Jump to content

BSOD After MBAM Threat Scan.

scorpior7
 Share

Recommended Posts

scorpior7

scorpior7

Posted
Posted

I run MBAM Premium on my Windows 7 SP1 Home Premium laptop which also has Comodo free firewall and Avast free antivirus.

Recently after some odd behaviour of my computer I ran a Hyper Scan which showed no malware but when running the Heuristic scan it failed near the end with the message error 0xe06d7363 occurred in 0x756a812f.

A subsequent Threat scan again proceeded with no malware identified but at the end of the Heuristic scan gave the BSOD which said

STOP 0x000000F4 (0x00000003, 0x86FFDAD8, 0x86FFDC44, 0x82E28EE0)

Following a bit of researching it appeared this may have been a conflict with Avast antivirus so I uninstalled MBAM using MBAM`s uninstall tool, downloaded/installed the program again following to the letter the method found on MBAM`s guidance ensuring Avast was turned off at the appropriate times.

Subsequent Hyper Scans have run to completion with no malware found and no error message.

A subsequent Threat Scan produced the BSOD but this time the text was "scrunched" up at the top so could not be read.

However, a Threat Scan then run in Safe Mode ran to completion with no malware being found and no error message.

All very odd indeed. Any ideas, please?

Link to post
Share on other sites
scorpior7

scorpior7

Posted
  • Author
Posted

Firefox, I`m here again and hoping you can help. I will give you a resumee of what I have done.

 

Knowing I had no malware infections or scanning problems with MBAM in October I did a disk image restore to that date. MBAM automatically updated as did my Avast antivirus so I did a MBAM removal and new install following very carefully the guidance at https://forums.malwarebytes.org/index.php?/topic/122284-mbam-clean-removal-process/. Avast was then allowed to update.

 

3 of my "protection" programs updated to newer versions since October have been MBAM, Avast antivirus free and Comodo firewall free.

 

On running a Hyper scan with MBAM today no malware infections were shown but at the end of the Heuristic scan (usually just prior to the green notice saying no malware had been detected) the following appeared:-

 

Application Error.

The exception unknown software exception  (0x40000015) occurred in the application at location 0x6d10d6fd.

 

On clicking OK another box opened stating The  exception unknown software exception (0xe06d7363) occurred in the application at location 0x759f812f.

 

On clicking OK my desktop shortcuts disappeared to leave the recycle Bin and Taskbar icons showing. However, on clicking Start, Shutdown the screen went black but would not shutdown without the On/Off being pressed for a few seconds.

 

Logs FRST.text and Addition.text are copied and pasted as requested:-

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-12-2014 01
Ran by Roger (administrator) on ROGER-PC on 23-12-2014 15:25:33
Running from C:\Users\Roger\Desktop
Loaded Profile: Roger (Available profiles: Roger)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Kingsoft Corporation) C:\Program Files\cmcm\Clean Master\cmcore.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(SigmaTel, Inc.) C:\Windows\System32\stacsv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Moonchild Productions) C:\Program Files\Pale Moon\palemoon.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-11-17] (Synaptics, Inc.)
HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1821576 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-12-20] (AVAST Software)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-18] (Malwarebytes Corporation)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1243352 2014-12-09] (COMODO)
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *‮* <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\softmaker\smun3250.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\g2mdlhlpx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\cis6847.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\softmaker\smun3250.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\softmaker\smun3250.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\softmaker\smun3250.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\cis6847.exe <====== ATTENTION
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-3119582079-282113860-1835835686-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3119582079-282113860-1835835686-1000\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-3119582079-282113860-1835835686-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_GB&Sys=PTB&M=MX8716B
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_GB&Sys=PTB&M=MX8716B
HKU\S-1-5-21-3119582079-282113860-1835835686-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.my.yahoo.com/
SearchScopes: HKLM -> {39872DCC-EFD2-4B84-8094-F1567532B7BF} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {39872DCC-EFD2-4B84-8094-F1567532B7BF} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3119582079-282113860-1835835686-1000 -> {39872DCC-EFD2-4B84-8094-F1567532B7BF} URL =
SearchScopes: HKU\S-1-5-21-3119582079-282113860-1835835686-1000 -> {5DD76BCB-0473-429C-AB5B-9312DEC5B4C2} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B010GB0D20140214&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-3119582079-282113860-1835835686-1000 -> {76789893-0E17-42AF-B8AD-DE66AD0BCFCA} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
BHO: No Name -> {FFCB3198-32F3-4E8B-9539-4324694ED664} ->  No File
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3119582079-282113860-1835835686-1000 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Toolbar: HKU\S-1-5-21-3119582079-282113860-1835835686-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4D64A718-C4BF-48D0-865A-6A7BB157BA3E}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{F9A18B53-71D4-424A-832B-8F77DA4B3DF4}: [NameServer] 8.26.56.26,8.20.247.20

