mbam free edition scans no longer work offline

[qazma]

I'm using Malwarebytes Anti-Malware Home (Free) 2.1.6.1022, Windows 7 Professional 64bit, AVG Free Antivirus and Spybot Search & Destroy. I also have Malwarebytes Anti-Exploit free installed.

 

I noticed the problem just this morning, when (after updating) I unplugged my computer from the modem in order to scan a usb stick. It didn't work: the program got stuck on the "check for updates" part of the process, with the "pause scan" and "cancel" buttons being greyed out. I closed the program (from the x button and from the task manager) and restarted it numerous times, always with the same results. Neither custom scan nor thread scan worked. I unistalled the program and reinstalled it, again it doesn't work. But the moment I replug the computer to the modem, the program immediatelly works. Funny thing is I have the same collection of security programs on my laptop as well (WIndows 8.1 though), and mbam scans work on it offline with zero issues. Just yesterday I checked both of my computers for malware/viruses and got no alerts.

 

The mbam installation on my main computer (the one that doesn't work offline) has database version v2015.06.13.05.

 

The mbam installation on my laptop (the one that still works offline) has database version v2015.06.12.06.

 

Here are the requested logs.

Addition.txt

CheckResults.txt

FRST.txt

[AdvancedSetup]

It looks like you may have a hardware issue possibly. The following shows the drive is having issues loading things properly which can cause all sorts of issues.
 
 

System errors:
=============
Error: (06/14/2015 03:17:28 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.

Error: (06/13/2015 08:27:43 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.

Error: (06/13/2015 03:42:57 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR3.

Error: (06/13/2015 03:42:56 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR3.

Error: (06/13/2015 03:42:56 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR3.

Error: (06/13/2015 03:42:47 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (06/11/2015 09:12:17 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753635.

Error: (06/11/2015 08:45:57 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (06/10/2015 01:30:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (06/10/2015 01:30:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

 
 
I would try backing up your data just in case of a pending hardware failure. Then create a new System Restore Point and then do a Full Disk Check, in that order.
 
 
 
Please run a Full Disk Check on your system drive.  If needed here are some links on how to run a Disk Check.

On Windows 7 the disk check log is in the Event Logs under Application with a heading source of  Wininit


How to Run Disk Check in Windows 7

How to Run Check Disk at Startup in Vista or Windows 7


How to Read the Event Viewer Log for Check Disk (chkdsk) in Vista, Windows 7, and Windows 8

 

 

The Full Disk Check is 5 steps which is the one you should run. The quick one is the 3 steps and is not the correct one to run. When done please go into the Event Logs as shown and copy/paste back the results here.

[qazma]

Hello, I've read the links you posted and they're somewhat confusing as each site lists different amounts of steps for the same methods, and there seem to be more than one methods with 5 steps. Which one am I supposed to be using?

 

• Run Chkdsk from Drive's Properties Page? If yes, should I enable "Automatically fix file system errors" and "Scan for and attempt recovery of bad sectors"?

• Use chksk in a Command Prompt? If yes, do I run it in safe mode or do I boot from the windows dvd? (I use windows 7 but the instructions mention vista) And which switch commands should I use with it?
• Use chksk in an Elevated Command Prompt? If yes, which Switch commands do I use with it?
• Use chkntfs and fsutil in a Command Prompt? If yes, "chkntfs /d" or "chkntfs /c C:"? The first one "Restores the computer to the default behavior" and I don't know what that means.
• Run Check Disk using a REG File Download?
• Run Check Disk from the Registry Editor?

 

Sorry, this is my first time doing something like this and I don't know left from right.

[AdvancedSetup]

Well as said, make sure your data is backed up. I doubt that the disk check will help as it seems you may have a hardware or driver issue causing this. In any case trying a disk check only after data back up would still be what I would try.

 

Click on START and type in CMD.EXE and when it shows on the menu right click and choose "Run as administrator" and then in the black DOS prompt type in the following exactly.

 

CHKDSK   C:  /R

 

That will give you the following prompt that it cannot lock the drive. You need to press the Y key and then the Enter key and restart the computer and let it run. It can take from 10 minutes to hours to run. If it doesn't take at least a few minutes to run then it did not run for some reason.

