Getting some odd happenings going on over here.

colby5scott · August 28, 2015

Hello,

I have been helping my grandmother out with her laptop, and recently, webpages have been failing to load, a blue screen of death occured, and occational freezing has occured. It has grown, and though Mbam scans have been frequent, nothing has been found albeit the occational pup, I worry for the state of the computer, and hope to save it, before all is lost.

I am someone who spends his time trying to learn about the hardware of computers, not as much on the digital front. That is where you come in. I have been a long time user of Mbam, and Mbae, I hope we can get this resolved, below is the files, i was getting "Error IO" when attempting to attach the files.

Lets get this party started, shall we?

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-08-2015
Ran by Jo (administrator) on JO-PC (27-08-2015 21:02:07)
Running from C:\Users\Jo\Desktop
Loaded Profiles: Jo (Available Profiles: Jo)
Platform: Microsoft® Windows Vista™ Ultimate Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Abbott Diabetes Care) C:\Program Files\Abbott Diabetes Care\FreeStyle Auto-Assist\adcmald.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Spotify Ltd) C:\Users\Jo\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NVHotkey] => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-08-25] (AVAST Software)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2620728 2015-07-22] (Malwarebytes Corporation)
HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\...\Run: [spotify Web Helper] => C:\Users\Jo\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1964088 2015-03-22] (Spotify Ltd)
HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\...\RunOnce: [Application Restart #4] => C:\Program Files\AVAST Software\Avast\sfzone\SafeZoneBrowser.exe [672928 2014-11-22] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-07-30] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-30] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
Toolbar: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000 -> No Name - {F7779E8A-BA43-408B-9A57-5AB0B73EF1D4} - No File
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25
Tcpip\..\Interfaces\{D416CB1C-43BB-45F4-ADEB-3710F44E73EF}: [DhcpNameServer] 192.168.0.1 205.171.3.25

FireFox:
========
FF ProfilePath: C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\lztwazbs.default-1425151358994
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchEngine.US: Google (avast)
FF DefaultSearchUrl: hxxps://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: about:home
FF Keyword.URL: hxxps://www.google.com/search/?trackid=sp-006
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-14] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3572847436-2681761750-3751482269-1000: @nsroblox.roblox.com/launcher -> C:\Users\Jo\AppData\Local\Roblox\Versions\version-5eefa3cb1a8a4e28\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3572847436-2681761750-3751482269-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\Jo\AppData\Local\Roblox\Versions\version-5eefa3cb1a8a4e28\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3572847436-2681761750-3751482269-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-01-26] (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\lztwazbs.default-1425151358994\searchplugins\google-avast.xml [2015-04-19]
FF Extension: FT DeepDark - C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\lztwazbs.default-1425151358994\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2015-08-25]
FF Extension: WOT - C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\lztwazbs.default-1425151358994\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-07-09]
FF Extension: YouTube Enhancer Plus - C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\lztwazbs.default-1425151358994\Extensions\firefoxaddon@youtubeenhancer.com.xpi [2015-02-28]
FF Extension: Hush - private bookmarking - C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\lztwazbs.default-1425151358994\Extensions\hush@teameuler.com.xpi [2015-08-05]
FF Extension: Lightbeam - C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\lztwazbs.default-1425151358994\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2015-02-28]
FF Extension: Bluhell Firewall - C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\lztwazbs.default-1425151358994\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2015-02-28]
FF Extension: NoScript - C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\lztwazbs.default-1425151358994\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-02-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-02-01]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-07]