FireFox:
========
FF ProfilePath: C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\b5x4cgso.default
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Bing
FF Homepage: https://uk.yahoo.com/
FF Keyword.URL: hxxp://uk.search.yahoo.com/search?fr=mcafee&type=A110GB0&p=
FF NetworkProxy: "no_proxies_on", "localhost,127.0.0.1"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\b5x4cgso.default\searchplugins\duckduckgo-1.xml
FF SearchPlugin: C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\b5x4cgso.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\b5x4cgso.default\searchplugins\fileinfocom.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Status-4-Evar - C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\b5x4cgso.default\Extensions\status4evar@caligonstudios.com.xpi [2011-02-06]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\b5x4cgso.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2014-07-10]
FF Extension: NoScript - C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\b5x4cgso.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-01-15]
FF Extension: Padlock - C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\b5x4cgso.default\Extensions\{d09e32df-8610-4b33-b929-1e631b764130}.xpi [2011-03-15]
FF Extension: Adblock Plus - C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\b5x4cgso.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-03]
FF Extension: Aeon Clouds - C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\b5x4cgso.default\Extensions\{FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01}.xpi [2014-12-21]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-01-30]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-02-14]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-18]
FF Extension: No Name - {4ED1F68A-5463-4931-9384-8FFF5ED91D92} [Not Found]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2014-12-18]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-18]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-18] (AVAST Software)
R2 cmcore; c:\program files\cmcm\Clean Master\cmcore.exe [315240 2014-12-21] (Kingsoft Corporation)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5868440 2014-12-09] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1664216 2014-12-09] (COMODO)
S2 gupdate1c98636a66df5f0; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-12-19] (Google Inc.)
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-18] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-12-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-12-21] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; c:\Program Files\McAfee\siteadvisor\McSACore.exe [133696 2014-11-13] (McAfee, Inc.)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [2462160 2014-12-19] (Paramount Software UK Ltd)
R3 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 STacSV; C:\Windows\system32\STacSV.exe [90112 2007-01-02] (SigmaTel, Inc.) [File not signed]
S2 SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [383408 2010-04-23] (SupportSoft, Inc.) [File not signed]
S3 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-12-18] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-12-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-12-18] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-12-18] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-12-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-12-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-12-18] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-12-18] ()
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [17088 2014-12-09] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [617536 2014-12-09] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [41248 2014-12-09] (COMODO)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47928 2014-12-18] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [91200 2014-12-09] (COMODO)
R3 ksapi; C:\Windows\system32\drivers\ksapi.sys [81768 2014-12-20] (Kingsoft Corporation)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2014-12-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-12-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-12-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-12-21] (Malwarebytes Corporation)
R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6637056 2000-01-01] (Intel Corporation)
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [152952 2014-10-30] (Windows ® Win 7 DDK provider)
R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [16504 2013-06-28] (Macrium Software)
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [649216 2007-01-02] (SigmaTel, Inc.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-12-20] ()
S1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [81232 2012-12-02] (Windows ® 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [452816 2012-12-02] (Paragon)
S1 Uim_Vim; C:\Windows\System32\Drivers\Uim_Vim.sys [283600 2012-12-02] (Paragon)
S3 usbcamcl; C:\Windows\System32\DRIVERS\usbcamcl.sys [28416 2011-08-18] (usb camera)