 

C:\Windows\system32>CHKDSK C:  /RThe type of the file system is NTFS.Cannot lock current drive.Chkdsk cannot run because the volume is in use by anotherprocess.  Would you like to schedule this volume to bechecked the next time the system restarts? (Y/N)

 

Once done it will restart again on it's own and go back into normal Windows mode. Then you can follow the other advice on how to copy/paste the event log for the disk check.

[qazma]

Hello, here is the chkdsk log. Also, I've noticed some things that make me think I might have a malware infection after all, hhd condition aside:

 

My main pc (the one we're currently troubleshooting) will sometimes get stuck when I direct it to shutdown or restart through windows. I've been using the restart button on the case to force it to go back to windows and try again. The second time always works so far, so I hadn't though it might be something too serious.

 

I can't upload any files on facebook, it claims they are infected. I've scanned those files, but my security programs claim they are clean. The main pc was fully scanned for viruses and other malicious crap and found clean just a day before I noticed the "malwarebytes won't scan main pc offline" issue. Used avg free, malwarebytes antimalware, spybot search & destroy. I also have malwarebytes antiexploit installed.

 

I frequently move files between my main pc and my laptop. The laptop also can't upload any files on facebook, again due to supposed infection. However, the laptop was also fully scanned and found clean by the aforementioned set of programs just a day before I noticed the "malwarebytes won't scan main pc offline" issue. The laptop has windows 8.1 on it, the main pc has windows 7 service pack 1 64bit.

 

Another problem on the laptop (haven't yet tried verifying whether it's the same on the main pc, because I don't have any more clean usb sticks and didn't want to risk accidentally spreading any not already shared infections, but will do so if you think it nesessery) is that it refuses to show any usb sticks I connect in the computer window. It properly recognises my wireless mouse and the usb powered laptop fan, but whenever I connect a usb stick, for a split second it will show something resembling a "device recognised" icon at the task bar, then the icon will disappear before I can properly read it and the usb will never show up in the computer window.

 

A few days ago there was a virus outbreak panic at the office, something about files in usb sticks appearing like shortcuts? The description I heard was that one will try to open a stick and a windows commandline appears, dos with a flashing c (or c- I can't remember), then the folder opens. If one tries to erase any folders (within the stick I assume) they will reappear next time the usb stick is connected, again like shortcuts. Formating the stick doesn't work and the shortcut have cmd set as their destination location.

 

The above is the reason I scanned both of my computers, since the infected usb stick had been connected to my laptop numerous times before. Like previously stated though, my security programs found nothing on either of them, and I didn't notice any of the above symptoms on them either.

 

The office proposed solution for the "shortcut usb virus" was to run this file http://en.kioskea.net/download/download-11613-autorun-exterminator/, connect the infected usb stick and type "attrib -h -r -s /s /d e:\*.*" into the cmd, where e is the usb stick location, then to scan with malwarebytes. I DIDN'T do any of that since I didn't see the same symptoms and I don't know what that file actually does.

 

Any ideas? And what's the verdict on my hhd? I am fully prepared to format the main pc if nesessery, all my files that were in need of backup are things I can just print and archive in a physical folder.

CHKDSKResults.txt

[AdvancedSetup]

The disk check did not confirm anywhere near the amount of issues or errors that would be expected so as I rather expected the error is potentially due to firmware or other hardware issues.

 

I mean we can scan for malware but having a hard drive or controller issue is much more critical to potential data loss than an infection. In either case as said make sure you have your data backed up.

 

 

 

Let me have you run the following please.

 

Please visit this webpage and read the ComboFix User's Guide:

• Once you've read the article and are ready to use the program you can download it directly from the link below.
• Important! - Please make sure you save combofix to your desktop and do not run it from your browser
• Direct download link for: ComboFix.exe
• Please make sure you disable your security applications before running ComboFix.
• Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
• Please attach that log file to your next reply.
• If needed the file can be located here:  C:\combofix.txt
• NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
  

 

[qazma]

Hello, I couldn't follow the instructions for disabling spybot's teatimer as the advanced menu has no "resident" tab for me to access. I ended up uninstalling it and restarting the computer, before disabling the rest and running combofix. The log is below. While looking for a way to disable spybot, I run into a thread at bleepingcomputer.com saying that said "Spybot TeaTimer monitors changes to certain critical keys in windows registry but does not indicate if the change is normal or a modification made by a malware infection." 