Chrome:
=======
CHR Profile: C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-07-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-22]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-17]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 adcmald; C:\Program Files\Abbott Diabetes Care\FreeStyle Auto-Assist\adcmald.exe [535896 2013-08-05] (Abbott Diabetes Care)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-30] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109008 2015-07-30] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3218624 2015-07-14] (Avast Software)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2010-01-11] (Stardock Corporation) [File not signed]
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [713016 2015-07-22] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-07-30] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26096 2015-07-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-07-30] (AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2014-07-31] (ALWIL Software)
R0 aswNdis2; C:\Windows\system32\Drivers\aswNdis2.sys [256160 2015-07-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-07-30] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-07-30] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788784 2015-07-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433264 2015-07-30] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [161472 2015-07-30] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-07-30] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-07-30] (AVAST Software)
S3 CEDRIVER60; C:\Program Files\Cheat Engine 6.4\dbk32.sys [82880 2014-06-20] ()
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47928 2015-07-22] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [94936 2015-08-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [95112 2015-07-30] (AVAST Software)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-07-14] (Avast Software)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-27 21:02 - 2015-08-27 21:02 - 00016055 _____ C:\Users\Jo\Desktop\FRST.txt
2015-08-27 21:01 - 2015-08-27 21:02 - 00000000 ____D C:\FRST
2015-08-27 20:59 - 2015-08-27 21:00 - 01690624 _____ (Farbar) C:\Users\Jo\Desktop\FRST.exe
2015-08-27 18:43 - 2015-08-27 20:07 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-21 20:08 - 2015-08-25 16:19 - 00001546 _____ C:\Windows\PFRO.log
2015-08-21 18:13 - 2015-08-21 18:13 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\39B5091B.sys
2015-08-21 18:10 - 2015-08-21 18:10 - 00159728 _____ C:\Windows\Minidump\Mini082115-01.dmp
2015-08-21 18:09 - 2015-08-21 18:09 - 389509015 _____ C:\Windows\MEMORY.DMP
2015-08-20 20:23 - 2015-08-20 20:23 - 00000000 ____D C:\Users\Jo\AppData\Roaming\Thunderbird
2015-08-20 20:23 - 2015-08-20 20:23 - 00000000 ____D C:\Users\Jo\AppData\Local\Thunderbird
2015-08-20 20:22 - 2015-08-20 20:31 - 00000513 _____ C:\Users\Jo\Desktop\Thunderbird How to Use -Colby.txt
2015-08-20 19:46 - 2015-08-20 19:46 - 00000868 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2015-08-20 19:46 - 2015-08-20 19:46 - 00000856 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2015-08-20 19:46 - 2015-08-20 19:46 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2015-08-20 19:44 - 2015-08-20 19:45 - 34018072 _____ (Mozilla) C:\Users\Jo\Downloads\Thunderbird Setup 38.2.0.exe
2015-08-19 02:10 - 2015-08-14 17:03 - 12386816 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-19 02:10 - 2015-08-14 16:56 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-19 02:10 - 2015-08-14 16:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-15 21:03 - 2015-08-15 21:03 - 00001878 _____ C:\Users\Public\Desktop\Skype.lnk
2015-08-15 21:03 - 2015-08-15 21:03 - 00000000 ___RD C:\Program Files\Skype
2015-08-15 21:03 - 2015-08-15 21:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-15 21:03 - 2015-08-15 21:03 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-08-12 16:43 - 2015-07-21 14:55 - 01206192 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-12 16:43 - 2015-07-21 10:07 - 03605440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-08-12 16:43 - 2015-07-21 10:07 - 03553216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-12 16:43 - 2015-07-21 10:07 - 00140224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys
2015-08-12 16:43 - 2015-07-21 10:07 - 00056256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-12 16:43 - 2015-07-21 10:03 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
2015-08-12 16:43 - 2015-07-21 10:03 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-12 16:43 - 2015-07-21 10:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-12 16:39 - 2015-07-31 13:27 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 16:38 - 2015-07-09 08:20 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-08-12 16:36 - 2015-07-10 13:37 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-12 16:34 - 2015-07-11 09:56 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-12 16:25 - 2015-07-18 10:03 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-12 16:18 - 2015-07-10 13:37 - 01402368 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-12 16:18 - 2015-07-10 13:37 - 01253376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-12 16:17 - 2015-07-31 16:08 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-12 16:17 - 2015-07-31 15:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-08-12 16:17 - 2015-07-31 15:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-08-12 16:17 - 2015-07-31 15:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-08-12 16:17 - 2015-07-31 15:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-08-12 16:17 - 2015-07-31 14:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-12 16:17 - 2015-07-31 14:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-08-12 16:17 - 2015-07-31 14:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-08-12 16:17 - 2015-07-31 14:33 - 02066944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-12 16:17 - 2015-07-31 14:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-12 16:17 - 2015-07-31 14:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-12 16:17 - 2015-07-31 14:33 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-12 16:15 - 2015-07-01 09:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 16:14 - 2015-07-09 08:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 16:14 - 2015-07-09 08:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 13:42 - 2015-07-22 14:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-12 13:42 - 2015-07-22 14:51 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-12 13:42 - 2015-07-22 14:47 - 09751040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-12 13:42 - 2015-07-22 14:46 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-12 13:42 - 2015-07-22 14:46 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-12 13:42 - 2015-07-22 14:45 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-12 13:42 - 2015-07-22 14:45 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-08-12 13:42 - 2015-07-22 14:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-12 13:42 - 2015-07-22 14:44 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-12 13:42 - 2015-07-22 14:44 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-12 13:42 - 2015-07-22 14:44 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-12 13:42 - 2015-07-22 14:44 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-12 13:42 - 2015-07-22 14:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-12 13:42 - 2015-07-22 14:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-12 13:42 - 2015-07-22 14:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-12 13:42 - 2015-07-22 14:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-08-12 13:42 - 2015-07-22 14:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-08-12 13:42 - 2015-07-22 14:43 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-08-12 13:42 - 2015-07-22 14:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-10 14:43 - 2015-08-16 11:53 - 00000000 ____D C:\ProgramData\SecTaskMan
2015-08-10 14:42 - 2015-08-10 14:42 - 00000915 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2015-08-10 14:42 - 2015-08-10 14:42 - 00000904 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2015-08-10 14:42 - 2015-08-10 14:42 - 00000892 _____ C:\Users\Public\Desktop\Security Task Manager.lnk
2015-08-10 14:42 - 2015-08-10 14:42 - 00000000 ____D C:\Program Files\Security Task Manager
2015-08-10 14:41 - 2015-08-10 14:42 - 02816040 _____ C:\Users\Jo\Downloads\SecurityTaskManager_Setup.exe
2015-08-09 16:18 - 2015-08-09 16:18 - 02248704 _____ C:\Users\Jo\Downloads\adwcleaner_4.208.exe
2015-08-05 17:34 - 2015-08-05 17:34 - 00204496 _____ (Malwarebytes) C:\Users\Jo\Downloads\startuplite-setup-1.07.exe
2015-08-05 17:32 - 2015-08-05 17:33 - 00065232 _____ (Malwarebytes) C:\Users\Jo\Downloads\regassassin-setup-1.03.exe
2015-08-05 17:32 - 2015-08-05 17:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-08-05 17:29 - 2015-08-05 17:29 - 02865192 _____ (Malwarebytes ) C:\Users\Jo\Downloads\mbae-setup-1.07.1.1015.exe
2015-07-30 19:55 - 2015-07-30 19:55 - 00313472 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-07-30 19:55 - 2015-07-30 19:55 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-27 21:01 - 2012-05-13 16:35 - 00000250 _____ C:\Windows\Tasks\HP Photo Creations Messager.job
2015-08-27 21:00 - 2012-04-01 15:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-27 20:43 - 2008-01-20 19:37 - 01634716 _____ C:\Windows\WindowsUpdate.log
2015-08-27 20:07 - 2012-05-07 10:58 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-08-27 20:05 - 2014-02-13 12:03 - 00000429 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-08-27 20:05 - 2011-02-23 11:03 - 00047746 _____ C:\ProgramData\nvModes.001
2015-08-27 20:04 - 2011-02-23 11:03 - 00047746 _____ C:\ProgramData\nvModes.dat
2015-08-27 20:04 - 2006-11-02 07:00 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-27 20:04 - 2006-11-02 06:46 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-27 20:04 - 2006-11-02 06:46 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-27 20:03 - 2006-11-02 07:00 - 00032554 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-27 18:20 - 2013-08-05 14:10 - 00000000 ____D C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2015-08-27 18:17 - 2011-03-03 08:38 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-27 18:17 - 2011-03-03 08:38 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-27 18:14 - 2014-09-06 12:49 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-08-25 17:07 - 2015-02-07 20:22 - 00002587 _____ C:\Users\Jo\Desktop\Microsoft Office Word 2007.lnk
2015-08-21 20:08 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\security
2015-08-21 20:07 - 2015-07-20 18:14 - 00000000 ____D C:\Users\Jo\Desktop\a colby folder
2015-08-21 19:19 - 2014-09-06 12:37 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-21 19:16 - 2006-11-02 06:46 - 00273096 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-21 18:31 - 2014-09-06 12:36 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-21 18:10 - 2015-07-18 21:31 - 00000000 ____D C:\Windows\Minidump
2015-08-18 18:01 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\Microsoft.NET
2015-08-15 21:03 - 2014-07-12 07:57 - 00000000 ____D C:\Users\Jo\AppData\Roaming\Skype
2015-08-15 21:03 - 2014-07-12 07:57 - 00000000 ____D C:\ProgramData\Skype
2015-08-14 06:00 - 2012-04-01 15:18 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-08-14 06:00 - 2011-06-06 06:46 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-08-12 18:35 - 2006-11-02 06:35 - 00000000 ____D C:\Windows\system32\XPSViewer
2015-08-12 16:45 - 2011-02-23 13:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-12 16:43 - 2011-02-23 12:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-12 16:43 - 2011-02-23 12:09 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 16:34 - 2013-08-15 20:45 - 00000000 ____D C:\Windows\system32\MRT
2015-08-12 16:26 - 2006-11-02 04:24 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-08-12 16:22 - 2006-11-02 04:33 - 00719076 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-05 17:31 - 2014-09-06 12:49 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2015-07-30 20:19 - 2014-08-07 05:24 - 00000000 ____D C:\Program Files\Cheat Engine 6.4
2015-07-30 19:55 - 2015-07-14 19:58 - 00161472 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2015-07-30 19:55 - 2014-07-07 12:51 - 00433264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-07-30 19:55 - 2014-07-07 12:51 - 00208664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-07-30 19:55 - 2014-07-07 12:51 - 00076000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-07-30 19:55 - 2014-07-07 12:51 - 00057888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2015-07-30 19:55 - 2014-07-07 12:51 - 00055200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2015-07-30 19:55 - 2014-07-07 12:51 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-07-30 19:55 - 2014-07-07 12:51 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-07-30 19:54 - 2015-07-14 19:57 - 00095112 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-07-30 19:54 - 2014-07-31 06:22 - 00026096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2015-07-30 19:54 - 2014-07-07 12:51 - 00788784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-07-30 19:53 - 2014-07-31 06:21 - 00256160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdis2.sys

==================== Files in the root of some directories =======

2012-04-28 11:40 - 2012-04-28 11:40 - 0000272 _____ () C:\Users\Jo\AppData\Roaming\.backup.dm
2015-05-19 13:47 - 2015-05-19 13:47 - 0021293 _____ () C:\Users\Jo\AppData\Roaming\UserTile.png
2011-02-23 09:24 - 2015-03-01 16:12 - 0001356 _____ () C:\Users\Jo\AppData\Local\d3d9caps.dat
2011-02-23 14:38 - 2015-03-04 17:45 - 0024576 _____ () C:\Users\Jo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-13 16:29 - 2012-05-13 16:29 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-02-23 11:03 - 2015-08-27 20:05 - 0047746 _____ () C:\ProgramData\nvModes.001
2011-02-23 11:03 - 2015-08-27 20:04 - 0047746 _____ () C:\ProgramData\nvModes.dat

