Jump to content

Recommended Posts

Valinorum had very kindly been dealing with my problem at https://forums.malwarebytes.org/index.php?/topic/162632-problems-after-running-mbam-scans/

 

After the initial problems appear to have been sorted I made a disk image (Dec 28) on an external hard drive after both a Hyper and Threat scan with MBAM ran to conclusion with no problems.

 

A Hyper scan with MBAM yesterday showed the original problem had reocurred. I then carried out a disk restore (Dec 28) this morning but then a Hyper scan with MBAM still showed the problem to exixt.

 

Therefore, further help is needed please, Valinorum, going right back to the start of the procedure.

 

scorpior7.

Link to post
Share on other sites

  • Replies 76
  • Created
  • Last Reply

Top Posters In This Topic

  • Root Admin

Hello Scorpior7 and Happy New Year

 

I will take over and assist you but please note that due to the New Year holiday season a reply could potentially be a couple of days.

 

 

Please read the following and post back the 3 requested logs as attachments.
 
Diagnostic Logs
 
Thank you
 

Link to post
Share on other sites

Hello AdvancedSetup and aHappy New year to you too.

 

Thank you very much for helping to resolve the ongoing problem.

 

Please find the Diagnostic logs as requested:-

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-12-2014
Ran by Roger (administrator) on ROGER-PC on 01-01-2015 09:51:48
Running from C:\Users\Roger\Desktop
Loaded Profile: Roger (Available profiles: Roger)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SigmaTel, Inc.) C:\Windows\System32\stacsv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe
(Moonchild Productions) C:\Program Files\Pale Moon\palemoon.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-11-17] (Synaptics, Inc.)
HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1821576 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-12-20] (AVAST Software)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-18] (Malwarebytes Corporation)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1243352 2014-12-09] (COMODO)
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *‮* <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKU\S-1-5-21-3119582079-282113860-1835835686-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3119582079-282113860-1835835686-1000\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-3119582079-282113860-1835835686-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [s-1-5-21-3119582079-282113860-1835835686-1000] => localhost:8080
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_GB&Sys=PTB&M=MX8716B
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_GB&Sys=PTB&M=MX8716B
HKU\S-1-5-21-3119582079-282113860-1835835686-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.my.yahoo.com/
SearchScopes: HKLM -> {39872DCC-EFD2-4B84-8094-F1567532B7BF} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {39872DCC-EFD2-4B84-8094-F1567532B7BF} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-3119582079-282113860-1835835686-1000 -> {5DD76BCB-0473-429C-AB5B-9312DEC5B4C2} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B010GB0D20140214&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-3119582079-282113860-1835835686-1000 -> {76789893-0E17-42AF-B8AD-DE66AD0BCFCA} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
BHO: No Name -> {FFCB3198-32F3-4E8B-9539-4324694ED664} ->  No File
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3119582079-282113860-1835835686-1000 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Toolbar: HKU\S-1-5-21-3119582079-282113860-1835835686-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4D64A718-C4BF-48D0-865A-6A7BB157BA3E}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{F9A18B53-71D4-424A-832B-8F77DA4B3DF4}: [NameServer] 8.26.56.26,8.20.247.20

FireFox:
========
FF ProfilePath: C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\b5x4cgso.default
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Bing
FF Homepage: https://uk.yahoo.com/
FF Keyword.URL: hxxp://uk.search.yahoo.com/search?fr=mcafee&type=A110GB0&p=
FF NetworkProxy: "no_proxies_on", "localhost,127.0.0.1"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\b5x4cgso.default\searchplugins\duckduckgo-1.xml
FF SearchPlugin: C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\b5x4cgso.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\b5x4cgso.default\searchplugins\fileinfocom.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Status-4-Evar - C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\b5x4cgso.default\Extensions\status4evar@caligonstudios.com.xpi [2011-02-06]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\b5x4cgso.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2014-07-10]
FF Extension: NoScript - C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\b5x4cgso.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-01-15]
FF Extension: Padlock - C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\b5x4cgso.default\Extensions\{d09e32df-8610-4b33-b929-1e631b764130}.xpi [2011-03-15]
FF Extension: Adblock Plus - C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\b5x4cgso.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-03]
FF Extension: Aeon Clouds - C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\b5x4cgso.default\Extensions\{FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01}.xpi [2014-12-21]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-01-30]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-02-14]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-18]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2014-12-27]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-18]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-18] (AVAST Software)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5868440 2014-12-09] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1664216 2014-12-09] (COMODO)
S2 gupdate1c98636a66df5f0; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-12-19] (Google Inc.)
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-18] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-12-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-12-21] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; c:\Program Files\McAfee\siteadvisor\McSACore.exe [131136 2014-12-03] (McAfee, Inc.)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [2462160 2014-12-19] (Paramount Software UK Ltd)
R2 STacSV; C:\Windows\system32\STacSV.exe [90112 2007-01-02] (SigmaTel, Inc.) [File not signed]
S2 SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [383408 2010-04-23] (SupportSoft, Inc.) [File not signed]
S3 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-12-18] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-12-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-12-18] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-12-18] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-12-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-12-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-12-18] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-12-18] ()
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [17088 2014-12-09] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [617536 2014-12-09] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [41248 2014-12-09] (COMODO)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47928 2014-12-18] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [91200 2014-12-09] (COMODO)
S3 ksapi; C:\Windows\system32\drivers\ksapi.sys [81768 2014-12-20] (Kingsoft Corporation)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2014-12-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-12-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-12-21] (Malwarebytes Corporation)
R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6637056 2000-01-01] (Intel Corporation)
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [152952 2014-10-30] (Windows ® Win 7 DDK provider)
R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [16504 2013-06-28] (Macrium Software)
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [649216 2007-01-02] (SigmaTel, Inc.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-12-20] ()
S1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [81232 2012-12-02] (Windows ® 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [452816 2012-12-02] (Paragon)
S1 Uim_Vim; C:\Windows\System32\Drivers\Uim_Vim.sys [283600 2012-12-02] (Paragon)
S3 usbcamcl; C:\Windows\System32\DRIVERS\usbcamcl.sys [28416 2011-08-18] (usb camera)
U3 DfSdkS; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-01 09:51 - 2015-01-01 09:52 - 00029412 _____ () C:\Users\Roger\Desktop\FRST.txt
2015-01-01 09:50 - 2015-01-01 09:50 - 01114624 _____ (Farbar) C:\Users\Roger\Desktop\FRST.exe
2014-12-27 13:49 - 2014-09-01 08:56 - 00000109 _____ () C:\Quarantine.lst
2014-12-24 11:54 - 2014-12-24 11:54 - 00000407 _____ () C:\Users\Roger\Documents\Instructions 2.txt
2014-12-24 11:52 - 2014-12-24 11:52 - 00002575 _____ () C:\Users\Roger\Documents\Instructions for MBAM. 24 Dec.txt
2014-12-23 17:50 - 2014-12-23 17:50 - 00003280 ____N () C:\bootsqm.dat
2014-12-23 16:41 - 2014-12-27 18:14 - 00000000 ____D () C:\Users\Roger\Documents\MBAM
2014-12-23 15:25 - 2015-01-01 09:51 - 00000000 ____D () C:\FRST
2014-12-21 18:16 - 2014-12-21 18:23 - 00002397 _____ () C:\Windows\IE11_main.log
2014-12-21 16:17 - 2014-12-21 16:39 - 00000000 ____D () C:\AdwCleaner
2014-12-21 15:43 - 2015-01-01 09:45 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-21 15:43 - 2014-12-21 15:43 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-21 15:43 - 2014-12-21 15:43 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-21 15:43 - 2014-12-21 15:43 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-21 15:43 - 2014-12-21 15:43 - 00001040 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-21 15:43 - 2014-12-21 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-21 15:43 - 2014-12-21 15:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-21 15:43 - 2014-12-21 15:43 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-21 09:36 - 2014-12-21 09:36 - 00088928 _____ () C:\Users\Roger\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-21 09:27 - 2015-01-01 09:35 - 00115920 _____ () C:\Windows\setupact.log
2014-12-21 09:27 - 2014-12-31 09:21 - 00038010 _____ () C:\Windows\PFRO.log
2014-12-21 09:27 - 2014-12-21 09:27 - 00373968 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-21 09:27 - 2014-12-21 09:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-20 15:41 - 2014-12-31 09:17 - 00000000 ____D () C:\Program Files\cmcm
2014-12-20 15:41 - 2014-12-20 15:41 - 00081768 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi.sys
2014-12-20 15:41 - 2014-12-20 15:41 - 00056680 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi64.sys
2014-12-20 15:41 - 2014-12-20 15:41 - 00000000 ____D () C:\ProgramData\Kingsoft
2014-12-20 15:41 - 2014-12-20 15:41 - 00000000 ____D () C:\ProgramData\cmcm
2014-12-20 14:56 - 2014-12-20 14:56 - 00000000 ____D () C:\ProgramData\Shared Space
2014-12-20 14:53 - 2014-12-09 00:19 - 04199128 _____ (COMODO) C:\ProgramData\cis361D.exe
2014-12-20 10:23 - 2014-12-20 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-20 10:23 - 2014-12-18 15:04 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-19 14:30 - 2014-12-19 14:30 - 00000000 ____D () C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Macrium
2014-12-19 14:08 - 2014-12-19 14:08 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-12-19 14:07 - 2014-12-19 14:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-12-19 11:30 - 2014-12-19 11:30 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-19 11:30 - 2014-12-19 11:30 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-19 11:26 - 2014-12-19 11:26 - 00000000 __SHD () C:\Users\Roger\AppData\Local\EmieBrowserModeList
2014-12-19 11:06 - 2014-12-13 03:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 16:04 - 2014-12-18 16:05 - 00003558 _____ () C:\Windows\system32\Drivers\fvstore.dat
2014-12-18 16:04 - 2014-12-18 16:04 - 00000000 ___HD () C:\VTRoot
2014-12-18 15:49 - 2014-10-18 01:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-18 15:49 - 2014-07-07 01:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-18 15:49 - 2014-07-07 01:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-18 15:49 - 2014-07-07 01:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-18 15:49 - 2014-07-07 01:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-18 15:40 - 2014-11-22 02:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-18 15:40 - 2014-11-22 02:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-18 15:40 - 2014-11-22 02:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-18 15:40 - 2014-11-22 01:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-18 15:40 - 2014-11-22 01:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-18 15:40 - 2014-11-22 01:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-18 15:40 - 2014-11-22 01:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-18 15:40 - 2014-11-22 01:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-18 15:40 - 2014-11-22 01:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-18 15:40 - 2014-11-22 01:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-18 15:40 - 2014-11-08 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-18 15:40 - 2014-10-03 01:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-12-18 15:40 - 2014-10-03 01:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-12-18 15:40 - 2014-10-03 01:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-12-18 15:40 - 2014-10-03 01:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-12-18 15:40 - 2014-10-03 01:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-12-18 15:40 - 2014-08-21 06:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-12-18 15:40 - 2014-08-21 06:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-12-18 15:39 - 2014-11-27 01:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-18 15:39 - 2014-11-22 02:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-18 15:39 - 2014-11-22 02:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-18 15:39 - 2014-11-22 02:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-18 15:39 - 2014-11-22 02:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-18 15:39 - 2014-11-22 02:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-18 15:39 - 2014-11-22 01:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-18 15:39 - 2014-11-22 01:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-18 15:39 - 2014-11-22 01:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-18 15:39 - 2014-11-22 01:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-18 15:39 - 2014-11-22 01:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-18 15:39 - 2014-11-22 01:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-18 15:39 - 2014-11-22 01:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-18 15:39 - 2014-11-22 01:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-18 15:39 - 2014-11-22 01:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-18 15:39 - 2014-11-22 01:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-18 15:39 - 2014-11-22 01:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-18 15:39 - 2014-11-22 00:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-18 15:39 - 2014-11-22 00:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-18 15:39 - 2014-11-11 02:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-18 15:39 - 2014-11-11 02:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-12-18 15:39 - 2014-11-11 02:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-12-18 15:39 - 2014-11-11 01:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-18 15:39 - 2014-10-14 01:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-12-18 15:39 - 2014-10-14 01:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-12-18 15:39 - 2014-10-14 01:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-12-18 15:39 - 2014-10-14 01:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-12-18 15:39 - 2014-10-14 01:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-12-18 15:39 - 2014-10-14 01:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-12-18 15:39 - 2014-09-19 09:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-12-18 15:39 - 2014-09-19 09:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-18 15:39 - 2014-09-19 09:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-12-18 15:39 - 2014-09-19 09:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-12-18 15:39 - 2014-09-19 09:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-12-18 15:39 - 2014-09-19 09:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-12-18 15:38 - 2014-10-18 01:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-12-18 15:38 - 2014-10-10 00:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-12-18 15:38 - 2014-09-05 01:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-12-18 15:38 - 2014-09-04 05:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-12-18 15:38 - 2014-08-29 01:44 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-12-18 15:38 - 2014-08-12 01:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-12-18 15:35 - 2014-10-25 01:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-12-18 15:35 - 2014-07-17 01:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-12-18 15:35 - 2014-07-17 01:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-12-18 15:35 - 2014-07-17 01:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-12-18 15:35 - 2014-07-17 01:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-12-18 15:35 - 2014-07-17 01:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-12-18 15:35 - 2014-06-18 22:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-12-18 15:35 - 2014-06-18 22:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-12-18 15:35 - 2014-06-18 22:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-12-18 15:34 - 2014-10-30 01:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-18 15:06 - 2014-12-20 10:23 - 00002087 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-18 15:04 - 2014-12-18 15:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-09 00:20 - 2014-12-09 00:20 - 00091200 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-01 09:43 - 2009-10-27 13:52 - 00018864 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-01 09:43 - 2009-10-27 13:52 - 00018864 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-01 09:40 - 2014-02-26 11:42 - 01130474 _____ () C:\Windows\WindowsUpdate.log
2015-01-01 09:40 - 2009-10-27 14:28 - 00892700 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-01 09:36 - 2012-07-17 06:55 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-01 09:35 - 2014-06-21 08:23 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-01-01 09:35 - 2009-07-14 04:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-31 09:13 - 2009-10-27 13:53 - 00000000 ____D () C:\Users\Roger
2014-12-28 09:08 - 2014-01-04 13:18 - 00000000 ____D () C:\Users\Roger\Documents\Reflect
2014-12-27 16:01 - 2014-02-14 09:57 - 00000000 ____D () C:\Program Files\McAfee
2014-12-27 16:00 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\Globalization
2014-12-27 13:53 - 2013-05-22 07:33 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-12-27 13:52 - 2013-05-23 17:50 - 00000079 _____ () C:\Windows\wininit.ini
2014-12-24 09:38 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-12-21 09:45 - 2007-11-06 12:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSConfig CleanUp
2014-12-21 09:45 - 2007-11-06 12:30 - 00000000 ____D () C:\Program Files\MSConfig CleanUp
2014-12-21 09:36 - 2014-02-04 11:37 - 00000000 ____D () C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-12-20 15:46 - 2013-01-17 15:34 - 00000000 ____D () C:\ProgramData\Skype
2014-12-20 15:46 - 2012-04-24 15:55 - 00000000 ____D () C:\ProgramData\Mozilla
2014-12-20 15:46 - 2011-08-14 09:08 - 00000000 ____D () C:\Users\Roger\AppData\Roaming\Thunderbird
2014-12-20 15:38 - 2009-07-14 02:37 - 00000000 ___RD () C:\Users\Public
2014-12-20 14:58 - 2013-09-26 08:41 - 00001870 _____ () C:\Users\Public\Desktop\COMODO Firewall.lnk
2014-12-20 14:53 - 2012-10-11 18:38 - 00001431 ____N () C:\Windows\system32\{1606DC18-9578-4cbd-8312-8E9868F06A1D}.conf
2014-12-20 14:53 - 2012-10-11 18:38 - 00000738 _____ () C:\Windows\system32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
2014-12-20 11:12 - 2009-07-14 04:53 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-20 10:23 - 2013-10-18 16:40 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-20 10:23 - 2013-10-18 16:40 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-12-20 08:58 - 2011-11-21 12:58 - 00013464 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-12-19 14:31 - 2014-08-12 11:48 - 00448074 _____ () C:\Reflect_Install.log
2014-12-19 14:28 - 2014-08-08 07:20 - 00000000 ____D () C:\Users\Roger\Downloads\Macrium
2014-12-19 13:42 - 2014-04-21 10:34 - 00000000 ____D () C:\Users\Roger\AbiSuite
2014-12-19 11:30 - 2014-08-18 14:57 - 00000000 ____D () C:\Users\Roger\AppData\Local\Adobe
2014-12-19 11:11 - 2010-11-19 09:34 - 00001154 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2014-12-19 11:11 - 2010-11-17 18:57 - 00000000 ____D () C:\Program Files\Paint.NET
2014-12-19 10:30 - 2013-02-16 15:49 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-18 19:23 - 2012-10-11 15:28 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-18 19:16 - 2014-07-08 07:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT
2014-12-18 18:06 - 2014-06-22 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-12-18 18:06 - 2014-06-22 11:29 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Exploit
2014-12-18 18:02 - 2006-11-02 10:23 - 00457374 ____R () C:\Windows\system32\Drivers\etc\hosts.20141227-135212.backup
2014-12-18 17:49 - 2014-05-07 12:29 - 00001843 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
2014-12-18 17:45 - 2012-02-05 13:31 - 00000929 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-18 17:45 - 2012-02-05 13:31 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-18 17:38 - 2012-07-23 07:04 - 00000000 ____D () C:\Windows\Tweak-SSD
2014-12-18 17:38 - 2012-07-23 07:04 - 00000000 ____D () C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweak-SSD
2014-12-18 17:38 - 2012-07-23 07:04 - 00000000 ____D () C:\Program Files\Tweak-SSD
2014-12-18 17:19 - 2014-02-14 10:07 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-18 15:46 - 2013-07-12 17:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-18 15:30 - 2014-09-23 07:13 - 00000000 ____D () C:\Program Files\Pale Moon
2014-12-18 15:04 - 2014-04-18 08:57 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-18 15:04 - 2013-12-17 18:37 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-12-18 15:04 - 2013-10-18 16:40 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-18 15:04 - 2013-10-18 16:40 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-18 15:04 - 2013-10-18 16:40 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-12-18 15:04 - 2013-10-18 16:40 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-09 00:20 - 2014-03-05 12:54 - 00617536 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys
2014-12-09 00:20 - 2014-03-05 12:54 - 00041248 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys
2014-12-09 00:20 - 2014-03-05 12:54 - 00017088 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys
2014-12-09 00:20 - 2014-03-05 12:53 - 00352272 _____ (COMODO) C:\Windows\system32\guard32.dll
2014-12-09 00:20 - 2014-03-05 12:53 - 00286424 _____ (COMODO) C:\Windows\system32\cmdvrt32.dll
2014-12-09 00:20 - 2014-03-05 12:53 - 00040664 _____ (COMODO) C:\Windows\system32\cmdkbd32.dll
2014-12-09 00:20 - 2014-03-05 12:53 - 00033520 _____ (COMODO) C:\Windows\system32\cmdcsr.dll

