Jump to content

Recommended Posts

Hello,

 

My computer has been infected and despite many research, I haven't been able to get rid of this malware. It slows down my computer a lot.

 

I'm using Firefox, and for the past two weeks, there are phantom adds randomly playing (I just hear the sounds, I don't see any video). On windows task manager, I see that a IE is running in the application (but no IE windows is opened), and most of the time it's named ib-pixadsserve.

 

As I can't end this task (nothing happens), I go to the processes tab, and end all of the IE process (usually 3 of them are opened). Them I am ok for some time, until it comes back (usually about a couple hours later).

I think it is similar to this topic, or this one.

 

I use windows 7, and I have Avast antivirus. To try to get rid of this thing, I have run successively:

CCleaner

Adwcleaner

Malwarebytes

Superantispyware

JRT

Windows malicious software

 

Then nothing happens for a little bit longer, but eventually it comes back.

 

Please find attached the report from Farbar as well as the one from Microsoft windows malicious software, JRT, and Adwcleaner.

 

Thank you in advance for your help.

 

Bree

FRST.txt

mrt.log

JRT.txt

AdwCleanerR6.txt

AdwCleanerS4.txt

mbam-log-2015-01-18 (19-38-08).xml

protection-log-2015-01-18.xml

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 

 

Please post the addition.txt as well.

Link to post
Share on other sites

Hello Marius,

 

Thank you for your time.

I've read your post, but I am not sure what I am supposed to do at this point (if anything)... Do you want me to post in the text all the logs in attachment in the first message?

Sorry about that...

