"... is not a valid win32 application"

kevinf80 · May 20, 2015

Thanks for the update, I want you to go to the following link: https://support.microsoft.com/en-us/kb/865219 scroll to "Let me fix it myself" and follow the instructions to Show extensions for known file types.

When that is complete rename FRST.exe to FRST.com Run the tool then select "Scan" let me see the two produced logs....

parvs · May 24, 2015

So sorry for the delay. I still can't run FRST

kevinf80 · May 24, 2015

Delete any version of ComboFix you have on your Desktop. Download a fresh copy from either of the following links:

Link 1

Link 2

Before you save it to the Desktop Make sure to rename it to sega.com

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Select Windows key and R key together, the run box should open. Type this command exactly as shown or use copy/paste:

"%userprofile%\desktop\sega.com" /killall Tap enter or select OK.

Post the log in next reply,

Kevin

parvs · May 26, 2015

Hi!

so when I try to rename it as sega.com it appears as sega.com.ex on my desktop.

I run that and get the same not a valid win32 app error.

when I rename it to sega.com (remove the .exe)

I get a NSIS error. Installer integrity has failed...

kevinf80 · May 26, 2015

You must ensure that "how to show file extensions" instructions are followed in this link for the sick PC: https://support.microsoft.com/en-us/kb/865219#LetMeFixItMyselfAlways

When that is completed, remove any version of Combofix that you have on the sick PC Desktop, Download again from the links I provided earlier. Transfer to the sick PC Desktop.

Combofix should then show as Combofix.exe, righ click on that entry and select "Rename" delete the full name "Combofix.exe" then rename to "sega.com"

Try the following from Normal mode, or if that fails Safe mode....

Select Windows key and R key together, the run box should open. Type this command exactly as shown or use copy/paste:

"%userprofile%\desktop\sega.com" /killall Tap enter or select OK.

When complete post the produced log...

parvs · May 30, 2015

sorry for the delay

here are the logs finally! *yay*

ComboFix 15-05-28.01 - Owner 05/30/2015 14:34:21.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.1015.340 [GMT 8:00]
Running from: c:\users\Owner\Desktop\sega.com
Command switches used :: /killall
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
(((((((((((((((((((((((((   Files Created from 2015-04-28 to 2015-05-30 )))))))))))))))))))))))))))))))
.
.
2015-05-30 06:43 . 2015-05-30 06:43   --------   d-----w-   c:\users\Default\AppData\Local\temp
2015-05-19 18:15 . 2015-05-19 20:32   35064   ----a-w-   c:\windows\system32\drivers\TrueSight.sys
2015-05-19 18:15 . 2015-05-19 18:45   --------   d-----w-   c:\programdata\RogueKiller
2015-05-11 09:19 . 2015-05-11 09:19   --------   d-----w-   c:\programdata\McAfee
2015-05-01 18:10 . 2015-05-01 18:10   229608   ----a-w-   c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2015-05-01 18:10 . 2015-05-01 18:10   229608   ----a-w-   c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-19 14:24 . 2014-10-15 05:54   778416   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2015-05-19 14:24 . 2014-10-15 05:54   142512   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2015-03-11 10:06 . 2014-10-05 22:51   37896   ----a-w-   c:\windows\system32\drivers\avnetflt.sys
2015-03-11 10:06 . 2014-10-05 22:51   136216   ----a-w-   c:\windows\system32\drivers\avipbb.sys
2015-03-11 10:06 . 2014-10-05 22:51   105864   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_TATII0E.EXE" [2012-02-26 249440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2015-04-23 726320]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"USB Security"="c:\program files\USB Disk Security\USBGuard.exe" [2011-09-21 623520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2012-04-02 1058912]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-10-02 421888]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2014-11-17 448856]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-04-06 157480]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2015-03-16 129272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-21 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 AntiVirMailService;Avira Mail Protection;c:\program files\Avira\AntiVir Desktop\avmailc7.exe [2015-04-23 815920]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2014-10-05 37352]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2015-04-23 434424]
S2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebg7.exe [2015-04-23 1004280]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe [2015-03-16 201008]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys [2015-03-11 37896]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc.exe [2011-12-11 122000]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-24 10:18   986440   ----a-w-   c:\program files\Google\Chrome\Application\43.0.2357.65\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-15 14:24]
.
2015-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-04-27 08:47]
.
2015-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-04-27 08:47]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 8.8.8.8 8.8.8.4
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\bferiou0.default-1420774421411\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\taskhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2015-05-30 14:51:52 - machine was rebooted
ComboFix-quarantined-files.txt 2015-05-30 06:51
.
Pre-Run: 22,104,379,392 bytes free
Post-Run: 22,442,020,864 bytes free
.
- - End Of File - - 98282F21F89B14519B668530EC9F7EC6
A36C5E4F47E84449FF07ED3517B43A31

kevinf80 · May 30, 2015

Delete FRST from the Desktop, Download Farbar Recovery Scan Tool and save it to your, flash drive and transfer to sick PC desktop.

Right click on FRST.exe and rename to omega.com accept any alerts

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the two logs....