Files to move or delete:
====================
C:\ProgramData\cis361D.exe
C:\ProgramData\cis6847.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-02 17:39

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-12-2014
Ran by Roger at 2015-01-01 09:52:45
Running from C:\Users\Roger\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AbiWord 2.8.6 (HKLM\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-3119582079-282113860-1835835686-1000\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo WinOptimizer 2014 v.1.0.0 (HKLM\...\{4209F371-99CD-68CB-1C29-9910F8F9BD96}_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Atlantis Word Processor (HKLM\...\Atlantis Word Processor) (Version:  - )
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Camera RAW Plug-In for EPSON Creativity Suite (HKLM\...\{42EDF895-158C-484E-A7F2-42B90759F281}) (Version: 2.3.0.0 - SEIKO EPSON CORPORATION)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
COMODO Firewall (HKLM\...\{18F14F4B-D8A9-4309-817E-3BC0B7664E53}) (Version: 8.0.0.4344 - COMODO Security Solutions Inc.)
CryptoPrevent (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
EPSON Easy Photo Print (HKLM\...\{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}) (Version: 1.5.1.0 - SEIKO EPSON CORPORATION)
EPSON File Manager (HKLM\...\{46CBBDF8-55B5-40DB-B459-7B848394309C}) (Version: 1.3.1.0 - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
EPSON Scan Assistant (HKLM\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.10.00 - )
EPSON Stylus SX200 Series Printer Uninstall (HKLM\...\EPSON Stylus SX200 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Stylus SX200_SX400_TX200_TX400 Manual (HKLM\...\EPSON Stylus SX200_SX400_TX200_TX400 User’s Guide) (Version:  - )
Eusing Free Registry Cleaner (HKLM\...\Eusing Free Registry Cleaner) (Version:  - Eusing Software)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)
Gateway Recovery Center Installer (HKLM\...\{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}) (Version: 1.01.025 - Gateway)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (Version: 4.0.0.002 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
inSSIDer Home (HKLM\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.3 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 5.3.7220 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Exploit version 1.05.1.1016 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1016 - Malwarebytes)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.156 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Motorola SM56 Speakerphone Modem (HKLM\...\SMSERIAL) (Version: 6.12.25.06 - Motorola Inc)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 en-GB) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-GB)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0a2 - Mozilla)
MSConfig CleanUp 1.2 (HKLM\...\MSConfig CleanUp_is1) (Version:  - Virtuoza)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
O2InstV3Win7UpdateV2 (Version: 10 - SupportSoft) Hidden
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC41}) (Version: 4.0.5 - dotPDN LLC)
Pale Moon 25.1.0 (x86 en-US) (HKLM\...\Pale Moon 25.1.0 (x86 en-US)) (Version: 25.1.0 - Moonchild Productions)
Power2Go 5.0 (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version:  - )
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5003.0 - SigmaTel)
Simple Adblock (HKLM\...\{A9A75A7F-4785-430D-8013-77BC1FD13A4C}) (Version: 1.1.5 - Simple Adblock)
SIW Pro Edition (GOTD) (HKLM\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2014.01.30 - Topala Software Solutions)
Skypeâ„¢ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SlimDrivers (HKLM\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
SSuite Office - WordGraph (HKLM\...\{05102FD6-D968-454C-826B-9838C7600567}) (Version: 8.30.0002 - SSuite Office Software{TM})
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.3.0 - Synaptics)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{B54B8CD3-E12B-4C29-AF5A-2101E2FF5F53}) (Version: 2.00.0005 - Texas Instruments Inc.)
TIPCI (Version: 2.00.0005 - Texas Instruments Inc.) Hidden
Tweak-SSD (HKLM\...\Tweak-SSD) (Version: 1.2.0 - Totalidea Software)
Windows Driver Package - Intel (NETwLv32) net  (08/15/2010 13.3.0.137) (HKLM\...\BDE6534846F22EEEE3848BD9F55FC872EF48B73F) (Version: 08/15/2010 13.3.0.137 - Intel)
Windows Driver Package - Intel (NETwNs32) net  (07/14/2010 13.3.0.24) (HKLM\...\7DAE8CDD63E347A3DA14F801D61A6B6B406411EA) (Version: 07/14/2010 13.3.0.24 - Intel)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

31-12-2014 09:14:57 Revo Uninstaller's restore point - Clean Master

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 10:23 - 2014-12-27 14:05 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1852D895-27FE-48BF-BEFE-C6DF43ED1484} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {1AED0C87-C6C2-4A21-8237-3BA768DA3E4E} - System32\Tasks\{84F49C33-9849-4BF8-9292-5E0A881703E1} => C:\Users\Roger\Desktop\Downloads\saSetup3.2.0.152_p4.exe
Task: {2F7A6C20-B6C1-4A35-ADEF-0CEBD303BAE6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-19] (Google Inc.)
Task: {37C15562-B05B-4984-9EE8-2F7F2239E426} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-18] (AVAST Software)
Task: {47FF977D-8A30-4219-84B5-E68D6A3C3043} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe
Task: {4AD73BAC-34AF-462A-813E-62BA2A4F2D29} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {6A3115C8-5E75-43FE-8C23-DC02497E4D17} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {79F5A159-DDCC-486F-87F4-CAA75E0A12F1} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Roger => C:\Program Files\Windows Calendar\WinCal.exe
Task: {7AF3344E-7392-4C1B-9569-65106C371680} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-18] (Piriform Ltd)
Task: {82979E1C-3365-49B3-A643-5B754D2F4C45} - System32\Tasks\{B678CFFA-AF9A-43C6-9C3F-E93F388037E2} => pcalua.exe -a C:\Users\Roger\Desktop\Downloads\saSetup3.2.0.152_p4(1).exe -d C:\Users\Roger\Desktop\Downloads
Task: {9A909966-B70D-4830-A823-E5C0D446F8FB} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {B920A3CC-B973-43FA-8161-2D698705D352} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-19] (Google Inc.)
Task: {C08601DD-3843-449D-883C-3FE16157E95B} - System32\Tasks\{7B337A45-20B8-470C-B04D-DA807D84AADE} => pcalua.exe -a C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FINSEFE.EXE -c /R /APD /P:"EPSON Stylus SX200 Series"
Task: {D2526931-3238-4527-90B9-D7988A7136C8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {EACE7D10-215F-4BC5-93FB-A34A06A324B1} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-12-09] (COMODO)
Task: {FCF55A8E-CFA8-4834-8C2C-C203AA0586DF} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3119582079-282113860-1835835686-1000

