su2.ff.avast.com Pop-ups

RajaTheOracle · September 10, 2015

HI, I'm having trouble with Malwarebytes detecting su2.ff.avast.com and resulting in pop ups every minute or so. My computer seems to be acting fine otherwise and it has been doing this for about three days now. I have Malwarebytes Premium and Avast Free Antivirus. Windows Defender is also active I believe. My operating system is Windows Vista 32 Bit, so it's pretty old. Malwarebytes states that su2.ff.avast.com is an outgoing process, the port is 0, and the IP address is listed as 92.242.140.21 Any assistance you can offer me with this matter would be greatly appreciated.

My FRST.txt file and Addition file will be posted below the following line. Thank you for taking the time to review this.

_________________________________________________

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-09-2015

Ran by Raja (administrator) on RAJA-PC (10-09-2015 17:12:25)

Running from C:\Users\Raja\Downloads

Loaded Profiles: Raja & UpdatusUser (Available Profiles: Raja & UpdatusUser)

Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)

Internet Explorer Version 9 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe

(Microsoft Corporation) C:\Windows\System32\wisptis.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Microsoft Corporation) C:\Windows\System32\wisptis.exe

() C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe

(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe

() C:\Program Files\Bamboo Dock\BambooCore.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Ruiware) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe

(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe

() C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe

(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6183456 2008-07-23] (Realtek Semiconductor)

HKLM\...\Run: [eRecoveryService] => [X]

HKLM\...\Run: [bambooCore] => C:\Program Files\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()

HKLM\...\Run: [skytel] => C:\Windows\Skytel.exe [1826816 2008-07-23] (Realtek Semiconductor Corp.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-08-27] (AVAST Software)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)

HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)

HKU\S-1-5-21-1742146434-640598446-4293121517-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2013-09-10] (Google Inc.)

HKU\S-1-5-21-1742146434-640598446-4293121517-1000\...\Run: [Google Update] => C:\Users\Raja\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-06-17] (Google Inc.)

HKU\S-1-5-21-1742146434-640598446-4293121517-1000\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1244296 2015-06-25] (Ruiware)

AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [113664 2008-09-23] (Google)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-08-16] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{0F2BE87A-A6F8-4B27-985C-983BD65C0A9F}: [DhcpNameServer] 192.168.1.1

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0908&m=et1641-02w

HKU\S-1-5-21-1742146434-640598446-4293121517-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0908&m=et1641-02w

HKU\S-1-5-21-1742146434-640598446-4293121517-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0908&m=et1641-02w

SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW

SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW

SearchScopes: HKU\S-1-5-21-1742146434-640598446-4293121517-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_enUS553

SearchScopes: HKU\S-1-5-21-1742146434-640598446-4293121517-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_enUS553

BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-08-20] (Oracle Corporation)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-16] (AVAST Software)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-16] (Google Inc.)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-20] (Oracle Corporation)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-16] (Google Inc.)

Toolbar: HKU\S-1-5-21-1742146434-640598446-4293121517-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-16] (Google Inc.)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0040-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)

FireFox:

========

FF ProfilePath: C:\Users\Raja\AppData\Roaming\Mozilla\Firefox\Profiles\m0nik5gi.default-1434553743009

FF DefaultSearchEngine.US: Google

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-20] ()

FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-20] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-20] (Oracle Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-31] (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-31] (Google Inc.)

FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-1742146434-640598446-4293121517-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Raja\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)

FF Plugin HKU\S-1-5-21-1742146434-640598446-4293121517-1000: @talk.google.com/O1DPlugin -> C:\Users\Raja\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)

FF Plugin HKU\S-1-5-21-1742146434-640598446-4293121517-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Raja\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)

FF Plugin HKU\S-1-5-21-1742146434-640598446-4293121517-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Raja\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)

FF Plugin HKU\S-1-5-21-1742146434-640598446-4293121517-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)

FF Plugin ProgramFiles/Appdata: C:\Users\Raja\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\Raja\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-09-11]

FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-10]

Chrome:

=======

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR Profile: C:\Users\Raja\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Raja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-10]

CHR Extension: (Google Docs) - C:\Users\Raja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-10]

CHR Extension: (Google Drive) - C:\Users\Raja\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-10]