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-08-27 20:12

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version:27-08-2015
Ran by Jo (2015-08-27 21:02:57)
Running from C:\Users\Jo\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3572847436-2681761750-3751482269-500 - Administrator - Disabled)
Guest (S-1-5-21-3572847436-2681761750-3751482269-501 - Limited - Disabled)
Jo (S-1-5-21-3572847436-2681761750-3751482269-1000 - Administrator - Enabled) => C:\Users\Jo

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Abbott USB Data Cable Installation (Version: 1.00.0000 - Abbott Labs) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader X (10.1.15) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: - )
Advanced Video FX Engine (HKLM\...\Advanced Video FX Engine) (Version: - )
Avast Internet Security (HKLM\...\Avast) (Version: 10.3.2225 - AVAST Software)
C771 USB Driver V1.0.11.0 (HKLM\...\{FC8BC9C6-7A6F-475E-848B-3FC3CA0BFE19}) (Version: 1.0.11.0 - CASIO)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Cheat Engine 6.4 (HKLM\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Dock (HKLM\...\Dell Dock) (Version: 2.0 - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell Webcam Center (HKLM\...\Dell Webcam Center) (Version: - )
Dell Webcam Manager (HKLM\...\Dell Webcam Manager) (Version: - )
Dropbox (HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
FreeStyle Auto-Assist (HKLM\...\{ABA4BACF-C0E8-45FD-BDC7-92D1E7161183}) (Version: 2.0.3682.0 - Abbott Diabetes Care)
Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.13 - Google Inc.) Hidden
Horizon v2.7.9.0 (HKLM\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.7.9.0 - Daring Development Inc.)
Hoyle Classic Games II (HKLM\...\Hoyle Classic Games II) (Version: - )
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)
HP Photosmart 7510 series Basic Device Software (HKLM\...\{1BC72E97-FE98-48DF-82BF-C744F716BE28}) (Version: 25.0.617.0 - Hewlett-Packard Co.)
HP Photosmart 7510 series Help (HKLM\...\{6357D25F-A9C9-4CC7-A1FB-0DCF344E7C40}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Laptop Integrated Webcam Driver (1.04.01.1011)   (HKLM\...\Creative OEM002) (Version: - )
Live! Cam Avatar Creator (HKLM\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.0817.1 - Creative Technology Ltd.)
Live! Cam Avatar v1.0 (HKLM\...\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}) (Version: 1.0 - Creative Technology Ltd.)
Malwarebytes Anti-Exploit version 1.07.1.1015 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.07.1.1015 - Malwarebytes)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
Mozilla Thunderbird 38.2.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 38.2.0 (x86 en-US)) (Version: 38.2.0 - Mozilla)
Notepad++ (HKLM\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
RICOH R5C83x/84x Media Driver x86 Ver.3.34.03 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.34.03 - )
ROBLOX Player for Jo (HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.0.0 - DMAILER)
Security Task Manager 2.1 (HKLM\...\Security Task Manager) (Version: 2.1 - Neuber Software)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skype™ 7.8 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\...\Spotify) (Version: 1.0.2.6.g9977a14b - Spotify AB)
Ultimate Extras sounds from Microsoft® Tinker™ (HKLM\...\UltSounds2) (Version: - Microsoft Corporation)
Unity Web Player (HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\...\UnityWebPlayer) (Version: 4.6.2f1 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Sound Schemes (HKLM\...\UltSounds) (Version: - Microsoft Corporation)
Yahoo! Detect (HKLM\...\YTdetect) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Jo\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{76D50904-6780-4c8b-8986-1A7EE0B1716D}\InprocServer32 -> C:\Users\Jo\AppData\Local\Roblox\Versions\version-5eefa3cb1a8a4e28\RobloxProxy.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Jo\AppData\Local\Roblox\Versions\version-5eefa3cb1a8a4e28\RobloxProxy64.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)

==================== Restore Points =========================

23-08-2015 01:56:18 Windows Update
27-08-2015 05:59:50 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 04:23 - 2006-09-18 15:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1BDC2FD2-5163-453E-BBA8-CB11A6538EEA} - System32\Tasks\hpUrlLauncher.exe_{CF0F894F-A499-443C-9E77-FFDFA81784D7} => C:\Program Files\HP\HP Photosmart 7510 series\Bin\utils\hpUrlLauncher.exe [2011-08-31] (Hewlett-Packard Co.)
Task: {25B53FDD-3954-40B5-835E-13A534B074C5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {496346F5-9E3A-4579-9F61-B3409607E5A3} - System32\Tasks\avastBCLRestartS-1-5-21-3572847436-2681761750-3751482269-1000 => Firefox.exe
Task: {548935E6-A6C6-4308-80BE-C4EF0E350073} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-14] (Adobe Systems Incorporated)
Task: {5CC3C2EE-3489-4E2A-A767-DA0854CB9FD7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {9CBE053E-494C-4339-8603-67706EA94702} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-30] (AVAST Software)
Task: {BBB94DD8-8F01-4ACB-A9BB-0300A92D97E8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {C4CA4161-F1A4-4D87-B245-3CDC2573456B} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {E87BC8F5-77B2-4DB4-88EB-0E12C2C86083} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15] ()
Task: {ED0D99C0-1D80-4843-9B45-EB74EDF37761} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe

==================== Loaded Modules (Whitelisted) ==============

2015-03-17 16:54 - 2015-07-30 19:55 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-17 16:53 - 2015-07-30 19:55 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-08-27 18:13 - 2015-08-27 18:13 - 02961408 _____ () C:\Program Files\AVAST Software\Avast\defs\15082701\algo.dll
2015-03-13 09:32 - 2015-03-17 16:55 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Jo\Documents\Cookies.eml:OECustomProperty
AlternateDataStreams: C:\Users\Jo\Documents\Fw_.emljellie.eml:OECustomProperty
AlternateDataStreams: C:\Users\Jo\Documents\Jellie1.eml:OECustomProperty
AlternateDataStreams: C:\Users\Jo\Documents\pontoon boat seats.eml:OECustomProperty
AlternateDataStreams: C:\Users\Jo\Documents\Universal FleetCard Application.eml:OECustomProperty