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-12-31 20:37 - 2014-12-31 20:37 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14123101\algo.dll
2015-01-01 09:36 - 2015-01-01 09:36 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\15010100\algo.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-18 15:04 - 2014-12-18 15:04 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-03-31 20:35 - 2014-03-31 20:35 - 00270016 _____ () C:\Program Files\Windows Live\Writer\en\WindowsLive.Writer.Localization.resources.dll
2014-09-23 07:13 - 2014-12-18 15:30 - 03044864 _____ () C:\Program Files\Pale Moon\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\system32\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\SWDUMon.sys:$CmdTcID
AlternateDataStreams: C:\Users\Roger\Desktop\FRST.exe:$CmdTcID

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListen => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListenPush => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SupportSoft RemoteAssist => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3119582079-282113860-1835835686-500 - Administrator - Disabled)
Guest (S-1-5-21-3119582079-282113860-1835835686-501 - Limited - Disabled)
Roger (S-1-5-21-3119582079-282113860-1835835686-1000 - Administrator - Enabled) => C:\Users\Roger

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/31/2014 09:14:57 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {f6efd0c6-917a-4898-a1d2-c6d938ae14e0}

Error: (12/27/2014 02:04:51 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {40faf29b-94d2-4d68-96bf-78d6d6c162cf}

Error: (12/27/2014 01:12:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x02170fef
Faulting process id: 0x59c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3


System errors:
=============
Error: (01/01/2015 09:43:42 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.

Error: (01/01/2015 09:36:17 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (01/01/2015 09:36:08 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UimBus
Uim_IM
Uim_Vim

Error: (01/01/2015 09:35:20 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (12/31/2014 00:26:34 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.

Error: (12/31/2014 00:23:32 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (12/31/2014 10:39:50 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (12/31/2014 10:39:26 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UimBus
Uim_IM
Uim_Vim

Error: (12/31/2014 10:38:55 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (12/31/2014 09:41:21 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.


Microsoft Office Sessions:
=========================
Error: (12/31/2014 09:14:57 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.

Operation:
   Gathering Writer Data
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {f6efd0c6-917a-4898-a1d2-c6d938ae14e0}

Error: (12/27/2014 02:04:51 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.

Operation:
   Gathering Writer Data
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {40faf29b-94d2-4d68-96bf-78d6d6c162cf}

Error: (12/27/2014 01:12:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d6727a7unknown0.0.0.000000000c000000502170fef59c01d021c4ed09e53dC:\Windows\Explorer.EXEunknown04bb2ae1-8dca-11e4-9f38-00e0b8d7a3db


==================== Memory info ===========================

Processor: Intel® Core2 CPU T5300 @ 1.73GHz
Percentage of memory in use: 52%
Total physical RAM: 3062.12 MB
Available physical RAM: 1463.14 MB
Total Pagefile: 3060.41 MB
Available Pagefile: 1469.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1918.79 MB

==================== Drives ================================

Drive c: (Main) (Fixed) (Total:119.24 GB) (Free:94.96 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: AA9E03BA)
Partition 1: (Active) - (Size=119.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

CheckResults.txt

Link to post
Share on other sites

  • Root Admin

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

 

fixlist.txt

Link to post
Share on other sites

AdvancedSetup, thank you very much for your help.

 

I have copied and pasted the Fixlog.text below but would initially make 2 points - namely, the FRST did not update at all (but I noticed last night that MajorGeeks had listed a new version (http://www.majorgeeks.com/files/details/farbar_recovery_scan_tool.html) and the tool did need a computer restart but did not (need to?) complete the run after the restart.

I hope that is O.K.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-12-2014
Ran by Roger at 2015-01-02 13:35:02 Run:2
Running from C:\Users\Roger\Desktop
Loaded Profile: Roger (Available profiles: Roger)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
ProxyServer: [s-1-5-21-3119582079-282113860-1835835686-1000] => localhost:8080
C:\ProgramData\cis361D.exe
C:\ProgramData\cis6847.exe
Task: {1AED0C87-C6C2-4A21-8237-3BA768DA3E4E} - System32\Tasks\{84F49C33-9849-4BF8-9292-5E0A881703E1} => C:\Users\Roger\Desktop\Downloads\saSetup3.2.0.152_p4.exe
Task: {2F7A6C20-B6C1-4A35-ADEF-0CEBD303BAE6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-19] (Google Inc.)
Task: {82979E1C-3365-49B3-A643-5B754D2F4C45} - System32\Tasks\{B678CFFA-AF9A-43C6-9C3F-E93F388037E2} => pcalua.exe -a C:\Users\Roger\Desktop\Downloads\saSetup3.2.0.152_p4(1).exe -d C:\Users\Roger\Desktop\Downloads
Task: {B920A3CC-B973-43FA-8161-2D698705D352} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-19] (Google Inc.)
Task: {D2526931-3238-4527-90B9-D7988A7136C8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FCF55A8E-CFA8-4834-8C2C-C203AA0586DF} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3119582079-282113860-1835835686-1000
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\Windows\system32\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\SWDUMon.sys:$CmdTcID
AlternateDataStreams: C:\Users\Roger\Desktop\FRST.exe:$CmdTcID
EmptyTemp:
Reboot:

*****************

HKU\S-1-5-21-3119582079-282113860-1835835686-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
C:\ProgramData\cis361D.exe => Moved successfully.
C:\ProgramData\cis6847.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1AED0C87-C6C2-4A21-8237-3BA768DA3E4E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1AED0C87-C6C2-4A21-8237-3BA768DA3E4E}" => Key deleted successfully.
C:\Windows\System32\Tasks\{84F49C33-9849-4BF8-9292-5E0A881703E1} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{84F49C33-9849-4BF8-9292-5E0A881703E1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2F7A6C20-B6C1-4A35-ADEF-0CEBD303BAE6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F7A6C20-B6C1-4A35-ADEF-0CEBD303BAE6}" => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{82979E1C-3365-49B3-A643-5B754D2F4C45}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82979E1C-3365-49B3-A643-5B754D2F4C45}" => Key deleted successfully.
C:\Windows\System32\Tasks\{B678CFFA-AF9A-43C6-9C3F-E93F388037E2} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B678CFFA-AF9A-43C6-9C3F-E93F388037E2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B920A3CC-B973-43FA-8161-2D698705D352}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B920A3CC-B973-43FA-8161-2D698705D352}" => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D2526931-3238-4527-90B9-D7988A7136C8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2526931-3238-4527-90B9-D7988A7136C8}" => Key deleted successfully.
C:\Windows\System32\Tasks\Apple\AppleSoftwareUpdate => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FCF55A8E-CFA8-4834-8C2C-C203AA0586DF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCF55A8E-CFA8-4834-8C2C-C203AA0586DF}" => Key deleted successfully.
C:\Windows\System32\Tasks\Games\UpdateCheck_S-1-5-21-3119582079-282113860-1835835686-1000 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Games\UpdateCheck_S-1-5-21-3119582079-282113860-1835835686-1000" => Key deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
"C:\Windows\system32\FlashPlayerApp.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mbam.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mbamchameleon.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mwac.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\SWDUMon.sys" => ":$CmdTcID" ADS not found.
"C:\Users\Roger\Desktop\FRST.exe" => ":$CmdTcID" ADS not found.
EmptyTemp: => Removed 48 MB temporary data.


The system needed a reboot.

==== End of Fixlog 13:35:15 ====

 

I will not run either a Hyper or Threat Scan with MBAM without guidance from you just in case some more work needs to be done first.

 

Regards,

scorpior7.
 

Link to post
Share on other sites

AdvancedSetup, I decided to run both a Hyper and Threat Scan with MBAM this morning and both completed successfully with the final message, Scan completed successfully; No malicious items detected.

 

However, this occurred when Valinorum was helping me but a few days later another scan showed the problem had re-occurred.

In this instance I am not proposing to reinstall Spybot Search and Destroy which Valinorum suggested could be in conflict with MBAM albeit I had had no problems with both co-existing in the past.

 

Therefore, could I request, please, that this thread is not closed until I have had the opportunity to run the MBAM scans again in a few days time to see if all is still well when I will post the outcome again.

 

Your help so far has been very much appreciated indeed by myself. Do you have any idea about what may have caused the problem as none of the protection programs I use had flagged anything untoward at all?

 

Most appreciatively yours,

scorpior7

Link to post
Share on other sites

  • Root Admin

Okay, please restart the computer 2 times. Then run new scans for me. Make sure you place a check mark in the Additions.txt check box and post back all 3 logs

 

 

Please read the following and post back the 3 requested logs.
 
Diagnostic Logs
 

 

Let me get this log too

 

Please download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!


 

 

 

 

Thank you
 

Link to post
Share on other sites

AdvancedSetup, I have restarted my computer twice this morning then carried out the checks as asked for in your latest reply, for which I thank you.

 

These are copied and pasted below:_

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-01-2015
Ran by Roger (administrator) on ROGER-PC on 05-01-2015 08:44:43
Running from C:\Users\Roger\Desktop
Loaded Profile: Roger (Available profiles: Roger)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SigmaTel, Inc.) C:\Windows\System32\stacsv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-11-17] (Synaptics, Inc.)
HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1821576 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-12-20] (AVAST Software)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-18] (Malwarebytes Corporation)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1243352 2014-12-09] (COMODO)
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *‮* <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKU\S-1-5-21-3119582079-282113860-1835835686-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3119582079-282113860-1835835686-1000\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-3119582079-282113860-1835835686-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_GB&Sys=PTB&M=MX8716B
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_GB&Sys=PTB&M=MX8716B
HKU\S-1-5-21-3119582079-282113860-1835835686-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.my.yahoo.com/
SearchScopes: HKLM -> {39872DCC-EFD2-4B84-8094-F1567532B7BF} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {39872DCC-EFD2-4B84-8094-F1567532B7BF} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-3119582079-282113860-1835835686-1000 -> {5DD76BCB-0473-429C-AB5B-9312DEC5B4C2} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B010GB0D20140214&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-3119582079-282113860-1835835686-1000 -> {76789893-0E17-42AF-B8AD-DE66AD0BCFCA} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
BHO: No Name -> {FFCB3198-32F3-4E8B-9539-4324694ED664} ->  No File
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3119582079-282113860-1835835686-1000 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Toolbar: HKU\S-1-5-21-3119582079-282113860-1835835686-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4D64A718-C4BF-48D0-865A-6A7BB157BA3E}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{F9A18B53-71D4-424A-832B-8F77DA4B3DF4}: [NameServer] 8.26.56.26,8.20.247.20