 

I've been telling the program to just fix everything whenever I run it, which quarantines everything, and I've been deleting all quarantined items. Could this be partly responsible for the current problems?

ComboFix.txt

[AdvancedSetup]

I seriously doubt the controller is due to anything Spybot is doing.

 

Let me have you go ahead though and run the following routines to see if they find and remove any malware threats.

 

 

 

Please go ahead and run through the following steps and post back the logs when ready.
 
STEP 04
Please download Junkware Removal Tool to your desktop.

• Shutdown your antivirus to avoid any conflicts.
• Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next reply message
• When completed make sure to re-enable your antivirus
  

STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Please uncheck elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you may want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
• If you're ready to clean it all up.....click the Clean button.
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• To restore an item that has been deleted:
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
  

STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


STEP 07


Please go here to run the online antivirus scannner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked
• Click on Advanced Settings and ensure these options are ticked:
  
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
    

  
  [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.
  

STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press the Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.
  

[qazma]

STEP 04 - COMPLETED:

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 7.0.3 (06.19.2015:1)
OS: Windows 7 Professional x64
Ran by 01 on ‘™ 20/06/2015 at 21:14:10,80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox




~~~ Chrome


[C:\Users\01\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\01\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\01\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\01\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ‘™ 20/06/2015 at 21:15:44,90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

STEP 05 - COMPLETED:

 

 

 

# AdwCleaner v4.206 - Logfile created 20/06/2015 at 21:36:54
# Updated 01/06/2015 by Xplode
# Database : 2015-05-31.5 [Local]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : 01 - COREI7-4790K-PC
# Running from : C:\Users\01\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Avg Secure Update
Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.7601.18631


-\\ Mozilla Firefox v38.0.5 (x86 el)


-\\ Google Chrome v43.0.2357.124


*************************

AdwCleaner[R0].txt - [936 bytes] - [20/06/2015 21:21:50]
AdwCleaner[s0].txt - [815 bytes] - [20/06/2015 21:36:54]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [873  bytes] ##########
 

 

 

 

STEP 06 - COMPLETED:

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 20/6/2015
Scan Time: 9:46:10 μμ
Logfile:
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.06.20.03
Rootkit Database: v2015.06.15.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: 01

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 364687
Time Elapsed: 6 min, 20 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

STEP 07 - PENDING:

 

The link you provided redirects me to http://www.eset.com/int/home//products/online-scanner/. There I click on a button saying "Run ESET Online Scanner", which opens a new small window (http://www.eset.com/int/online-scanner-popup/) that asks me to download " esetsmartinstaller_enu.exe". Is this the way it's supposed to go, or did I somehow end up at a bogus site? I'm also told that at the end of the scan I'll have the option to uninstal the program, should I do that or keep it around until further instruction?

 

 

NOTES:

 

I run adwcleaner with avg free ENABLED since there were no instructions to disable it. The program found 3 registry keys form avg secure update and quarantined 2 of them. Why only 2 though? The one not quarantined is "[x64] HKCU\Software\Avg Secure Update" according to the [R0] log.

 

I run the TRIAL edition of malwarebytes antimalware. Also, I took a look at the protection log from today and it showed 2 "IsLicensed, 13" errors - if that's in any way relevant.

[AdvancedSetup]

Sometime not all keys are listed or known at the time as some change. Over all though the computer appears to be clean.

 

How is MBAM working now? Still having any issues with it scanning?

[qazma]

I just tried it out, it still won't work offline.

[qazma]

Should I run esetsmartinstaller_enu.exe and farbar now?

[qazma]

