaming\GTek
2014-10-13 12:37 - 2014-10-13 12:37 - 00000000 ____D () C:\Users\Administrator.bkean-PC\AppData\Local\Google
2014-10-13 12:36 - 2014-10-14 23:11 - 00000000 ___RD () C:\Users\Administrator.bkean-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-13 12:36 - 2014-10-14 23:11 - 00000000 ___RD () C:\Users\Administrator.bkean-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-13 12:36 - 2014-10-14 23:11 - 00000000 ____D () C:\Users\Administrator.bkean-PC
2014-10-13 12:36 - 2014-10-13 12:36 - 00000877 _____ () C:\Users\Administrator.bkean-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-10-13 12:36 - 2014-10-13 12:36 - 00000258 __RSH () C:\Users\Administrator.bkean-PC\ntuser.pol
2014-10-13 12:36 - 2014-10-13 12:36 - 00000020 ___SH () C:\Users\Administrator.bkean-PC\ntuser.ini
2014-10-13 12:36 - 2011-12-12 04:36 - 00000000 ____D () C:\Users\Administrator.bkean-PC\AppData\Local\Microsoft Help
2014-10-13 11:14 - 2014-10-14 20:52 - 00033816 _____ () C:\Windows\PFRO.log
2014-10-13 11:03 - 2014-10-14 20:49 - 00000000 ____D () C:\AdwCleaner
2014-10-13 11:02 - 2014-10-13 11:00 - 01976320 _____ () C:\Users\bkean\Desktop\AdwCleaner.exe
2014-10-13 10:48 - 2014-10-13 10:47 - 00244136 _____ () C:\Users\bkean\Desktop\Firefox Setup Stub 32.0.3.exe
2014-10-12 22:26 - 2014-10-12 22:26 - 00000829 _____ () C:\Users\bkean\Desktop\iexplore - Shortcut.lnk
2014-10-12 19:00 - 2014-10-12 19:00 - 00000000 ____D () C:\Users\bkean\AppData\Roaming\AVAST Software
2014-10-12 18:58 - 2014-10-14 20:35 - 00001835 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-10-12 18:58 - 2014-10-12 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-10-12 18:58 - 2014-10-12 18:57 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-10-12 18:58 - 2014-10-12 18:57 - 00414392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-10-12 18:58 - 2014-10-12 18:57 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-10-12 18:58 - 2014-10-12 18:57 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-10-12 18:58 - 2014-10-12 18:57 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-10-12 18:58 - 2014-10-12 18:57 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-10-12 18:58 - 2014-10-12 18:57 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-10-12 18:58 - 2014-10-12 18:57 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-10-12 18:57 - 2014-10-12 18:57 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-10-12 18:57 - 2014-10-12 18:57 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-10-12 18:57 - 2014-10-12 18:57 - 00000000 ____D () C:\Program Files\AVAST Software
2014-10-11 20:59 - 2014-10-11 20:59 - 00414392 _____ (AVAST Software) C:\Windows\system32\Drivers\kdxltkyp.sys
2014-10-11 20:48 - 2014-10-14 20:58 - 00405078 _____ () C:\Windows\WindowsUpdate.log
2014-10-11 19:03 - 2014-10-11 19:03 - 00000806 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-11 19:03 - 2014-10-11 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-11 19:03 - 2014-10-11 19:03 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-11 19:01 - 2014-10-12 18:57 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-10-11 18:49 - 2014-10-13 17:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-11 18:16 - 2014-10-11 18:16 - 00000004 _____ () C:\Users\bkean\AppData\Roaming\appdataFr2.bin
2014-09-25 00:24 - 2014-09-09 01:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-25 00:22 - 2014-09-25 00:22 - 00000000 ____D () C:\Users\bkean\AppData\Local\ICSharpCode.net
2014-09-23 20:02 - 2014-09-23 20:02 - 03675824 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-09-22 18:44 - 2014-09-22 18:44 - 00000000 ____D () C:\Users\bkean\AppData\Local\SmartWeb
2014-09-22 01:44 - 2014-10-12 19:36 - 00000000 ____D () C:\Users\bkean\AppData\Local\17394
2014-09-22 01:23 - 2014-09-22 01:23 - 00000000 ____D () C:\ProgramData\COMODO
2014-09-22 01:23 - 2014-09-22 01:23 - 00000000 ____D () C:\Program Files\COMODO
2014-09-22 00:39 - 2014-09-26 03:52 - 00000000 ____D () C:\Program Files\OfferBoulevard
2014-09-21 21:41 - 2014-09-01 13:29 - 00019840 _____ () C:\Windows\system32\Drivers\pcwatch.sys
2014-09-21 21:40 - 2014-09-01 13:28 - 00304776 _____ (MyOSCompany) C:\Windows\system32\MyOSProtect.dll
2014-09-21 21:35 - 2014-09-21 21:35 - 00000000 ____D () C:\Users\bkean\AppData\Roaming\Compete
2014-09-21 21:33 - 2014-10-10 12:30 - 00000000 ___HD () C:\Users\Public\Temp
2014-09-21 21:30 - 2014-10-14 23:11 - 00000000 ____D () C:\Program Files\PCTRunner
2014-09-20 13:47 - 2014-09-20 13:47 - 00000000 ____D () C:\Windows\Sun
2014-09-17 11:48 - 2014-09-17 11:48 - 00000000 ____D () C:\ProgramData\WindowsSearch