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jo\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.0.1 - 205.171.3.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Jo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Jo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Jo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Photosmart 7510 series (Network).lnk => C:\Windows\pss\Monitor Ink Alerts - HP Photosmart 7510 series (Network).lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BringMeSports_1c Browser Plugin Loader => C:\PROGRA~1\BRINGM~2\bar\1.bin\1cbrmon.exe
MSCONFIG\startupreg: DELL Webcam Manager => "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: FreeStyle AutoLaunch => "C:\Program Files\Abbott Diabetes Care\FreeStyle Auto-Assist\adclaunchd.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: OEM02Mon.exe => C:\Windows\OEM02Mon.exe
MSCONFIG\startupreg: SanDiskSecureAccess_Manager.exe => C:\Users\Jo\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
MSCONFIG\startupreg: Spotify => "C:\Users\Jo\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Jo\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{F0F288E8-A3DC-462E-9AF8-6BED86304560}] => (Allow) LPort=80
FirewallRules: [{6DA5E4AA-42A5-4F16-86A8-DC19C9BDC97F}] => (Allow) LPort=80
FirewallRules: [{AAE3017B-2AD4-4779-8260-E5A667CF13DD}] => (Allow) LPort=80
FirewallRules: [{E2F7D8BD-1764-4B8D-8402-4D0D0B2DFD31}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{DC185503-11B4-4744-8812-9C6960B144A5}] => (Allow) LPort=2869
FirewallRules: [{E8CA1788-0F83-4167-85AD-3F908E7296CA}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{11C8BD56-3F59-4E47-BE86-D4743550BFB3}C:\program files\google\google earth\plugin\geplugin.exe] => (Block) C:\program files\google\google earth\plugin\geplugin.exe
FirewallRules: [uDP Query User{22DDDA59-C0D1-41AE-982A-FA6A099E0206}C:\program files\google\google earth\plugin\geplugin.exe] => (Block) C:\program files\google\google earth\plugin\geplugin.exe
FirewallRules: [{E67C31FF-7139-4813-96F1-267B2E964B04}] => (Allow) C:\Program Files\HP\HP Photosmart 7510 series\Bin\DeviceSetup.exe
FirewallRules: [{F8992155-AD3B-4D02-A6E4-7A7B46ACE9F9}] => (Allow) C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{79C3B774-7A86-4354-AEBF-7160126451E3}] => (Allow) C:\Users\Jo\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9C8FE7B6-E564-4936-A05E-AF6D2083A64A}] => (Allow) C:\Users\Jo\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{7DA24230-ED57-42AA-A581-4366F7D6C7F8}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{FC13AE88-C310-40F2-9CAA-8579E45CA7D8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{EB3478C0-AA77-4954-863C-AA27F99A550D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{4E6B0F5B-08A4-44E4-AA4C-37B7B7A5419E}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [uDP Query User{8092220D-F725-4A7B-BB48-CE6409DC0946}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{D04D0EE5-4753-438C-B8E9-93C4123CE6B6}E:\users\jo\appdata\roaming\spotify\spotify.exe] => (Allow) E:\users\jo\appdata\roaming\spotify\spotify.exe
FirewallRules: [uDP Query User{FDC161F5-157C-4B4B-BAA1-C2CD9DA29915}E:\users\jo\appdata\roaming\spotify\spotify.exe] => (Allow) E:\users\jo\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{78A20FF9-EEB3-4F28-913D-B4B97B9F1BF1}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [uDP Query User{C7241305-B6F7-4B1F-B1E4-8CE9D836E76E}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{38DEBD9D-3382-4513-AC08-821360448AED}C:\users\jo\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\jo\appdata\roaming\spotify\spotify.exe
FirewallRules: [uDP Query User{742A040A-DA9B-4A2C-BD79-53051A38EEE4}C:\users\jo\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\jo\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{47238215-D069-4CA8-8114-5A7ED647CBBE}C:\users\jo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jo\appdata\roaming\spotify\spotify.exe
FirewallRules: [uDP Query User{9B7B392B-36C9-4414-AF28-738BBA18F95A}C:\users\jo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jo\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{63F799C6-C0F8-47F9-AA17-EF9672A76BF0}C:\program files\google\google earth\client\googleearth.exe] => (Allow) C:\program files\google\google earth\client\googleearth.exe
FirewallRules: [uDP Query User{639ADFC3-B37F-43EB-A6BC-08B495E226E6}C:\program files\google\google earth\client\googleearth.exe] => (Allow) C:\program files\google\google earth\client\googleearth.exe
FirewallRules: [{554BFA86-A671-4DD8-9B26-AFC2AACEB2EE}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{3EC65C10-BBBF-4419-A89D-8E76E2E70EF6}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{74CB4233-1288-473F-962A-C5082E665DE7}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================

Application errors:
==================
Error: (08/27/2015 08:50:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, faulting module RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, exception code 0xc0000005, fault offset 0x000a8e8e,
process id 0x1078, application start time 0xRobloxPlayerBeta.exe0.

Error: (08/27/2015 08:37:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, faulting module RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, exception code 0xc0000005, fault offset 0x000a8e8e,
process id 0x868, application start time 0xRobloxPlayerBeta.exe0.

Error: (08/27/2015 08:36:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, faulting module RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, exception code 0xc0000005, fault offset 0x000a8e8e,
process id 0x1750, application start time 0xRobloxPlayerBeta.exe0.

Error: (08/27/2015 08:05:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2015 08:00:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, faulting module RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, exception code 0xc0000005, fault offset 0x000a8e8e,
process id 0xa0c, application start time 0xRobloxPlayerBeta.exe0.

Error: (08/27/2015 07:55:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, faulting module RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, exception code 0xc0000005, fault offset 0x000a8e8e,
process id 0x13a0, application start time 0xRobloxPlayerBeta.exe0.

Error: (08/27/2015 07:37:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, faulting module RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, exception code 0xc0000005, fault offset 0x000a8e8e,
process id 0xfa0, application start time 0xRobloxPlayerBeta.exe0.

Error: (08/27/2015 07:32:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, faulting module RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, exception code 0xc0000005, fault offset 0x000a8e8e,
process id 0x1450, application start time 0xRobloxPlayerBeta.exe0.

Error: (08/27/2015 07:10:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, faulting module RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, exception code 0xc0000005, fault offset 0x000a8e8e,
process id 0xe18, application start time 0xRobloxPlayerBeta.exe0.

Error: (08/27/2015 07:08:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, faulting module RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, exception code 0xc0000005, fault offset 0x000a8e8e,
process id 0x17d4, application start time 0xRobloxPlayerBeta.exe0.

System errors:
=============
Error: (08/27/2015 08:05:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (08/27/2015 06:11:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (08/27/2015 06:02:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (08/27/2015 07:34:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Media Player Network Sharing Service%%1053

Error: (08/27/2015 07:34:35 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Media Player Network Sharing Service

Error: (08/27/2015 07:33:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (08/27/2015 05:47:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (08/26/2015 06:00:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Adobe Flash Player Update Service%%1053

Error: (08/26/2015 06:00:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Adobe Flash Player Update Service

Error: (08/26/2015 05:59:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Microsoft Office:
=========================

CodeIntegrity:
===================================
Date: 2015-08-27 21:02:49.645
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-27 21:02:49.427
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-27 21:02:49.208
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-27 21:02:48.990
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-27 21:02:48.413
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\39B5091B.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-27 21:02:48.194
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\39B5091B.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-27 21:02:47.976
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\39B5091B.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-27 21:02:47.711
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\39B5091B.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-27 21:02:26.510
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-27 21:02:26.292
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core2 Duo CPU T8300 @ 2.40GHz
Percentage of memory in use: 42%
Total physical RAM: 3069.14 MB
Available physical RAM: 1751.76 MB
Total Virtual: 6341.3 MB
Available Virtual: 4913.3 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149 GB) (Free:95.88 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (The Epic drive) (Removable) (Total:1.88 GB) (Free:0.19 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 38000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 73736572)
Partition 1: (Not Active) - (Size=866 GB) - (Type=72)
Partition 2: (Not Active) - (Size=931.6 GB) - (Type=6C)
Partition 00: (Not Active) - (Size=0) - (Type=00) ATTENTION ===> 0 byte partition bootkit.
Partition 3: (Not Active) - (Size=224 KB) - (Type=00)

==================== End of Addition.txt ============================

TwinHeadedEagle · August 28, 2015

Hello,

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

Before we start please read and note the following:

We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
I volunteer to help you, so please, do not ask for help for your company/business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

Rules and policies

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Make sure that Addition option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please upload them into your next reply.

colby5scott · August 28, 2015

Thank you for getting on this so fast, and here are the .txt files again.

Strange, it still is giving me, "Error IO"

Please also note, firefox was locking up almost periodicly and the laptop has been slower then it should be today.