Link to post
Share on other sites

thank you. Here it is.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015Ran by Pete at 2015-01-20 15:45:39Running from C:\Users\Pete\DesktopBoot Mode: Normal============================================================================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.100 - NTI Corporation)Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.3501.00 - CyberLink Corp.)Acer Crystal Eye Webcam (x32 Version: 1.5.3501.00 - CyberLink Corp.) HiddenAcer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3010 - Acer Incorporated)Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3507 - Acer Incorporated)Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3506 - Acer Incorporated)Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 20.11.1111.1653 - Acer Incorporated)Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3501 - Acer Incorporated)Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.03 - Adobe Systems)Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)Antidote 8 (HKLM-x32\...\{09AAAB09-6DBA-4DD9-9865-54597D3FBCA8}) (Version: 8.04.1327 - Druide informatique inc.)Assistant de téléchargement (HKLM-x32\...\{92154A3C-9BB7-49D7-A571-4EB6373FA5AD}) (Version: 6.65.13 - Druide informatique inc.)Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.130 - Atheros)Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)Backup Manager V3 (x32 Version: 3.0.0.100 - NTI Corporation) HiddenBrother MFL-Pro Suite MFC-J4710DW (HKLM-x32\...\{DD98C438-D769-4677-AA87-3481FA32D20C}) (Version: 2.0.0.0 - Brother Industries, Ltd.)CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.6.381 - Corel Inc.)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenGalería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenGalerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenGIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)Google Drive (HKLM-x32\...\{56D4499E-AC3E-4B8D-91C9-C700C148C44B}) (Version: 1.13.5782.599 - Google, Inc.)Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)Install Absolute Data Protect (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 1.0.0.42 - Absolute Software)Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenLaunch Manager (HKLM-x32\...\LManager) (Version: 6.0.13 - Acer Inc.)Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft OneDrive (HKU\S-1-5-21-581011321-4207262917-4051237000-1000\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)Mozilla Firefox 35.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)Multidictionnaire de la langue française (HKLM-x32\...\Multidictionnaire de la langue française 1.0) (Version: 1.0 - Les Éditions Québec Amérique)NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9006 - NTI Corporation)NTI Media Maker 9 (x32 Version: 9.0.2.9006 - NTI Corporation) HiddenNuance PaperPort 12 (HKLM-x32\...\{88B5FBDC-967D-4B1F-B291-39284AE12201}) (Version: 12.1.0005 - Nuance Communications, Inc.)Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)OpenOffice.org 3.4.1 Language Pack (French) (HKLM-x32\...\{6EF8E7F5-C9D2-4CBF-BB72-15901336855E}) (Version: 3.41.9593 - Apache Software Foundation)PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.07 - Qualcomm Atheros)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.56.316.2012 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6581 - Realtek Semiconductor Corp.)Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.27015 - Realtek Semiconductor Corp.)Scansoft PDF Professional (x32 Version:  - ) HiddenService Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) HiddenSkype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1168 - SUPERAntiSpyware.com)Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.41.5 - Synaptics Incorporated)Trillian (HKLM-x32\...\Trillian) (Version:  - Cerulean Studios, LLC)VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.5.0.0 - Azureus Software, Inc.)WD SmartWare (HKLM\...\{232EB8E6-9B8C-4785-A994-B1E5E2376CDC}) (Version: 2.2.0.8 - Western Digital Technologies, Inc.)Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3507 - Acer Incorporated)Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)WinRAR 5.11 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.1 - win.rar GmbH)==================== Custom CLSID (selected items): ==========================(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)CustomCLSID: HKU\S-1-5-21-581011321-4207262917-4051237000-1000_Classes\CLSID\{5563940C-ABF0-47B4-BB0E-B5D8680B570A}\localserver32 -> C:\Program Files (x86)\Druide\Antidote 8\Programmes64\MoteurIntegration.exe (Druide informatique inc.)CustomCLSID: HKU\S-1-5-21-581011321-4207262917-4051237000-1000_Classes\CLSID\{5563940D-49FD-4F1A-96AA-147B474290EE}\localserver32 -> C:\Program Files (x86)\Druide\Antidote 8\Programmes64\MoteurIntegration.exe (Druide informatique inc.)CustomCLSID: HKU\S-1-5-21-581011321-4207262917-4051237000-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Pete\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-581011321-4207262917-4051237000-1000_Classes\CLSID\{A12A9CAB-1C75-4AA3-A980-74F25AB94C8E}\localserver32 -> C:\Program Files (x86)\Druide\Antidote 8\Programmes64\AgentAntidote.exe (Druide informatique inc.)CustomCLSID: HKU\S-1-5-21-581011321-4207262917-4051237000-1000_Classes\CLSID\{A12A9CAB-1C75-4AA3-A980-74F25AB94C8F}\localserver32 -> C:\Program Files (x86)\Druide\Antidote 8\Programmes64\Antidote.exe (Druide informatique inc.)CustomCLSID: HKU\S-1-5-21-581011321-4207262917-4051237000-1000_Classes\CLSID\{AD630E0F-BF29-4791-AD3B-A289E884E37C}\localserver32 -> C:\Program Files (x86)\Druide\Antidote 8\Programmes64\Antidote.exe (Druide informatique inc.)CustomCLSID: HKU\S-1-5-21-581011321-4207262917-4051237000-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Pete\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-581011321-4207262917-4051237000-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Pete\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-581011321-4207262917-4051237000-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Pete\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-581011321-4207262917-4051237000-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Pete\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)==================== Restore Points  =========================20-10-2014 10:23:26 Windows Update21-10-2014 10:19:02 Windows Update24-10-2014 12:59:14 Windows Update24-10-2014 13:09:21 Windows Update22-11-2014 18:30:34 Windows Update30-11-2014 13:33:50 Windows Update03-12-2014 19:38:52 Windows Update20-12-2014 21:44:31 Windows Update30-12-2014 19:20:00 Windows Update01-01-2015 12:50:55 Windows Update05-01-2015 09:09:04 Installed Adblock Plus for IE (32-bit and 64-bit)05-01-2015 11:37:28 avast! antivirus system restore point06-01-2015 10:19:13 Windows Update09-01-2015 11:25:18 Windows Update11-01-2015 11:20:03 Removed Google Earth.11-01-2015 11:23:45 Removed Evernote v. 4.5.211-01-2015 15:24:09 Removed inSSIDer 313-01-2015 10:18:59 Windows Update14-01-2015 11:43:39 Removed Adblock Plus for IE (32-bit and 64-bit)14-01-2015 22:22:14 Windows Update==================== Hosts content: ==========================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts==================== Scheduled Tasks (whitelisted) =============(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)Task: {2636E847-20A0-474B-9EB1-C529F58E4B43} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exeTask: {3439FBD1-0D9E-4B03-8657-27BD20C545B5} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvcTask: {62E04CC4-4473-432D-A0B0-92884E26A615} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-06] (Acer Incorporated)Task: {6B9F7D0D-A860-4F6F-9464-5A96274FE739} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)Task: {6C384BA3-6D15-4712-94C6-331455CD50C5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-30] (Google Inc.)Task: {89C77557-2B78-4E07-80D8-64D4C45C0488} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-30] (Google Inc.)Task: {89FB3166-9A1B-479D-8C3E-BCA8D1D833A5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)Task: {A0DEC3E3-582A-4D47-B339-083E5FFB6377} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)Task: {BFC28AC2-713E-45E9-B134-15C30F4984B5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-05] (AVAST Software)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe==================== Loaded Modules (whitelisted) =============2013-06-20 13:47 - 2005-04-21 23:36 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll2012-07-31 05:56 - 2012-03-26 19:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2015-01-05 11:39 - 2015-01-05 11:39 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll2015-01-05 11:39 - 2015-01-05 11:39 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll2015-01-20 10:39 - 2015-01-20 10:39 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15012000\algo.dll2015-01-05 11:40 - 2015-01-05 11:40 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll2015-01-20 15:36 - 2015-01-20 15:36 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15012001\algo.dll2012-01-05 16:22 - 2012-01-05 16:22 - 00465344 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll2012-01-05 16:22 - 2012-01-05 16:22 - 01081368 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll2012-01-05 16:22 - 2012-01-05 16:22 - 00125464 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll2013-09-21 17:49 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll2015-01-05 11:40 - 2015-01-05 11:40 