Thanks,

Kevin

parvs · May 31, 2015

addition.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-05-2015
Ran by Owner at 2015-05-30 22:12:34
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-4162585890-2542146898-40610652-500 - Administrator - Disabled)
Guest (S-1-5-21-4162585890-2542146898-40610652-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4162585890-2542146898-40610652-1002 - Limited - Enabled)
Owner (S-1-5-21-4162585890-2542146898-40610652-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
Avira SearchFree Toolbar (HKLM\...\{41564952-412D-5637-00A7-A758B70C1B00}) (Version: 12.27.0.988 - APN, LLC)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.7.0.64 - DivX, LLC)
Epson Easy Photo Print 2 (HKLM\...\{02A312B5-1542-47B6-BFE9-F51358C39E86}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
EPSON L350 Series Printer Uninstall (HKLM\...\EPSON L350 Series) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Epson User's Guide L350 Series (HKLM\...\L350 Series Useg) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
Java 6 Update 20 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 37.0.2 - Mozilla)
OpenOffice.org 3.2 (HKLM\...\{5A13987D-55F4-4271-A40E-76AC9B1B38FD}) (Version: 3.2.9502 - OpenOffice.org)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
USB Disk Security (HKLM\...\USB Disk Security_is1) (Version: - Zbshareware Lab)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

30-05-2015 14:31:51 ComboFix created restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:04 - 2009-06-11 05:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09140045-9608-48E3-B387-7A4BF1BECAB3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-19] (Adobe Systems Incorporated)
Task: {2210612D-4BEE-4B89-AE11-99BBC453AEB3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-04-27] (Google Inc.)
Task: {356DD55F-076E-49D9-B75F-36B0C1CCEE06} - System32\Tasks\{0B01A123-BF7D-45C3-A8D3-059ADE9BD935} => pcalua.exe -a C:\Users\Owner\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=exp <==== ATTENTION
Task: {6CE36A6F-C64C-43B5-BCBE-8BF02D7A7C2F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A09427A7-5A9A-4559-8227-A87E9AB1D071} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-04-27] (Google Inc.)
Task: {DCB4DFC6-4924-4FB8-97E8-9FDA9C4E9145} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2010-01-30 17:41 - 2010-01-30 17:41 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-25 12:17 - 2010-03-25 12:17 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-10 13:26 - 2014-01-10 13:26 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2014-01-10 13:28 - 2014-01-10 13:28 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4162585890-2542146898-40610652-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1 - 8.8.8.8

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{0A0DB84F-E4CB-40A5-BA5B-BB9D6CC7DD23}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [uDP Query User{FE4F2DD4-1BF0-4180-ACA3-DACB93371935}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{3D9704F0-AEAD-4E78-BC10-1F7FC50EFD98}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [uDP Query User{5B9ADBE8-C4EB-461E-BFB5-BB5638DDEFA6}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [TCP Query User{67A12F65-BC6A-40AB-9D1F-CF4E92F38922}C:\users\owner\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\owner\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [uDP Query User{026868AD-9B07-4EAE-8756-4D551C339902}C:\users\owner\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\owner\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{C8D4D9A9-8ED3-4D4D-826C-540A751B2435}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [uDP Query User{5328A67E-7189-4D18-9006-7DFFF927241C}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{295BE885-69BE-4D3F-85A1-357D513EED4D}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [uDP Query User{43A7F982-9E8C-49FD-9440-AC7FF8721199}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [{6573301D-1FA0-4472-9BE1-B7898C813B34}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5E45E277-1FC9-4F17-B57A-6D3B4D9ABB28}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EE4F207A-6A62-452C-880D-3AD095E8A47E}] => (Allow) C:\Users\Owner\AppData\Local\Temp\nsg88E0.tmp\CnetInstaller-10794489.exe
FirewallRules: [{DA56B306-C2C8-4B79-BD0B-9503F30D0E51}] => (Allow) C:\Users\Owner\AppData\Local\Temp\nsg88E0.tmp\CnetInstaller-10794489.exe
FirewallRules: [{5F671019-741D-43F5-80A9-F47532195BC9}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{FFB0DA8A-3DE3-4D3E-90B6-25DF1DCCFE99}] => (Allow) C:\Users\Owner\AppData\Local\Temp\nsd9EA1.tmp\CnetInstaller-10794489.exe
FirewallRules: [{A85D7351-698D-4788-B73B-AA7594FF6FB4}] => (Allow) C:\Users\Owner\AppData\Local\Temp\nsd9EA1.tmp\CnetInstaller-10794489.exe
FirewallRules: [{8F40A934-279D-4687-93D2-1857DCC9BC1A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{53650ADF-41A0-4A43-A851-29FF175AB65F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{62CA4D3D-9308-4460-93F6-D37B80162599}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: USB2.0
Description: USB2.0
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (05/26/2015 05:59:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15662

Error: (05/26/2015 05:59:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15662

Error: (05/26/2015 05:59:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/26/2015 05:17:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 62463

Error: (05/26/2015 05:17:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 62463

Error: (05/26/2015 05:17:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/26/2015 05:17:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 46863

Error: (05/26/2015 05:17:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 46863

Error: (05/26/2015 05:17:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/26/2015 05:16:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31231

System errors:
=============
Error: (05/30/2015 07:26:52 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:28:08 PM on ‎5/‎30/‎2015 was unexpected.

Error: (05/30/2015 02:45:02 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:43:40 PM on ‎5/‎30/‎2015 was unexpected.

Error: (05/30/2015 02:39:26 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (05/30/2015 02:34:05 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (05/30/2015 02:30:41 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (05/30/2015 01:35:27 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (05/30/2015 01:35:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AntiVirSchedulerService service.

Error: (05/26/2015 05:59:20 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AntiVirSchedulerService service.

Error: (05/26/2015 05:59:34 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (05/26/2015 05:22:51 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.