2014-09-17 09:28 - 2014-09-17 09:28 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-17 09:27 - 2014-09-17 09:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-17 09:27 - 2014-09-17 09:27 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-17 09:27 - 2014-07-25 12:55 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-09-17 09:27 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-17 09:27 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-17 09:27 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-17 09:26 - 2014-09-17 09:27 - 00006095 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
2014-09-17 00:34 - 2014-09-05 04:53 - 00094208 _____ () C:\Users\bkean\AppData\Local\ChromeHitoryDB
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-14 23:11 - 2011-11-08 19:21 - 00000000 ____D () C:\Users\bkean
2014-10-14 23:11 - 2006-11-02 06:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-14 23:11 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\spool
2014-10-14 23:11 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-10-14 23:11 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\registration
2014-10-14 23:11 - 2006-11-02 05:22 - 43253760 _____ () C:\Windows\system32\config\software_previous
2014-10-14 23:11 - 2006-11-02 05:22 - 22282240 _____ () C:\Windows\system32\config\system_previous
2014-10-14 23:07 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-10-14 23:07 - 2006-11-02 05:22 - 44302336 _____ () C:\Windows\system32\config\components_previous
2014-10-14 23:07 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-10-14 20:53 - 2006-11-02 07:45 - 00005120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-14 20:53 - 2006-11-02 07:45 - 00005120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-14 20:52 - 2006-11-02 07:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-14 20:51 - 2006-11-02 07:58 - 00032600 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-14 20:46 - 2014-08-01 09:39 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-14 20:18 - 2006-11-02 07:44 - 00271648 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-14 19:59 - 2006-11-02 05:22 - 04980736 _____ () C:\Windows\system32\config\default_previous
2014-10-14 19:59 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-10-14 12:57 - 2014-09-03 08:03 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-14 12:57 - 2014-09-03 08:03 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-13 11:23 - 2006-11-02 05:33 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-13 11:13 - 2014-09-03 08:06 - 00001037 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-13 11:13 - 2014-09-03 08:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-12 21:53 - 2007-08-08 03:44 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-10-12 21:46 - 2007-08-08 03:46 - 00000000 ____D () C:\Program Files\Dell
2014-10-12 21:25 - 2014-09-03 08:03 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-12 19:24 - 2014-09-05 05:13 - 00000000 ____D () C:\Program Files\Browser Features
2014-10-12 19:24 - 2014-08-21 15:46 - 00000000 ____D () C:\Program Files\B021CBBD-E38E-4F8C-8E93-6624B0597A23
2014-10-12 19:23 - 2014-08-21 15:45 - 00000000 ____D () C:\Program Files\005
2014-10-12 19:00 - 2012-02-14 05:26 - 00001356 _____ () C:\Users\bkean\AppData\Local\d3d9caps.dat
2014-10-11 19:09 - 2013-09-30 12:30 - 00000000 ____D () C:\Windows\Minidump
2014-10-11 19:09 - 2006-11-10 16:59 - 00000000 ____D () C:\Windows\Panther
2014-10-11 18:48 - 2011-11-08 21:07 - 00032256 _____ () C:\Users\bkean\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-11 17:56 - 2014-08-21 16:22 - 00000000 ____D () C:\Windows\pss
2014-10-10 12:19 - 2011-11-08 20:10 - 00000000 ____D () C:\Users\bkean\AppData\Roaming\Google
2014-09-26 03:54 - 2014-08-21 15:54 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-09-26 03:38 - 2014-08-21 15:54 - 00000000 ____D () C:\ProgramData\e652d9ad20bc418d
2014-09-25 12:43 - 2013-10-10 13:22 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-25 00:41 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache
2014-09-23 20:02 - 2014-09-03 08:02 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-23 20:02 - 2014-09-03 08:02 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-22 01:41 - 2012-01-26 02:01 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-22 01:26 - 2006-11-02 06:18 - 00000000 ____D () C:\Program Files\Common Files\System
2014-09-21 21:45 - 2014-08-23 01:33 - 00000000 ____D () C:\Users\bkean\AppData\Local\com
2014-09-21 21:33 - 2006-11-02 06:18 - 00000000 ___RD () C:\Users\Public
2014-09-20 13:58 - 2014-09-05 06:07 - 00000520 _____ () C:\Users\bkean\.swfinfo
2014-09-17 12:51 - 2012-01-29 22:23 - 00000000 ____D () C:\Users\bkean\AppData\Local\Microsoft Games
2014-09-17 09:27 - 2014-09-03 10:47 - 00000000 ____D () C:\Program Files\Java
 