CHR Extension: (YouTube) - C:\Users\Raja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-10]

CHR Extension: (Google Search) - C:\Users\Raja\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-10]

CHR Extension: (Google Sheets) - C:\Users\Raja\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-10]

CHR Extension: (Google Docs Offline) - C:\Users\Raja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-07]

CHR Extension: (Avast Online Security) - C:\Users\Raja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-10]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Raja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-10]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Raja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-10]

CHR Extension: (Gmail) - C:\Users\Raja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-10]

CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-10]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-16] (AVAST Software)

R2 ETService; C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [24576 2008-06-11] () [File not signed]

S3 GameConsoleService; C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe [165416 2008-05-05] (WildTangent, Inc.)

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)

R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [528256 2012-12-11] (Wacom Technology, Corp.)

S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-08-16] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-08-16] (AVAST Software)

R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-08-16] (AVAST Software)

R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-08-16] (AVAST Software)

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788784 2015-08-16] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433264 2015-08-16] (AVAST Software)

R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [161472 2015-08-16] (AVAST Software)

S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-08-16] (AVAST Software)

R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-08-16] (AVAST Software)

S3 hcwhdpvr; C:\Windows\System32\DRIVERS\hcwhdpvr.sys [161224 2011-10-31] (Hauppauge, Inc.)

R3 hidkmdf; C:\Windows\System32\DRIVERS\hidkmdf.sys [11680 2012-12-03] (Windows ® Win 7 DDK provider)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-09-10] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)

S3 QCDonner; C:\Windows\System32\DRIVERS\LVCD.sys [474304 2004-04-27] (Logitech Inc.)

R3 WacHidRouter; C:\Windows\System32\DRIVERS\wachidrouter.sys [70048 2012-12-03] (Wacom Technology)

R3 wacomrouterfilter; C:\Windows\System32\DRIVERS\wacomrouterfilter.sys [13728 2012-11-15] (Wacom Technology)

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-10 17:12 - 2015-09-10 17:12 - 00017147 _____ C:\Users\Raja\Downloads\FRST.txt

2015-09-10 16:33 - 2015-09-10 17:12 - 00000000 ____D C:\FRST

2015-09-10 16:33 - 2015-09-10 16:33 - 00000000 ____D C:\Users\Raja\Downloads\FRST-OlderVersion

2015-09-09 23:27 - 2015-09-09 23:27 - 00002091 _____ C:\Users\Raja\AppData\Local\recently-used.xbel

2015-09-09 23:22 - 2015-09-09 23:22 - 01660416 _____ C:\Users\Raja\Downloads\AdwCleaner.exe

2015-09-09 23:17 - 2015-09-10 16:33 - 01692672 _____ (Farbar) C:\Users\Raja\Downloads\FRST.exe

2015-09-09 06:30 - 2015-09-09 06:40 - 469590808 _____ C:\Users\Raja\Downloads\xhamster.com_5058864_babe_gets_sensually_sexed_720p.mp4

2015-09-09 03:45 - 2015-08-13 10:15 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys

2015-09-09 03:45 - 2015-08-13 10:15 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys

2015-09-09 03:44 - 2015-09-02 17:26 - 01402368 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll

2015-09-09 03:44 - 2015-09-02 17:26 - 01253376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2015-09-09 03:39 - 2015-07-10 10:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2015-09-09 03:38 - 2015-09-02 17:26 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2015-09-09 03:38 - 2015-09-02 15:55 - 02067456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-09-09 03:38 - 2015-09-02 15:54 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2015-09-09 03:36 - 2015-08-05 11:59 - 00602112 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll

2015-09-08 19:10 - 2015-08-17 13:18 - 01814016 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-09-08 19:10 - 2015-08-17 13:17 - 12388352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-09-08 19:10 - 2015-08-17 13:14 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-09-08 19:10 - 2015-08-17 13:13 - 09751040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-09-08 19:10 - 2015-08-17 13:12 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-09-08 19:10 - 2015-08-17 13:12 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-09-08 19:10 - 2015-08-17 13:11 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-09-08 19:10 - 2015-08-17 13:11 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-09-08 19:10 - 2015-08-17 13:10 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-09-08 19:10 - 2015-08-17 13:10 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-09-08 19:10 - 2015-08-17 13:10 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-09-08 19:10 - 2015-08-17 13:10 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-09-08 19:10 - 2015-08-17 13:10 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2015-09-08 19:10 - 2015-08-17 13:10 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-09-08 19:10 - 2015-08-17 13:10 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-09-08 19:10 - 2015-08-17 13:10 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-09-08 19:10 - 2015-08-17 13:10 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-09-08 19:10 - 2015-08-17 13:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-09-08 19:10 - 2015-08-17 13:10 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2015-09-08 19:10 - 2015-08-17 13:10 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2015-09-08 19:10 - 2015-08-17 13:10 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2015-09-08 19:10 - 2015-08-17 13:09 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-09-08 00:17 - 2015-09-08 00:17 - 00011554 _____ C:\Users\Raja\Documents\Scrap Text.odt

2015-08-23 23:42 - 2015-08-23 23:42 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom

2015-08-20 11:28 - 2015-08-20 11:28 - 00000000 ___RD C:\Program Files\Skype

2015-08-20 11:28 - 2015-08-20 11:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2015-08-20 11:28 - 2015-08-20 11:28 - 00000000 ____D C:\Program Files\Common Files\Skype

2015-08-20 11:25 - 2015-08-20 11:25 - 00000000 ____D C:\Program Files\Common Files\Java

2015-08-20 11:24 - 2015-08-20 11:24 - 00000000 ____D C:\Users\Raja\AppData\Roaming\Sun

2015-08-20 11:24 - 2015-08-20 11:24 - 00000000 ____D C:\Users\Raja\.oracle_jre_usage

2015-08-20 11:20 - 2015-09-10 02:19 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-08-16 21:51 - 2015-08-16 21:51 - 00313472 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2015-08-16 21:51 - 2015-08-16 21:51 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr

2015-08-12 03:37 - 2015-07-21 16:55 - 01206192 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2015-08-12 03:37 - 2015-07-21 12:07 - 03605440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2015-08-12 03:37 - 2015-07-21 12:07 - 03553216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-08-12 03:37 - 2015-07-21 12:07 - 00140224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys

2015-08-12 03:37 - 2015-07-21 12:07 - 00056256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys

2015-08-12 03:37 - 2015-07-21 12:03 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll

2015-08-12 03:37 - 2015-07-21 12:03 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2015-08-12 03:37 - 2015-07-21 12:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll

2015-08-12 03:36 - 2015-07-31 15:27 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

2015-08-12 03:35 - 2015-07-10 15:37 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2015-08-12 03:32 - 2015-07-11 11:56 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2015-08-12 03:19 - 2015-07-18 12:03 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll

2015-08-12 03:07 - 2015-07-31 17:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll

2015-08-12 03:07 - 2015-07-31 17:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll

2015-08-12 03:07 - 2015-07-31 17:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll

2015-08-12 03:07 - 2015-07-31 17:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll

2015-08-12 03:07 - 2015-07-31 16:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2015-08-12 03:07 - 2015-07-31 16:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll

2015-08-12 03:07 - 2015-07-31 16:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

2015-08-12 03:07 - 2015-07-31 16:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2015-08-12 03:07 - 2015-07-31 16:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll

2015-08-12 03:03 - 2015-07-01 11:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll

2015-08-12 03:02 - 2015-07-09 10:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe

2015-08-12 03:02 - 2015-07-09 10:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\notepad.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-10 17:08 - 2015-06-20 02:44 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1742146434-640598446-4293121517-1000UA.job

2015-09-10 16:51 - 2008-09-23 16:52 - 01418512 _____ C:\Windows\WindowsUpdate.log

2015-09-10 16:50 - 2013-09-10 19:59 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-09-10 16:49 - 2013-09-10 19:59 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-09-10 16:47 - 2015-04-10 20:22 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-09-10 16:47 - 2008-09-23 17:01 - 00000000 _____ C:\Windows\system32\LogConfigTemp.xml

2015-09-10 16:47 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-09-10 16:47 - 2006-11-02 08:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2015-09-10 16:47 - 2006-11-02 08:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2015-09-10 16:45 - 2006-11-02 09:01 - 00032580 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2015-09-09 23:27 - 2013-09-10 23:48 - 00000000 ____D C:\Users\Raja\.gimp-2.8