Microsoft Office:
=========================
Error: (05/26/2015 05:59:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15662

Error: (05/26/2015 05:59:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15662

Error: (05/26/2015 05:59:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/26/2015 05:17:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 62463

Error: (05/26/2015 05:17:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 62463

Error: (05/26/2015 05:17:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/26/2015 05:17:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 46863

Error: (05/26/2015 05:17:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 46863

Error: (05/26/2015 05:17:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/26/2015 05:16:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31231

==================== Memory info ===========================

Processor: Intel® Core2 CPU T5500 @ 1.66GHz
Percentage of memory in use: 54%
Total physical RAM: 1015.27 MB
Available physical RAM: 459.67 MB
Total Pagefile: 2039.27 MB
Available Pagefile: 1069.43 MB
Total Virtual: 2047.88 MB
Available Virtual: 1880.26 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:39.06 GB) (Free:20.91 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:35.47 GB) (Free:22.23 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: EF18EF18)
Partition 1: (Active) - (Size=39.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=35.5 GB) - (Type=OF Extended)

==================== End of log ============================

parvs · May 31, 2015

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-05-2015
Ran by Owner (administrator) on OWNER-PC on 30-05-2015 22:11:23
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Microsoft Windows 7 Ultimate (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Zbshareware Lab) C:\Program Files\USB Disk Security\USBGuard.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_TATII0E.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Farbar) C:\Users\Owner\Desktop\omega.com.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-23] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-14] (Microsoft Corporation)
HKLM\...\Run: [uSB Security] => C:\Program Files\USB Disk Security\USBGuard.exe [623520 2011-09-21] (Zbshareware Lab)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [248040 2010-02-19] (Sun Microsystems, Inc.)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-4162585890-2542146898-40610652-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATII0E.EXE [249440 2012-02-27] (SEIKO EPSON CORPORATION)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk [2014-10-07]
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4162585890-2542146898-40610652-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4162585890-2542146898-40610652-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4162585890-2542146898-40610652-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-4162585890-2542146898-40610652-1000 -> DefaultScope {49A98BDC-3E0B-411B-8431-60E6D5D05A76} URL = http://avira.search.ask.com/web?tpid=AVIRA-V7&o=APN11082&pf=&p2=^B10^YYYYYY^YY^PH&gct=sb&itbv=12.17.1.2795&apn_uid=6E236451-583B-4E43-802F-C99D48ED1C38&apn_ptnrs=^B10&apn_dtid=^YYYYYY^YY^PH&apn_dbr=ie_8.0.7600.16385&doi=2014-10-05&trgb=ALL&q={searchTerms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-4162585890-2542146898-40610652-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-4162585890-2542146898-40610652-1000 -> {49A98BDC-3E0B-411B-8431-60E6D5D05A76} URL = http://avira.search.ask.com/web?tpid=AVIRA-V7&o=APN11082&pf=&p2=^B10^YYYYYY^YY^PH&gct=sb&itbv=12.17.1.2795&apn_uid=6E236451-583B-4E43-802F-C99D48ED1C38&apn_ptnrs=^B10&apn_dtid=^YYYYYY^YY^PH&apn_dbr=ie_8.0.7600.16385&doi=2014-10-05&trgb=ALL&q={searchTerms}&psv=&pt=tb
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-26] (Microsoft Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-02-01] (Sun Microsystems, Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 8.8.8.8 8.8.8.4

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\bferiou0.default-1420774421411
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-19] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1215155.dll [2014-12-02] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-02] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-05-02] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\webssearches.xml [2014-12-26]
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uab4ujgw.default\extensions\faststartff@gmail.com
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-04-03]

Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh [2015-04-27]
CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-27]
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-27]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-27]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-27]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-27]
CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-27]
CHR Extension: (Avira Browser Safety) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-04-27]
CHR Extension: (Bookmark Manager) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-29]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-27]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-27]
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2015-04-08]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-04-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-23] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-11] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-11] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-10-06] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37896 2015-03-11] (Avira Operations GmbH & Co. KG)
S3 PROCEXP113; C:\Windows\system32\Drivers\PROCEXP113.SYS [12568 2015-05-30] (Sysinternals - www.sysinternals.com) [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-28] (Avira GmbH)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 catchme; \??\C:\sega\catchme.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-31 12:48 - 2015-05-31 12:47 - 01147392 _____ (Farbar) C:\Users\Owner\Desktop\omega.com.exe
2015-05-30 22:11 - 2015-05-30 22:12 - 00014070 _____ () C:\Users\Owner\Desktop\FRST.txt
2015-05-30 22:11 - 2015-05-30 22:11 - 00000000 ____D () C:\FRST
2015-05-30 14:51 - 2015-05-30 14:51 - 00012568 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP113.SYS
2015-05-30 14:51 - 2015-05-30 14:51 - 00007368 _____ () C:\ComboFix.txt
2015-05-30 14:31 - 2015-05-30 14:52 - 00000000 ____D () C:\Qoobox
2015-05-30 14:31 - 2011-06-26 14:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-30 14:31 - 2010-11-08 01:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-30 14:31 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-30 14:31 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-30 14:31 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-30 14:31 - 2000-08-31 08:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-30 14:31 - 2000-08-31 08:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-30 14:31 - 2000-08-31 08:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-30 14:30 - 2015-05-30 14:49 - 00000000 ____D () C:\Windows\erdnt
2015-05-30 14:21 - 2015-05-30 14:20 - 05628678 ____R (Swearware) C:\Users\Owner\Desktop\sega.com
2015-05-20 02:15 - 2015-05-20 04:32 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-05-20 02:15 - 2015-05-20 02:45 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-05-20 02:14 - 2015-05-20 02:14 - 16980568 _____ () C:\Users\Owner\Desktop\winlogon.com.exe
2015-05-19 22:22 - 2015-05-19 22:22 - 01124544 _____ (Adobe Systems Incorporated) C:\Users\Owner\Desktop\flashplayer17au_ha_install.exe
2015-05-18 17:59 - 2015-05-18 17:59 - 00002929 _____ () C:\Users\Owner\Desktop\help.txt
2015-05-18 16:47 - 2015-05-18 16:47 - 00000000 ____D () C:\Users\Owner\Desktop\fixme
2015-05-18 16:46 - 2015-05-18 16:46 - 00000217 _____ () C:\Users\Owner\Desktop\fixme.zip
2015-05-18 15:41 - 2015-05-18 16:18 - 01363435 _____ () C:\Users\Owner\Desktop\rkill.exe
2015-05-13 19:25 - 2015-05-13 19:25 - 00000000 ____D () C:\Users\Owner\Desktop\Attachments_2015513
2015-05-13 19:23 - 2015-05-13 19:23 - 00183986 _____ () C:\Users\Owner\Desktop\Attachments_2015513.zip
2015-05-12 16:36 - 2015-05-12 16:36 - 01124544 _____ (Adobe Systems Incorporated) C:\Users\Owner\Desktop\flashplayer17_ha_install.exe
2015-05-11 17:19 - 2015-05-11 17:19 - 00000000 ____D () C:\ProgramData\McAfee