Some content of TEMP:
====================
C:\Users\Administrator.bkean-PC\AppData\Local\Temp\Quarantine.exe
C:\Users\Administrator.bkean-PC\AppData\Local\Temp\sqlite3.dll
C:\Users\bkean\AppData\Local\Temp\sqlite3.dll
C:\Users\bkean\AppData\Local\Temp\_is564C.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-14 21:00
 
==================== End Of Log ============================
 
Additional Log
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-10-2014 01
Ran by Administrator at 2014-10-14 21:01:22
Running from C:\Users\Administrator.bkean-PC\Desktop\frst
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 1.007.0323.1740 - )
ATI PCI Express (3GIO) Filter Driver (HKLM\...\{E713653C-8312-4BC6-AFC9-ADE1F2F04AB9}) (Version: 1.00.0000. - AMD)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
Broadcom Management Programs (HKLM\...\{C99C0593-3B48-41D9-B42F-6E035B320449}) (Version: 10.15.03 - Broadcom Corporation)
Catalyst Control Center Core Implementation (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Localization Danish (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Localization Dutch (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Localization Finnish (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Localization Norwegian (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Localization Russian (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2007.0320.2223.38170 - ATI) Hidden
Catalyst Control Center Localization Swedish (Version: 2007.0320.2223.38170 - ATI) Hidden
CCC Help Chinese Standard (Version: 2007.0320.2222.38170 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2007.0320.2222.38170 - ATI) Hidden
CCC Help Danish (Version: 2007.0320.2222.38170 - ATI) Hidden
CCC Help Dutch (Version: 2007.0320.2222.38170 - ATI) Hidden
CCC Help English (Version: 2007.0320.2222.38170 - ATI) Hidden
CCC Help Finnish (Version: 2007.0320.2222.38170 - ATI) Hidden
CCC Help French (Version: 2007.0320.2222.38170 - ATI) Hidden
CCC Help German (Version: 2007.0320.2222.38170 - ATI) Hidden
CCC Help Italian (Version: 2007.0320.2222.38170 - ATI) Hidden
CCC Help Japanese (Version: 2007.0320.2222.38170 - ATI) Hidden
CCC Help Korean (Version: 2007.0320.2222.38170 - ATI) Hidden
CCC Help Norwegian (Version: 2007.0320.2222.38170 - ATI) Hidden
CCC Help Portuguese (Version: 2007.0320.2222.38170 - ATI) Hidden
CCC Help Russian (Version: 2007.0320.2222.38170 - ATI) Hidden
CCC Help Spanish (Version: 2007.0320.2222.38170 - ATI) Hidden
CCC Help Swedish (Version: 2007.0320.2222.38170 - ATI) Hidden
ccc-Branding (HKLM\...\{4F5A53E6-3CBE-44D7-91AD-2E535348484F}) (Version: 1.00.0000 - ATI)
ccc-core-static (Version: 2007.0320.2223.38170 - ATI) Hidden
ccc-utility (Version: 2007.0320.2223.38170 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform)
Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version:  - )
Consumer Complete Care Services Agreement (HKLM\...\{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}) (Version: 1.10.0000 - Dell)
Dell DataSafe Online (HKLM\...\{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}) (Version: 1.0.15 - Dell, Inc.)
Dell Support Center (HKLM\...\{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}) (Version: 1.0.07131 - Dell)
Dell System Customization Wizard (HKLM\...\{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}) (Version: 1.00.0000 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 9.1.18.6 - Synaptics)
Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.102.15.61 - Dell Inc.)
DellSupport (HKLM\...\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}) (Version: 6.0.3075 - Dell)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