Aaaaand now google search urls are suddenly green for whatever reason. Great! :/ Is it like this on your end as well, or is it just me and my wonky computer?

New Bitmap Image.bmp

[qazma]

Aaaaand now google search urls are suddenly green for whatever reason. Great! :/ Is it like this on your end as well, or is it just me and my wonky computer?

 

*sigh* okay, false alarm this one, I just borked my screen settings and the usual green looked... weirdly neon-like.

[qazma]

Okay, continuing with the required steps.

 

 

 

 

 

STEP 07 - COMPLETED:

 

ESET online antivirus scanner found zero threats.

 

 

 

 

 

 

STEP 08 - COMPLETED:

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by 01 (administrator) on COREI7-4790K-PC on 23-06-2015 00:31:32
Running from C:\Users\01\Desktop
Loaded Profiles: 01 (Available Profiles: 01)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573720 2014-05-06] (Realtek Semiconductor)
HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation)
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3727824 2015-06-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-2239028301-2003149126-3417392521-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-21] (Microsoft Corporation)
Startup: C:\Users\01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 4510 series.lnk [2015-03-05]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 4510 series.lnk -> C:\Program Files\HP\HP Deskjet 4510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-01-03]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2239028301-2003149126-3417392521-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2239028301-2003149126-3417392521-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2239028301-2003149126-3417392521-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/el-gr/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2014-10-25] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2014-10-25] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2014-10-25] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2014-10-25] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\01\AppData\Roaming\Mozilla\Firefox\Profiles\9dm4a27h.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_160.dll [2015-06-15] ()
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-15] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-03] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-10-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-10-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Extension: SSL Version Control - C:\Users\01\AppData\Roaming\Mozilla\Firefox\Profiles\9dm4a27h.default\Extensions\jid1-ZM3BerwS6FsQAg@jetpack.xpi [2014-11-08]
FF Extension: Adblock Plus - C:\Users\01\AppData\Roaming\Mozilla\Firefox\Profiles\9dm4a27h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-08]

Chrome:
=======
CHR Profile: C:\Users\01\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\01\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-08]
CHR Extension: (Google Docs) - C:\Users\01\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-08]
CHR Extension: (Google Drive) - C:\Users\01\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\01\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-08]
CHR Extension: (YouTube) - C:\Users\01\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-08]
CHR Extension: (Google Search) - C:\Users\01\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-08]
CHR Extension: (Google Sheets) - C:\Users\01\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-08]
CHR Extension: (Google Wallet) - C:\Users\01\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-08]
CHR Extension: (Gmail) - C:\Users\01\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3461072 2015-06-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [312816 2015-06-05] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [672024 2015-02-27] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [287200 2015-05-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [224224 2015-05-12] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [281568 2015-05-12] (AVG Technologies CZ, s.r.o.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [487704 2014-03-14] (Intel Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-04-08] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-11] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-21 01:11 - 2015-06-21 01:11 - 00917334 _____ C:\Users\01\Desktop\New Bitmap Image.bmp
2015-06-20 21:21 - 2015-06-20 21:36 - 00000000 ____D C:\AdwCleaner
2015-06-20 21:18 - 2015-06-20 21:18 - 02231296 _____ C:\Users\01\Desktop\AdwCleaner.exe
2015-06-20 21:15 - 2015-06-20 21:15 - 00001072 _____ C:\Users\01\Desktop\JRT.txt