2015-09-09 22:46 - 2013-09-12 00:29 - 00000000 ____D C:\Users\Raja\AppData\Local\gtk-2.0

2015-09-09 22:21 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\rescache

2015-09-09 22:01 - 2006-11-02 08:47 - 00322392 _____ C:\Windows\system32\FNTCACHE.DAT

2015-09-09 07:55 - 2006-11-02 08:37 - 00000000 ____D C:\Program Files\Windows Journal

2015-09-09 03:49 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\Microsoft.NET

2015-09-09 03:44 - 2008-08-16 00:21 - 00000000 ____D C:\ProgramData\Microsoft Help

2015-09-09 03:33 - 2006-11-02 06:33 - 00770974 _____ C:\Windows\system32\PerfStringBackup.INI

2015-09-09 03:28 - 2013-09-11 00:53 - 00000000 ____D C:\Windows\system32\MRT

2015-09-07 15:08 - 2015-06-20 02:44 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1742146434-640598446-4293121517-1000Core.job

2015-09-06 05:04 - 2015-07-02 23:01 - 00000000 ____D C:\Program Files\Mozilla Firefox

2015-09-06 01:10 - 2015-04-10 22:52 - 00001973 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2015-08-31 18:44 - 2015-08-04 03:24 - 00000000 ____D C:\Users\Raja\AppData\Roaming\vlc

2015-08-26 18:36 - 2006-11-02 06:24 - 132039072 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2015-08-23 23:42 - 2006-11-02 08:52 - 00070219 _____ C:\Windows\setupact.log

2015-08-23 23:41 - 2013-09-10 23:38 - 00000000 ____D C:\Program Files\Tablet

2015-08-20 11:28 - 2015-04-10 23:00 - 00001878 _____ C:\Users\Public\Desktop\Skype.lnk

2015-08-20 11:28 - 2013-09-10 21:43 - 00000000 ____D C:\Users\Raja\AppData\Roaming\Skype

2015-08-20 11:28 - 2013-09-10 21:42 - 00000000 ____D C:\ProgramData\Skype

2015-08-20 11:24 - 2013-09-10 22:24 - 00000000 ____D C:\Users\Raja

2015-08-20 11:23 - 2014-01-27 17:01 - 00097888 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2015-08-20 11:23 - 2014-01-27 17:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2015-08-20 11:22 - 2014-01-27 17:00 - 00000000 ____D C:\Program Files\Java

2015-08-20 11:20 - 2013-09-22 17:02 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2015-08-20 11:20 - 2013-09-22 17:02 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2015-08-20 10:49 - 2008-01-20 22:47 - 00344734 _____ C:\Windows\PFRO.log

2015-08-16 21:51 - 2015-07-25 12:24 - 00161472 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys

2015-08-16 21:51 - 2015-04-10 20:22 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys

2015-08-16 21:51 - 2013-09-10 20:37 - 00433264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys

2015-08-16 21:51 - 2013-09-10 20:37 - 00208664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys

2015-08-16 21:51 - 2013-09-10 20:37 - 00076000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2015-08-16 21:51 - 2013-09-10 20:37 - 00057888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys

2015-08-16 21:51 - 2013-09-10 20:37 - 00055200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys

2015-08-16 21:51 - 2013-09-10 20:37 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys

2015-08-16 21:50 - 2013-09-10 20:37 - 00788784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2015-08-13 20:19 - 2013-09-12 00:11 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR

2015-08-12 03:39 - 2006-11-02 08:37 - 00000000 ____D C:\Windows\system32\XPSViewer

==================== Files in the root of some directories =======

2015-06-17 09:43 - 2015-06-17 09:43 - 6420480 _____ () C:\Program Files\GUTA840.tmp

2013-10-22 19:44 - 2015-07-12 04:00 - 0013312 _____ () C:\Users\Raja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-09-09 23:27 - 2015-09-09 23:27 - 0002091 _____ () C:\Users\Raja\AppData\Local\recently-used.xbel

Some files in TEMP:

====================

C:\Users\Raja\AppData\Local\Temp\jre-8u40-windows-au.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-09-10 16:53

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version:10-09-2015

Ran by Raja (2015-09-10 17:13:12)