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2014-11-22 18:57 - 2014-11-22 18:57 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\92a1650dbe9fad5f46633b835420e1a8\IsdiInterop.ni.dll2013-02-23 13:24 - 2011-11-29 23:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll2013-02-23 13:30 - 2012-02-07 04:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll2015-01-13 11:23 - 2015-01-13 11:23 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll2015-01-05 11:29 - 2015-01-05 11:29 - 00133120 _____ () C:\Users\Pete\AppData\Roaming\xzjfiyvo\colers.dll2014-10-21 10:13 - 2014-10-21 10:13 - 00081056 _____ () C:\Users\Pete\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.DLL2015-01-13 16:52 - 2015-01-13 16:52 - 16844464 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll==================== Alternate Data Streams (whitelisted) =========(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)==================== Safe Mode (whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)==================== EXE Association (whitelisted) =============(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)==================== MSCONFIG/TASK MANAGER disabled items =========(Currently there is no automatic fix for this section.)MSCONFIG\startupfolder: C:^Users^Pete^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.StartupMSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"MSCONFIG\startupreg: AgentAntidote32 => "C:\Program Files (x86)\Druide\Antidote 8\Programmes32\AgentAntidote.exe" /LancementSessionMSCONFIG\startupreg: AgentAntidote64 => "C:\Program Files (x86)\Druide\Antidote 8\Programmes64\AgentAntidote.exe" /LancementSessionMSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\athbttray.exe"MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\btvstack.exe"MSCONFIG\startupreg: IndexSearch => "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -schedulerMSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exeMSCONFIG\startupreg: PDF5 Registry Controller => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exeMSCONFIG\startupreg: PDFHook => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exeMSCONFIG\startupreg: SkyDrive => "C:\Users\Pete\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /backgroundMSCONFIG\startupreg: WD Quick View => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe========================= Accounts: ==========================Administrator (S-1-5-21-581011321-4207262917-4051237000-500 - Administrator - Disabled)Guest (S-1-5-21-581011321-4207262917-4051237000-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-581011321-4207262917-4051237000-1085 - Limited - Enabled)Pete (S-1-5-21-581011321-4207262917-4051237000-1000 - Administrator - Enabled) => C:\Users\Pete==================== Faulty Device Manager Devices =============Name: Teredo Tunneling Pseudo-InterfaceDescription: Microsoft Teredo Tunneling AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: tunnelProblem: : This device cannot start. (Code10)Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.==================== Event log errors: =========================Application errors:==================Error: (01/20/2015 03:43:58 PM) (Source: Windows Search Service) (EventID: 1006) (User: )Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0xc0041800, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.Error: (01/20/2015 03:43:58 PM) (Source: Windows Search Service) (EventID: 7042) (User: )Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.Details:	The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)Error: (01/20/2015 03:43:58 PM) (Source: Windows Search Service) (EventID: 7040) (User: )Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.Details:	The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)Error: (01/20/2015 03:43:58 PM) (Source: Windows Search Service) (EventID: 9000) (User: )Description: The Windows Search Service cannot open the Jet property store.Details:	0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))Error: (01/20/2015 03:43:58 PM) (Source: ESENT) (EventID: 455) (User: )Description: Windows (6160) Windows: Error -1811 (0xfffff8ed) occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.Error: (01/20/2015 03:43:42 PM) (Source: Windows Search Service) (EventID: 1006) (User: )Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0xc0041800, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.Error: (01/20/2015 03:43:42 PM) (Source: Windows Search Service) (EventID: 7042) (User: )Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.Details:	The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)Error: (01/20/2015 03:43:42 PM) (Source: Windows Search Service) (EventID: 7040) (User: )Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.Details:	The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)Error: (01/20/2015 03:43:42 PM) (Source: Windows Search Service) (EventID: 9000) (User: )Description: The Windows Search Service cannot open the Jet property store.Details:	0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))Error: (01/20/2015 03:43:42 PM) (Source: ESENT) (EventID: 455) (User: )Description: Windows (6228) Windows: Error -1811 (0xfffff8ed) occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.System errors:=============Error: (01/20/2015 03:43:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Windows Search service terminated unexpectedly.  It has done this 25 time(s).Error: (01/20/2015 03:43:58 PM) (Source: Service Control Manager) (EventID: 7024) (User: )Description: The Windows Search service terminated with service-specific error %%-1073473536.Error: (01/20/2015 03:43:56 PM) (Source: Ntfs) (EventID: 55) (User: )Description: The file system structure on the disk is corrupt and unusable.Please run the chkdsk utility on the volume Acer.Error: (01/20/2015 03:43:56 PM) (Source: Ntfs) (EventID: 55) (User: )Description: The file system structure on the disk is corrupt and unusable.Please run the chkdsk utility on the volume Acer.Error: (01/20/2015 03:43:56 PM) (Source: Ntfs) (EventID: 55) (User: )Description: The file system structure on the disk is corrupt and unusable.Please run the chkdsk utility on the volume Acer.Error: (01/20/2015 03:43:54 PM) (Source: Ntfs) (EventID: 55) (User: )Description: The file system structure on the disk is corrupt and unusable.Please run the chkdsk utility on the volume Acer.Error: (01/20/2015 03:43:52 PM) (Source: Ntfs) (EventID: 55) (User: )Description: The file system structure on the disk is corrupt and unusable.Please run the chkdsk utility on the volume Acer.Error: (01/20/2015 03:43:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Windows Search service terminated unexpectedly.  It has done this 24 time(s).Error: (01/20/2015 03:43:42 PM) (Source: Service Control Manager) (EventID: 7024) (User: )Description: The Windows Search service terminated with service-specific error %%-1073473536.Error: (01/20/2015 03:43:40 PM) (Source: Ntfs) (EventID: 55) (User: )Description: The file system structure on the disk is corrupt and unusable.Please run the chkdsk utility on the volume Acer.Microsoft Office Sessions:=========================Error: (01/20/2015 03:43:58 PM) (Source: Windows Search Service) (EventID: 1006) (User: )Description: 40xc0041800Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\ProjectsError: (01/20/2015 03:43:58 PM) (Source: Windows Search Service) (EventID: 7042) (User: )Description: Details:	The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)The catalog is corruptError: (01/20/2015 03:43:58 PM) (Source: Windows Search Service) (EventID: 7040) (User: )Description: Details:	The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)4700Error: (01/20/2015 03:43:58 PM) (Source: Windows Search Service) (EventID: 9000) (User: )Description: Details:	0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))Error: (01/20/2015 03:43:58 PM) (Source: ESENT) (EventID: 455) (User: )Description: Windows6160Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log-1811 (0xfffff8ed)Error: (01/20/2015 03:43:42 PM) (Source: Windows Search Service) (EventID: 1006) (User: )Description: 40xc0041800Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\ProjectsError: (01/20/2015 03:43:42 PM) (Source: Windows Search Service) (EventID: 7042) (User: )Description: Details:	The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)The catalog is corruptError: (01/20/2015 03:43:42 PM) (Source: Windows Search Service) (EventID: 7040) (User: )Description: Details:	The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)4700Error: (01/20/2015 03:43:42 PM) (Source: Windows Search Service) (EventID: 9000) (User: )Description: Details:	0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))Error: (01/20/2015 03:43:42 PM) (Source: ESENT) (EventID: 455) (User: )Description: Windows6228Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log-1811 (0xfffff8ed)==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHzPercentage of memory in use: 63%Total physical RAM: 3913.36 MBAvailable physical RAM: 1444.43 MBTotal Pagefile: 7824.89 MBAvailable Pagefile: 4995.32 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.82 MB==================== Drives ================================Drive c: (Acer) (Fixed) (Total:284.49 GB) (Free:87.75 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 75C088B2)Partition 1: (Not Active) - (Size=13.5 GB) - (Type=27)Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=284.5 GB) - (Type=07 NTFS)==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe



When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

Link to post
Share on other sites

Here is the result

ComboFix 15-01-22.01 - Pete 22/01/2015   9:54.1.4 - x64Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3913.2532 [GMT -5:00]Running from: c:\users\Pete\Desktop\ComboFix.exeAV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..(((((((((((((((((((((((((   Files Created from 2014-12-22 to 2015-01-22  )))))))))))))))))))))))))))))))..2015-01-22 15:03 . 2015-01-22 15:03	--------	d-----w-	c:\users\Default\AppData\Local\temp2015-01-21 22:04 . 2015-01-21 22:04	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C6AA1BE-34EC-43F6-8C4C-69DE6AA2BC28}\offreg.dll2015-01-21 19:59 . 2014-12-02 10:26	11870360	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C6AA1BE-34EC-43F6-8C4C-69DE6AA2BC28}\mpengine.dll2015-01-20 20:44 . 2015-01-20 20:46	--------	d-----w-	C:\FRST2015-01-15 17:52 . 2015-01-15 17:52	--------	d-----w-	c:\windows\ERUNT2015-01-15 02:23 . 2015-01-15 02:23	--------	d-----w-	C:\SUPERDelete2015-01-14 19:57 . 2015-01-14 19:57	--------	d-----w-	c:\users\Pete\AppData\Roaming\SUPERAntiSpyware.com2015-01-14 19:56 . 2015-01-22 14:07	--------	d-----w-	c:\program files\SUPERAntiSpyware2015-01-14 19:56 . 2015-01-14 19:56	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com2015-01-14 18:54 . 2015-01-14 19:57	--------	d-----w-	c:\programdata\SUPERSetup2015-01-14 18:43 . 2015-01-20 21:15	129752	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys2015-01-14 18:42 . 2014-11-21 11:14	63704	----a-w-	c:\windows\system32\drivers\mwac.sys2015-01-14 18:42 . 2014-11-21 11:14	93400	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys2015-01-14 18:42 . 2014-11-21 11:14	25816	----a-w-	c:\windows\system32\drivers\mbam.sys2015-01-14 18:42 . 2015-01-14 18:42	--------	d-----w-	c:\program files (x86)\Malwarebytes Anti-Malware2015-01-14 18:42 . 2015-01-14 18:42	--------	d-----w-	c:\programdata\Malwarebytes2015-01-14 15:59 . 2014-12-11 17:47	52736	----a-w-	c:\windows\system32\TSWbPrxy.exe2015-01-14 15:59 . 2014-12-19 03:06	210432	----a-w-	c:\windows\system32\profsvc.dll2015-01-14 15:59 . 2014-12-06 04:17	303616	----a-w-	c:\windows\system32\nlasvc.dll2015-01-14 15:59 . 2014-12-06 03:50	156672	----a-w-	c:\windows\SysWow64\ncsi.dll2015-01-14 15:59 . 2014-12-19 01:46	141312	----a-w-	c:\windows\system32\drivers\mrxdav.sys2015-01-14 15:59 . 2014-12-06 03:50	52224	----a-w-	c:\windows\SysWow64\nlaapi.dll2015-01-14 15:58 . 2014-12-12 05:35	5553592	----a-w-	c:\windows\system32\ntoskrnl.exe2015-01-14 15:58 . 2014-12-12 05:11	3971512	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe2015-01-14 15:58 . 2014-12-12 05:11	3916728	----a-w-	c:\windows\SysWow64\ntoskrnl.exe2015-01-14 15:58 . 2014-12-12 05:31	503808	----a-w-	c:\windows\system32\srcore.dll2015-01-14 15:58 . 2014-12-12 05:31	50176	----a-w-	c:\windows\system32\srclient.dll2015-01-14 15:58 . 2014-12-12 05:31	296960	----a-w-	c:\windows\system32\rstrui.exe2015-01-14 15:58 . 2014-12-12 05:07	43008	----a-w-	c:\windows\SysWow64\srclient.dll2015-01-11 21:37 . 2015-01-19 00:35	--------	d-----w-	C:\AdwCleaner2015-01-09 17:31 . 2015-01-13 15:10	--------	d-----w-	c:\users\Pete\AppData\Roaming\Panda Security2015-01-05 17:03 . 2015-01-05 17:03	--------	d-----w-	c:\windows\SysWow64\vbox2015-01-05 17:03 . 2015-01-05 17:03	--------	d-----w-	c:\windows\system32\vbox2015-01-05 16:40 . 2015-01-05 16:40	364512	----a-w-	c:\windows\system32\aswBoot.exe2015-01-05 16:40 . 2015-01-05 16:40	43152	----a-w-	c:\windows\avastSS.scr2015-01-05 16:29 . 2015-01-05 16:29	--------	d-----w-	c:\users\Pete\AppData\Roaming\xzjfiyvo2015-01-04 04:03 . 2015-01-04 04:03	--------	d-sh--w-	c:\users\Pete\AppData\Local\EmieBrowserModeList2014-12-31 00:24 . 2014-12-13 05:09	144384	----a-w-	c:\windows\system32\ieUnatt.exe2014-12-31 00:24 . 2014-12-13 03:33	115712	----a-w-	c:\windows\SysWow64\ieUnatt.exe2014-12-31 00:07 . 2014-12-31 00:07	--------	d-----w-	c:\windows\system32\appraiser...((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2015-01-22 15:06 . 2012-07-31 10:01	17920	----a-w-	c:\windows\system32\rpcnetp.exe2015-01-22 15:06 . 2013-05-31 02:06	69792	----a-w-	c:\windows\SysWow64\rpcnet.dll2015-01-22 15:06 . 2012-07-31 10:02	17920	----a-w-	c:\windows\SysWow64\rpcnetp.dll2015-01-22 15:06 . 2012-07-31 10:01	17920	----a-w-	c:\windows\SysWow64\rpcnetp.exe2015-01-13 21:52 . 2012-07-31 10:41	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl2015-01-13 21:52 . 2012-07-31 10:41	701616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe2015-01-06 09:36 . 2010-11-21 03:27	298120	------w-	c:\windows\system32\MpSigStub.exe2015-01-05 16:41 . 2013-05-31 02:13	1050432	----a-w-	c:\windows\system32\drivers\aswsnx.sys2015-01-05 16:40 . 2014-10-03 11:41	29208	----a-w-	c:\windows\system32\drivers\aswHwid.sys2015-01-05 16:40 . 2014-10-03 11:41	116728	----a-w-	c:\windows\system32\drivers\aswStm.sys2015-01-05 16:40 . 