U3 DfSdkS; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-23 15:25 - 2014-12-23 15:27 - 00031214 _____ () C:\Users\Roger\Desktop\FRST.txt
2014-12-23 15:25 - 2014-12-23 15:26 - 00000000 ____D () C:\FRST
2014-12-23 15:23 - 2014-12-23 15:23 - 01682416 _____ (Malwarebytes Corporation) C:\Users\Roger\Desktop\mbam-check-2.1.1.1001.exe
2014-12-23 15:21 - 2014-12-23 15:21 - 01114112 _____ (Farbar) C:\Users\Roger\Desktop\FRST.exe
2014-12-21 18:16 - 2014-12-21 18:23 - 00002397 _____ () C:\Windows\IE11_main.log
2014-12-21 16:17 - 2014-12-21 16:39 - 00000000 ____D () C:\AdwCleaner
2014-12-21 15:43 - 2014-12-23 15:15 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-21 15:43 - 2014-12-21 15:43 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-21 15:43 - 2014-12-21 15:43 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-21 15:43 - 2014-12-21 15:43 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-21 15:43 - 2014-12-21 15:43 - 00001040 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-21 15:43 - 2014-12-21 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-21 15:43 - 2014-12-21 15:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-21 15:43 - 2014-12-21 15:43 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-21 09:36 - 2014-12-21 09:36 - 00088928 _____ () C:\Users\Roger\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-21 09:27 - 2014-12-23 15:11 - 00062100 _____ () C:\Windows\setupact.log
2014-12-21 09:27 - 2014-12-21 16:33 - 00031006 _____ () C:\Windows\PFRO.log
2014-12-21 09:27 - 2014-12-21 09:27 - 00373968 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-21 09:27 - 2014-12-21 09:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-20 15:41 - 2014-12-20 15:41 - 00081768 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi.sys
2014-12-20 15:41 - 2014-12-20 15:41 - 00056680 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi64.sys
2014-12-20 15:41 - 2014-12-20 15:41 - 00001004 _____ () C:\Users\Public\Desktop\Clean Master.lnk
2014-12-20 15:41 - 2014-12-20 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clean Master
2014-12-20 15:41 - 2014-12-20 15:41 - 00000000 ____D () C:\ProgramData\Kingsoft
2014-12-20 15:41 - 2014-12-20 15:41 - 00000000 ____D () C:\ProgramData\cmcm
2014-12-20 15:41 - 2014-12-20 15:41 - 00000000 ____D () C:\Program Files\cmcm
2014-12-20 15:40 - 2014-12-21 09:32 - 00000000 ____D () C:\Users\Roger\AppData\Local\SoftonicAssistant
2014-12-20 14:56 - 2014-12-20 14:56 - 00000000 ____D () C:\ProgramData\Shared Space
2014-12-20 14:53 - 2014-12-09 00:19 - 04199128 _____ (COMODO) C:\ProgramData\cis361D.exe
2014-12-20 11:21 - 2014-12-20 11:21 - 40299724 _____ () C:\Users\Roger\Documents\Regbu 20 Dec.reg
2014-12-20 10:23 - 2014-12-20 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-20 10:23 - 2014-12-18 15:04 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-19 14:30 - 2014-12-19 14:30 - 00000000 ____D () C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Macrium
2014-12-19 14:08 - 2014-12-19 14:08 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-12-19 14:07 - 2014-12-19 14:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-12-19 11:30 - 2014-12-19 11:30 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-19 11:30 - 2014-12-19 11:30 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-19 11:26 - 2014-12-19 11:26 - 00000000 __SHD () C:\Users\Roger\AppData\Local\EmieBrowserModeList
2014-12-19 11:06 - 2014-12-13 03:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 16:04 - 2014-12-18 16:05 - 00003558 _____ () C:\Windows\system32\Drivers\fvstore.dat
2014-12-18 16:04 - 2014-12-18 16:04 - 00000000 ___HD () C:\VTRoot
2014-12-18 15:49 - 2014-10-18 01:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-18 15:49 - 2014-07-07 01:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-18 15:49 - 2014-07-07 01:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-18 15:49 - 2014-07-07 01:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-18 15:49 - 2014-07-07 01:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-18 15:40 - 2014-11-22 02:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-18 15:40 - 2014-11-22 02:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-18 15:40 - 2014-11-22 02:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-18 15:40 - 2014-11-22 01:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-18 15:40 - 2014-11-22 01:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-18 15:40 - 2014-11-22 01:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-18 15:40 - 2014-11-22 01:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-18 15:40 - 2014-11-22 01:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-18 15:40 - 2014-11-22 01:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-18 15:40 - 2014-11-22 01:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-18 15:40 - 2014-11-08 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-18 15:40 - 2014-10-03 01:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-12-18 15:40 - 2014-10-03 01:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-12-18 15:40 - 2014-10-03 01:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-12-18 15:40 - 2014-10-03 01:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-12-18 15:40 - 2014-10-03 01:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-12-18 15:40 - 2014-08-21 06:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-12-18 15:40 - 2014-08-21 06:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-12-18 15:39 - 2014-11-27 01:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-18 15:39 - 2014-11-22 02:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-18 15:39 - 2014-11-22 02:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-18 15:39 - 2014-11-22 02:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-18 15:39 - 2014-11-22 02:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-18 15:39 - 2014-11-22 02:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-18 15:39 - 2014-11-22 01:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-18 15:39 - 2014-11-22 01:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-18 15:39 - 2014-11-22 01:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-18 15:39 - 2014-11-22 01:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-18 15:39 - 2014-11-22 01:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-18 15:39 - 2014-11-22 01:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-18 15:39 - 2014-11-22 01:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-18 15:39 - 2014-11-22 01:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-18 15:39 - 2014-11-22 01:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-18 15:39 - 2014-11-22 01:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-18 15:39 - 2014-11-22 01:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-18 15:39 - 2014-11-22 00:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-18 15:39 - 2014-11-22 00:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-18 15:39 - 2014-11-11 02:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-18 15:39 - 2014-11-11 02:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-12-18 15:39 - 2014-11-11 02:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-12-18 15:39 - 2014-11-11 01:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-18 15:39 - 2014-10-14 01:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-12-18 15:39 - 2014-10-14 01:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-12-18 15:39 - 2014-10-14 01:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-12-18 15:39 - 2014-10-14 01:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-12-18 15:39 - 2014-10-14 01:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-12-18 15:39 - 2014-10-14 01:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-12-18 15:39 - 2014-09-19 09:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-12-18 15:39 - 2014-09-19 09:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-18 15:39 - 2014-09-19 09:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-12-18 15:39 - 2014-09-19 09:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-12-18 15:39 - 2014-09-19 09:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-12-18 15:39 - 2014-09-19 09:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-12-18 15:38 - 2014-10-18 01:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-12-18 15:38 - 2014-10-10 00:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-12-18 15:38 - 2014-09-05 01:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-12-18 15:38 - 2014-09-04 05:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-12-18 15:38 - 2014-08-29 01:44 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-12-18 15:38 - 2014-08-12 01:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-12-18 15:35 - 2014-10-25 01:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-12-18 15:35 - 2014-07-17 01:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-12-18 15:35 - 2014-07-17 01:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-12-18 15:35 - 2014-07-17 01:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-12-18 15:35 - 2014-07-17 01:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-12-18 15:35 - 2014-07-17 01:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-12-18 15:35 - 2014-06-18 22:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-12-18 15:35 - 2014-06-18 22:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-12-18 15:35 - 2014-06-18 22:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-12-18 15:34 - 2014-10-30 01:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-18 15:06 - 2014-12-20 10:23 - 00002087 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-18 15:04 - 2014-12-18 15:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-09 00:20 - 2014-12-09 00:20 - 00091200 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-23 15:18 - 2009-10-27 13:52 - 00018864 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-23 15:18 - 2009-10-27 13:52 - 00018864 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-23 15:17 - 2009-10-27 14:28 - 00892700 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-23 15:14 - 2014-02-26 11:42 - 02037971 _____ () C:\Windows\WindowsUpdate.log