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-30 21:53 - 2015-04-27 17:07 - 00002135 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-30 21:53 - 2015-04-27 16:47 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-30 21:14 - 2015-02-09 13:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-30 19:33 - 2008-02-01 16:12 - 02051799 _____ () C:\Windows\WindowsUpdate.log
2015-05-30 19:32 - 2009-07-14 12:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-30 19:32 - 2009-07-14 12:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-30 19:27 - 2015-04-27 16:47 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-30 19:26 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-30 19:26 - 2009-07-14 12:39 - 00065937 _____ () C:\Windows\setupact.log
2015-05-30 14:51 - 2009-07-14 10:37 - 00000000 __RHD () C:\Users\Default
2015-05-30 14:51 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Public
2015-05-30 14:46 - 2009-07-14 10:04 - 00000215 _____ () C:\Windows\system.ini
2015-05-30 14:44 - 2014-10-06 07:18 - 00330554 _____ () C:\Windows\PFRO.log
2015-05-22 01:03 - 2014-10-06 06:45 - 00778150 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-19 22:24 - 2014-10-15 13:54 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-05-19 22:24 - 2014-10-15 13:54 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-05-19 22:24 - 2014-10-14 17:07 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2015-05-18 18:04 - 2014-10-06 06:49 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-18 13:43 - 2014-12-26 14:11 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-05-18 13:42 - 2014-10-06 14:31 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\uTorrent
2015-05-12 16:26 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\NDF

Some files in TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\avgnt.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-25 16:15

==================== End of log ============================

kevinf80 · May 31, 2015

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Please visit ESET Online Scanner website.

Click there Run ESET Online Scanner.

If using Internet Explorer:

Accept the Terms of Use and click Start.
Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:

Download esetsmartinstaller_enu.exe that you'll be given link to.
Double click esetsmartinstaller_enu.exe.
Allow the Terms of Use and click Start.

To perform the scan:

Make sure that Remove found threats is unchecked.
Scan archives is checked.
In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
Under “Enable Stealth Technology select “Change” select any extra drives in that window.
Click Start
The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
When completed, the program will begin to scan. This may take several hours. Please, be patient.
Do not do anything on your machine as it may interrupt the scan.
When the scan is done, click Finish.
A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.

Please include this logfile in your next reply.

Don't forget to re-enable protection software!

Let me see those logs, also give an update on any remaining issues or concerns....

Thanks,

Kevin

parvs · June 1, 2015

sorry where do I get the fixlist.txt?

kevinf80 · June 1, 2015

Apologies, is now attached...

Fixlist.txt

parvs · June 1, 2015

Fix result of Farbar Recovery Scan Tool (x86) Version: 29-05-2015
Ran by Owner at 2015-06-01 17:28:56 Run:1
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4162585890-2542146898-40610652-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.goo...ice/update2/crx
2015-05-18 13:42 - 2014-10-06 14:31 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\uTorrent
Task: {356DD55F-076E-49D9-B75F-36B0C1CCEE06} - System32\Tasks\{0B01A123-BF7D-45C3-A8D3-059ADE9BD935} => pcalua.exe -a C:\Users\Owner\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=exp <==== ATTENTION
C:\Users\Owner\AppData\Roaming\webssearches
Emptytemp:
End
*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully.
"HKU\S-1-5-21-4162585890-2542146898-40610652-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => key Removed successfully.
C:\Users\Owner\AppData\Roaming\uTorrent => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{356DD55F-076E-49D9-B75F-36B0C1CCEE06}" => key Removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{356DD55F-076E-49D9-B75F-36B0C1CCEE06}" => key Removed successfully.
C:\Windows\System32\Tasks\{0B01A123-BF7D-45C3-A8D3-059ADE9BD935} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0B01A123-BF7D-45C3-A8D3-059ADE9BD935}" => key Removed successfully.
"C:\Users\Owner\AppData\Roaming\webssearches" => File/Folder not found.
EmptyTemp: => Removed 165.6 MB temporary data.

The system needed a reboot.

==== End of Fixlog 17:29:49 ====

parvs · June 1, 2015

I can't run the eset online scanner on either of the 3 browsers. on IE the page doesn't load. on Firefox it loads partially but the "Run ESET Online Scanner" link doesn't work. in Chrome when I click the link it becomes an unresponsive page. =(

kevinf80 · June 1, 2015

Try Norton Power Erazer.....

Download Norton Power Eraser from here: https://security.symantec.com/nbrt/npe.aspx? and save direct to your Desktop.
Double click on NPE.exe to start the tool. Vista, Windows 7/8/8.1 right click, select "Run as Administrator" accept UAC.
The EULA will open, accept that to move on...
The tool will check for updates/latest version
The GUI will open, select "Scan for Risks"
Rootkit scan alert will open, select "Restart"
Rootkit scan preparations will time out and Reboot the system.
Tool will will restart and check for update, do nothing.
System scan will start, do nothing.
If infections are found a list will be produced, make sure to checkmark "Create System Restore Point" then select "Fix Now" if nothing is found select "Exit" to close out the tool.
To remove "found entries" the system will need to restart, select that option.
If applicable select "Locate Log" attach to reply. Select "Done" when complete....