Running from C:\Users\Raja\Downloads

Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2008-09-23 20:57:05)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1742146434-640598446-4293121517-500 - Administrator - Disabled)

Guest (S-1-5-21-1742146434-640598446-4293121517-501 - Limited - Disabled)

Raja (S-1-5-21-1742146434-640598446-4293121517-1000 - Administrator - Enabled) => C:\Users\Raja

UpdatusUser (S-1-5-21-1742146434-640598446-4293121517-1004 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)

Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden

Adobe AIR (HKLM\...\Adobe AIR) (Version: 18.0.0.199 - Adobe Systems Incorporated)

Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)

Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)

Adobe Reader X (10.1.4) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)

Avast Free Antivirus (HKLM\...\avast) (Version: 10.3.2225 - AVAST Software)

Bamboo Dock (HKLM\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)

Bamboo Dock (Version: 4.1.0 - Wacom Europe GmbH) Hidden

Canon MP Navigator EX 2.1 (HKLM\...\MP Navigator EX 2.1) (Version: - )

Canon MX330 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX330_series) (Version: - )

Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

CyberLink LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.0.3111 - CyberLink Corp.)

CyberLink Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.5.4316 - CyberLink Corp.)

Digital Media Reader (HKLM\...\InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}) (Version: 2.01.03.01 - AlcorMicro)

Digital Media Reader (Version: 2.01.03.01 - AlcorMicro) Hidden

eMachines Games (HKLM\...\WildTangent emachines Master Uninstall) (Version: 1.0.0.52 - WildTangent)

eMachines Recovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.1.3003 - Acer Incorporated)

GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)

Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)

Google Desktop (HKLM\...\Google Desktop) (Version: 5.7.0808.07150 - Google)

Google Talk Plugin (HKLM\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)

Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)

Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.28.13 - Google Inc.) Hidden

Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)

Java 8 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)

Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)

Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)

Mozilla Firefox 40.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )

NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)

NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)

OpenOffice 4.1.1 (HKLM\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)

Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)

Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5643 - Realtek Semiconductor Corp.)

Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)

SketchUp 2013 (HKLM\...\{B75BC01B-4586-43F8-9349-D250DB98F26F}) (Version: 13.0.4812 - Trimble Navigation Limited)

Skype™ 7.8 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)

Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F40&SUBSYS_200014F1) (Version: - )

Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)

Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.2-1 - Wacom Technology Corp.)

WebTablet FB Plugin 32 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)

WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.1 - Ruiware)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Raja\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Raja\AppData\Local\Google\Update\1.3.27.5\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Raja\AppData\Local\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Raja\AppData\Local\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{30A2652A-DDF7-45e7-ACA6-3EAB26FC8A4E}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Raja\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{41662FC2-0D57-4aff-AB27-AD2E12E7C273}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{448BB771-CFE2-47C4-BCDF-1FBF378E202C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Raja\AppData\Local\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Raja\AppData\Local\Google\Update\1.3.28.1\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Raja\AppData\Local\Google\Update\1.3.28.13\psuser.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{7B342DC4-139A-4a46-8A93-DB0827CCEE9C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\ooofilt.dll (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{7FA8AE11-B3E3-4D88-AABF-255526CD1CE8}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{82154420-0FBF-11d4-8313-005004526AB4}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Raja\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\propertyhdl.dll (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Raja\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Raja\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{D2D59CD1-0A6A-4D36-AE20-47817077D57C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{E5A0B632-DFBA-4549-9346-E414DA06E6F8}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Raja\AppData\Local\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Raja\AppData\Local\Google\Update\1.3.28.13\psuser.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{EE5D1EA4-D445-4289-B2FC-55FC93693917}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1000_Classes\CLSID\{F616B81F-7BB8-4F22-B8A5-47428D59F8AD}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Raja\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.27.5\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Raja\AppData\Local\Google\Update\1.3.28.1\GoogleUpdateOnDemand.exe" No File

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Raja\AppData\Local\Google\Update\1.3.28.1\GoogleUpdateOnDemand.exe" No File

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{30A2652A-DDF7-45e7-ACA6-3EAB26FC8A4E}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Google Talk Plugin\googletalkax.dll No File