2014-12-23 15:11 - 2012-07-17 06:55 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-23 15:11 - 2009-10-27 13:53 - 00000000 ____D () C:\Users\Roger
2014-12-23 15:11 - 2009-07-14 04:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-23 13:44 - 2014-01-04 13:18 - 00000000 ____D () C:\Users\Roger\Documents\Reflect
2014-12-22 08:27 - 2014-06-21 08:23 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2014-12-21 09:45 - 2007-11-06 12:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSConfig CleanUp
2014-12-21 09:45 - 2007-11-06 12:30 - 00000000 ____D () C:\Program Files\MSConfig CleanUp
2014-12-21 09:36 - 2014-02-04 11:37 - 00000000 ____D () C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-12-20 15:46 - 2013-01-17 15:34 - 00000000 ____D () C:\ProgramData\Skype
2014-12-20 15:46 - 2012-04-24 15:55 - 00000000 ____D () C:\ProgramData\Mozilla
2014-12-20 15:46 - 2011-08-14 09:08 - 00000000 ____D () C:\Users\Roger\AppData\Roaming\Thunderbird
2014-12-20 15:45 - 2013-05-22 07:33 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-12-20 15:38 - 2009-07-14 02:37 - 00000000 ___RD () C:\Users\Public
2014-12-20 14:58 - 2013-09-26 08:41 - 00001870 _____ () C:\Users\Public\Desktop\COMODO Firewall.lnk
2014-12-20 14:53 - 2012-10-11 18:38 - 00001431 ____N () C:\Windows\system32\{1606DC18-9578-4cbd-8312-8E9868F06A1D}.conf
2014-12-20 14:53 - 2012-10-11 18:38 - 00000738 _____ () C:\Windows\system32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
2014-12-20 11:12 - 2009-07-14 04:53 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-20 10:23 - 2013-10-18 16:40 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-20 10:23 - 2013-10-18 16:40 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-12-20 08:58 - 2011-11-21 12:58 - 00013464 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-12-20 08:49 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-12-19 14:31 - 2014-08-12 11:48 - 00448074 _____ () C:\Reflect_Install.log
2014-12-19 14:28 - 2014-08-08 07:20 - 00000000 ____D () C:\Users\Roger\Downloads\Macrium
2014-12-19 13:42 - 2014-04-21 10:34 - 00000000 ____D () C:\Users\Roger\AbiSuite
2014-12-19 11:30 - 2014-08-18 14:57 - 00000000 ____D () C:\Users\Roger\AppData\Local\Adobe
2014-12-19 11:11 - 2010-11-19 09:34 - 00001154 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2014-12-19 11:11 - 2010-11-17 18:57 - 00000000 ____D () C:\Program Files\Paint.NET
2014-12-19 10:30 - 2013-02-16 15:49 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-18 19:23 - 2012-10-11 15:28 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-18 19:16 - 2014-07-08 07:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT
2014-12-18 18:06 - 2014-06-22 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-12-18 18:06 - 2014-06-22 11:29 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Exploit
2014-12-18 17:49 - 2014-05-07 12:29 - 00001843 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
2014-12-18 17:45 - 2012-02-05 13:31 - 00000929 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-18 17:45 - 2012-02-05 13:31 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-18 17:38 - 2012-07-23 07:04 - 00000000 ____D () C:\Windows\Tweak-SSD
2014-12-18 17:38 - 2012-07-23 07:04 - 00000000 ____D () C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweak-SSD
2014-12-18 17:38 - 2012-07-23 07:04 - 00000000 ____D () C:\Program Files\Tweak-SSD
2014-12-18 17:19 - 2014-02-14 10:07 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-18 15:55 - 2014-02-14 09:57 - 00000000 ____D () C:\Program Files\McAfee
2014-12-18 15:46 - 2013-07-12 17:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-18 15:30 - 2014-09-23 07:13 - 00000000 ____D () C:\Program Files\Pale Moon
2014-12-18 15:04 - 2014-04-18 08:57 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-18 15:04 - 2013-12-17 18:37 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-12-18 15:04 - 2013-10-18 16:40 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-18 15:04 - 2013-10-18 16:40 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-18 15:04 - 2013-10-18 16:40 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-12-18 15:04 - 2013-10-18 16:40 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-09 00:20 - 2014-03-05 12:54 - 00617536 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys
2014-12-09 00:20 - 2014-03-05 12:54 - 00041248 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys
2014-12-09 00:20 - 2014-03-05 12:54 - 00017088 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys
2014-12-09 00:20 - 2014-03-05 12:53 - 00352272 _____ (COMODO) C:\Windows\system32\guard32.dll
2014-12-09 00:20 - 2014-03-05 12:53 - 00286424 _____ (COMODO) C:\Windows\system32\cmdvrt32.dll
2014-12-09 00:20 - 2014-03-05 12:53 - 00040664 _____ (COMODO) C:\Windows\system32\cmdkbd32.dll
2014-12-09 00:20 - 2014-03-05 12:53 - 00033520 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
2014-11-27 16:40 - 2009-11-11 11:03 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\ProgramData\cis361D.exe
C:\ProgramData\cis6847.exe