Pasted below, first the FRST, then Addition.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-08-2015
Ran by Jo (administrator) on JO-PC (28-08-2015 16:51:53)
Running from C:\Users\Jo\Desktop
Loaded Profiles: Jo (Available Profiles: Jo)
Platform: Microsoft® Windows Vista™ Ultimate Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Abbott Diabetes Care) C:\Program Files\Abbott Diabetes Care\FreeStyle Auto-Assist\adcmald.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\Jo\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngtool.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NVHotkey] => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-08-25] (AVAST Software)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2620728 2015-07-22] (Malwarebytes Corporation)
HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\...\Run: [spotify Web Helper] => C:\Users\Jo\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1964088 2015-03-22] (Spotify Ltd)
HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\...\RunOnce: [Application Restart #4] => C:\Program Files\AVAST Software\Avast\sfzone\SafeZoneBrowser.exe [672928 2014-11-22] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-07-30] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-30] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
Toolbar: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000 -> No Name - {F7779E8A-BA43-408B-9A57-5AB0B73EF1D4} - No File
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25
Tcpip\..\Interfaces\{D416CB1C-43BB-45F4-ADEB-3710F44E73EF}: [DhcpNameServer] 192.168.0.1 205.171.3.25

FireFox:
========
FF ProfilePath: C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\lztwazbs.default-1425151358994
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchEngine.US: Google (avast)
FF DefaultSearchUrl: hxxps://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: about:home
FF Keyword.URL: hxxps://www.google.com/search/?trackid=sp-006
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-14] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3572847436-2681761750-3751482269-1000: @nsroblox.roblox.com/launcher -> C:\Users\Jo\AppData\Local\Roblox\Versions\version-5eefa3cb1a8a4e28\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3572847436-2681761750-3751482269-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\Jo\AppData\Local\Roblox\Versions\version-5eefa3cb1a8a4e28\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3572847436-2681761750-3751482269-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-01-26] (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\lztwazbs.default-1425151358994\searchplugins\google-avast.xml [2015-04-19]
FF Extension: FT DeepDark - C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\lztwazbs.default-1425151358994\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2015-08-25]
FF Extension: WOT - C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\lztwazbs.default-1425151358994\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-07-09]
FF Extension: Hush - private bookmarking - C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\lztwazbs.default-1425151358994\Extensions\hush@teameuler.com.xpi [2015-08-05]
FF Extension: Lightbeam - C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\lztwazbs.default-1425151358994\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2015-02-28]
FF Extension: Bluhell Firewall - C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\lztwazbs.default-1425151358994\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2015-02-28]
FF Extension: NoScript - C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\lztwazbs.default-1425151358994\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-02-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-02-01]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-07]

Chrome:
=======
CHR Profile: C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-07-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-22]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-17]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 adcmald; C:\Program Files\Abbott Diabetes Care\FreeStyle Auto-Assist\adcmald.exe [535896 2013-08-05] (Abbott Diabetes Care)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-30] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109008 2015-07-30] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3218624 2015-07-14] (Avast Software)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2010-01-11] (Stardock Corporation) [File not signed]
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [713016 2015-07-22] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-07-30] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26096 2015-07-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-07-30] (AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2014-07-31] (ALWIL Software)
R0 aswNdis2; C:\Windows\system32\Drivers\aswNdis2.sys [256160 2015-07-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-07-30] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-07-30] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788784 2015-07-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433264 2015-07-30] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [161472 2015-07-30] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-07-30] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-07-30] (AVAST Software)
S3 CEDRIVER60; C:\Program Files\Cheat Engine 6.4\dbk32.sys [82880 2014-06-20] ()
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47928 2015-07-22] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [94936 2015-08-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [95112 2015-07-30] (AVAST Software)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-07-14] (Avast Software)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-28 16:53 - 2015-08-28 16:53 - 00000000 ____D C:\snapshots
2015-08-27 21:02 - 2015-08-28 16:53 - 00016016 _____ C:\Users\Jo\Desktop\FRST.txt
2015-08-27 21:02 - 2015-08-27 21:03 - 00036501 _____ C:\Users\Jo\Desktop\Addition.txt
2015-08-27 21:01 - 2015-08-28 16:52 - 00000000 ____D C:\FRST
2015-08-27 20:59 - 2015-08-27 21:00 - 01690624 _____ (Farbar) C:\Users\Jo\Desktop\FRST.exe
2015-08-27 18:43 - 2015-08-28 06:24 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-21 20:08 - 2015-08-28 06:24 - 00001902 _____ C:\Windows\PFRO.log
2015-08-21 18:13 - 2015-08-21 18:13 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\39B5091B.sys
2015-08-21 18:10 - 2015-08-21 18:10 - 00159728 _____ C:\Windows\Minidump\Mini082115-01.dmp
2015-08-21 18:09 - 2015-08-21 18:09 - 389509015 _____ C:\Windows\MEMORY.DMP
2015-08-20 20:23 - 2015-08-20 20:23 - 00000000 ____D C:\Users\Jo\AppData\Roaming\Thunderbird
2015-08-20 20:23 - 2015-08-20 20:23 - 00000000 ____D C:\Users\Jo\AppData\Local\Thunderbird
2015-08-20 20:22 - 2015-08-20 20:31 - 00000513 _____ C:\Users\Jo\Desktop\Thunderbird How to Use -Colby.txt
2015-08-20 19:46 - 2015-08-20 19:46 - 00000868 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2015-08-20 19:46 - 2015-08-20 19:46 - 00000856 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2015-08-20 19:46 - 2015-08-20 19:46 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2015-08-20 19:44 - 2015-08-20 19:45 - 34018072 _____ (Mozilla) C:\Users\Jo\Downloads\Thunderbird Setup 38.2.0.exe
2015-08-19 02:10 - 2015-08-14 17:03 - 12386816 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-19 02:10 - 2015-08-14 16:56 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-19 02:10 - 2015-08-14 16:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-15 21:03 - 2015-08-15 21:03 - 00001878 _____ C:\Users\Public\Desktop\Skype.lnk
2015-08-15 21:03 - 2015-08-15 21:03 - 00000000 ___RD C:\Program Files\Skype
2015-08-15 21:03 - 2015-08-15 21:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-15 21:03 - 2015-08-15 21:03 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-08-12 16:43 - 2015-07-21 14:55 - 01206192 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-12 16:43 - 2015-07-21 10:07 - 03605440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-08-12 16:43 - 2015-07-21 10:07 - 03553216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-12 16:43 - 2015-07-21 10:07 - 00140224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys
2015-08-12 16:43 - 2015-07-21 10:07 - 00056256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-12 16:43 - 2015-07-21 10:03 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
2015-08-12 16:43 - 2015-07-21 10:03 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-12 16:43 - 2015-07-21 10:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-12 16:39 - 2015-07-31 13:27 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 16:38 - 2015-07-09 08:20 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-08-12 16:36 - 2015-07-10 13:37 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-12 16:34 - 2015-07-11 09:56 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-12 16:25 - 2015-07-18 10:03 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-12 16:18 - 2015-07-10 13:37 - 01402368 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-12 16:18 - 2015-07-10 13:37 - 01253376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-12 16:17 - 2015-07-31 16:08 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-12 16:17 - 2015-07-31 15:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-08-12 16:17 - 2015-07-31 15:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-08-12 16:17 - 2015-07-31 15:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-08-12 16:17 - 2015-07-31 15:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-08-12 16:17 - 2015-07-31 14:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-12 16:17 - 2015-07-31 14:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-08-12 16:17 - 2015-07-31 14:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-08-12 16:17 - 2015-07-31 14:33 - 02066944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-12 16:17 - 2015-07-31 14:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-12 16:17 - 2015-07-31 14:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-12 16:17 - 2015-07-31 14:33 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-12 16:15 - 2015-07-01 09:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 16:14 - 2015-07-09 08:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 16:14 - 2015-07-09 08:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 13:42 - 2015-07-22 14:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-12 13:42 - 2015-07-22 14:51 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-12 13:42 - 2015-07-22 14:47 - 09751040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-12 13:42 - 2015-07-22 14:46 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-12 13:42 - 2015-07-22 14:46 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-12 13:42 - 2015-07-22 14:45 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-12 13:42 - 2015-07-22 14:45 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-08-12 13:42 - 2015-07-22 14:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-12 13:42 - 2015-07-22 14:44 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-12 13:42 - 2015-07-22 14:44 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-12 13:42 - 2015-07-22 14:44 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-12 13:42 - 2015-07-22 14:44 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-12 13:42 - 2015-07-22 14:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-12 13:42 - 2015-07-22 14:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-12 13:42 - 2015-07-22 14:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-12 13:42 - 2015-07-22 14:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-08-12 13:42 - 2015-07-22 14:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-08-12 13:42 - 2015-07-22 14:43 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-08-12 13:42 - 2015-07-22 14:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-10 14:43 - 2015-08-16 11:53 - 00000000 ____D C:\ProgramData\SecTaskMan
2015-08-10 14:42 - 2015-08-10 14:42 - 00000915 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2015-08-10 14:42 - 2015-08-10 14:42 - 00000904 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2015-08-10 14:42 - 2015-08-10 14:42 - 00000892 _____ C:\Users\Public\Desktop\Security Task Manager.lnk
2015-08-10 14:42 - 2015-08-10 14:42 - 00000000 ____D C:\Program Files\Security Task Manager
2015-08-10 14:41 - 2015-08-10 14:42 - 02816040 _____ C:\Users\Jo\Downloads\SecurityTaskManager_Setup.exe
2015-08-09 16:18 - 2015-08-09 16:18 - 02248704 _____ C:\Users\Jo\Downloads\adwcleaner_4.208.exe
2015-08-05 17:34 - 2015-08-05 17:34 - 00204496 _____ (Malwarebytes) C:\Users\Jo\Downloads\startuplite-setup-1.07.exe
2015-08-05 17:32 - 2015-08-05 17:33 - 00065232 _____ (Malwarebytes) C:\Users\Jo\Downloads\regassassin-setup-1.03.exe
2015-08-05 17:32 - 2015-08-05 17:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-08-05 17:29 - 2015-08-05 17:29 - 02865192 _____ (Malwarebytes ) C:\Users\Jo\Downloads\mbae-setup-1.07.1.1015.exe
2015-07-30 19:55 - 2015-07-30 19:55 - 00313472 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-07-30 19:55 - 2015-07-30 19:55 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-28 16:48 - 2014-02-13 12:03 - 00000429 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-08-28 16:48 - 2011-02-23 11:03 - 00047746 _____ C:\ProgramData\nvModes.dat
2015-08-28 16:48 - 2011-02-23 11:03 - 00047746 _____ C:\ProgramData\nvModes.001
2015-08-28 16:47 - 2006-11-02 07:00 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-28 16:47 - 2006-11-02 06:46 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-28 16:47 - 2006-11-02 06:46 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-28 07:03 - 2008-01-20 19:37 - 01698845 _____ C:\Windows\WindowsUpdate.log
2015-08-28 07:03 - 2006-11-02 07:00 - 00032554 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-28 07:01 - 2012-05-13 16:35 - 00000250 _____ C:\Windows\Tasks\HP Photo Creations Messager.job
2015-08-28 07:00 - 2012-04-01 15:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-28 06:24 - 2012-05-07 10:58 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-08-27 18:20 - 2013-08-05 14:10 - 00000000 ____D C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2015-08-27 18:17 - 2011-03-03 08:38 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-27 18:17 - 2011-03-03 08:38 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-27 18:14 - 2014-09-06 12:49 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-08-25 17:07 - 2015-02-07 20:22 - 00002587 _____ C:\Users\Jo\Desktop\Microsoft Office Word 2007.lnk
2015-08-21 20:08 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\security
2015-08-21 20:07 - 2015-07-20 18:14 - 00000000 ____D C:\Users\Jo\Desktop\a colby folder
2015-08-21 19:19 - 2014-09-06 12:37 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-21 19:16 - 2006-11-02 06:46 - 00273096 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-21 18:31 - 2014-09-06 12:36 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-21 18:10 - 2015-07-18 21:31 - 00000000 ____D C:\Windows\Minidump
2015-08-18 18:01 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\Microsoft.NET
2015-08-15 21:03 - 2014-07-12 07:57 - 00000000 ____D C:\Users\Jo\AppData\Roaming\Skype
2015-08-15 21:03 - 2014-07-12 07:57 - 00000000 ____D C:\ProgramData\Skype
2015-08-14 06:00 - 2012-04-01 15:18 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-08-14 06:00 - 2011-06-06 06:46 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-08-12 18:35 - 2006-11-02 06:35 - 00000000 ____D C:\Windows\system32\XPSViewer
2015-08-12 16:45 - 2011-02-23 13:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-12 16:43 - 2011-02-23 12:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-12 16:43 - 2011-02-23 12:09 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 16:34 - 2013-08-15 20:45 - 00000000 ____D C:\Windows\system32\MRT
2015-08-12 16:26 - 2006-11-02 04:24 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-08-12 16:22 - 2006-11-02 04:33 - 00719076 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-05 17:31 - 2014-09-06 12:49 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2015-07-30 20:19 - 2014-08-07 05:24 - 00000000 ____D C:\Program Files\Cheat Engine 6.4
2015-07-30 19:55 - 2015-07-14 19:58 - 00161472 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2015-07-30 19:55 - 2014-07-07 12:51 - 00433264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-07-30 19:55 - 2014-07-07 12:51 - 00208664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-07-30 19:55 - 2014-07-07 12:51 - 00076000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-07-30 19:55 - 2014-07-07 12:51 - 00057888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2015-07-30 19:55 - 2014-07-07 12:51 - 00055200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2015-07-30 19:55 - 2014-07-07 12:51 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-07-30 19:55 - 2014-07-07 12:51 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-07-30 19:54 - 2015-07-14 19:57 - 00095112 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-07-30 19:54 - 2014-07-31 06:22 - 00026096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2015-07-30 19:54 - 2014-07-07 12:51 - 00788784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-07-30 19:53 - 2014-07-31 06:21 - 00256160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdis2.sys