2013-05-31 02:13	436624	----a-w-	c:\windows\system32\drivers\aswsp.sys2015-01-05 16:40 . 2013-05-31 02:13	65776	----a-w-	c:\windows\system32\drivers\aswRvrt.sys2015-01-05 16:40 . 2013-05-31 02:13	267632	----a-w-	c:\windows\system32\drivers\aswVmm.sys2015-01-05 16:40 . 2013-05-31 02:13	83280	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys2015-01-05 16:40 . 2013-05-31 02:13	93568	----a-w-	c:\windows\system32\drivers\aswRdr2.sys2014-12-31 18:12 . 2013-05-31 22:55	113365784	----a-w-	c:\windows\system32\MRT.exe2014-12-04 02:50 . 2014-12-21 00:59	413184	----a-w-	c:\windows\system32\generaltel.dll2014-12-04 02:50 . 2014-12-21 00:59	741376	----a-w-	c:\windows\system32\invagent.dll2014-12-04 02:50 . 2014-12-21 00:59	396800	----a-w-	c:\windows\system32\devinv.dll2014-12-04 02:50 . 2014-12-21 00:59	830976	----a-w-	c:\windows\system32\appraiser.dll2014-12-04 02:50 . 2014-12-21 00:59	192000	----a-w-	c:\windows\system32\aepic.dll2014-12-04 02:50 . 2014-12-21 00:59	227328	----a-w-	c:\windows\system32\aepdu.dll2014-12-04 02:44 . 2014-12-21 00:59	1083392	----a-w-	c:\windows\system32\aeinv.dll2014-12-01 23:28 . 2014-12-21 00:59	1232040	----a-w-	c:\windows\system32\aitstatic.exe2014-11-27 01:43 . 2014-12-21 00:59	389296	----a-w-	c:\windows\system32\iedkcs32.dll2014-11-22 03:13 . 2014-12-21 00:58	25059840	----a-w-	c:\windows\system32\mshtml.dll2014-11-22 03:06 . 2014-12-21 00:59	2724864	----a-w-	c:\windows\system32\mshtml.tlb2014-11-22 03:06 . 2014-12-21 00:59	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll2014-11-22 02:50 . 2014-12-21 00:59	66560	----a-w-	c:\windows\system32\iesetup.dll2014-11-22 02:50 . 2014-12-21 00:58	580096	----a-w-	c:\windows\system32\vbscript.dll2014-11-22 02:49 . 2014-12-21 00:59	48640	----a-w-	c:\windows\system32\ieetwproxystub.dll2014-11-22 02:49 . 2014-12-21 00:59	2885120	----a-w-	c:\windows\system32\iertutil.dll2014-11-22 02:48 . 2014-12-21 00:58	88064	----a-w-	c:\windows\system32\MshtmlDac.dll2014-11-22 02:41 . 2014-12-21 00:58	54784	----a-w-	c:\windows\system32\jsproxy.dll2014-11-22 02:40 . 2014-12-21 00:59	34304	----a-w-	c:\windows\system32\iernonce.dll2014-11-22 02:37 . 2014-12-21 00:58	633856	----a-w-	c:\windows\system32\ieui.dll2014-11-22 02:35 . 2014-12-21 00:59	114688	----a-w-	c:\windows\system32\ieetwcollector.exe2014-11-22 02:34 . 2014-12-21 00:58	814080	----a-w-	c:\windows\system32\jscript9diag.dll2014-11-22 02:34 . 2014-12-21 00:58	6039552	----a-w-	c:\windows\system32\jscript9.dll2014-11-22 02:26 . 2014-12-21 00:59	968704	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe2014-11-22 02:22 . 2014-12-21 00:58	490496	----a-w-	c:\windows\system32\dxtmsft.dll2014-11-22 02:20 . 2014-12-21 00:59	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb2014-11-22 02:14 . 2014-12-21 00:59	77824	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll2014-11-22 02:09 . 2014-12-21 00:58	199680	----a-w-	c:\windows\system32\msrating.dll2014-11-22 02:08 . 2014-12-21 00:58	92160	----a-w-	c:\windows\system32\mshtmled.dll2014-11-22 02:07 . 2014-12-21 00:58	501248	----a-w-	c:\windows\SysWow64\vbscript.dll2014-11-22 02:07 . 2014-12-21 00:59	62464	----a-w-	c:\windows\SysWow64\iesetup.dll2014-11-22 02:06 . 2014-12-21 00:59	47616	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll2014-11-22 02:05 . 2014-12-21 00:58	64000	----a-w-	c:\windows\SysWow64\MshtmlDac.dll2014-11-22 02:05 . 2014-12-21 00:59	316928	----a-w-	c:\windows\system32\dxtrans.dll2014-11-22 01:54 . 2014-12-21 00:59	620032	----a-w-	c:\windows\SysWow64\jscript9diag.dll2014-11-22 01:49 . 2014-12-21 00:59	718848	----a-w-	c:\windows\system32\ie4uinit.exe2014-11-22 01:49 . 2014-12-21 00:59	800768	----a-w-	c:\windows\system32\msfeeds.dll2014-11-22 01:47 . 2014-12-21 00:58	1359360	----a-w-	c:\windows\system32\mshtmlmedia.dll2014-11-22 01:46 . 2014-12-21 00:59	2125312	----a-w-	c:\windows\system32\inetcpl.cpl2014-11-22 01:43 . 2014-12-21 00:58	14412800	----a-w-	c:\windows\system32\ieframe.dll2014-11-22 01:40 . 2014-12-21 00:59	60416	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll2014-11-22 01:29 . 2014-12-21 00:58	4299264	----a-w-	c:\windows\SysWow64\jscript9.dll2014-11-22 01:28 . 2014-12-21 00:58	2358272	----a-w-	c:\windows\system32\wininet.dll2014-11-22 01:22 . 2014-12-21 00:59	2052096	----a-w-	c:\windows\SysWow64\inetcpl.cpl2014-11-22 01:21 . 2014-12-21 00:58	1155072	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll2014-11-22 01:15 . 2014-12-21 00:59	1548288	----a-w-	c:\windows\system32\urlmon.dll2014-11-22 01:03 . 2014-12-21 00:59	800768	----a-w-	c:\windows\system32\ieapfltr.dll2014-11-22 01:00 . 2014-12-21 00:58	1888256	----a-w-	c:\windows\SysWow64\wininet.dll2014-11-19 09:26 . 2014-11-19 09:26	1614504	----a-w-	c:\windows\system32\FM20.DLL2014-11-11 03:09 . 2014-12-21 00:59	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll2014-11-11 03:08 . 2014-11-22 23:49	241152	----a-w-	c:\windows\system32\pku2u.dll2014-11-11 03:08 . 