The log is saved to this folder: C:\User\user name\Appdata\Local\NPE\INFOyyyymmddhhmmss

The date and time listed against INFO identify the log. Right click on that log, Select Send to > Compressed (Zipped) Folder. Attach that folder to your next reply, it maybe easier to locate if you drag the zip folder to your Desktop….

parvs · June 2, 2015

thanks =)

Info20150601200436.zip

parvs · June 2, 2015

i just noticed this when i was running NPE (see attached pic) is that normal? I don't remember seeing it like that before.

kevinf80 · June 2, 2015

The context menu item you show should not be there, get Menu Maid from here: http://www.thewindowsclub.com/remove-click-context-menu-items-editors

That tool is an easy way to remove that entry...

Next,

Download RKill from here: http://www.bleepingcomputer.com/download/rkill/

There are three buttons to choose from with different names on, select the first one and save it to your desktop.

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7/8, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
If the tool does not run from any of the links provided, please let me know.

Next,

Please open Malwarebytes Anti-Malware.

On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
A Threat Scan will begin.
With some infections, you may or may not see this message box.

'Could not load DDA driver'

Click 'Yes' to this message, to allow the driver to load after a restart.
Allow the computer to restart. Continue with the rest of these instructions.
When the scan is complete, click Apply Actions.
Wait for the prompt to restart the computer to appear, then click on Yes.
After the restart once you are back at your desktop, open MBAM once more.

To get the log from Malwarebytes do the following:

Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click Export > From export you have three options:

Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

Recommend you use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.

Double-click mbam-setup and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish. Follow the instructions above....

Let me see those logs....

Thanks,

Kevin...

parvs · June 2, 2015

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/2/2015
Scan Time: 4:58:33 PM
Logfile:
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.03.09.05
Rootkit Database: v2015.02.25.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7
CPU: x86
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 329931
Time Elapsed: 29 min, 20 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 6
PUP.Optional.WPM.A, HKLM\SOFTWARE\supWindowsMangerProtect, Quarantined, [e5944df68406989ed4014cde0bfaa060],
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\webssearchesSoftware, Quarantined, [cdacdf643c4ead89f70711d7e61dc63a],
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, Quarantined, [7affaa99513980b6cf08645707fc6898],
PUP.Optional.WebSearches.A, HKU\S-1-5-21-4162585890-2542146898-40610652-1000\SOFTWARE\SupHpUISoft, Quarantined, [0e6bd37098f2d85e1a2f1cacdd26db25],
PUP.Optional.Qone8, HKU\S-1-5-21-4162585890-2542146898-40610652-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [aecb380b01893600a9f58492a06502fe],
PUP.Optional.FastStart.A, HKU\S-1-5-21-4162585890-2542146898-40610652-1000\SOFTWARE\MOZILLA\EXTENDS, Quarantined, [bfbad46f404a4aece5d05f64768d29d7],

Registry Values: 2
PUP.Optional.FastStart.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uab4ujgw.default\extensions\faststartff@gmail.com, Quarantined, [c4b592b1c0ca81b58e68949535d08779]
PUP.Optional.FastStart.A, HKU\S-1-5-21-4162585890-2542146898-40610652-1000\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, Quarantined, [bfbad46f404a4aece5d05f64768d29d7]

Registry Data: 1
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[ec8dab982b5f0630c4d6b928bc4901ff]

Folders: 2
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, Quarantined, [0772b192058562d48e11ed93d62d9e62],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, Quarantined, [0772b192058562d48e11ed93d62d9e62],

Files: 2
PUP.Optional.WebsSearches.A, C:\Program Files\Mozilla Firefox\browser\searchplugins\webssearches.xml, Quarantined, [a9d046fd49412d099f613dacfa098e72],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, Quarantined, [0772b192058562d48e11ed93d62d9e62],

Physical Sectors: 0
(No malicious items detected)

(end)

---------------------------------------

Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 06/02/2015 04:50:30 PM in x86 mode.
Windows Version: Windows 7 Ultimate

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: http://www.bleepingcomputer.com/download/hosts-permbat/

Program finished at: 06/02/2015 04:51:49 PM
Execution time: 0 hours(s), 1 minute(s), and 19 seconds(s)

kevinf80 · June 2, 2015

Use the link provided in RKill to repair the Hosts file, also give an update on any remaining issues or concers....

When the hosts file is repaired re-boot your system, then run FRST again as follows..

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the two logs....

Post both logs from FRST, also let me know if any remaining issues or concerns...

Thanks,

Kevin

parvs · June 8, 2015

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-06-2015
Ran by Owner (administrator) on OWNER-PC on 07-06-2015 10:30:00
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Microsoft Windows 7 Ultimate (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Zbshareware Lab) C:\Program Files\USB Disk Security\USBGuard.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_TATII0E.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-23] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-14] (Microsoft Corporation)
HKLM\...\Run: [uSB Security] => C:\Program Files\USB Disk Security\USBGuard.exe [623520 2011-09-21] (Zbshareware Lab)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [248040 2010-02-19] (Sun Microsystems, Inc.)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-4162585890-2542146898-40610652-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATII0E.EXE [249440 2012-02-27] (SEIKO EPSON CORPORATION)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk [2014-10-07]
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4162585890-2542146898-40610652-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4162585890-2542146898-40610652-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-4162585890-2542146898-40610652-1000 -> DefaultScope {49A98BDC-3E0B-411B-8431-60E6D5D05A76} URL = http://avira.search.ask.com/web?tpid=AVIRA-V7&o=APN11082&pf=&p2=^B10^YYYYYY^YY^PH&gct=sb&itbv=12.17.1.2795&apn_uid=6E236451-583B-4E43-802F-C99D48ED1C38&apn_ptnrs=^B10&apn_dtid=^YYYYYY^YY^PH&apn_dbr=ie_8.0.7600.16385&doi=2014-10-05&trgb=ALL&q={searchTerms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-4162585890-2542146898-40610652-1000 -> {49A98BDC-3E0B-411B-8431-60E6D5D05A76} URL = http://avira.search.ask.com/web?tpid=AVIRA-V7&o=APN11082&pf=&p2=^B10^YYYYYY^YY^PH&gct=sb&itbv=12.17.1.2795&apn_uid=6E236451-583B-4E43-802F-C99D48ED1C38&apn_ptnrs=^B10&apn_dtid=^YYYYYY^YY^PH&apn_dbr=ie_8.0.7600.16385&doi=2014-10-05&trgb=ALL&q={searchTerms}&psv=&pt=tb
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-26] (Microsoft Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-02-01] (Sun Microsystems, Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 8.8.8.8 8.8.8.4