Games, Music, & Photos Launcher (HKLM\...\{3E25E350-949F-4DB7-8288-2A60E018B4C1}) (Version: 1.00.0000 - Dell Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.7 - Dell)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
QualxServ Service Agreement (HKLM\...\{0F756CD9-4A1E-409B-B101-601DDC4C03AA}) (Version: 1.11.0000 - Dell Inc.)
QuickSet (HKLM\...\{7F0C4457-8E64-491B-8D7B-991504365D1E}) (Version: 8.0.11 - Dell Inc.)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5102.0 - SigmaTel)
Skins (Version: 2007.0320.2223.38170 - ATI) Hidden
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.14 - Piriform)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
26-09-2014 08:39:57 Removed GeekBuddy.
27-09-2014 09:55:19 Scheduled Checkpoint
28-09-2014 09:30:07 Windows Update
01-10-2014 08:24:34 Scheduled Checkpoint
01-10-2014 09:20:15 Restore Operation
01-10-2014 10:14:35 Windows Update
04-10-2014 08:43:19 Scheduled Checkpoint
08-10-2014 00:37:49 Scheduled Checkpoint
08-10-2014 15:45:21 Scheduled Checkpoint
10-10-2014 17:27:44 Windows Update
12-10-2014 05:04:00 Scheduled Checkpoint
13-10-2014 02:39:18 Removed 926plv32
13-10-2014 02:40:10 Windows Update
13-10-2014 02:42:28 Removed Internet Service Offers Launcher.
13-10-2014 02:46:53 Removed MySafeProxy for Internet Explorer
13-10-2014 02:49:30 Removed Modem Diagnostic Tool.
13-10-2014 02:51:46 Removed NetWaiting
13-10-2014 02:53:09 Removed NetWaiting
13-10-2014 17:50:43 Installed HiJackThis
14-10-2014 17:58:20 Scheduled Checkpoint
15-10-2014 01:24:03 avast! antivirus system restore point
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 05:23 - 2014-10-13 15:44 - 00450601 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {333F4679-E036-4CDF-9C74-35763C523701} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-12] (AVAST Software)
Task: {36DA7BDB-6C90-4C3B-9B31-C2B78FDA8FDA} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {462F054E-3E65-4598-ADC8-2BBCE91D34EF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {54DE66ED-DEB0-4DE9-81BE-60260AB0F601} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2011-11-09] ()
Task: {88CAD997-00CA-42E7-9ECA-DABF1EE7D8EC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-03] (Google Inc.)
Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {8D8FA5DB-2487-4AA5-8AA4-4F03F317FE33} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-19] (Microsoft Corporation)
Task: {8DA54437-56E3-4812-BF23-2E4B7421ED43} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {9DDE8FDD-C699-49C7-B78B-6E52A604104F} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {FE3AE11A-DB0F-454E-9ACE-34EC02334A82} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-03] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-10-12 18:57 - 2014-10-12 18:57 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-14 20:43 - 2014-10-14 20:43 - 02873344 _____ () C:\Program Files\AVAST Software\Avast\defs\14101401\algo.dll
2007-08-08 11:26 - 2007-03-21 01:03 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2014-10-12 18:57 - 2014-10-12 18:57 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pcwatch.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\pcwatch.sys => ""="Driver" <==== ATTENTION
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AllDaySavingsService => 2
MSCONFIG\Services: consumerinput_update => 2
MSCONFIG\Services: consumerinput_updatem => 3
MSCONFIG\Services: cyycfhtzro32 => 2
MSCONFIG\Services: DSBrokerService => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: IePluginServices => 2
MSCONFIG\Services: MyOSProtect => 3
MSCONFIG\Services: MySafeProxyMonitor => 2
MSCONFIG\Services: ProtectMonitor => 2
MSCONFIG\Services: scores => 2