==================== Files in the root of some directories =======

2012-04-28 11:40 - 2012-04-28 11:40 - 0000272 _____ () C:\Users\Jo\AppData\Roaming\.backup.dm
2015-05-19 13:47 - 2015-05-19 13:47 - 0021293 _____ () C:\Users\Jo\AppData\Roaming\UserTile.png
2011-02-23 09:24 - 2015-03-01 16:12 - 0001356 _____ () C:\Users\Jo\AppData\Local\d3d9caps.dat
2011-02-23 14:38 - 2015-03-04 17:45 - 0024576 _____ () C:\Users\Jo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-13 16:29 - 2012-05-13 16:29 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-02-23 11:03 - 2015-08-28 16:48 - 0047746 _____ () C:\ProgramData\nvModes.001
2011-02-23 11:03 - 2015-08-28 16:48 - 0047746 _____ () C:\ProgramData\nvModes.dat

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-08-28 16:53

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version:27-08-2015
Ran by Jo (2015-08-28 16:54:30)
Running from C:\Users\Jo\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3572847436-2681761750-3751482269-500 - Administrator - Disabled)
Guest (S-1-5-21-3572847436-2681761750-3751482269-501 - Limited - Disabled)
Jo (S-1-5-21-3572847436-2681761750-3751482269-1000 - Administrator - Enabled) => C:\Users\Jo