FireFox:
========
FF ProfilePath: C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\b5x4cgso.default
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Bing
FF Homepage: https://uk.yahoo.com/
FF Keyword.URL: hxxp://uk.search.yahoo.com/search?fr=mcafee&type=A110GB0&p=
FF NetworkProxy: "no_proxies_on", "localhost,127.0.0.1"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\b5x4cgso.default\searchplugins\duckduckgo-1.xml
FF SearchPlugin: C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\b5x4cgso.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\b5x4cgso.default\searchplugins\fileinfocom.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Status-4-Evar - C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\b5x4cgso.default\Extensions\status4evar@caligonstudios.com.xpi [2011-02-06]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\b5x4cgso.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2014-07-10]
FF Extension: NoScript - C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\b5x4cgso.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-01-15]
FF Extension: Padlock - C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\b5x4cgso.default\Extensions\{d09e32df-8610-4b33-b929-1e631b764130}.xpi [2011-03-15]
FF Extension: Adblock Plus - C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\b5x4cgso.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-03]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-01-30]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-02-14]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-18]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2014-12-27]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-18]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-18] (AVAST Software)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5868440 2014-12-09] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1664216 2014-12-09] (COMODO)
S2 gupdate1c98636a66df5f0; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-12-19] (Google Inc.)
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-18] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-12-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-12-21] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; c:\Program Files\McAfee\siteadvisor\McSACore.exe [131136 2014-12-03] (McAfee, Inc.)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [2462160 2015-01-03] (Paramount Software UK Ltd)
R2 STacSV; C:\Windows\system32\STacSV.exe [90112 2007-01-02] (SigmaTel, Inc.) [File not signed]
S2 SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [383408 2010-04-23] (SupportSoft, Inc.) [File not signed]
S3 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-12-18] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-12-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-12-18] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-12-18] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-12-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-12-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-12-18] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-12-18] ()
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [17088 2014-12-09] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [617536 2014-12-09] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [41248 2014-12-09] (COMODO)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47928 2014-12-18] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [91200 2014-12-09] (COMODO)
S3 ksapi; C:\Windows\system32\drivers\ksapi.sys [81768 2014-12-20] (Kingsoft Corporation)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2014-12-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-12-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-12-21] (Malwarebytes Corporation)
R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6637056 2000-01-01] (Intel Corporation)
R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [16504 2013-06-28] (Macrium Software)
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [649216 2007-01-02] (SigmaTel, Inc.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-12-20] ()
S1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [81232 2012-12-02] (Windows ® 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [452816 2012-12-02] (Paragon)
S1 Uim_Vim; C:\Windows\System32\Drivers\Uim_Vim.sys [283600 2012-12-02] (Paragon)
S3 usbcamcl; C:\Windows\System32\DRIVERS\usbcamcl.sys [28416 2011-08-18] (usb camera)
U3 DfSdkS; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-05 08:44 - 2015-01-05 08:45 - 00028906 _____ () C:\Users\Roger\Desktop\FRST.txt
2015-01-05 08:42 - 2015-01-05 08:42 - 01115136 _____ (Farbar) C:\Users\Roger\Desktop\FRST.exe
2015-01-03 12:59 - 2015-01-03 12:59 - 00000000 ____D () C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Macrium
2015-01-02 13:31 - 2015-01-02 16:44 - 00000000 ____D () C:\Users\Roger\Documents\MBAM Problem Repair
2014-12-27 13:49 - 2014-09-01 08:56 - 00000109 _____ () C:\Quarantine.lst
2014-12-23 17:50 - 2014-12-23 17:50 - 00003280 ____N () C:\bootsqm.dat
2014-12-23 15:25 - 2015-01-05 08:44 - 00000000 ____D () C:\FRST
2014-12-21 18:16 - 2014-12-21 18:23 - 00002397 _____ () C:\Windows\IE11_main.log
2014-12-21 16:17 - 2014-12-21 16:39 - 00000000 ____D () C:\AdwCleaner
2014-12-21 15:43 - 2015-01-05 08:45 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-21 15:43 - 2014-12-21 15:43 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-21 15:43 - 2014-12-21 15:43 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-21 15:43 - 2014-12-21 15:43 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-21 15:43 - 2014-12-21 15:43 - 00001040 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-21 15:43 - 2014-12-21 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-21 15:43 - 2014-12-21 15:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-21 15:43 - 2014-12-21 15:43 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-21 09:36 - 2014-12-21 09:36 - 00088928 _____ () C:\Users\Roger\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-21 09:27 - 2015-01-05 08:39 - 00144900 _____ () C:\Windows\setupact.log
2014-12-21 09:27 - 2015-01-02 13:36 - 00038398 _____ () C:\Windows\PFRO.log
2014-12-21 09:27 - 2014-12-21 09:27 - 00373968 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-21 09:27 - 2014-12-21 09:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-20 15:41 - 2014-12-31 09:17 - 00000000 ____D () C:\Program Files\cmcm
2014-12-20 15:41 - 2014-12-20 15:41 - 00081768 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi.sys
2014-12-20 15:41 - 2014-12-20 15:41 - 00056680 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi64.sys
2014-12-20 15:41 - 2014-12-20 15:41 - 00000000 ____D () C:\ProgramData\Kingsoft
2014-12-20 15:41 - 2014-12-20 15:41 - 00000000 ____D () C:\ProgramData\cmcm
2014-12-20 14:56 - 2014-12-20 14:56 - 00000000 ____D () C:\ProgramData\Shared Space
2014-12-20 10:23 - 2014-12-20 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-20 10:23 - 2014-12-18 15:04 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-19 14:08 - 2014-12-19 14:08 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-12-19 14:07 - 2014-12-19 14:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-12-19 11:30 - 2014-12-19 11:30 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-19 11:30 - 2014-12-19 11:30 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-19 11:26 - 2014-12-19 11:26 - 00000000 __SHD () C:\Users\Roger\AppData\Local\EmieBrowserModeList
2014-12-19 11:06 - 2014-12-13 03:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 16:04 - 2014-12-18 16:05 - 00003558 _____ () C:\Windows\system32\Drivers\fvstore.dat
2014-12-18 16:04 - 2014-12-18 16:04 - 00000000 ___HD () C:\VTRoot
2014-12-18 15:49 - 2014-10-18 01:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-18 15:49 - 2014-07-07 01:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-18 15:49 - 2014-07-07 01:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-18 15:49 - 2014-07-07 01:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-18 15:49 - 2014-07-07 01:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-18 15:40 - 2014-11-22 02:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-18 15:40 - 2014-11-22 02:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-18 15:40 - 2014-11-22 02:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-18 15:40 - 2014-11-22 01:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-18 15:40 - 2014-11-22 01:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-18 15:40 - 2014-11-22 01:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-18 15:40 - 2014-11-22 01:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-18 15:40 - 2014-11-22 01:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-18 15:40 - 2014-11-22 01:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-18 15:40 - 2014-11-22 01:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-18 15:40 - 2014-11-08 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-18 15:40 - 2014-10-03 01:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-12-18 15:40 - 2014-10-03 01:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-12-18 15:40 - 2014-10-03 01:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-12-18 15:40 - 2014-10-03 01:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-12-18 15:40 - 2014-10-03 01:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-12-18 15:40 - 2014-08-21 06:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-12-18 15:40 - 2014-08-21 06:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-12-18 15:39 - 2014-11-27 01:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-18 15:39 - 2014-11-22 02:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-18 15:39 - 2014-11-22 02:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-18 15:39 - 2014-11-22 02:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-18 15:39 - 2014-11-22 02:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-18 15:39 - 2014-11-22 02:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-18 15:39 - 2014-11-22 01:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-18 15:39 - 2014-11-22 01:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-18 15:39 - 2014-11-22 01:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-18 15:39 - 2014-11-22 01:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-18 15:39 - 2014-11-22 01:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-18 15:39 - 2014-11-22 01:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-18 15:39 - 2014-11-22 01:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-18 15:39 - 2014-11-22 01:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-18 15:39 - 2014-11-22 01:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-18 15:39 - 2014-11-22 01:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-18 15:39 - 2014-11-22 01:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-18 15:39 - 2014-11-22 00:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-18 15:39 - 2014-11-22 00:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-18 15:39 - 2014-11-11 02:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-18 15:39 - 2014-11-11 02:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-12-18 15:39 - 2014-11-11 02:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-12-18 15:39 - 2014-11-11 01:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-18 15:39 - 2014-10-14 01:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-12-18 15:39 - 2014-10-14 01:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-12-18 15:39 - 2014-10-14 01:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-12-18 15:39 - 2014-10-14 01:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-12-18 15:39 - 2014-10-14 01:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-12-18 15:39 - 2014-10-14 01:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-12-18 15:39 - 2014-09-19 09:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-12-18 15:39 - 2014-09-19 09:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-18 15:39 - 2014-09-19 09:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-12-18 15:39 - 2014-09-19 09:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-12-18 15:39 - 2014-09-19 09:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-12-18 15:39 - 2014-09-19 09:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-12-18 15:38 - 2014-10-18 01:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-12-18 15:38 - 2014-10-10 00:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-12-18 15:38 - 2014-09-05 01:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-12-18 15:38 - 2014-09-04 05:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-12-18 15:38 - 2014-08-29 01:44 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-12-18 15:38 - 2014-08-12 01:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-12-18 15:35 - 2014-10-25 01:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-12-18 15:35 - 2014-07-17 01:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-12-18 15:35 - 2014-07-17 01:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-12-18 15:35 - 2014-07-17 01:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-12-18 15:35 - 2014-07-17 01:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-12-18 15:35 - 2014-07-17 01:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-12-18 15:35 - 2014-06-18 22:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-12-18 15:35 - 2014-06-18 22:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-12-18 15:35 - 2014-06-18 22:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-12-18 15:34 - 2014-10-30 01:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-18 15:06 - 2014-12-20 10:23 - 00002087 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-18 15:04 - 2014-12-18 15:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-09 00:20 - 2014-12-09 00:20 - 00091200 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-05 08:43 - 2009-10-27 14:28 - 00892700 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-05 08:42 - 2014-02-26 11:42 - 01223171 _____ () C:\Windows\WindowsUpdate.log
2015-01-05 08:39 - 2009-07-14 04:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-05 08:38 - 2009-10-27 13:52 - 00018864 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-05 08:38 - 2009-10-27 13:52 - 00018864 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-05 08:26 - 2014-06-21 08:23 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-01-04 13:42 - 2007-09-06 20:06 - 00002786 _____ () C:\Users\Roger\AppData\Roaming\wklnhst.dat
2015-01-04 11:17 - 2014-01-04 13:18 - 00000000 ____D () C:\Users\Roger\Documents\Reflect
2015-01-03 12:59 - 2014-08-12 11:48 - 00448348 _____ () C:\Reflect_Install.log
2014-12-31 09:13 - 2009-10-27 13:53 - 00000000 ____D () C:\Users\Roger
2014-12-27 16:01 - 2014-02-14 09:57 - 00000000 ____D () C:\Program Files\McAfee
2014-12-27 16:00 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\Globalization
2014-12-27 13:53 - 2013-05-22 07:33 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-12-27 13:52 - 2013-05-23 17:50 - 00000079 _____ () C:\Windows\wininit.ini
2014-12-24 09:38 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-12-21 09:45 - 2007-11-06 12:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSConfig CleanUp
2014-12-21 09:45 - 2007-11-06 12:30 - 00000000 ____D () C:\Program Files\MSConfig CleanUp
2014-12-21 09:36 - 2014-02-04 11:37 - 00000000 ____D () C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-12-20 15:46 - 2013-01-17 15:34 - 00000000 ____D () C:\ProgramData\Skype
2014-12-20 15:46 - 2012-04-24 15:55 - 00000000 ____D () C:\ProgramData\Mozilla
2014-12-20 15:46 - 2011-08-14 09:08 - 00000000 ____D () C:\Users\Roger\AppData\Roaming\Thunderbird
2014-12-20 15:38 - 2009-07-14 02:37 - 00000000 ___RD () C:\Users\Public
2014-12-20 14:58 - 2013-09-26 08:41 - 00001870 _____ () C:\Users\Public\Desktop\COMODO Firewall.lnk
2014-12-20 14:53 - 2012-10-11 18:38 - 00001431 ____N () C:\Windows\system32\{1606DC18-9578-4cbd-8312-8E9868F06A1D}.conf
2014-12-20 14:53 - 2012-10-11 18:38 - 00000738 _____ () C:\Windows\system32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
2014-12-20 11:12 - 2009-07-14 04:53 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-20 10:23 - 2013-10-18 16:40 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-20 10:23 - 2013-10-18 16:40 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-12-20 08:58 - 2011-11-21 12:58 - 00013464 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-12-19 14:28 - 2014-08-08 07:20 - 00000000 ____D () C:\Users\Roger\Downloads\Macrium
2014-12-19 13:42 - 2014-04-21 10:34 - 00000000 ____D () C:\Users\Roger\AbiSuite
2014-12-19 11:30 - 2014-08-18 14:57 - 00000000 ____D () C:\Users\Roger\AppData\Local\Adobe
2014-12-19 11:11 - 2010-11-19 09:34 - 00001154 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2014-12-19 11:11 - 2010-11-17 18:57 - 00000000 ____D () C:\Program Files\Paint.NET
2014-12-18 19:23 - 2012-10-11 15:28 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-18 19:16 - 2014-07-08 07:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT
2014-12-18 18:06 - 2014-06-22 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-12-18 18:06 - 2014-06-22 11:29 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Exploit
2014-12-18 18:02 - 2006-11-02 10:23 - 00457374 ____R () C:\Windows\system32\Drivers\etc\hosts.20141227-135212.backup
2014-12-18 17:49 - 2014-05-07 12:29 - 00001843 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
2014-12-18 17:45 - 2012-02-05 13:31 - 00000929 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-18 17:45 - 2012-02-05 13:31 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-18 17:38 - 2012-07-23 07:04 - 00000000 ____D () C:\Windows\Tweak-SSD
2014-12-18 17:38 - 2012-07-23 07:04 - 00000000 ____D () C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweak-SSD
2014-12-18 17:38 - 2012-07-23 07:04 - 00000000 ____D () C:\Program Files\Tweak-SSD
2014-12-18 17:19 - 2014-02-14 10:07 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-18 15:46 - 2013-07-12 17:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-18 15:30 - 2014-09-23 07:13 - 00000000 ____D () C:\Program Files\Pale Moon
2014-12-18 15:04 - 2014-04-18 08:57 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-18 15:04 - 2013-12-17 18:37 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-12-18 15:04 - 2013-10-18 16:40 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-18 15:04 - 2013-10-18 16:40 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-18 15:04 - 2013-10-18 16:40 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-12-18 15:04 - 2013-10-18 16:40 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-09 00:20 - 2014-03-05 12:54 - 00617536 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys
2014-12-09 00:20 - 2014-03-05 12:54 - 00041248 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys
2014-12-09 00:20 - 2014-03-05 12:54 - 00017088 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys
2014-12-09 00:20 - 2014-03-05 12:53 - 00352272 _____ (COMODO) C:\Windows\system32\guard32.dll
2014-12-09 00:20 - 2014-03-05 12:53 - 00286424 _____ (COMODO) C:\Windows\system32\cmdvrt32.dll
2014-12-09 00:20 - 2014-03-05 12:53 - 00040664 _____ (COMODO) C:\Windows\system32\cmdkbd32.dll
2014-12-09 00:20 - 2014-03-05 12:53 - 00033520 _____ (COMODO) C:\Windows\system32\cmdcsr.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-02 17:39