2015-06-20 21:14 - 2015-06-20 21:14 - 00000207 _____ C:\Windows\tweaking.com-regbackup-COREI7-4790K-PC-Windows-7-Professional-(64-bit).dat
2015-06-20 21:14 - 2015-06-20 21:14 - 00000000 ____D C:\RegBackup
2015-06-20 21:02 - 2015-06-20 21:02 - 02950750 _____ (Thisisu) C:\Users\01\Desktop\JRT.exe
2015-06-19 12:30 - 2015-06-19 12:30 - 00015558 _____ C:\ComboFix.txt
2015-06-19 12:22 - 2015-06-19 12:30 - 00000000 ____D C:\Qoobox
2015-06-19 12:22 - 2015-06-19 12:29 - 00000000 ____D C:\Windows\erdnt
2015-06-19 12:22 - 2011-06-26 09:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-19 12:22 - 2010-11-07 20:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-19 12:22 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-19 12:22 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-19 12:22 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-19 12:22 - 2000-08-31 03:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-19 12:22 - 2000-08-31 03:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-19 12:22 - 2000-08-31 03:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-19 11:45 - 2015-06-19 11:45 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\01\Desktop\spybot-2.4.exe
2015-06-19 11:37 - 2015-06-19 11:37 - 00000000 ____D C:\Users\01\Documents\ProcAlyzer Dumps
2015-06-19 11:27 - 2015-06-19 11:27 - 05628633 ____R (Swearware) C:\Users\01\Desktop\ComboFix.exe
2015-06-18 22:01 - 2015-06-18 22:01 - 00007460 _____ C:\Users\01\Desktop\CHKDSKResults.txt
2015-06-17 11:35 - 2015-06-18 19:19 - 00000000 ____D C:\Users\01\Desktop\New folder
2015-06-14 03:34 - 2015-06-14 03:34 - 00020890 _____ C:\Users\01\Desktop\CheckResults.txt
2015-06-14 03:31 - 2015-06-23 00:31 - 00014984 _____ C:\Users\01\Desktop\FRST.txt
2015-06-14 03:31 - 2015-06-14 03:31 - 00032769 _____ C:\Users\01\Desktop\Addition.txt
2015-06-14 03:30 - 2015-06-23 00:31 - 00000000 ____D C:\FRST
2015-06-14 03:11 - 2015-06-13 20:36 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\01\Desktop\mbam-setup-2.1.6.1022.exe
2015-06-14 03:11 - 2014-11-01 03:04 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\01\Desktop\mbam-setup-2.0.3.1025.exe
2015-06-14 00:50 - 2015-06-14 00:50 - 00000000 ____D C:\Users\01\AppData\Local\TempTaskUpdateDetection9BE41FF9-2972-4C54-86CE-4E24DDD0CAB6
2015-06-14 00:00 - 2015-06-14 00:00 - 00000000 _____ C:\Users\01\Desktop\database v2015.06.12.06.txt
2015-06-13 22:19 - 2015-06-13 23:51 - 02109952 _____ (Farbar) C:\Users\01\Desktop\FRST64.exe
2015-06-13 22:19 - 2015-06-13 23:51 - 01682416 _____ (Malwarebytes Corporation) C:\Users\01\Desktop\mbam-check-2.1.1.1001.exe
2015-06-13 22:17 - 2015-06-13 22:17 - 00321848 _____ (Malwarebytes Corporation) C:\Users\01\Desktop\mbam-clean-2.1.1.1001.exe
2015-06-13 20:30 - 2015-06-21 01:53 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-13 20:30 - 2015-06-13 20:34 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-13 20:30 - 2015-06-13 20:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-13 20:30 - 2015-06-13 20:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-13 20:30 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-13 20:30 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-13 20:30 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-11 21:12 - 2015-06-11 21:12 - 00000000 ____D C:\Program Files\Common Files\AV
2015-06-02 17:01 - 2015-06-03 12:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-05-30 12:50 - 2015-05-30 12:50 - 00000000 ____D C:\Users\01\AppData\Local\TempTaskUpdateDetection53FCE825-235B-4F6E-A414-C87E9F949436
2015-05-28 22:44 - 2015-05-28 22:44 - 00000000 ____D C:\Users\01\AppData\Local\TempTaskUpdateDetection1D67BDFA-CBFC-476F-8003-184D858D88A0
2015-05-25 12:22 - 2015-05-25 12:22 - 00000000 ____D C:\Users\01\AppData\Local\Avg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-23 00:29 - 2009-07-14 07:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-23 00:29 - 2009-07-14 07:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-23 00:27 - 2009-07-14 08:13 - 00783606 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-23 00:25 - 2014-11-01 19:33 - 00006464 _____ C:\Windows\SysWOW64\Gms.log
2015-06-23 00:23 - 2014-11-04 15:44 - 00001180 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-23 00:23 - 2014-11-04 15:40 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-23 00:23 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-23 00:23 - 2009-07-14 07:51 - 00056834 _____ C:\Windows\setupact.log
2015-06-23 00:22 - 2014-11-01 19:21 - 01886510 _____ C:\Windows\WindowsUpdate.log
2015-06-23 00:04 - 2014-11-04 15:44 - 00001184 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-22 23:36 - 2014-11-08 17:25 - 00000000 ____D C:\ProgramData\MFAData
2015-06-22 23:33 - 2014-11-08 17:25 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-06-22 22:06 - 2014-11-04 15:44 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-19 16:26 - 2010-11-21 06:47 - 00089432 _____ C:\Windows\PFRO.log