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\bferiou0.default-1420774421411
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-19] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1215155.dll [2014-12-02] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-02] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-05-02] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-04-03]

Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh [2015-04-27]
CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-27]
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-27]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-27]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-27]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-27]
CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-27]
CHR Extension: (Bookmark Manager) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-29]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-27]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-27]
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2015-04-08]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-04-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-23] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-11] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-11] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-10-06] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37896 2015-03-11] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
S3 PROCEXP113; C:\Windows\system32\Drivers\PROCEXP113.SYS [12568 2015-05-30] (Sysinternals - www.sysinternals.com) [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-28] (Avira GmbH)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 catchme; \??\C:\sega\catchme.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-07 10:27 - 2015-06-08 13:28 - 01147904 _____ (Farbar) C:\Users\Owner\Desktop\FRST.exe
2015-06-07 10:08 - 2015-06-08 11:58 - 00000194 _____ C:\Users\Owner\Desktop\hosts-perm.bat
2015-06-02 16:56 - 2015-06-07 10:22 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-02 16:55 - 2015-06-02 16:55 - 00001066 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-02 16:55 - 2015-06-02 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-02 16:55 - 2015-06-02 16:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-02 16:55 - 2015-06-02 16:55 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-06-02 16:55 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-02 16:55 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-02 16:55 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-02 16:50 - 2015-06-02 16:51 - 00002608 _____ C:\Users\Owner\Desktop\Rkill.txt
2015-06-02 16:49 - 2015-06-02 16:13 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Owner\Desktop\mbam-setup-2.1.6.1022.exe
2015-06-02 16:49 - 2015-06-02 15:53 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Owner\Desktop\rkill.exe
2015-06-01 20:16 - 2015-06-01 20:16 - 00127515 _____ C:\Users\Owner\Desktop\Info20150601200436.zip
2015-06-01 20:07 - 2015-06-01 20:14 - 01040744 _____ C:\Users\Owner\Desktop\Info20150601200436.xml
2015-06-01 19:42 - 2015-06-01 20:03 - 00000000 ____D C:\NPE
2015-06-01 19:34 - 2015-06-01 20:15 - 00000000 ____D C:\Users\Owner\AppData\Local\NPE
2015-06-01 19:34 - 2015-06-01 19:34 - 00000000 ____D C:\ProgramData\Norton
2015-06-01 19:33 - 2015-06-01 19:33 - 03060320 ____N (Symantec Corporation) C:\Users\Owner\Desktop\NPE.exe
2015-05-30 22:12 - 2015-05-30 22:13 - 00019749 _____ C:\Users\Owner\Desktop\Addition.txt
2015-05-30 22:11 - 2015-06-07 10:30 - 00013798 _____ C:\Users\Owner\Desktop\FRST.txt
2015-05-30 22:11 - 2015-06-07 10:30 - 00000000 ____D C:\FRST
2015-05-30 14:51 - 2015-05-30 14:51 - 00012568 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP113.SYS
2015-05-30 14:51 - 2015-05-30 14:51 - 00007368 _____ C:\ComboFix.txt
2015-05-30 14:31 - 2015-05-30 14:52 - 00000000 ____D C:\Qoobox
2015-05-30 14:31 - 2011-06-26 14:45 - 00256000 _____ C:\Windows\PEV.exe
2015-05-30 14:31 - 2010-11-08 01:20 - 00208896 _____ C:\Windows\MBR.exe
2015-05-30 14:31 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-30 14:31 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-30 14:31 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-30 14:31 - 2000-08-31 08:00 - 00098816 _____ C:\Windows\sed.exe
2015-05-30 14:31 - 2000-08-31 08:00 - 00080412 _____ C:\Windows\grep.exe
2015-05-30 14:31 - 2000-08-31 08:00 - 00068096 _____ C:\Windows\zip.exe
2015-05-30 14:30 - 2015-05-30 14:49 - 00000000 ____D C:\Windows\erdnt
2015-05-30 14:21 - 2015-05-30 14:20 - 05628678 ____R (Swearware) C:\Users\Owner\Desktop\sega.com
2015-05-20 02:15 - 2015-05-20 04:32 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-05-20 02:15 - 2015-05-20 02:45 - 00000000 ____D C:\ProgramData\RogueKiller
2015-05-20 02:14 - 2015-05-20 02:14 - 16980568 _____ C:\Users\Owner\Desktop\winlogon.com.exe
2015-05-19 22:22 - 2015-05-19 22:22 - 01124544 _____ (Adobe Systems Incorporated) C:\Users\Owner\Desktop\flashplayer17au_ha_install.exe
2015-05-18 17:59 - 2015-05-18 17:59 - 00002929 _____ C:\Users\Owner\Desktop\help.txt
2015-05-18 16:47 - 2015-05-18 16:47 - 00000000 ____D C:\Users\Owner\Desktop\fixme
2015-05-18 16:46 - 2015-05-18 16:46 - 00000217 _____ C:\Users\Owner\Desktop\fixme.zip
2015-05-13 19:25 - 2015-05-13 19:25 - 00000000 ____D C:\Users\Owner\Desktop\Attachments_2015513
2015-05-13 19:23 - 2015-05-13 19:23 - 00183986 _____ C:\Users\Owner\Desktop\Attachments_2015513.zip
2015-05-12 16:36 - 2015-05-12 16:36 - 01124544 _____ (Adobe Systems Incorporated) C:\Users\Owner\Desktop\flashplayer17_ha_install.exe
2015-05-11 17:19 - 2015-05-11 17:19 - 00000000 ____D C:\ProgramData\McAfee