Some content of TEMP:
====================
C:\Users\Roger\AppData\Local\Temp\Quarantine.exe
C:\Users\Roger\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-02 17:39

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-12-2014 01
Ran by Roger at 2014-12-23 15:28:07
Running from C:\Users\Roger\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AbiWord 2.8.6 (HKLM\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-3119582079-282113860-1835835686-1000\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo WinOptimizer 2014 v.1.0.0 (HKLM\...\{4209F371-99CD-68CB-1C29-9910F8F9BD96}_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Atlantis Word Processor (HKLM\...\Atlantis Word Processor) (Version:  - )
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Camera RAW Plug-In for EPSON Creativity Suite (HKLM\...\{42EDF895-158C-484E-A7F2-42B90759F281}) (Version: 2.3.0.0 - SEIKO EPSON CORPORATION)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Clean Master (HKLM\...\Clean Master) (Version: 1.0 - Cheetah Mobile)
COMODO Firewall (HKLM\...\{18F14F4B-D8A9-4309-817E-3BC0B7664E53}) (Version: 8.0.0.4344 - COMODO Security Solutions Inc.)
CryptoPrevent (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
EPSON Easy Photo Print (HKLM\...\{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}) (Version: 1.5.1.0 - SEIKO EPSON CORPORATION)
EPSON File Manager (HKLM\...\{46CBBDF8-55B5-40DB-B459-7B848394309C}) (Version: 1.3.1.0 - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
EPSON Scan Assistant (HKLM\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.10.00 - )
EPSON Stylus SX200 Series Printer Uninstall (HKLM\...\EPSON Stylus SX200 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Stylus SX200_SX400_TX200_TX400 Manual (HKLM\...\EPSON Stylus SX200_SX400_TX200_TX400 User’s Guide) (Version:  - )
Eusing Free Registry Cleaner (HKLM\...\Eusing Free Registry Cleaner) (Version:  - Eusing Software)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)
Gateway Recovery Center Installer (HKLM\...\{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}) (Version: 1.01.025 - Gateway)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (Version: 4.0.0.002 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
inSSIDer Home (HKLM\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.3 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 5.3.7220 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Exploit version 1.05.1.1016 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1016 - Malwarebytes)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.154 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Motorola SM56 Speakerphone Modem (HKLM\...\SMSERIAL) (Version: 6.12.25.06 - Motorola Inc)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 en-GB) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-GB)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0a2 - Mozilla)
MSConfig CleanUp 1.2 (HKLM\...\MSConfig CleanUp_is1) (Version:  - Virtuoza)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
O2InstV3Win7UpdateV2 (Version: 10 - SupportSoft) Hidden
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC41}) (Version: 4.0.5 - dotPDN LLC)
Pale Moon 25.1.0 (x86 en-US) (HKLM\...\Pale Moon 25.1.0 (x86 en-US)) (Version: 25.1.0 - Moonchild Productions)
Power2Go 5.0 (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version:  - )
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5003.0 - SigmaTel)
Simple Adblock (HKLM\...\{A9A75A7F-4785-430D-8013-77BC1FD13A4C}) (Version: 1.1.5 - Simple Adblock)
SIW Pro Edition (GOTD) (HKLM\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2014.01.30 - Topala Software Solutions)
Skypeâ„¢ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SlimDrivers (HKLM\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SSuite Office - WordGraph (HKLM\...\{05102FD6-D968-454C-826B-9838C7600567}) (Version: 8.30.0002 - SSuite Office Software{TM})