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-01-2015
Ran by Roger at 2015-01-05 08:45:49
Running from C:\Users\Roger\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AbiWord 2.8.6 (HKLM\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-3119582079-282113860-1835835686-1000\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo WinOptimizer 2014 v.1.0.0 (HKLM\...\{4209F371-99CD-68CB-1C29-9910F8F9BD96}_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Atlantis Word Processor (HKLM\...\Atlantis Word Processor) (Version:  - )
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Camera RAW Plug-In for EPSON Creativity Suite (HKLM\...\{42EDF895-158C-484E-A7F2-42B90759F281}) (Version: 2.3.0.0 - SEIKO EPSON CORPORATION)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
COMODO Firewall (HKLM\...\{18F14F4B-D8A9-4309-817E-3BC0B7664E53}) (Version: 8.0.0.4344 - COMODO Security Solutions Inc.)
CryptoPrevent (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
EPSON Easy Photo Print (HKLM\...\{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}) (Version: 1.5.1.0 - SEIKO EPSON CORPORATION)
EPSON File Manager (HKLM\...\{46CBBDF8-55B5-40DB-B459-7B848394309C}) (Version: 1.3.1.0 - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
EPSON Scan Assistant (HKLM\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.10.00 - )
EPSON Stylus SX200 Series Printer Uninstall (HKLM\...\EPSON Stylus SX200 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Stylus SX200_SX400_TX200_TX400 Manual (HKLM\...\EPSON Stylus SX200_SX400_TX200_TX400 User’s Guide) (Version:  - )
Eusing Free Registry Cleaner (HKLM\...\Eusing Free Registry Cleaner) (Version:  - Eusing Software)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)
Gateway Recovery Center Installer (HKLM\...\{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}) (Version: 1.01.025 - Gateway)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (Version: 4.0.0.002 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
inSSIDer Home (HKLM\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.3 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 5.3.7256 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Exploit version 1.05.1.1016 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1016 - Malwarebytes)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.156 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Motorola SM56 Speakerphone Modem (HKLM\...\SMSERIAL) (Version: 6.12.25.06 - Motorola Inc)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 en-GB) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-GB)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0a2 - Mozilla)
MSConfig CleanUp 1.2 (HKLM\...\MSConfig CleanUp_is1) (Version:  - Virtuoza)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
O2InstV3Win7UpdateV2 (Version: 10 - SupportSoft) Hidden
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC41}) (Version: 4.0.5 - dotPDN LLC)
Pale Moon 25.1.0 (x86 en-US) (HKLM\...\Pale Moon 25.1.0 (x86 en-US)) (Version: 25.1.0 - Moonchild Productions)
Power2Go 5.0 (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version:  - )
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5003.0 - SigmaTel)
Simple Adblock (HKLM\...\{A9A75A7F-4785-430D-8013-77BC1FD13A4C}) (Version: 1.1.5 - Simple Adblock)
SIW Pro Edition (GOTD) (HKLM\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2014.01.30 - Topala Software Solutions)
Skypeâ„¢ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SlimDrivers (HKLM\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
SSuite Office - WordGraph (HKLM\...\{05102FD6-D968-454C-826B-9838C7600567}) (Version: 8.30.0002 - SSuite Office Software{TM})
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.3.0 - Synaptics)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{B54B8CD3-E12B-4C29-AF5A-2101E2FF5F53}) (Version: 2.00.0005 - Texas Instruments Inc.)
TIPCI (Version: 2.00.0005 - Texas Instruments Inc.) Hidden
Tweak-SSD (HKLM\...\Tweak-SSD) (Version: 1.2.0 - Totalidea Software)
Windows Driver Package - Intel (NETwLv32) net  (08/15/2010 13.3.0.137) (HKLM\...\BDE6534846F22EEEE3848BD9F55FC872EF48B73F) (Version: 08/15/2010 13.3.0.137 - Intel)
Windows Driver Package - Intel (NETwNs32) net  (07/14/2010 13.3.0.24) (HKLM\...\7DAE8CDD63E347A3DA14F801D61A6B6B406411EA) (Version: 07/14/2010 13.3.0.24 - Intel)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

31-12-2014 09:14:57 Revo Uninstaller's restore point - Clean Master
03-01-2015 12:58:26 Installed Macrium Reflect Free Edition

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 10:23 - 2014-12-27 14:05 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1794055B-BFC8-4B54-99A1-D80F5617DBD6} - System32\Tasks\avastBCLRestartS-1-5-21-3119582079-282113860-1835835686-1000 => Firefox.exe
Task: {1852D895-27FE-48BF-BEFE-C6DF43ED1484} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {37C15562-B05B-4984-9EE8-2F7F2239E426} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-18] (AVAST Software)
Task: {47FF977D-8A30-4219-84B5-E68D6A3C3043} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe
Task: {4AD73BAC-34AF-462A-813E-62BA2A4F2D29} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {6A3115C8-5E75-43FE-8C23-DC02497E4D17} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {79F5A159-DDCC-486F-87F4-CAA75E0A12F1} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Roger => C:\Program Files\Windows Calendar\WinCal.exe
Task: {7AF3344E-7392-4C1B-9569-65106C371680} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-18] (Piriform Ltd)
Task: {9A909966-B70D-4830-A823-E5C0D446F8FB} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {C08601DD-3843-449D-883C-3FE16157E95B} - System32\Tasks\{7B337A45-20B8-470C-B04D-DA807D84AADE} => pcalua.exe -a C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FINSEFE.EXE -c /R /APD /P:"EPSON Stylus SX200 Series"
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {EACE7D10-215F-4BC5-93FB-A34A06A324B1} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-12-09] (COMODO)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) =============

2015-01-05 08:24 - 2015-01-05 08:24 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010500\algo.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-18 15:04 - 2014-12-18 15:04 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-14 10:07 - 2014-12-18 17:18 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\system32\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\SWDUMon.sys:$CmdTcID
AlternateDataStreams: C:\Users\Roger\Desktop\FRST.exe:$CmdTcID
AlternateDataStreams: C:\Users\Roger\Desktop\FRST.exe:$CmdZnID

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListen => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListenPush => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SupportSoft RemoteAssist => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3119582079-282113860-1835835686-500 - Administrator - Disabled)
Guest (S-1-5-21-3119582079-282113860-1835835686-501 - Limited - Disabled)
Roger (S-1-5-21-3119582079-282113860-1835835686-1000 - Administrator - Enabled) => C:\Users\Roger

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/31/2014 09:14:57 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {f6efd0c6-917a-4898-a1d2-c6d938ae14e0}

Error: (12/27/2014 02:04:51 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {40faf29b-94d2-4d68-96bf-78d6d6c162cf}

Error: (12/27/2014 01:12:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x02170fef
Faulting process id: 0x59c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3


System errors:
=============
Error: (01/05/2015 08:39:50 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (01/05/2015 08:39:37 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UimBus
Uim_IM
Uim_Vim

Error: (01/05/2015 08:38:58 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (01/05/2015 08:38:03 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (01/05/2015 08:36:23 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UimBus
Uim_IM
Uim_Vim

Error: (01/05/2015 08:35:53 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (01/05/2015 08:31:56 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.

Error: (01/05/2015 08:26:31 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (01/05/2015 08:23:59 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UimBus
Uim_IM
Uim_Vim

Error: (01/05/2015 08:23:29 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!


Microsoft Office Sessions:
=========================
Error: (12/31/2014 09:14:57 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.

Operation:
   Gathering Writer Data
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {f6efd0c6-917a-4898-a1d2-c6d938ae14e0}

Error: (12/27/2014 02:04:51 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.

Operation:
   Gathering Writer Data
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {40faf29b-94d2-4d68-96bf-78d6d6c162cf}

Error: (12/27/2014 01:12:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d6727a7unknown0.0.0.000000000c000000502170fef59c01d021c4ed09e53dC:\Windows\Explorer.EXEunknown04bb2ae1-8dca-11e4-9f38-00e0b8d7a3db


==================== Memory info ===========================

Processor: Intel® Core2 CPU T5300 @ 1.73GHz
Percentage of memory in use: 48%
Total physical RAM: 3062.12 MB
Available physical RAM: 1562.4 MB
Total Pagefile: 3060.41 MB
Available Pagefile: 1523.25 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.79 MB

==================== Drives ================================

Drive c: (Main) (Fixed) (Total:119.24 GB) (Free:94.42 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: AA9E03BA)
Partition 1: (Active) - (Size=119.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 McAfee SiteAdvisor    
 CCleaner     
 Eusing Free Registry Cleaner  
 Adobe Flash Player     16.0.0.235  
 Mozilla Firefox (34.0.5)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Comodo Firewall cmdagent.exe
 Malwarebytes Anti-Exploit mbae-svc.exe   
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Malwarebytes Anti-Exploit mbae.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

I await your comments with interest. There still appears to be many HKLM "Attentions" again in the first log. Are these problemmatic?

 

scorpior7
 

 

 

 

Link to post
Share on other sites

  • Root Admin

The entries are due to your installation of the anti crypto tool which uses multiple policies to try to block those attacks. They're not default so the FRST tool is simply alerting to them. They are okay

 

How is the computer running now?

Are there still any signs of an infection?

 

 

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

 

fixlist.txt

Link to post
Share on other sites

AdvancedSetup, thank you yet again and the confirmation about the HKLM "Attentions".

 

I wasn`t sure whether you wanted me to run a MBAM scan first or carry out the FRST and fixlist.text actions first so I ran the Hyper Scan with MBAM as you asked how the computer was running.

 

Again, at the completion of the scan but just before the final notice would display a box opened with the notice An Exception unknown software exception (0x40000015) occurred in the application at location 0x6cced6fd.

When OK was clicked on to close the box another one appeared with the same text but unknown software exception (0xe06d7363) in the application at 0x754d812f.

 

In this instance the deaktop shortcuts didn`t disappear but they would not open any programs as neither would the programs in the Start, programs list.

Again, I had to force a shutdown to reboot.

 

Where to now, please? Do I now run the FRST and fixlist.text again?

 

Regards,

scorpior7

Link to post
Share on other sites

AdvancedSetup, i have done as you requested and have pasted the fixlist.txt below:-

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-01-2015
Ran by Roger at 2015-01-06 08:47:47 Run:3
Running from C:\Users\Roger\Desktop
Loaded Profile: Roger (Available profiles: Roger)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
AlternateDataStreams: C:\Windows\system32\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\SWDUMon.sys:$CmdTcID
AlternateDataStreams: C:\Users\Roger\Desktop\FRST.exe:$CmdTcID
AlternateDataStreams: C:\Users\Roger\Desktop\FRST.exe:$CmdZnID

*****************

"C:\Windows\system32\FlashPlayerApp.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mbam.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mbamchameleon.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mwac.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\SWDUMon.sys" => ":$CmdTcID" ADS not found.
"C:\Users\Roger\Desktop\FRST.exe" => ":$CmdTcID" ADS not found.
C:\Users\Roger\Desktop\FRST.exe => ":$CmdZnID" ADS removed successfully.

==== End of Fixlog 08:47:47 ====

 

Regards,

scorpior7

Link to post
Share on other sites

  • Root Admin

Let me have you do the following please and do a clean removal and reinstall of MBAM

 

Please uninstall your current version of MBAM and reinstall the latest version. MBAM Clean Removal Process 2x

 

Then restart your computer after you activate and update MBAM.