2015-06-19 12:30 - 2009-07-14 06:20 - 00000000 __RHD C:\Users\Default
2015-06-19 12:29 - 2009-07-14 05:34 - 00000215 _____ C:\Windows\system.ini
2015-06-19 12:00 - 2014-11-08 17:36 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-06-15 15:00 - 2014-11-08 18:32 - 00000000 ____D C:\Users\01\AppData\Local\Adobe
2015-06-15 14:46 - 2014-11-08 18:33 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-15 14:46 - 2014-11-08 18:33 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-14 00:11 - 2014-11-21 20:55 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-06-14 00:11 - 2014-11-08 18:35 - 00000000 ____D C:\Users\01\AppData\Roaming\Adobe
2015-06-14 00:03 - 2014-11-04 15:49 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-06-14 00:03 - 2014-11-04 15:48 - 00000000 ____D C:\ProgramData\Adobe
2015-06-11 21:12 - 2014-11-08 17:29 - 00000976 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-06-11 21:12 - 2014-11-08 17:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-06-03 12:03 - 2014-11-08 16:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-30 16:45 - 2014-11-21 20:28 - 00000000 ____D C:\ProgramData\Protexis
2015-05-30 16:37 - 2009-07-14 07:45 - 05084584 _____ C:\Windows\system32\FNTCACHE.DAT
2015-05-30 16:31 - 2014-11-01 19:36 - 00104440 _____ C:\Users\01\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-30 16:27 - 2009-07-14 06:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-05-30 16:26 - 2014-11-01 19:22 - 00000000 ____D C:\ProgramData\Package Cache
2015-05-30 15:08 - 2014-11-21 20:22 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-29 22:41 - 2015-01-01 00:29 - 00000000 ____D C:\Users\01\dwhelper
2015-05-27 13:27 - 2009-07-14 08:08 - 00032566 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-24 20:16 - 2015-05-19 01:38 - 00000000 ____D C:\Users\01\Documents\The Witcher 3

==================== Files in the root of some directories =======

2015-03-25 19:34 - 2015-03-25 19:34 - 0001834 _____ () C:\Users\01\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
C:\Users\01\AppData\Local\Temp\Quarantine.exe
C:\Users\01\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-13 15:09

==================== End of log ============================

Addition.txt

[AdvancedSetup]

Please try again to uninstall all Spybot software (if you can't get it removed let me know and we can use FRST to help us)

For now also uninstall all AVG antivirus software and install MSE Microsoft Security Essentials antivirus for now.

http://windows.microsoft.com/en-us/windows/security-essentials-download

Then restart the computer twice and update MSE and do a full scan with it and let me know if it finds anything.

Then restart one more time and run new FRST scan including a new Addition.txt log

[qazma]

Spybot was uninstalled while I run ESET and farbar, and avg was disabled. I had uninstalled Spybot from control panel uninstall programs.This is also the only way I know off to unistall avg. How do I fully remove them?

[AdvancedSetup]

You should be able to go into the Control Panel, Add/Remove and uninstall AVG. Then download and run their tool to remove all traces of the program.

http://www.avg.com/us-en/utilities

Thanks

[qazma]

MSE Microsoft Security Essentials antivirus found zero threats.

 

Before I run FRBT again, it's default settings are set as

 

• Under "Whitelist": Registry, Services, Drivers, Processes, Internet are all selected
• Under "Optional scan": "Addition.txt" is selected
• "List BCD", "Drivers MD5", "Shortcut.txt", "90 Days Files" under "Optional Scan" are NOT selected

Should I change anything or leave them as they are?

[AdvancedSetup]

Just leave them as they are for now and run it please.

 

Thanks

[qazma]

Here are the new FRST logs.

FRST.txt

Addition.txt

[AdvancedSetup]

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

fixlist.txt

[qazma]

Hello, here's the fixlog.

Fixlog.txt

[AdvancedSetup]

Okay, please download a new fresh copy of the MBAM installer. Delete your current one. Then use the MBAM CLEAN tool and fully remove the program and reboot. Then run it a second time and reboot.

 

Then install MBAM again and check for updates and let me know if you run into any issues now.

[qazma]

Hello again, I removed and reinstalled mbam as instructed and then after updating, tried to run a threat scan offline. Once again, the program got stuck in the "Checking for updates" part of the process, but the moment I re-plugged the pc online the scan run properly and found zero threats.

 

The good news is that my computer now boots a little faster than it used to and I am able to upload files on facebook with no issues.