2014-11-22 23:49	728064	----a-w-	c:\windows\system32\kerberos.dll2014-11-11 02:44 . 2014-12-21 00:59	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll2014-11-11 02:44 . 2014-11-22 23:49	186880	----a-w-	c:\windows\SysWow64\pku2u.dll2014-11-11 02:44 . 2014-11-22 23:49	550912	----a-w-	c:\windows\SysWow64\kerberos.dll2014-11-11 01:46 . 2014-12-21 00:59	119296	----a-w-	c:\windows\system32\drivers\tdx.sys2014-11-08 03:16 . 2014-12-21 00:57	2048	----a-w-	c:\windows\system32\tzres.dll2014-11-08 02:45 . 2014-12-21 00:57	2048	----a-w-	c:\windows\SysWow64\tzres.dll2014-10-30 02:03 . 2014-12-21 00:57	165888	----a-w-	c:\windows\system32\charmap.exe2014-10-30 01:45 . 2014-12-21 00:57	155136	----a-w-	c:\windows\SysWow64\charmap.exe2014-10-25 01:57 . 2014-11-22 23:48	77824	----a-w-	c:\windows\system32\packager.dll2014-10-25 01:32 . 2014-11-22 23:48	67584	----a-w-	c:\windows\SysWow64\packager.dll..(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2014-10-21 15:13	239272	----a-w-	c:\users\Pete\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2014-10-21 15:13	239272	----a-w-	c:\users\Pete\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2014-10-21 15:13	239272	----a-w-	c:\users\Pete\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-12-12 7394584]"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-12-15 7780120].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2012-01-05 296984]"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-04 291608]"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2011-08-02 30568]"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096]"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-10 5227112].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2012-7-31 723560].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"SoftwareSASGeneration"= 1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute	REG_MULTI_SZ   	autocheck autochk /p \??\C:\0autocheck autochk *.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S0 aswRvrt;avast! Revert; [x]S0 aswVmm;avast! VM Monitor; [x]S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [x]S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-12-04 21:33	1210320	----a-w-	c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2015-01-22 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-31 21:52].2015-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-31 02:18].2015-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-31 02:18]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2014-10-21 15:13	266416	----a-w-	c:\users\Pete\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2014-10-21 15:13	266416	----a-w-	c:\users\Pete\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2014-10-21 15:13	266416	----a-w-	c:\users\Pete\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2015-01-05 16:40	860984	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]2013-12-06 20:47	778704	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]2013-12-06 20:47	778704	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]2013-12-06 20:47	778704	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]2013-12-06 20:47	778704	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]2013-12-06 20:47	778704	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-23 170264]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-23 398616]"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-23 439064]"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-02-21 12452456]"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2012-02-08 1829768]"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmTCP: DhcpNameServer = 192.168.0.1FF - ProfilePath - c:\users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\mhob1twj.default\FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.startup.homepage - www.google.caFF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startToolbar-Locked - (no file)ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]@Denied: (A 2) (Everyone)@="IFlashBroker6".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.16".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]@Denied: (A 2) (Everyone)@="IFlashBroker6".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files\AVAST Software\Avast\AvastSvc.exec:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\Launch Manager\LMutilps32.exec:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exec:\windows\SysWOW64\rpcnet.exec:\program files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exec:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exec:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe.**************************************************************************.Completion time: 2015-01-22  10:15:22 - machine was rebootedComboFix-quarantined-files.txt  2015-01-22 15:15.Pre-Run: 88,507,879,424 bytes freePost-Run: 88,538,517,504 bytes free.- - End Of File - - 4062C571D09DBC0F49507BD0C4CE0187