 

Then run some scans and shut downs and see if you're still getting an error or not and let me know.

Link to post
Share on other sites

AdvancedSetup, I followed your guidance fro the MBAM Clean Removal etc., to the letter but, alas, all to no avail.

 

Having restarted my computer after activating and updating MBAM I then ran a Hyper Scan. This ran to conclusion with no malware being identified and  the Heuristic Scan having completed (green tick) but then MBAM froze (no message in green) and my desktop shortcuts remained but I could not open any programs from Start, All Programs again and had to force the computer to shut down.

 

Sorry, this is being so problemmatic but I do appreciate your help as I wouldn`t know how to overcome the problem.

 

Regards,

scorpior7

Link to post
Share on other sites

  • Root Admin

Let's try this tool again

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

AdvancedSetup, thank you very much for your continuing support in resolving this problem.

 

Before I carry out your latest guidance a thought came to mind which I would like to run across you for your comments as to it being appropriate or not.

 

In the thread above I carried out your guidance post #4 on Jan 1st re the fixlist.txt and at the end of my post #5 I said I had not carried out a Hyper or Threat Scan with MBAM in case further work was needed at that stage.

However, on Jan 4th in post #6 I said I had carried out both a Hyper and Threat scan with MBAM which both completed successfully with the final message, Scan completed successfully; No malicious items detected.

 

Because of that result I then made a disk image to my external hard drive. Between the 2nd and 4th Jan my computer had been placed in sleep mode a few times each day and also booted up as normal each of the 2 mornings between.

 

I then continued to undertake your guidance in post #7 where the results showed the problem had reoccurred, which I find hard to understand in view of what I have just stated above.

My question is could that additional work have somehow resurrected the problem and would it be my worth restoring the disk image from the disk image I had made on Jan 4th then running scans with MBAM again?

Your comments would be greatly appreciated, as usual.

 

Regards,

scorpior7.

Link to post
Share on other sites

  • Root Admin

Restoring an image can take a long time and a lot of work to undertake for something like this. Unfortunately I think we're dealing with probably either some file or registry corruption that may possibly prove difficult to track down but doing so is probably the best option so that it does not become an ongoing issue. That is if we can find and fix it. Please see the following as to why that can also be difficult.

The complexity of finding, preventing, and cleanup from malware
 

I'll let you make the choice which way you want to go but I'd recommend moving forward and trying to locate the issue if possible.

Link to post
Share on other sites

Well, having looked at the MBAM log file for Jan 4th when both the Hyper and Threat Scans ran through to completion showing that no infections had been found and also the time both scan took I did try a disk image restore to the disk image made immediately after that time.

However, when the MBAM Hyper Scan was run on the restored image the same problem arose as previouly idneified.

 

I just cannot inderstand why 2 clear scans which ran to completion were fine then but not fine now. In all other respects my computer is running perfectly normally - the only problem being with MBAM Heuristc scans on completion of the scans having a problem.

 

However, you were right in your proposal and I was wrong but thought I would give it a try. I should listen to the expert!

 

So, do I now try the ComboFix again as stated in your post #15, please?

 

As you say, "Please make sure you disable your security applications before running ComboFix" can I also assume I need to come off-line so as not to leave my computer open to attack whie the security applications are off? Also,am I correct in thinking by doing so it will not affect the Combofix scan?

 

Thank you for the link The complexity of finding, preventing, and cleanup from malware - a very interesting read.

 

Regards,

scorpior7.

Link to post
Share on other sites

  • Root Admin

Well let's start again and see where things are at as a reimage changes all the settings and logs to a state I'm no longer sure of the state.

To get us back to square one again, Please go ahead and run through the following steps and post back the logs when ready.

SKIP STEP 6 for now though. Let's see what the other say first.

STEP 04

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus
STEP 05

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
STEP 06

Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

STEP 07

button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
STEP 08

Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.
Link to post
Share on other sites

AdvancedSetup, my apologies for causing confusion by trying a disk image restore which did not work. I will not do anything similar again but follow your instructions implicitly.

 

Please find copied and pasted all the logs you requested. Two comments, if I may.

In Step 06 I was totally surprised that the MBAM Threat Scan ran to completion with no problems at all.

In Step 07 the ESET Online Scanner found 1 Threat associated with Google, as you will see from the log. How will I need to deal with that please?

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x86
Ran by Roger on 09/01/2015 at 14:08:48.77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

# AdwCleaner v4.107 - Report created 09/01/2015 at 14:40:38
# Updated 07/01/2015 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Roger - ROGER-PC
# Running from : C:\Users\Roger\Desktop\adwcleaner_4.107.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v34.0.5 (x86 en-GB)


-\\ Pale Moon v25.1.0 (en-US)


*************************

AdwCleaner[R0].txt - [4112 octets] - [21/12/2014 16:17:33]
AdwCleaner[R1].txt - [975 octets] - [21/12/2014 16:35:44]
AdwCleaner[R2].txt - [1032 octets] - [09/01/2015 14:32:22]
AdwCleaner[s0].txt - [4110 octets] - [21/12/2014 16:32:13]
AdwCleaner[s1].txt - [1037 octets] - [21/12/2014 16:39:45]
AdwCleaner[s2].txt - [955 octets] - [09/01/2015 14:40:38]

########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1014 octets] ##########






~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{FFCB3198-32F3-4E8B-9539-4324694ED664}