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.3.0 - Synaptics)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{B54B8CD3-E12B-4C29-AF5A-2101E2FF5F53}) (Version: 2.00.0005 - Texas Instruments Inc.)
TIPCI (Version: 2.00.0005 - Texas Instruments Inc.) Hidden
Tweak-SSD (HKLM\...\Tweak-SSD) (Version: 1.2.0 - Totalidea Software)
Windows Driver Package - Intel (NETwLv32) net  (08/15/2010 13.3.0.137) (HKLM\...\BDE6534846F22EEEE3848BD9F55FC872EF48B73F) (Version: 08/15/2010 13.3.0.137 - Intel)
Windows Driver Package - Intel (NETwNs32) net  (07/14/2010 13.3.0.24) (HKLM\...\7DAE8CDD63E347A3DA14F801D61A6B6B406411EA) (Version: 07/14/2010 13.3.0.24 - Intel)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 10:23 - 2014-12-18 18:02 - 00457374 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    localhost
127.0.0.1    babe.the-killer.bz
127.0.0.1    www.babe.the-killer.bz
127.0.0.1    babe.k-lined.com
127.0.0.1    www.babe.k-lined.com
127.0.0.1    did.i-used.cc
127.0.0.1    www.did.i-used.cc
127.0.0.1    coolwwwsearch.com
127.0.0.1    www.coolwwwsearch.com
127.0.0.1    coolwebsearch.com
127.0.0.1    www.coolwebsearch.com
127.0.0.1    hi.studioaperto.net
127.0.0.1    www.hi.studioaperto.net
127.0.0.1    wazzupnet.com
127.0.0.1    www.wazzupnet.com
127.0.0.1    gueb.com
127.0.0.1    www.gueb.com
127.0.0.1    kabex.com
127.0.0.1    www.kabex.com
127.0.0.1    hityou.com
127.0.0.1    www.hityou.com
127.0.0.1    miosearch.com
127.0.0.1    www.miosearch.com
127.0.0.1    blue-elefant.com
127.0.0.1    www.blue-elefant.com
127.0.0.1    babeweb.de
127.0.0.1    www.babeweb.de
127.0.0.1    start-seite.com
127.0.0.1    www.start-seite.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1852D895-27FE-48BF-BEFE-C6DF43ED1484} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {1AED0C87-C6C2-4A21-8237-3BA768DA3E4E} - System32\Tasks\{84F49C33-9849-4BF8-9292-5E0A881703E1} => C:\Users\Roger\Desktop\Downloads\saSetup3.2.0.152_p4.exe
Task: {2155390F-BE80-4160-8108-A1980C3FD0C4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {2F7A6C20-B6C1-4A35-ADEF-0CEBD303BAE6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-19] (Google Inc.)
Task: {37C15562-B05B-4984-9EE8-2F7F2239E426} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-18] (AVAST Software)
Task: {47FF977D-8A30-4219-84B5-E68D6A3C3043} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe
Task: {4AD73BAC-34AF-462A-813E-62BA2A4F2D29} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {6A3115C8-5E75-43FE-8C23-DC02497E4D17} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {79F5A159-DDCC-486F-87F4-CAA75E0A12F1} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Roger => C:\Program Files\Windows Calendar\WinCal.exe
Task: {7AF3344E-7392-4C1B-9569-65106C371680} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-18] (Piriform Ltd)
Task: {7FA3F84E-3AEC-4A34-B13D-1E781375638C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {82979E1C-3365-49B3-A643-5B754D2F4C45} - System32\Tasks\{B678CFFA-AF9A-43C6-9C3F-E93F388037E2} => pcalua.exe -a C:\Users\Roger\Desktop\Downloads\saSetup3.2.0.152_p4(1).exe -d C:\Users\Roger\Desktop\Downloads
Task: {98BB1936-0DBA-4F45-8D37-D823110BBB6E} - \Microsoft\Windows\Defrag\ManualDefrag No Task File <==== ATTENTION
Task: {9A909966-B70D-4830-A823-E5C0D446F8FB} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {B920A3CC-B973-43FA-8161-2D698705D352} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-19] (Google Inc.)
Task: {C08601DD-3843-449D-883C-3FE16157E95B} - System32\Tasks\{7B337A45-20B8-470C-B04D-DA807D84AADE} => pcalua.exe -a C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FINSEFE.EXE -c /R /APD /P:"EPSON Stylus SX200 Series"
Task: {D2526931-3238-4527-90B9-D7988A7136C8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E0F1D66C-B42B-4426-A675-94A2B0E85FF1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {EACE7D10-215F-4BC5-93FB-A34A06A324B1} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-12-09] (COMODO)
Task: {FCF55A8E-CFA8-4834-8C2C-C203AA0586DF} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3119582079-282113860-1835835686-1000