ComboFix.txt

Link to post
Share on other sites

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

fixlist.txt

Link to post
Share on other sites

Below is Malware bytes (no threat were found), and attached is the fixlog. However, I don't know if it's normal or not, but the fixlist.txt disappeared from the desktop once the fixlog was created.

Thank you again for your help.

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 23/01/2015Scan Time: 11:14:52 AMLogfile: Administrator: YesVersion: 2.00.4.1028Malware Database: v2015.01.23.04Rootkit Database: v2015.01.14.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: PeteScan Type: Threat ScanResult: CompletedObjects Scanned: 387982Time Elapsed: 34 min, 58 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 0(No malicious items detected)Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 0(No malicious items detected)Physical Sectors: 0(No malicious items detected)(end)

Fixlog.txt

Link to post
Share on other sites

Scan with ESET Online Scan

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

    [*]Click Start[*]Wait for the scan to finish[*]When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."[*] Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.[*]Close the ESET online scan, and let me know how things are now.

Link to post
Share on other sites

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.





SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK Mirror (if the link is down)

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread (Note: Do NOT post this one into a code box!






Are any problems left or may I post the final reply? :)

Link to post
Share on other sites

Hi,

I was able to do adwcleaner (see below), but I can't run JRT. I got an error message saying "could not create folder C:\Users\Pete\AppData\Local\Temp\jrt".Access is denied"

I deleted it, reinstalled it, but I get the same message.