~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\eusing free registry cleaner"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free registry cleaner"
Successfully deleted: [Folder] "C:\Users\Roger\AppData\Roaming\microsoft\windows\start menu\programs\free registry cleaner"



~~~ FireFox

Successfully deleted the following from C:\Users\Roger\AppData\Roaming\mozilla\firefox\profiles\b5x4cgso.default\prefs.js

user_pref("fgupdater.patterns", "!Filterset.G[hxxp://www.pierceive.com/]=2008-03-08a-MERGED .adquest.nl .adreporting.com .geldrace.nl .site-id.nl /(\\Wadv|banner|promo)s?(\\.(
Emptied folder: C:\Users\Roger\AppData\Roaming\mozilla\firefox\profiles\b5x4cgso.default\minidumps [368 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09/01/2015 at 14:23:11.17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 09/01/2015
Scan Time: 14:51:46
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.09.09
Rootkit Database: v2015.01.07.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Roger

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 312350
Time Elapsed: 11 min, 37 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
 

 

C:\Users\Roger\Desktop\Downloads\ccsetup501.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
Ran by Roger (administrator) on ROGER-PC on 09-01-2015 15:55:50
Running from C:\Users\Roger\Desktop
Loaded Profile: Roger (Available profiles: Roger)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(SigmaTel, Inc.) C:\Windows\System32\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-11-17] (Synaptics, Inc.)
HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1821576 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-12-20] (AVAST Software)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-18] (Malwarebytes Corporation)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1243352 2014-12-09] (COMODO)
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *‮* <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKU\S-1-5-21-3119582079-282113860-1835835686-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3119582079-282113860-1835835686-1000\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-3119582079-282113860-1835835686-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_GB&Sys=PTB&M=MX8716B
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_GB&Sys=PTB&M=MX8716B
HKU\S-1-5-21-3119582079-282113860-1835835686-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.my.yahoo.com/
SearchScopes: HKLM -> {39872DCC-EFD2-4B84-8094-F1567532B7BF} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {39872DCC-EFD2-4B84-8094-F1567532B7BF} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3119582079-282113860-1835835686-1000 -> {5DD76BCB-0473-429C-AB5B-9312DEC5B4C2} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B010GB0D20140214&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-3119582079-282113860-1835835686-1000 -> {76789893-0E17-42AF-B8AD-DE66AD0BCFCA} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3119582079-282113860-1835835686-1000 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Toolbar: HKU\S-1-5-21-3119582079-282113860-1835835686-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4D64A718-C4BF-48D0-865A-6A7BB157BA3E}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{F9A18B53-71D4-424A-832B-8F77DA4B3DF4}: [NameServer] 8.26.56.26,8.20.247.20

FireFox:
========
FF ProfilePath: C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\b5x4cgso.default
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Bing
FF Homepage: https://uk.yahoo.com/
FF Keyword.URL: hxxp://uk.search.yahoo.com/search?fr=mcafee&type=A110GB0&p=
FF NetworkProxy: "no_proxies_on", "localhost,127.0.0.1"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\b5x4cgso.default\searchplugins\duckduckgo-1.xml
FF SearchPlugin: C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\b5x4cgso.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\b5x4cgso.default\searchplugins\fileinfocom.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Status-4-Evar - C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\b5x4cgso.default\Extensions\status4evar@caligonstudios.com.xpi [2011-02-06]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\b5x4cgso.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2014-07-10]
FF Extension: NoScript - C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\b5x4cgso.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-01-15]
FF Extension: Padlock - C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\b5x4cgso.default\Extensions\{d09e32df-8610-4b33-b929-1e631b764130}.xpi [2011-03-15]
FF Extension: Adblock Plus - C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\b5x4cgso.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-03]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-01-30]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-02-14]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-18]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2014-12-27]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-18]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-18] (AVAST Software)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5868440 2014-12-09] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1664216 2014-12-09] (COMODO)
S2 gupdate1c98636a66df5f0; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-12-19] (Google Inc.)
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-18] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-01-06] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2015-01-06] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; c:\Program Files\McAfee\siteadvisor\McSACore.exe [131136 2014-12-03] (McAfee, Inc.)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [2462160 2015-01-03] (Paramount Software UK Ltd)
R2 STacSV; C:\Windows\system32\STacSV.exe [90112 2007-01-02] (SigmaTel, Inc.) [File not signed]
S2 SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [383408 2010-04-23] (SupportSoft, Inc.) [File not signed]
S3 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-12-18] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-12-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-12-18] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-12-18] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-12-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-12-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-12-18] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-12-18] ()
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [17088 2014-12-09] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [617536 2014-12-09] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [41248 2014-12-09] (COMODO)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47928 2014-12-18] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [91200 2014-12-09] (COMODO)
S3 ksapi; C:\Windows\system32\drivers\ksapi.sys [81768 2014-12-20] (Kingsoft Corporation)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2015-01-06] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-01-06] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-01-06] (Malwarebytes Corporation)
R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6637056 2000-01-01] (Intel Corporation)
R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [16504 2013-06-28] (Macrium Software)
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [649216 2007-01-02] (SigmaTel, Inc.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-12-20] ()
S1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [81232 2012-12-02] (Windows ® 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [452816 2012-12-02] (Paragon)
S1 Uim_Vim; C:\Windows\System32\Drivers\Uim_Vim.sys [283600 2012-12-02] (Paragon)
S3 usbcamcl; C:\Windows\System32\DRIVERS\usbcamcl.sys [28416 2011-08-18] (usb camera)
U3 DfSdkS; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 15:55 - 2015-01-09 15:56 - 00029136 _____ () C:\Users\Roger\Desktop\FRST.txt
2015-01-09 15:54 - 2015-01-09 15:54 - 01115648 _____ (Farbar) C:\Users\Roger\Desktop\FRST.exe
2015-01-09 15:19 - 2015-01-09 15:19 - 00000000 ____D () C:\Program Files\ESET
2015-01-09 14:45 - 2015-01-09 14:45 - 00001092 _____ () C:\Users\Roger\Desktop\AdwCleaner[s2].txt
2015-01-09 14:23 - 2015-01-09 14:23 - 00001724 _____ () C:\Users\Roger\Desktop\JRT.txt
2015-01-09 14:07 - 2015-01-09 14:07 - 00000000 ____D () C:\Windows\ERUNT
2015-01-06 11:29 - 2015-01-09 15:37 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-06 11:28 - 2015-01-06 11:28 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-06 11:28 - 2015-01-06 11:28 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-06 11:28 - 2015-01-06 11:28 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-06 11:28 - 2015-01-06 11:28 - 00001040 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-06 11:28 - 2015-01-06 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-06 11:28 - 2015-01-06 11:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-06 11:28 - 2015-01-06 11:28 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-03 12:59 - 2015-01-03 12:59 - 00000000 ____D () C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Macrium
2014-12-27 13:49 - 2014-09-01 08:56 - 00000109 _____ () C:\Quarantine.lst
2014-12-23 17:50 - 2014-12-23 17:50 - 00003280 ____N () C:\bootsqm.dat
2014-12-23 15:25 - 2015-01-09 15:55 - 00000000 ____D () C:\FRST
2014-12-21 18:16 - 2014-12-21 18:23 - 00002397 _____ () C:\Windows\IE11_main.log
2014-12-21 16:17 - 2015-01-09 14:40 - 00000000 ____D () C:\AdwCleaner
2014-12-21 09:36 - 2014-12-21 09:36 - 00088928 _____ () C:\Users\Roger\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-21 09:27 - 2015-01-09 15:11 - 00202860 _____ () C:\Windows\setupact.log
2014-12-21 09:27 - 2015-01-09 14:41 - 00053614 _____ () C:\Windows\PFRO.log
2014-12-21 09:27 - 2014-12-21 09:27 - 00373968 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-21 09:27 - 2014-12-21 09:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-20 15:41 - 2014-12-31 09:17 - 00000000 ____D () C:\Program Files\cmcm
2014-12-20 15:41 - 2014-12-20 15:41 - 00081768 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi.sys
2014-12-20 15:41 - 2014-12-20 15:41 - 00056680 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi64.sys
2014-12-20 15:41 - 2014-12-20 15:41 - 00000000 ____D () C:\ProgramData\Kingsoft
2014-12-20 15:41 - 2014-12-20 15:41 - 00000000 ____D () C:\ProgramData\cmcm
2014-12-20 14:56 - 2014-12-20 14:56 - 00000000 ____D () C:\ProgramData\Shared Space
2014-12-20 10:23 - 2014-12-20 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-20 10:23 - 2014-12-18 15:04 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-19 14:08 - 2014-12-19 14:08 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-12-19 14:07 - 2014-12-19 14:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-12-19 11:30 - 2014-12-19 11:30 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-19 11:30 - 2014-12-19 11:30 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-19 11:26 - 2014-12-19 11:26 - 00000000 __SHD () C:\Users\Roger\AppData\Local\EmieBrowserModeList
2014-12-19 11:06 - 2014-12-13 03:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 16:04 - 2014-12-18 16:05 - 00003558 _____ () C:\Windows\system32\Drivers\fvstore.dat
2014-12-18 16:04 - 2014-12-18 16:04 - 00000000 ___HD () C:\VTRoot
2014-12-18 15:49 - 2014-10-18 01:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-18 15:49 - 2014-07-07 01:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-18 15:49 - 2014-07-07 01:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-18 15:49 - 2014-07-07 01:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-18 15:49 - 2014-07-07 01:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-18 15:40 - 2014-11-22 02:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-18 15:40 - 2014-11-22 02:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-18 15:40 - 2014-11-22 02:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-18 15:40 - 2014-11-22 01:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-18 15:40 - 2014-11-22 01:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-18 15:40 - 2014-11-22 01:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-18 15:40 - 2014-11-22 01:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-18 15:40 - 2014-11-22 01:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-18 15:40 - 2014-11-22 01:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-18 15:40 - 2014-11-22 01:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-18 15:40 - 2014-11-08 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-18 15:40 - 2014-10-03 01:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-12-18 15:40 - 2014-10-03 01:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-12-18 15:40 - 2014-10-03 01:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-12-18 15:40 - 2014-10-03 01:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-12-18 15:40 - 2014-10-03 01:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-12-18 15:40 - 2014-08-21 06:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-12-18 15:40 - 2014-08-21 06:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-12-18 15:39 - 2014-11-27 01:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-18 15:39 - 2014-11-22 02:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-18 15:39 - 2014-11-22 02:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-18 15:39 - 2014-11-22 02:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-18 15:39 - 2014-11-22 02:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-18 15:39 - 2014-11-22 02:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-18 15:39 - 2014-11-22 01:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-18 15:39 - 2014-11-22 01:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-18 15:39 - 2014-11-22 01:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-18 15:39 - 2014-11-22 01:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-18 15:39 - 2014-11-22 01:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-18 15:39 - 2014-11-22 01:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-18 15:39 - 2014-11-22 01:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-18 15:39 - 2014-11-22 01:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-18 15:39 - 2014-11-22 01:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-18 15:39 - 2014-11-22 01:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-18 15:39 - 2014-11-22 01:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-18 15:39 - 2014-11-22 00:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-18 15:39 - 2014-11-22 00:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-18 15:39 - 2014-11-11 02:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-18 15:39 - 2014-11-11 02:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-12-18 15:39 - 2014-11-11 02:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-12-18 15:39 - 2014-11-11 01:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-18 15:39 - 2014-10-14 01:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-12-18 15:39 - 2014-10-14 01:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-12-18 15:39 - 2014-10-14 01:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-12-18 15:39 - 2014-10-14 01:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-12-18 15:39 - 2014-10-14 01:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-12-18 15:39 - 2014-10-14 01:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-12-18 15:39 - 2014-09-19 09:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-12-18 15:39 - 2014-09-19 09:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-18 15:39 - 2014-09-19 09:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-12-18 15:39 - 2014-09-19 09:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-12-18 15:39 - 2014-09-19 09:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-12-18 15:39 - 2014-09-19 09:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-12-18 15:38 - 2014-10-18 01:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-12-18 15:38 - 2014-10-10 00:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-12-18 15:38 - 2014-09-05 01:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-12-18 15:38 - 2014-09-04 05:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-12-18 15:38 - 2014-08-29 01:44 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-12-18 15:38 - 2014-08-12 01:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-12-18 15:35 - 2014-10-25 01:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-12-18 15:35 - 2014-07-17 01:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-12-18 15:35 - 2014-07-17 01:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-12-18 15:35 - 2014-07-17 01:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-12-18 15:35 - 2014-07-17 01:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-12-18 15:35 - 2014-07-17 01:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-12-18 15:35 - 2014-06-18 22:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-12-18 15:35 - 2014-06-18 22:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-12-18 15:35 - 2014-06-18 22:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-12-18 15:34 - 2014-10-30 01:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-18 15:06 - 2014-12-20 10:23 - 00002087 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-18 15:04 - 2014-12-18 15:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 15:18 - 2009-10-27 13:52 - 00018864 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-09 15:18 - 2009-10-27 13:52 - 00018864 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-09 15:15 - 2009-10-27 14:28 - 00248350 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-09 15:14 - 2014-02-26 11:42 - 01356816 _____ () C:\Windows\WindowsUpdate.log
2015-01-09 15:11 - 2009-07-14 04:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-09 13:45 - 2014-04-21 10:34 - 00000000 ____D () C:\Users\Roger\AbiSuite
2015-01-09 13:35 - 2009-10-27 13:53 - 00000000 ____D () C:\Users\Roger
2015-01-08 09:43 - 2014-01-04 13:18 - 00000000 ____D () C:\Users\Roger\Documents\Reflect
2015-01-08 09:17 - 2013-11-22 10:38 - 00000000 ____D () C:\Users\Roger\AppData\Roaming\Apple Computer
2015-01-07 13:21 - 2014-06-21 08:23 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-01-07 13:09 - 2012-07-23 07:04 - 00000000 ____D () C:\Windows\Tweak-SSD
2015-01-07 13:09 - 2012-07-23 07:04 - 00000000 ____D () C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweak-SSD
2015-01-07 13:09 - 2012-07-23 07:04 - 00000000 ____D () C:\Program Files\Tweak-SSD
2015-01-07 10:46 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-06 14:11 - 2007-09-06 20:06 - 00002978 _____ () C:\Users\Roger\AppData\Roaming\wklnhst.dat
2015-01-03 12:59 - 2014-08-12 11:48 - 00448348 _____ () C:\Reflect_Install.log
2014-12-27 16:01 - 2014-02-14 09:57 - 00000000 ____D () C:\Program Files\McAfee
2014-12-27 16:00 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\Globalization
2014-12-27 13:53 - 2013-05-22 07:33 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-12-21 09:45 - 2007-11-06 12:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSConfig CleanUp
2014-12-21 09:45 - 2007-11-06 12:30 - 00000000 ____D () C:\Program Files\MSConfig CleanUp
2014-12-21 09:36 - 2014-02-04 11:37 - 00000000 ____D () C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-12-20 15:46 - 2013-01-17 15:34 - 00000000 ____D () C:\ProgramData\Skype
2014-12-20 15:46 - 2012-04-24 15:55 - 00000000 ____D () C:\ProgramData\Mozilla
2014-12-20 15:46 - 2011-08-14 09:08 - 00000000 ____D () C:\Users\Roger\AppData\Roaming\Thunderbird
2014-12-20 15:38 - 2009-07-14 02:37 - 00000000 ___RD () C:\Users\Public
2014-12-20 14:58 - 2013-09-26 08:41 - 00001870 _____ () C:\Users\Public\Desktop\COMODO Firewall.lnk
2014-12-20 14:53 - 2012-10-11 18:38 - 00001431 ____N () C:\Windows\system32\{1606DC18-9578-4cbd-8312-8E9868F06A1D}.conf
2014-12-20 14:53 - 2012-10-11 18:38 - 00000738 _____ () C:\Windows\system32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
2014-12-20 11:12 - 2009-07-14 04:53 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-20 10:23 - 2013-10-18 16:40 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-20 10:23 - 2013-10-18 16:40 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-12-20 08:58 - 2011-11-21 12:58 - 00013464 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-12-19 14:28 - 2014-08-08 07:20 - 00000000 ____D () C:\Users\Roger\Downloads\Macrium