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-12-23 13:38 - 2014-12-23 13:38 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14122300\algo.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-01 16:22 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-07-01 16:22 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-07-01 16:22 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-07-01 16:22 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-07-01 16:22 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-12-18 15:04 - 2014-12-18 15:04 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-09-23 07:13 - 2014-12-18 15:30 - 03044864 _____ () C:\Program Files\Pale Moon\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\system32\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\SWDUMon.sys:$CmdTcID
AlternateDataStreams: C:\ProgramData\TEMP:587EB586
AlternateDataStreams: C:\Users\Roger\Desktop\FRST.exe:$CmdTcID
AlternateDataStreams: C:\Users\Roger\Desktop\mbam-check-2.1.1.1001.exe:$CmdTcID

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListen => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListenPush => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SupportSoft RemoteAssist => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3119582079-282113860-1835835686-500 - Administrator - Disabled)
Guest (S-1-5-21-3119582079-282113860-1835835686-501 - Limited - Disabled)
Roger (S-1-5-21-3119582079-282113860-1835835686-1000 - Administrator - Enabled) => C:\Users\Roger

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (12/23/2014 03:12:43 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (12/23/2014 03:11:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UimBus
Uim_IM
Uim_Vim

Error: (12/23/2014 03:10:54 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (12/23/2014 01:39:41 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (12/23/2014 01:37:49 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UimBus
Uim_IM
Uim_Vim

Error: (12/23/2014 01:37:22 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:20:42 AM on ‎12/‎23/‎2014 was unexpected.

Error: (12/23/2014 01:37:00 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (12/23/2014 09:21:17 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.

Error: (12/23/2014 09:21:00 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.

Error: (12/23/2014 09:20:50 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Core2 CPU T5300 @ 1.73GHz
Percentage of memory in use: 50%
Total physical RAM: 3062.12 MB
Available physical RAM: 1518.91 MB
Total Pagefile: 3060.41 MB
Available Pagefile: 1480.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1895.43 MB

==================== Drives ================================

Drive c: (Main) (Fixed) (Total:119.24 GB) (Free:95.18 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: AA9E03BA)
Partition 1: (Active) - (Size=119.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================



CheckResults.txt

 

Other than MBAM scans causing problems on the scans ending my computer appears to be fuctioning as normal.

 

Thank you for any assistance/help you are able to offer.

Link to post
Share on other sites
daledoc1

daledoc1

Posted
Posted

Hi:

 

Until Firefox returns...

Preliminary review of your scan logs suggests that you could be infected.

We cannot work on possible malware-related issues in this area of the forum.

So I suggest that you might want to please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.
It explains the options for free, expert help >>AND<< the preliminary steps to expedite the process.
A malware analyst will assist you with looking into your issue.

>>As you have already run FRST, you just need to start a NEW topic in the malware removal section (attaching the same logs).

Then, please wait for one of the expert helpers to pick up your thread.

Thanks,

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.