MSCONFIG\Services: wltrysvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk => C:\Windows\pss\QuickSet.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^bkean^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupreg: BManager => C:\Program Files\Browser Features\BManager.exe
MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Windows\system32\WLTRAY.exe
MSCONFIG\startupreg: BrowseIgnite => rundll32 "C:\Program Files\Common Files\System\1048\biapp.dll",CallHandler hk
MSCONFIG\startupreg: Browser Features => C:\Program Files\Browser Features\BManager.exe
MSCONFIG\startupreg: DellSupport => "C:\Program Files\DellSupport\DSAgnt.exe" /startup
MSCONFIG\startupreg: DellSystemDetect => C:\Users\bkean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
MSCONFIG\startupreg: Easy Speed PC => C:\Program Files\Probit Software\Easy Speed PC\ESPCLauncher.exe
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: OfferBoulevard => C:\Program Files\OfferBoulevard\OfferBoulevardW.exe
MSCONFIG\startupreg: Optimizer Pro => C:\Program Files\Optimizer Pro\OptProLauncher.exe
MSCONFIG\startupreg: PCMService => "C:\Program Files\Dell\MediaDirect\PCMService.exe"
MSCONFIG\startupreg: SigmatelSysTrayApp => sttray.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: YTDownloader => "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1856854788-2929793367-565492105-500 - Administrator - Enabled) => C:\Users\Administrator.bkean-PC
bkean (S-1-5-21-1856854788-2929793367-565492105-1000 - Administrator - Enabled) => C:\Users\bkean
Guest (S-1-5-21-1856854788-2929793367-565492105-501 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Dell Wireless 1505 Draft 802.11n WLAN Mini-Card
Description: Dell Wireless 1505 Draft 802.11n WLAN Mini-Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/14/2014 09:01:47 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MALWAREBYTES ANTI-MALWARE\TOOLS\MALWAREBYTES ANTI-MALWARE CHAMELEON.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (10/14/2014 09:01:47 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MALWAREBYTES ANTI-MALWARE\TOOLS\MALWAREBYTES ANTI-MALWARE CHAMELEON.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (10/14/2014 09:01:46 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MALWAREBYTES ANTI-MALWARE\TOOLS> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (10/14/2014 09:01:46 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MALWAREBYTES ANTI-MALWARE\TOOLS> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (10/14/2014 09:01:46 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MALWAREBYTES ANTI-MALWARE\MALWAREBYTES ANTI-MALWARE.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (10/14/2014 09:01:46 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MALWAREBYTES ANTI-MALWARE\MALWAREBYTES ANTI-MALWARE.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (10/14/2014 09:01:29 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\ADMINISTRATOR.BKEAN-PC\APPDATA\LOCAL\MICROSOFT\INTERNET EXPLORER\RECOVERY\HIGH\LAST ACTIVE> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (10/14/2014 09:01:29 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\ADMINISTRATOR.BKEAN-PC\APPDATA\LOCAL\MICROSOFT\INTERNET EXPLORER\RECOVERY\HIGH\LAST ACTIVE> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (10/14/2014 09:01:23 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\ADMINISTRATOR.BKEAN-PC\APPDATA\LOCAL\MICROSOFT\INTERNET EXPLORER\RECOVERY\HIGH\ACTIVE> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (10/14/2014 09:01:22 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\ADMINISTRATOR.BKEAN-PC\APPDATA\LOCAL\MICROSOFT\INTERNET EXPLORER\RECOVERY\HIGH\ACTIVE> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
 