2014-12-19 11:30 - 2014-08-18 14:57 - 00000000 ____D () C:\Users\Roger\AppData\Local\Adobe
2014-12-19 11:11 - 2010-11-19 09:34 - 00001154 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2014-12-19 11:11 - 2010-11-17 18:57 - 00000000 ____D () C:\Program Files\Paint.NET
2014-12-18 19:23 - 2012-10-11 15:28 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-18 19:16 - 2014-07-08 07:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT
2014-12-18 18:06 - 2014-06-22 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-12-18 18:06 - 2014-06-22 11:29 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Exploit
2014-12-18 18:02 - 2006-11-02 10:23 - 00457374 ____R () C:\Windows\system32\Drivers\etc\hosts.20141227-135212.backup
2014-12-18 17:49 - 2014-05-07 12:29 - 00001843 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
2014-12-18 17:45 - 2012-02-05 13:31 - 00000929 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-18 17:45 - 2012-02-05 13:31 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-18 17:19 - 2014-02-14 10:07 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-18 15:46 - 2013-07-12 17:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-18 15:30 - 2014-09-23 07:13 - 00000000 ____D () C:\Program Files\Pale Moon
2014-12-18 15:04 - 2014-04-18 08:57 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-18 15:04 - 2013-12-17 18:37 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-12-18 15:04 - 2013-10-18 16:40 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-18 15:04 - 2013-10-18 16:40 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-18 15:04 - 2013-10-18 16:40 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-12-18 15:04 - 2013-10-18 16:40 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

Some content of TEMP:
====================
C:\Users\Roger\AppData\Local\Temp\Quarantine.exe
C:\Users\Roger\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-02 17:39

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-01-2015
Ran by Roger at 2015-01-09 15:57:00
Running from C:\Users\Roger\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AbiWord 2.8.6 (HKLM\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-3119582079-282113860-1835835686-1000\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo WinOptimizer 2014 v.1.0.0 (HKLM\...\{4209F371-99CD-68CB-1C29-9910F8F9BD96}_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Atlantis Word Processor (HKLM\...\Atlantis Word Processor) (Version:  - )
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Camera RAW Plug-In for EPSON Creativity Suite (HKLM\...\{42EDF895-158C-484E-A7F2-42B90759F281}) (Version: 2.3.0.0 - SEIKO EPSON CORPORATION)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
COMODO Firewall (HKLM\...\{18F14F4B-D8A9-4309-817E-3BC0B7664E53}) (Version: 8.0.0.4344 - COMODO Security Solutions Inc.)
CryptoPrevent (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
EPSON Easy Photo Print (HKLM\...\{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}) (Version: 1.5.1.0 - SEIKO EPSON CORPORATION)
EPSON File Manager (HKLM\...\{46CBBDF8-55B5-40DB-B459-7B848394309C}) (Version: 1.3.1.0 - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
EPSON Scan Assistant (HKLM\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.10.00 - )
EPSON Stylus SX200 Series Printer Uninstall (HKLM\...\EPSON Stylus SX200 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Stylus SX200_SX400_TX200_TX400 Manual (HKLM\...\EPSON Stylus SX200_SX400_TX200_TX400 User’s Guide) (Version:  - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Eusing Free Registry Cleaner (HKLM\...\Eusing Free Registry Cleaner) (Version:  - Eusing Software)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)
Gateway Recovery Center Installer (HKLM\...\{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}) (Version: 1.01.025 - Gateway)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (Version: 4.0.0.002 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
inSSIDer Home (HKLM\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.3 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 5.3.7256 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Exploit version 1.05.1.1016 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1016 - Malwarebytes)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.156 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Motorola SM56 Speakerphone Modem (HKLM\...\SMSERIAL) (Version: 6.12.25.06 - Motorola Inc)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 en-GB) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-GB)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0a2 - Mozilla)
MSConfig CleanUp 1.2 (HKLM\...\MSConfig CleanUp_is1) (Version:  - Virtuoza)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
O2InstV3Win7UpdateV2 (Version: 10 - SupportSoft) Hidden
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC41}) (Version: 4.0.5 - dotPDN LLC)
Pale Moon 25.1.0 (x86 en-US) (HKLM\...\Pale Moon 25.1.0 (x86 en-US)) (Version: 25.1.0 - Moonchild Productions)
Power2Go 5.0 (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version:  - )
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5003.0 - SigmaTel)
Simple Adblock (HKLM\...\{A9A75A7F-4785-430D-8013-77BC1FD13A4C}) (Version: 1.1.5 - Simple Adblock)
SIW Pro Edition (GOTD) (HKLM\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2014.01.30 - Topala Software Solutions)
Skypeâ„¢ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SlimDrivers (HKLM\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
SSuite Office - WordGraph (HKLM\...\{05102FD6-D968-454C-826B-9838C7600567}) (Version: 8.30.0002 - SSuite Office Software{TM})
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.3.0 - Synaptics)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{B54B8CD3-E12B-4C29-AF5A-2101E2FF5F53}) (Version: 2.00.0005 - Texas Instruments Inc.)
TIPCI (Version: 2.00.0005 - Texas Instruments Inc.) Hidden
Tweak-SSD (HKLM\...\Tweak-SSD) (Version: 1.2.1 - Totalidea Software)
Windows Driver Package - Intel (NETwLv32) net  (08/15/2010 13.3.0.137) (HKLM\...\BDE6534846F22EEEE3848BD9F55FC872EF48B73F) (Version: 08/15/2010 13.3.0.137 - Intel)
Windows Driver Package - Intel (NETwNs32) net  (07/14/2010 13.3.0.24) (HKLM\...\7DAE8CDD63E347A3DA14F801D61A6B6B406411EA) (Version: 07/14/2010 13.3.0.24 - Intel)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 10:23 - 2014-12-27 14:05 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1794055B-BFC8-4B54-99A1-D80F5617DBD6} - System32\Tasks\avastBCLRestartS-1-5-21-3119582079-282113860-1835835686-1000 => Firefox.exe
Task: {1852D895-27FE-48BF-BEFE-C6DF43ED1484} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {37C15562-B05B-4984-9EE8-2F7F2239E426} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-18] (AVAST Software)
Task: {47FF977D-8A30-4219-84B5-E68D6A3C3043} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe
Task: {4AD73BAC-34AF-462A-813E-62BA2A4F2D29} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {6A3115C8-5E75-43FE-8C23-DC02497E4D17} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {79F5A159-DDCC-486F-87F4-CAA75E0A12F1} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Roger => C:\Program Files\Windows Calendar\WinCal.exe
Task: {7AF3344E-7392-4C1B-9569-65106C371680} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-18] (Piriform Ltd)
Task: {9A909966-B70D-4830-A823-E5C0D446F8FB} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {C08601DD-3843-449D-883C-3FE16157E95B} - System32\Tasks\{7B337A45-20B8-470C-B04D-DA807D84AADE} => pcalua.exe -a C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FINSEFE.EXE -c /R /APD /P:"EPSON Stylus SX200 Series"
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {EACE7D10-215F-4BC5-93FB-A34A06A324B1} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-12-09] (COMODO)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) =============

2015-01-09 13:36 - 2015-01-09 13:36 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010900\algo.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-18 15:04 - 2014-12-18 15:04 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-14 10:07 - 2014-12-18 17:18 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\system32\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\SWDUMon.sys:$CmdTcID
AlternateDataStreams: C:\Users\Roger\Desktop\FRST.exe:$CmdTcID
AlternateDataStreams: C:\Users\Roger\Desktop\FRST.exe:$CmdZnID

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListen => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListenPush => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SupportSoft RemoteAssist => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3119582079-282113860-1835835686-500 - Administrator - Disabled)
Guest (S-1-5-21-3119582079-282113860-1835835686-501 - Limited - Disabled)
Roger (S-1-5-21-3119582079-282113860-1835835686-1000 - Administrator - Enabled) => C:\Users\Roger

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/09/2015 03:15:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (01/09/2015 03:15:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (01/09/2015 02:46:36 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (01/09/2015 02:46:36 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (01/09/2015 02:30:38 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (01/09/2015 02:30:38 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.


System errors:
=============
Error: (01/09/2015 03:19:17 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.

Error: (01/09/2015 03:12:09 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (01/09/2015 03:11:33 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UimBus
Uim_IM
Uim_Vim

Error: (01/09/2015 03:10:55 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (01/09/2015 03:03:18 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.

Error: (01/09/2015 03:03:09 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.

Error: (01/09/2015 03:02:53 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.

Error: (01/09/2015 03:02:41 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.

Error: (01/09/2015 03:02:34 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.

Error: (01/09/2015 03:02:16 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.


Microsoft Office Sessions:
=========================
Error: (01/09/2015 03:15:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (01/09/2015 03:15:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000EA5200000000000009030000

Error: (01/09/2015 02:46:36 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (01/09/2015 02:46:36 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000365200000000000009030000

Error: (01/09/2015 02:30:38 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (01/09/2015 02:30:38 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000825100000000000009030000


==================== Memory info ===========================

Processor: Intel® Core2 CPU T5300 @ 1.73GHz
Percentage of memory in use: 55%
Total physical RAM: 3062.12 MB
Available physical RAM: 1367.8 MB
Total Pagefile: 3060.41 MB
Available Pagefile: 1437.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1918.77 MB

==================== Drives ================================

Drive c: (Main) (Fixed) (Total:119.24 GB) (Free:94.89 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: AA9E03BA)
Partition 1: (Active) - (Size=119.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Regards,

scorpior7.
 

Link to post
Share on other sites

  • Root Admin

Based on what AdwCleaner removed.

Successfully deleted: [Folder] "C:\Program Files\eusing free registry cleaner"

Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free registry cleaner"

Successfully deleted: [Folder] "C:\Users\Roger\AppData\Roaming\microsoft\windows\start menu\programs\free registry cleaner"

Let me point you to the following article.

Do I need a Windows Registry Cleaner?

The logs also show that this topic might be something you're also experiencing

http://www.sevenforums.com/software/138171-uimbus-uim_im-drivers.html

You're also having this error repeatedly

Error: (01/09/2015 03:02:16 PM) (Source: atapi) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Ide\IdePort1.

The following topic as well as many others indicate this may be due to an impending hard drive failure

http://www.adir1.com/2012/01/solved-the-driver-detected-a-controller-error-on-deviceideideport2/

http://www.sevenforums.com/installation-setup/193909-sata-port-numbers-vs-assignemnt-disk-numbers.html

Since you have a disk image of your system. Do you have another hard drive that you can restore the image to and see if that drive error goes away?

Link to post
Share on other sites

AdvancedSetup, many thanks for your reply and the links which I will read in detail when time permits. When I have done so I will post back with possible queries/comments which perhaps you would reply to, please.

 

A few initial points, if I may, please.

 

In #07 procedure ESET found 1 Threat associated with Google as reported in that log. To remove that threat do I run ESET again but this time with the Remove found threat box ticked? I don`t see the point of it remaining as ESET did report it as a threat.

 

I had used Eusing Free Registry Cleaner for many years without any problems. I know removing such unwanted entries does not speed a computer up but I couldn`t see the point of leaving associated registry enties behind in the registry after uninstalling a program.

Perhaps it would be better for me to use Revo Uninstaller for removing unwated programs ensuring I follow through with that to remove the associated registry entries?

 

You ask, Since you have a disk image of your system. Do you have another hard drive that you can restore the image to and see if that drive error goes away? I do not have a second external hard drive if that is what you are asking. I only have the one which I used (unfortunately) to restore a disk image I had made on Jan 4th which did not work as the problem re-occurred. Sorry I caused difficulties for you which meant we started from square one again.

 

You must have gathered my hard drive is a SSD. I realise they can fail but I would add that my computer is running fast and perfectly normally in all other respects. It has only suffered the BSOD on the few occasions of running a Threat Scan with MBAM (which surprisingly ran to completion with no problems yesterday) and the only problem is with MBAM when the Heuristic scan comes to an end just before the final report is produced. No BSOD`s at all other than with MBAM.

I will try another scan with it later today to see what happens.

 

Please don`t take me wrong here. I am merely trying to give you as much information as I can to help you resolve my problem. Anything you suggest is very much welcome.

For starters, registry cleaners have gone out of the window on your advice.

 

Regards,

scorpior7

Link to post
Share on other sites

AdvancedSeup, this morning I decided to run a Threat Scan with MBAM. While progressing through the Heuristc Analysis about two thirds of the way through I got the BSOD with the writing scunched up near the top so as to be unreadable whereby I had to force a shutdown and then reboot.

You may recall thie same happened once before.

 

What I just don`t understand is why the Threat Scan ran totally to conclusion without any problems during my action #6 of your post to me on 9 Jan but now will not.

As previously mentioned, my computer is running perfectly normally in all other respects other than with MBAM`s Heuristic Analysis.

 

Should I turn off the Advanced Heuristic Engine (Shuriken) in the Detection and Protection section of Settings? Any ideas, please, or is this now a lost cause?

 

Regards,

scorpior7.

Link to post
Share on other sites

  • Root Admin

The file itself is not a threat.

C:\Users\Roger\Desktop\Downloads\ccsetup501.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

Basically the tool comes bundled with the Google Toolbar. As long as you can OPT out of installing it then no issue. If/When an application does not allow you to opt out of installing it then it may venture into an actual threat and be added even to our program for removal. In this case currently there should be no issue.

Not saying that there is something specifically wrong with the SSD but there is something wrong there (I've been running SSD for many years on many systems and none of mine have those errors. It could be a driver issue, cabling issue, firmware issue, etc but "something" is wrong. Will or does it cause obvious other issues it's unclear. In theory it could even potentially be from using Registry Cleaners and why I pointed it to you. It is far better to leave the junk than to clean out something unrelated that another object is looking for and thus now causing an issue. It take a lot of work to even attempt to track down such issues and why use of ANY Registry Cleaner is frowned upon by anyone with real computer technical experience.

The freeze or hang could certainly be completely due to a file, folder, or registry entry that one of our rules is having trouble processing. Again though due to the complexity of what's going on with your computer and other errors it is not easy to track down what the root cause is. There are a couple approaches that can be done. On my own systems I track down and fix errors one by one but I'm well aware of my own system. Doing so for another system is not as cut and dried as a messed up Registry depending on what it is cannot be fixed as it may be an unknown. Forensic analysis would be required which is beyond the scope of help here.

One thing you could try since you have a known good working image is to backup any current new files needed. Then do an FDISK, Format, and reinstall Windows. Do not do any Windows updates yet. Just get Windows installed. Then reboot a couple times. Then check the event logs and see if these same errors are present or not. Then install MBAM and do different types of scans and see if the issue returns or not.

Make sure you check and print out all the main hardware items you have such as Network card, Audio card, etc and obtain the drivers from the Manufacturer website before you do a format reinstall.

Then assuming the Event Logs are clear of the same errors continue and get the drivers installed, then the Windows Updates installed. Checking along the way to see if these errors return or not. Also continue to do MBAM scans to see if the issue returns.

This is a LOT of work and you may not be interested in doing this amount of work especially for a $25 program and if so I can understand that but we could easily spend hours and days looking at different things and possibly not find the issue. A clean Windows install should hopefully remove or verify the issue one way or another for us.

Please let me know what direction you'd like to take here.

Thanks again, Ron

Link to post
Share on other sites

Ron, if I may call you that now, thank you again for your reply which is most informative.

 

My laptop is a Gateway model MX8716B and originally had Windows Vista installed. In 2009 (I seem to recall) I bought a Windows 7 Home Premium upgrade disk and upgraded to the said program which I have used since.

Looking in the booklet which came with the disk it gives two options for the upgrade:-

 

Click Upgrade - If you are running Windows Vista to keep your files, programs and settings and install Windows7

 

Click Custom - If you are running Windows XP or want to completely replace your current version of Windows with Windows 7. You will need to manually reinstall your programs and restore your backed up files after installation.

 

I still have the upgrade disk so my question to you is could I use it and select the Upgrade option again to reinstall Windows 7 but still retain my programs, files and settings?

 

For me that would be the easier opion, if feasible, as I have never had to undertake a complete a clean Windows install.

 

Your continued help is gratefully appreciated. 

 

Regards,

scorpior7

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.