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{41662FC2-0D57-4aff-AB27-AD2E12E7C273}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{448BB771-CFE2-47C4-BCDF-1FBF378E202C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Raja\AppData\Local\Google\Update\1.3.28.1\GoogleUpdateOnDemand.exe" No File

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.28.1\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{7B342DC4-139A-4a46-8A93-DB0827CCEE9C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\ooofilt.dll (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{7FA8AE11-B3E3-4D88-AABF-255526CD1CE8}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{82154420-0FBF-11d4-8313-005004526AB4}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Google Talk Plugin\o1dax.dll No File

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\propertyhdl.dll (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll No File

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll No File

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{D2D59CD1-0A6A-4D36-AE20-47817077D57C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{E5A0B632-DFBA-4549-9346-E414DA06E6F8}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Raja\AppData\Local\Google\Update\1.3.28.1\GoogleUpdateOnDemand.exe" No File

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.28.1\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{EE5D1EA4-D445-4289-B2FC-55FC93693917}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-1742146434-640598446-4293121517-1004_Classes\CLSID\{F616B81F-7BB8-4F22-B8A5-47428D59F8AD}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)

==================== Restore Points =========================

07-07-2015 02:18:46 Windows Update

09-07-2015 18:49:32 Scheduled Checkpoint

10-07-2015 16:33:56 Windows Update

13-07-2015 14:47:13 Scheduled Checkpoint

14-07-2015 02:07:28 Windows Update

15-07-2015 18:51:18 Windows Update

16-07-2015 12:39:13 Installed Microsoft Fix it 50052

21-07-2015 01:44:59 Windows Update

21-07-2015 02:00:25 Windows Update

24-07-2015 02:06:16 Windows Update

24-07-2015 21:40:50 Scheduled Checkpoint

25-07-2015 12:22:52 avast! antivirus system restore point

25-07-2015 17:08:18 Device Driver Package Install: Hauppauge, Inc. Sound, video and game controllers

25-07-2015 17:24:46 Installed ShowBiz

28-07-2015 01:58:26 Windows Update

28-07-2015 02:20:44 Revo Uninstaller's restore point - ArcSoft ShowBiz

28-07-2015 02:22:18 Removed ShowBiz

28-07-2015 02:58:25 Revo Uninstaller's restore point - ArcSoft ShowBiz

28-07-2015 02:59:37 Revo Uninstaller's restore point - ArcSoft ShowBiz

28-07-2015 03:05:27 Removed ShowBiz

28-07-2015 03:11:38 Revo Uninstaller's restore point - Vectorian Giotto 3.0.0

03-08-2015 17:25:21 Windows Update

07-08-2015 18:21:49 Windows Update

12-08-2015 00:25:47 Windows Update

12-08-2015 03:01:45 Windows Update

14-08-2015 21:12:36 Scheduled Checkpoint

16-08-2015 21:49:38 avast! antivirus system restore point

20-08-2015 10:58:53 Windows Update

23-08-2015 22:21:25 Windows Update

27-08-2015 15:04:07 Windows Update

30-08-2015 18:16:06 Windows Update

06-09-2015 00:51:41 Windows Update

09-09-2015 03:01:39 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 06:23 - 2006-09-18 17:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {27480592-B27A-46F0-91E5-369579613BE0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)

Task: {29F5E7EF-13C3-4025-92F0-2DAC96BB26D0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1742146434-640598446-4293121517-1000UA => C:\Users\Raja\AppData\Local\Google\Update\GoogleUpdate.exe [2015-06-17] (Google Inc.)

Task: {37C6230A-B329-4051-B73F-9CF31B85C551} - System32\Tasks\{305AE42E-B4EF-48B8-BCDE-B9395205BF20} => pcalua.exe -a D:\install.exe -d D:\

Task: {3D06BA25-38BB-4BB2-81FB-012929F21548} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1742146434-640598446-4293121517-1000Core => C:\Users\Raja\AppData\Local\Google\Update\GoogleUpdate.exe [2015-06-17] (Google Inc.)