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Abbott USB Data Cable Installation (Version: 1.00.0000 - Abbott Labs) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader X (10.1.15) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: - )
Advanced Video FX Engine (HKLM\...\Advanced Video FX Engine) (Version: - )
Avast Internet Security (HKLM\...\Avast) (Version: 10.3.2225 - AVAST Software)
C771 USB Driver V1.0.11.0 (HKLM\...\{FC8BC9C6-7A6F-475E-848B-3FC3CA0BFE19}) (Version: 1.0.11.0 - CASIO)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Cheat Engine 6.4 (HKLM\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Dock (HKLM\...\Dell Dock) (Version: 2.0 - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell Webcam Center (HKLM\...\Dell Webcam Center) (Version: - )
Dell Webcam Manager (HKLM\...\Dell Webcam Manager) (Version: - )
Dropbox (HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
FreeStyle Auto-Assist (HKLM\...\{ABA4BACF-C0E8-45FD-BDC7-92D1E7161183}) (Version: 2.0.3682.0 - Abbott Diabetes Care)
Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.13 - Google Inc.) Hidden
Horizon v2.7.9.0 (HKLM\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.7.9.0 - Daring Development Inc.)
Hoyle Classic Games II (HKLM\...\Hoyle Classic Games II) (Version: - )
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)
HP Photosmart 7510 series Basic Device Software (HKLM\...\{1BC72E97-FE98-48DF-82BF-C744F716BE28}) (Version: 25.0.617.0 - Hewlett-Packard Co.)
HP Photosmart 7510 series Help (HKLM\...\{6357D25F-A9C9-4CC7-A1FB-0DCF344E7C40}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Laptop Integrated Webcam Driver (1.04.01.1011)   (HKLM\...\Creative OEM002) (Version: - )
Live! Cam Avatar Creator (HKLM\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.0817.1 - Creative Technology Ltd.)
Live! Cam Avatar v1.0 (HKLM\...\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}) (Version: 1.0 - Creative Technology Ltd.)
Malwarebytes Anti-Exploit version 1.07.1.1015 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.07.1.1015 - Malwarebytes)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
Mozilla Thunderbird 38.2.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 38.2.0 (x86 en-US)) (Version: 38.2.0 - Mozilla)
Notepad++ (HKLM\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
RICOH R5C83x/84x Media Driver x86 Ver.3.34.03 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.34.03 - )
ROBLOX Player for Jo (HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.0.0 - DMAILER)
Security Task Manager 2.1 (HKLM\...\Security Task Manager) (Version: 2.1 - Neuber Software)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skype™ 7.8 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\...\Spotify) (Version: 1.0.2.6.g9977a14b - Spotify AB)
Ultimate Extras sounds from Microsoft® Tinker™ (HKLM\...\UltSounds2) (Version: - Microsoft Corporation)
Unity Web Player (HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\...\UnityWebPlayer) (Version: 4.6.2f1 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Sound Schemes (HKLM\...\UltSounds) (Version: - Microsoft Corporation)
Yahoo! Detect (HKLM\...\YTdetect) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Jo\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{76D50904-6780-4c8b-8986-1A7EE0B1716D}\InprocServer32 -> C:\Users\Jo\AppData\Local\Roblox\Versions\version-5eefa3cb1a8a4e28\RobloxProxy.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Jo\AppData\Local\Roblox\Versions\version-5eefa3cb1a8a4e28\RobloxProxy64.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)

==================== Restore Points =========================

23-08-2015 01:56:18 Windows Update
27-08-2015 05:59:50 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 04:23 - 2006-09-18 15:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1BDC2FD2-5163-453E-BBA8-CB11A6538EEA} - System32\Tasks\hpUrlLauncher.exe_{CF0F894F-A499-443C-9E77-FFDFA81784D7} => C:\Program Files\HP\HP Photosmart 7510 series\Bin\utils\hpUrlLauncher.exe [2011-08-31] (Hewlett-Packard Co.)
Task: {25B53FDD-3954-40B5-835E-13A534B074C5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {496346F5-9E3A-4579-9F61-B3409607E5A3} - System32\Tasks\avastBCLRestartS-1-5-21-3572847436-2681761750-3751482269-1000 => Firefox.exe
Task: {548935E6-A6C6-4308-80BE-C4EF0E350073} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-14] (Adobe Systems Incorporated)
Task: {5CC3C2EE-3489-4E2A-A767-DA0854CB9FD7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {9CBE053E-494C-4339-8603-67706EA94702} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-30] (AVAST Software)
Task: {BBB94DD8-8F01-4ACB-A9BB-0300A92D97E8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {C4CA4161-F1A4-4D87-B245-3CDC2573456B} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {E87BC8F5-77B2-4DB4-88EB-0E12C2C86083} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15] ()
Task: {ED0D99C0-1D80-4843-9B45-EB74EDF37761} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe

==================== Loaded Modules (Whitelisted) ==============

2015-03-17 16:54 - 2015-07-30 19:55 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-17 16:53 - 2015-07-30 19:55 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-08-28 06:28 - 2015-08-28 06:28 - 02961408 _____ () C:\Program Files\AVAST Software\Avast\defs\15082800\algo.dll
2015-03-13 09:32 - 2015-03-17 16:55 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Jo\Documents\Cookies.eml:OECustomProperty
AlternateDataStreams: C:\Users\Jo\Documents\Fw_.emljellie.eml:OECustomProperty
AlternateDataStreams: C:\Users\Jo\Documents\Jellie1.eml:OECustomProperty
AlternateDataStreams: C:\Users\Jo\Documents\pontoon boat seats.eml:OECustomProperty
AlternateDataStreams: C:\Users\Jo\Documents\Universal FleetCard Application.eml:OECustomProperty

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jo\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.0.1 - 205.171.3.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Jo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Jo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Jo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Photosmart 7510 series (Network).lnk => C:\Windows\pss\Monitor Ink Alerts - HP Photosmart 7510 series (Network).lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BringMeSports_1c Browser Plugin Loader => C:\PROGRA~1\BRINGM~2\bar\1.bin\1cbrmon.exe
MSCONFIG\startupreg: DELL Webcam Manager => "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: FreeStyle AutoLaunch => "C:\Program Files\Abbott Diabetes Care\FreeStyle Auto-Assist\adclaunchd.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: OEM02Mon.exe => C:\Windows\OEM02Mon.exe
MSCONFIG\startupreg: SanDiskSecureAccess_Manager.exe => C:\Users\Jo\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
MSCONFIG\startupreg: Spotify => "C:\Users\Jo\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Jo\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{F0F288E8-A3DC-462E-9AF8-6BED86304560}] => (Allow) LPort=80
FirewallRules: [{6DA5E4AA-42A5-4F16-86A8-DC19C9BDC97F}] => (Allow) LPort=80
FirewallRules: [{AAE3017B-2AD4-4779-8260-E5A667CF13DD}] => (Allow) LPort=80
FirewallRules: [{E2F7D8BD-1764-4B8D-8402-4D0D0B2DFD31}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{DC185503-11B4-4744-8812-9C6960B144A5}] => (Allow) LPort=2869
FirewallRules: [{E8CA1788-0F83-4167-85AD-3F908E7296CA}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{11C8BD56-3F59-4E47-BE86-D4743550BFB3}C:\program files\google\google earth\plugin\geplugin.exe] => (Block) C:\program files\google\google earth\plugin\geplugin.exe
FirewallRules: [uDP Query User{22DDDA59-C0D1-41AE-982A-FA6A099E0206}C:\program files\google\google earth\plugin\geplugin.exe] => (Block) C:\program files\google\google earth\plugin\geplugin.exe
FirewallRules: [{E67C31FF-7139-4813-96F1-267B2E964B04}] => (Allow) C:\Program Files\HP\HP Photosmart 7510 series\Bin\DeviceSetup.exe
FirewallRules: [{F8992155-AD3B-4D02-A6E4-7A7B46ACE9F9}] => (Allow) C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{79C3B774-7A86-4354-AEBF-7160126451E3}] => (Allow) C:\Users\Jo\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9C8FE7B6-E564-4936-A05E-AF6D2083A64A}] => (Allow) C:\Users\Jo\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{7DA24230-ED57-42AA-A581-4366F7D6C7F8}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{FC13AE88-C310-40F2-9CAA-8579E45CA7D8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{EB3478C0-AA77-4954-863C-AA27F99A550D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{4E6B0F5B-08A4-44E4-AA4C-37B7B7A5419E}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [uDP Query User{8092220D-F725-4A7B-BB48-CE6409DC0946}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{D04D0EE5-4753-438C-B8E9-93C4123CE6B6}E:\users\jo\appdata\roaming\spotify\spotify.exe] => (Allow) E:\users\jo\appdata\roaming\spotify\spotify.exe
FirewallRules: [uDP Query User{FDC161F5-157C-4B4B-BAA1-C2CD9DA29915}E:\users\jo\appdata\roaming\spotify\spotify.exe] => (Allow) E:\users\jo\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{78A20FF9-EEB3-4F28-913D-B4B97B9F1BF1}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [uDP Query User{C7241305-B6F7-4B1F-B1E4-8CE9D836E76E}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{38DEBD9D-3382-4513-AC08-821360448AED}C:\users\jo\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\jo\appdata\roaming\spotify\spotify.exe
FirewallRules: [uDP Query User{742A040A-DA9B-4A2C-BD79-53051A38EEE4}C:\users\jo\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\jo\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{47238215-D069-4CA8-8114-5A7ED647CBBE}C:\users\jo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jo\appdata\roaming\spotify\spotify.exe
FirewallRules: [uDP Query User{9B7B392B-36C9-4414-AF28-738BBA18F95A}C:\users\jo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jo\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{63F799C6-C0F8-47F9-AA17-EF9672A76BF0}C:\program files\google\google earth\client\googleearth.exe] => (Allow) C:\program files\google\google earth\client\googleearth.exe
FirewallRules: [uDP Query User{639ADFC3-B37F-43EB-A6BC-08B495E226E6}C:\program files\google\google earth\client\googleearth.exe] => (Allow) C:\program files\google\google earth\client\googleearth.exe
FirewallRules: [{554BFA86-A671-4DD8-9B26-AFC2AACEB2EE}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{3EC65C10-BBBF-4419-A89D-8E76E2E70EF6}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{74CB4233-1288-473F-962A-C5082E665DE7}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================