System errors:
=============
Error: (10/14/2014 08:54:05 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ssnfd
 
Error: (10/14/2014 08:52:57 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: 2147942402
 
Error: (10/14/2014 08:49:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Search1300001Restart the service
 
Error: (10/14/2014 08:49:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Software Licensing11200001Restart the service
 
Error: (10/14/2014 08:49:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: XAudioService1
 
Error: (10/14/2014 08:49:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Ati External Event Utility1
 
Error: (10/14/2014 08:49:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Print Spooler1600001Restart the service
 
Error: (10/14/2014 08:49:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: SigmaTel Audio Service1
 
Error: (10/14/2014 08:23:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: MBAMScheduler1
 
Error: (10/14/2014 08:23:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: MBAMService1
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-10-14 21:00:44.294
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-14 21:00:42.079
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-14 21:00:39.037
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-14 21:00:36.104
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-14 21:00:32.984
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-14 21:00:30.722
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-14 21:00:28.663
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-14 21:00:26.572
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-14 20:58:11.741
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-14 20:58:09.682
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD Turion 64 X2 Mobile Technology TL-56
Percentage of memory in use: 48%
Total physical RAM: 1917.42 MB
Available physical RAM: 985.46 MB
Total Pagefile: 4089.38 MB
Available Pagefile: 2870.76 MB
Total Virtual: 2047.88 MB
Available Virtual: 1903.35 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:136.49 GB) (Free:82.63 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.9 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 98000000)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=136.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2.5 GB) - (Type=OF Extended)
 
==================== End Of Log ============================
Link to post
Share on other sites

I can confirm that the files

 

[!] Folder Deleted : C:\Program Files\PCTRunner
File Deleted : C:\Windows\system32\drivers\pcwatch.sys
File Deleted : C:\monitorsvc.exe
File Deleted : C:\Windows\system32\MyOSProtect.dll
File Deleted : C:\Windows\system32\MyOSProtect.ini
File Deleted : C:\Windows\system32\MyOSProtectOff.ini
 
Are not actually being deleted like the log file says they are. When I try to browse to these file locations and delete them manually it says cannot delete invalid file handler. 
Link to post
Share on other sites

warning.gif Multiple Resident Protection warning!
 
Always have one (and no more than one!) AntiVirus program! In this case having more of them will not provide you with better protection - instead they may cause slowness, lock-ups and even mark another ones as harmful, leading to leave your system unstable and even damaged. Please choose only one from the listed below to stay with and uninstall the others:

  • avast Free Antivirus
  • Microsoft Security Essentals

Uninstallation procedure:

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for each uninstalled entry, right-click it and select Uninstall.

This should be done until any other steps will be taken.
 
 
 
 

FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

fixlist.txt

Link to post
Share on other sites

I removed Microsoft Security Essentials. Ran the fixlist file with the fixlog attached. Then I ran an additional AdwCleaner scan to see if anything else came up. The AdwCleaner log is also attached.

 

I can confirm that finally the MyOSProtect.dll is finally gone from the system32 folder. Even though the AdwCleaner log says it has deleted C:\monitorsvc.eve and drivers\pcwatch.sys those files are still there. 

Also I can see in your fixlist file you are trying to netsh winsock reset but it keeps being denied it is also denied inside of an elevated prompt, as well as when taking ownership of the process. 

 

Still no Internet but it looks like we are very close only these 2 files left to take care of some how?

Fixlog.txt

AdwCleanerS3.txt

Link to post
Share on other sites

OK Great news! I booted in to Safe Mode, then I went to a run prompt and typed Services and opened up the Services screen. I found MyOSProtect service and set it to Disabled. I then went to the following locations manually
 

C:\Windows\system32\drivers\pcwatch.sys
C:\monitorsvc.exe

And was able to delete these files finally. I then ran a file called IPResetAll (a Google search will find this file) which reset EVERYTHING network related, I then ran a new scan on AdwCleaner and cleaned the system, upon reboot ALL CASES OF ADWARE / SPYWARE is gone and the Internet is now working! This thread can now be closed!
Link to post
Share on other sites

Nice you figured it out :)
 
 
Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself :)
 
 

Recommended reading:

 
 
icon_exclaim.gifMUST READ - security tips:

icon_exclaim.gifMUST READ - general maintenance:

The Importance of Software Updating:

 

 
In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.
 
Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.

Recommended additional software:

 
 
icon_arrow.gifTFC - to clean unneeded temporary files.
icon_arrow.gifMalwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gifMalwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gifMcShield - to prevent infections spread by removable media.
icon_arrow.gifUnchecky - to prevent from installing additional foistware, implemented in legitimate installations.
icon_arrow.gifFiheHippo.com Update Checker - to keep your programs up-to-date.
icon_arrow.gifAdblock - to surf the web without annoying ads! 
 
 

Post-cleanup procedures:

 

 
Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report. You do not need to attach it.

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning. 
 
 
 


My help is free for everybody.

If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation: xbtn_donate_SM.gif.pagespeed.ic.MMi5tqVp

Thank you!

 
 
Stay safe,
TwinHeadedEagle   :)

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.