Task: {68DD15ED-8DED-441B-B7C7-87C296B15EFB} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)

Task: {B05983CC-E9B9-4755-AE8B-53F025E67BF5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-20] (Adobe Systems Incorporated)

Task: {CE69E5A4-EF5D-418E-926F-82F819270946} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)

Task: {EF7C5191-519D-45F4-B393-C3D46A445915} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-16] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1742146434-640598446-4293121517-1000Core.job => C:\Users\Raja\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1742146434-640598446-4293121517-1000UA.job => C:\Users\Raja\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-04-10 20:21 - 2015-08-16 21:51 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll

2015-04-10 20:21 - 2015-08-16 21:51 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

2015-09-10 16:32 - 2015-09-10 16:32 - 02962944 _____ () C:\Program Files\AVAST Software\Avast\defs\15091001\algo.dll

2008-09-23 17:00 - 2008-06-11 14:18 - 00024576 _____ () C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe

2008-09-23 17:00 - 2008-09-23 17:00 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3009.0__14bcaafdb44b5951\Framework.Model.Controller.dll

2008-09-23 17:00 - 2008-09-23 17:00 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3009.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll

2008-09-23 17:00 - 2008-09-23 17:00 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll

2008-09-23 17:00 - 2008-09-23 17:00 - 00015360 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3009.0__672b450de5a7e94a\Framework.Host.dll

2008-09-23 17:00 - 2008-09-23 17:00 - 00006144 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3009.0__9ecdf03bb2054f94\Framework.PluginInterface.dll

2008-09-23 17:00 - 2008-09-23 17:00 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll

2012-10-16 05:39 - 2012-10-16 05:39 - 00646744 _____ () C:\Program Files\Bamboo Dock\BambooCore.exe

2012-10-16 05:39 - 2012-10-16 05:39 - 00060504 _____ () C:\Program Files\Bamboo Dock\BambooWinTab.dll

2013-11-04 21:11 - 2015-04-10 20:21 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2013-09-10 23:38 - 2012-12-11 13:07 - 00963456 _____ () C:\Program Files\Tablet\Pen\libxml2.dll

2013-09-12 00:11 - 2013-09-12 00:11 - 00225792 _____ () C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1742146434-640598446-4293121517-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\img23.jpg

HKU\S-1-5-21-1742146434-640598446-4293121517-1004\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg

DNS Servers: 192.168.1.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe

FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe

FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe

FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe

FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe

FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe

FirewallRules: [{AC967495-BF5C-4FAC-BE81-D1930CBCAD46}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe

FirewallRules: [{D347C07D-B641-4F74-9A37-B990B90FF1AF}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

FirewallRules: [{72EFED56-D021-437F-935B-C36FE708F5F8}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

FirewallRules: [{394F95E4-FA95-41C3-90B5-A3E510193619}] => (Allow) LPort=80

FirewallRules: [{FBCC46A1-111B-41D8-B486-049C7FB8916A}] => (Allow) LPort=80

FirewallRules: [{3C6BFE8B-7DC5-4437-B793-8B503FA7A1D2}] => (Allow) LPort=80

FirewallRules: [{B0751E89-A97C-4599-9A38-1FE66AD0E082}] => (Allow) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

FirewallRules: [{8F9756C3-BDA2-4D34-A84C-53CD4F814ECC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

FirewallRules: [{6ED6CF0A-7214-4EF5-BB07-A982A9734578}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

FirewallRules: [{A0717BC3-0078-469D-A08F-639721617C33}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (09/10/2015 04:47:48 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2015 04:30:59 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/09/2015 10:02:24 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/09/2015 03:26:58 AM) (Source: Perflib) (EventID: 1008) (User: )

Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (09/09/2015 03:26:55 AM) (Source: Perflib) (EventID: 1010) (User: )

Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (09/08/2015 06:31:23 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application jucheck.exe, version 2.8.60.27, time stamp 0x55c116b1, faulting module jucheck.exe, version 2.8.60.27, time stamp 0x55c116b1, exception code 0x40000015, fault offset 0x00052d24,

process id 0x9c8, application start time 0xjucheck.exe0.

Error: (09/08/2015 06:23:16 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/07/2015 11:26:28 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application jucheck.exe, version 2.8.60.27, time stamp 0x55c116b1, faulting module jucheck.exe, version 2.8.60.27, time stamp 0x55c116b1, exception code 0x40000015, fault offset 0x00052d24,

process id 0x17f0, application start time 0xjucheck.exe0.