Application errors:
==================
Error: (08/28/2015 04:49:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/28/2015 06:26:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2015 10:46:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, faulting module RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, exception code 0xc0000005, fault offset 0x000a8e8e,
process id 0x1060, application start time 0xRobloxPlayerBeta.exe0.

Error: (08/27/2015 08:50:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, faulting module RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, exception code 0xc0000005, fault offset 0x000a8e8e,
process id 0x1078, application start time 0xRobloxPlayerBeta.exe0.

Error: (08/27/2015 08:37:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, faulting module RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, exception code 0xc0000005, fault offset 0x000a8e8e,
process id 0x868, application start time 0xRobloxPlayerBeta.exe0.

Error: (08/27/2015 08:36:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, faulting module RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, exception code 0xc0000005, fault offset 0x000a8e8e,
process id 0x1750, application start time 0xRobloxPlayerBeta.exe0.

Error: (08/27/2015 08:05:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2015 08:00:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, faulting module RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, exception code 0xc0000005, fault offset 0x000a8e8e,
process id 0xa0c, application start time 0xRobloxPlayerBeta.exe0.

Error: (08/27/2015 07:55:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, faulting module RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, exception code 0xc0000005, fault offset 0x000a8e8e,
process id 0x13a0, application start time 0xRobloxPlayerBeta.exe0.

Error: (08/27/2015 07:37:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, faulting module RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, exception code 0xc0000005, fault offset 0x000a8e8e,
process id 0xfa0, application start time 0xRobloxPlayerBeta.exe0.

System errors:
=============
Error: (08/28/2015 04:49:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (08/28/2015 06:39:12 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070643Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.205.913.0){3F586AA3-D56D-4000-B6BE-93BF2F2368D2}201

Error: (08/28/2015 06:38:39 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

   New Signature Version:

   Previous Signature Version: 1.205.681.0

   Update Source: %NT AUTHORITY59

   Update Stage: 4.8.0204.00

   Source Path: 4.8.0204.01

   Signature Type: %NT AUTHORITY602

   Update Type: %NT AUTHORITY604

   User: NT AUTHORITY\SYSTEM

   Current Engine Version: %NT AUTHORITY605

   Previous Engine Version: %NT AUTHORITY606

   Error code: %NT AUTHORITY607

   Error description: %NT AUTHORITY608

Error: (08/28/2015 06:26:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (08/27/2015 08:05:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (08/27/2015 06:11:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (08/27/2015 06:02:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (08/27/2015 07:34:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Media Player Network Sharing Service%%1053

Error: (08/27/2015 07:34:35 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Media Player Network Sharing Service

Error: (08/27/2015 07:33:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Microsoft Office:
=========================

CodeIntegrity:
===================================
Date: 2015-08-28 16:53:59.868
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-28 16:53:59.650
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-28 16:53:59.431
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-28 16:53:59.197
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-28 16:53:58.370
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\39B5091B.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-28 16:53:58.152
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\39B5091B.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-28 16:53:57.778
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\39B5091B.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-28 16:53:57.512
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\39B5091B.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-28 16:53:17.218
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-28 16:53:16.547
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core2 Duo CPU T8300 @ 2.40GHz
Percentage of memory in use: 44%
Total physical RAM: 3069.14 MB
Available physical RAM: 1707.16 MB
Total Virtual: 6339.3 MB
Available Virtual: 4902.25 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149 GB) (Free:95.7 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (The Epic drive) (Removable) (Total:1.88 GB) (Free:0.19 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 38000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 73736572)
Partition 1: (Not Active) - (Size=866 GB) - (Type=72)
Partition 2: (Not Active) - (Size=931.6 GB) - (Type=6C)
Partition 00: (Not Active) - (Size=0) - (Type=00) ATTENTION ===> 0 byte partition bootkit.
Partition 3: (Not Active) - (Size=224 KB) - (Type=00)

==================== End of Addition.txt ============================

TwinHeadedEagle · August 29, 2015

Multiple Resident Protection warning!

Always have one (and no more than one!) AntiVirus program! In this case having more of them will not provide you with better protection - instead they may cause slowness, lock-ups and even mark another ones as harmful, leading to leave your system unstable and even damaged. Please choose only one from the listed below to stay with and uninstall the others:

avast Free Antivirus
Microsoft Security Essentials

Uninstallation procedure:

Press the + R on your keyboard at the same time. Type appwiz.cpl and click OK.
Search for each uninstalled entry, right-click it and select Uninstall.

This should be done until any other steps will be taken.

Check Disk

Press the + R on your keyboard at the same time. Type cmd and click OK.
Copy/Enter the command below and press Enter:
```
chkdsk C: /r
```
You should get a message to schedule Check Disk at next system restart. Please type Y and press Enter.
All you should do now is to restart your PC and let the Check Disk process finish uninterrupted.

Check Disk report:

Press the + R on your keyboard at the same time. Type eventvwr and click OK.
In the left panel, expand Windows Logs and then click on Application.
Now, on the right side, click on Filter Current Log.
Under Event Sources, check only Wininit and click OK.
Now you'll be presented with one or multiple Wininit logs.
Click on an entry corresponding to the date and time of the disk check.
On the top main menu, click Action > Copy > Copy Details as Text.
Paste the contents into your next reply.

colby5scott · August 29, 2015

How strange, I recall removing Microsoft Security Essentials ages ago. When I put an anti-virus/Anti-spyware on a system, i am sure to remove the other system to prevent issues. Strange how it came back. As stated, this is my grandmothers laptop, and she might have recived a promt from windows, or something else, to re-install it, oh well, just going to have to place a note on the side of the screen to prevent it from occuring again.

Also, the command for the disk check flashes a command line window for a moment before said window vanishes into the aether. I have restarted a few times to see if that would do it, as well as tried a safemode boot-up. None are working.

TwinHeadedEagle · August 29, 2015

Can you run this utility for Microsoft Security Essentials?

https://support.microsoft.com/en-us/mats/program_install_and_uninstall

Make sure to choose proper item from the list.

For check disk, did you input the command in a good way. Do you get some message?

AdvancedSetup · September 8, 2015

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Sign In

Getting some odd happenings going on over here.

Recommended Posts

colby5scott

Link to post

Share on other sites

TwinHeadedEagle

Link to post

Share on other sites

colby5scott

Link to post

Share on other sites

TwinHeadedEagle

Link to post

Share on other sites

colby5scott

Link to post

Share on other sites

TwinHeadedEagle

Link to post

Share on other sites

AdvancedSetup

Link to post

Share on other sites

Recently Browsing 0 members

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information