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-07 10:25 - 2009-07-14 12:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-07 10:25 - 2009-07-14 12:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-07 10:24 - 2008-02-01 16:12 - 02094517 _____ C:\Windows\WindowsUpdate.log
2015-06-07 10:16 - 2015-04-27 16:47 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-07 10:16 - 2009-07-14 12:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-07 10:16 - 2009-07-14 12:39 - 00067529 _____ C:\Windows\setupact.log
2015-06-07 10:14 - 2015-02-09 13:26 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-07 09:53 - 2015-04-27 16:47 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-07 09:00 - 2014-10-06 06:45 - 00778150 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-06 14:24 - 2014-10-06 07:18 - 00332202 _____ C:\Windows\PFRO.log
2015-05-30 21:53 - 2015-04-27 17:07 - 00002135 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-30 14:51 - 2009-07-14 10:37 - 00000000 __RHD C:\Users\Default
2015-05-30 14:51 - 2009-07-14 10:37 - 00000000 ___RD C:\Users\Public
2015-05-30 14:46 - 2009-07-14 10:04 - 00000215 _____ C:\Windows\system.ini
2015-05-19 22:24 - 2014-10-15 13:54 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-05-19 22:24 - 2014-10-15 13:54 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-05-19 22:24 - 2014-10-14 17:07 - 00000000 ____D C:\Users\Owner\AppData\Local\Adobe
2015-05-18 18:04 - 2014-10-06 06:49 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-18 13:43 - 2014-12-26 14:11 - 00000000 ____D C:\Windows\system32\appmgmt
2015-05-12 16:26 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\system32\NDF

Some files in TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\avgnt.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-06-06 15:17

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-06-2015
Ran by Owner at 2015-06-07 10:31:18
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-4162585890-2542146898-40610652-500 - Administrator - Disabled)
Guest (S-1-5-21-4162585890-2542146898-40610652-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4162585890-2542146898-40610652-1002 - Limited - Enabled)
Owner (S-1-5-21-4162585890-2542146898-40610652-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
Avira SearchFree Toolbar (HKLM\...\{41564952-412D-5637-00A7-A758B70C1B00}) (Version: 12.27.0.988 - APN, LLC)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.7.0.64 - DivX, LLC)
Epson Easy Photo Print 2 (HKLM\...\{02A312B5-1542-47B6-BFE9-F51358C39E86}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
EPSON L350 Series Printer Uninstall (HKLM\...\EPSON L350 Series) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Epson User's Guide L350 Series (HKLM\...\L350 Series Useg) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
Java 6 Update 20 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 37.0.2 - Mozilla)
OpenOffice.org 3.2 (HKLM\...\{5A13987D-55F4-4271-A40E-76AC9B1B38FD}) (Version: 3.2.9502 - OpenOffice.org)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
USB Disk Security (HKLM\...\USB Disk Security_is1) (Version: - Zbshareware Lab)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

30-05-2015 14:31:51 ComboFix created restore point
01-06-2015 20:09:06 Norton_Power_Eraser_20150601200904007

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:04 - 2009-06-11 05:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09140045-9608-48E3-B387-7A4BF1BECAB3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-19] (Adobe Systems Incorporated)
Task: {2210612D-4BEE-4B89-AE11-99BBC453AEB3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-04-27] (Google Inc.)
Task: {6CE36A6F-C64C-43B5-BCBE-8BF02D7A7C2F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A09427A7-5A9A-4559-8227-A87E9AB1D071} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-04-27] (Google Inc.)
Task: {DCB4DFC6-4924-4FB8-97E8-9FDA9C4E9145} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2010-01-30 17:41 - 2010-01-30 17:41 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-25 12:17 - 2010-03-25 12:17 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-10 13:26 - 2014-01-10 13:26 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2014-01-10 13:28 - 2014-01-10 13:28 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4162585890-2542146898-40610652-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1 - 8.8.8.8

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{0A0DB84F-E4CB-40A5-BA5B-BB9D6CC7DD23}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [uDP Query User{FE4F2DD4-1BF0-4180-ACA3-DACB93371935}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{3D9704F0-AEAD-4E78-BC10-1F7FC50EFD98}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [uDP Query User{5B9ADBE8-C4EB-461E-BFB5-BB5638DDEFA6}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [TCP Query User{67A12F65-BC6A-40AB-9D1F-CF4E92F38922}C:\users\owner\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\owner\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [uDP Query User{026868AD-9B07-4EAE-8756-4D551C339902}C:\users\owner\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\owner\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{C8D4D9A9-8ED3-4D4D-826C-540A751B2435}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [uDP Query User{5328A67E-7189-4D18-9006-7DFFF927241C}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{295BE885-69BE-4D3F-85A1-357D513EED4D}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [uDP Query User{43A7F982-9E8C-49FD-9440-AC7FF8721199}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [{6573301D-1FA0-4472-9BE1-B7898C813B34}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5E45E277-1FC9-4F17-B57A-6D3B4D9ABB28}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EE4F207A-6A62-452C-880D-3AD095E8A47E}] => (Allow) C:\Users\Owner\AppData\Local\Temp\nsg88E0.tmp\CnetInstaller-10794489.exe
FirewallRules: [{DA56B306-C2C8-4B79-BD0B-9503F30D0E51}] => (Allow) C:\Users\Owner\AppData\Local\Temp\nsg88E0.tmp\CnetInstaller-10794489.exe
FirewallRules: [{5F671019-741D-43F5-80A9-F47532195BC9}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{FFB0DA8A-3DE3-4D3E-90B6-25DF1DCCFE99}] => (Allow) C:\Users\Owner\AppData\Local\Temp\nsd9EA1.tmp\CnetInstaller-10794489.exe
FirewallRules: [{A85D7351-698D-4788-B73B-AA7594FF6FB4}] => (Allow) C:\Users\Owner\AppData\Local\Temp\nsd9EA1.tmp\CnetInstaller-10794489.exe
FirewallRules: [{8F40A934-279D-4687-93D2-1857DCC9BC1A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{53650ADF-41A0-4A43-A851-29FF175AB65F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{62CA4D3D-9308-4460-93F6-D37B80162599}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: USB2.0
Description: USB2.0
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/06/2015 02:31:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>with error: The data is invalid.
.