# AdwCleaner v4.109 - Report created 27/01/2015 at 13:11:22# Updated 24/01/2015 by Xplode# Database : 2015-01-26.1 [Live]# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Pete - Pete-PC# Running from : C:\Users\Pete\Documents\antivirus\adwcleaner_4.109.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****Folder Deleted : C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\mhob1twj.default\Extensions\isreaditlater@ideashower.com***** [ Scheduled Tasks ] ********** [ Shortcuts ] ********** [ Registry ] ********** [ Browsers ] *****-\\ Internet Explorer v11.0.9600.17496-\\ Mozilla Firefox v35.0 (x86 en-US)-\\ Google Chrome v40.0.2214.93[C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}*************************AdwCleaner[R0].txt - [5903 octets] - [11/01/2015 16:37:42]AdwCleaner[R1].txt - [1420 octets] - [13/01/2015 23:59:55]AdwCleaner[R2].txt - [1480 octets] - [14/01/2015 00:04:43]AdwCleaner[R3].txt - [1505 octets] - [14/01/2015 22:12:39]AdwCleaner[R4].txt - [1432 octets] - [18/01/2015 17:33:03]AdwCleaner[R5].txt - [1343 octets] - [18/01/2015 17:42:26]AdwCleaner[R6].txt - [1404 octets] - [18/01/2015 19:34:05]AdwCleaner[R7].txt - [1791 octets] - [27/01/2015 13:02:03]AdwCleaner[S0].txt - [5999 octets] - [11/01/2015 16:54:37]AdwCleaner[S1].txt - [1551 octets] - [14/01/2015 00:24:07]AdwCleaner[S2].txt - [1574 octets] - [14/01/2015 22:15:47]AdwCleaner[S3].txt - [1497 octets] - [18/01/2015 17:36:45]AdwCleaner[S4].txt - [1465 octets] - [18/01/2015 19:35:39]AdwCleaner[S5].txt - [1716 octets] - [27/01/2015 13:11:22]########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1776 octets] ##########
Link to post
Share on other sites

I am also encountering problems with Microsoft Word, that won't let me save changes on a document, or won't event open some document I was just working on... Of the document is opened, I pretend to close it, it asked if I want to save it, I clik "yes", and it doesn't do anything (the document stays opened, but it won't save it. To be able to clise it, I have to say "don't save" and so I loose all of my changes).

Link to post
Share on other sites

I think something is not going well: it almost seem I have a problem which each software.

I was trying to update a software (kind of a proofreader that you can use with other software, that I use all the time) and I get another error message :"Base de données: C:\Windows\Installer\da7564.ipi. Impossible d'ouvrir le fichier de base de données. Erreur système - 2147287035." (more or less, "impossible to open the database").

I was unable to update Firefox as well (I got an error message that I didn't write down, sorry).

 

Do you have an idea where the problem could come from?

Link to post
Share on other sites

Yes, I have!

 

 

Use the Windows Error Checking utility (Check Disk), with the options to fix file system errors and scan the disk surface for errors, attempt recovery of data and repair the disk:

  • Click the "Windows Orb" Start button, then click Computer.
  • Right-click on the drive that you wish to check > Properties > Tools tab
  • In the "Error checking" section, click on Check now.
  • Place a checkmark in both boxes > Start.
  • If the disk you have chosen is the Windows system disk:
  • A message will notify you that a restart is necessary ask "Do you want to check for hard disk errors the next time you start your computer?".
  • Click Schedule disk check > OK and close all windows.
  • Re-start the computer. The disk will be checked when the system boots.
  • This will take some time to run and at times may appear stalled but just let it run.
  • When the disk check is complete, the system will re-start automatically and load Windows.


A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.
To open Event Viewer and view the log:

  • Click the "Windows Orb" Start button -> type "eventvwr" without the quotes -> press the key.
  • The Event Viewer window will open.
  • In the left pane, expand "Windows Logs" and then click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Wininit", with an entry corresponding to the date and time of the disk check.
  • Click on that Wininit entry to select it.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.

 

 

 

System File Check

For Windows XP:

  • Press the Windows- and the R-key simultanously.
  • Within the text box that jus opened, write cmd and hit Enter.


For Windows Vista/7:

  • Press the Windows key to open the start menu.
  • Don´t highlight anything, just write cmd.
  • The start menu will offer you an entry named cmd.
  • Right click it and select "run as administrator"




Within the opening window, write the following:

sfc /scannow
(See the blank within).


  • Hit enter. Your system will be checked for damaged system files.
  • Tell me the result of that scan in here (as the tool produces no log).

Link to post
Share on other sites

mmm... that doesn't want to do anything: when I restart, it doesn't scan.

When I open the command prompt, and type chkntfs c: tosee if the disk check is scheduled, it says:

"C: is dirty. You may use the /C option to schedule chkntfs for this drive.

I did a fsc/scannow, it says it found some error but was unable to fix it, and I am unable to open the log to copy its content (access denied).

If I try to schedule the disk check, restart, it still doesn't do anything.

Link to post
Share on other sites

I did

findstr /c:"[sR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

and I think it gave me the results of the scan. I took screen shot and put them in a PDF (see attachment). I don't know if it is of any help (and sorry I didn't find any nicer presentation).

 

I wanted to try

chkdsk /f /r C:

but I'd rather get your opinion on that.

 

I can't use my printer/scanner neither. I work from home and uses the computer a lot, so I'm starting to be quite handicapped. :)

 

thank you again for your time and help!

findst.pdf

Link to post
Share on other sites

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
 

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.



To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.



On the System Recovery Options menu you will get the following options:


  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt


  • In the command window:
  • In the command window type chkdsk /r C:  and press Enter


 
 
Please tell me the result (copy the command output and post it here)

Link to post
Share on other sites

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

 

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt

  • In the command window:
  • In the command window type chkdsk /r C:  and press Enter.
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.