Error: (06/06/2015 02:31:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>with error: The data is invalid.
.

Error: (06/06/2015 02:31:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>with error: The data is invalid.
.

Error: (06/06/2015 02:25:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31496

Error: (06/06/2015 02:25:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 31496

Error: (06/06/2015 02:25:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/06/2015 02:25:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15584

Error: (06/06/2015 02:25:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15584

Error: (06/06/2015 02:25:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/01/2015 11:04:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 562805

System errors:
=============
Error: (06/07/2015 10:22:31 AM) (Source: Microsoft-Windows-Time-Service) (EventID: 34) (User: NT AUTHORITY)
Description: The time service has detected that the system time needs to be changed by 97333 seconds. The time service will not change the system time by more than 54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->23.101.187.68:123) is working properly.

Error: (06/07/2015 10:20:56 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (06/07/2015 10:16:42 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Service Host service to connect.

Error: (06/07/2015 07:21:43 AM) (Source: Microsoft-Windows-Time-Service) (EventID: 34) (User: NT AUTHORITY)
Description: The time service has detected that the system time needs to be changed by 97332 seconds. The time service will not change the system time by more than 54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->104.41.150.68:123) is working properly.

Error: (06/07/2015 07:20:23 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (06/07/2015 07:17:55 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Service Host service to connect.

Error: (06/07/2015 07:17:00 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:34:21 PM on ‎6/‎6/‎2015 was unexpected.

Error: (06/06/2015 02:30:35 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (06/01/2015 11:04:41 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (06/01/2015 11:04:44 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Microsoft Office:
=========================
Error: (06/06/2015 02:31:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThedata is invalid.

Error: (06/06/2015 02:31:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThedata is invalid.

Error: (06/06/2015 02:31:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThedata is invalid.

Error: (06/06/2015 02:25:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31496

Error: (06/06/2015 02:25:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 31496

Error: (06/06/2015 02:25:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/06/2015 02:25:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15584

Error: (06/06/2015 02:25:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15584

Error: (06/06/2015 02:25:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/01/2015 11:04:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 562805

==================== Memory info ===========================

Processor: Intel® Core2 CPU T5500 @ 1.66GHz
Percentage of memory in use: 67%
Total physical RAM: 1015.27 MB
Available physical RAM: 334.4 MB
Total Pagefile: 2039.27 MB
Available Pagefile: 906.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1895.67 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:39.06 GB) (Free:19.46 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:35.47 GB) (Free:22.23 GB) NTFS
Drive f: (Transcend) (Removable) (Total:3.75 GB) (Free:3.72 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: EF18EF18)
Partition 1: (Active) - (Size=39.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=35.5 GB) - (Type=OF Extended)

========================================================
Disk: 2 (Size: 3.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End of log ============================

my webpages still aren't loading properly, could that be a browser problem?

kevinf80 · June 8, 2015

Run the following, let me know if any improvement...

Scan with ZOEK

Please download ZOEK by Smeenk from here: http://hijackthis.nl/smeenk/ and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Right-click on icon and select Run as Administrator to start the tool.
Wait patiently until the main console will appear, it may take a minute or two.
In the main box please paste in the following script:

services_list;standardsearch;autoclean;emptyclsid;emptyfolderscheck;deleteiedefaults;firefoxlook;chromelook;FFdefaults;CHRdefaults;

Make sure that Scan All Users option is checked.
Push Run Script and wait patiently. The scan may take a couple of minutes.
When the scan completes, a zoek-results logfile should open in notepad.
If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Please include its content in your next reply. Don't forget to re-enable security software!

Thank you,

Kevin...

parvs · June 8, 2015

um not a valid win32 application.

and my antivirus just took on the icon of frst

kevinf80 · June 8, 2015

It is essential to make sure your security is turned OFF before running Zoek, if security is active it will interfere with Zoek. If you still cannot get zouk to run try the following:

1.Download Malwarebytes Anti-Rootkit from this link:

http://www.malwarebytes.org/products/mbar/

2. Unzip the File to a convenient location. (Recommend the Desktop)

3. Open the folder where the contents were unzipped to run mbar.exe

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

6. The following image opens, select Next.

7. The following image opens, select Update

8. When the update completes select Next.

9. In the following window ensure "Targets" are ticked. Then select "Scan"

10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.

11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.

12. If no threats were found you will see the following image, Select Exit:

13. Verify that your system is now running normally, making sure that the following items are functional:

Internet access
Windows Update
Windows Firewall

14. If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder.

15. Select "Y" from your Keyboard, tap Enter.

16. The fix will be applied, select any key to Exit.

17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

System - log

Mbar - log Date and time of scan will also be shown

Thanks,

Kevin...

AdvancedSetup · June 16, 2015

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

"... is not a valid win32 application"

Recommended Posts

Link to post

Share on other sites

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information