Error: (09/07/2015 11:13:31 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/06/2015 12:41:00 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:

=============

Error: (09/10/2015 04:44:31 PM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: 2Reboot the machinePlug and Play%%1190

Error: (09/10/2015 04:44:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Plug and Play1600002Reboot the machine

Error: (09/10/2015 04:44:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: DCOM Server Process Launcher1600002Reboot the machine

Error: (09/09/2015 03:44:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Windows Search%%1053

Error: (09/09/2015 03:44:38 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: 30000Windows Search

Error: (09/09/2015 03:38:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Windows Search%%1053

Error: (09/09/2015 03:38:15 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: 30000Windows Search

Error: (09/09/2015 03:38:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Windows Search%%1053

Error: (09/09/2015 03:38:15 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: 30000Windows Search

Error: (09/09/2015 03:38:15 AM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Microsoft Office:

=========================

CodeIntegrity:

===================================

Date: 2015-09-10 16:48:48.613

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-09-10 16:31:27.579

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-09-10 03:10:59.280

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-09-10 03:10:58.454

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-09-10 03:10:57.580

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-09-10 03:10:56.847

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-09-10 03:10:56.020

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-09-10 03:10:55.256

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-09-10 03:01:39.125

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-09-10 00:32:25.821

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Celeron® CPU E1400 @ 2.00GHz

Percentage of memory in use: 76%

Total physical RAM: 1790.51 MB

Available physical RAM: 420.5 MB

Total Virtual: 3832.45 MB

Available Virtual: 2094.14 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:288.09 GB) (Free:180.37 GB) NTFS ==>[drive with boot components (obtained from BCD)]

Drive e: () (Removable) (Total:1.83 GB) (Free:0.21 GB) FAT

Drive i: () (Removable) (Total:7.44 GB) (Free:7.04 GB) FAT32

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 298.1 GB) (Disk ID: 74ED8122)

Partition 1: (Not Active) - (Size=10 GB) - (Type=27)

Partition 2: (Active) - (Size=288.1 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================

Disk: 2 (Size: 1.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

AdvancedSetup · September 11, 2015

For the IP block please see the following which should correct that issue.

https://forums.malwarebytes.org/index.php?/topic/172652-read-me-seeing-9224214021-blocks-read-me-please/

Then if you want we can continue to look at other possible issues as the logs do indicate the computer could probably use at least some minor clean up.

Fix the DNS issue then let us know if you want to continue to look for other possible malware on the system.

Thank you

RajaTheOracle · September 11, 2015

Hi, and thank you for responding. I just re-adjusted my settings to use Google's DNS. The pop-ups seem to have stopped for the time being, I didn't think the change would be that abrupt. If you could, it would be great to see if any malware is present, my system hasn't been looked at in a while.

AdvancedSetup · September 11, 2015

Okay, no problem.

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:

If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.

Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.

Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
If the log is too large then you can use attachments by clicking on the More Reply Options button.
Please enable your system to show hidden files: How to see hidden files in Windows
Make sure you're subscribed to this topic:
- Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
[*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)

STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.

Link 1

Link 2

On Windows XP double-click on the Rkill desktop icon to run the tool.
On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer, you will need to run the application again.

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Please download ERUNT from one of the following links: Link1 | Link2 | Link3
ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
Double click on erunt-setup.exe to Install ERUNT by following the prompts.
NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
Choose a location for the backup.
- Note: the default location is C:\Windows\ERDNT which is acceptable.
[*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

STEP 02
Please run a Threat Scan with MBAM. If you're unable to run or complete the scan as shown below please see the following: MBAM Clean Removal Process 2x
When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

RajaTheOracle · September 11, 2015

Alright, it looks clear to me. It is a bit late for me however, so I will have to return to this topic in about 12-16 hours or so. Thanks for your help so far, and I look forward to resuming this tomorrow. I imagine it is alright to shut down the CPU for now, and just post on the topic again when ready?

AdvancedSetup · September 11, 2015

No problem but during the weekend reply times make take a while. Thanks

RajaTheOracle · September 12, 2015

Alright, I'm going to try getting started with this again. I performed the RKill operation without too much of a hitch, but in Step 01 with ERUNT, it doesn't give me the option to decline adding an entry to the startup folder, and the directory my computer is saving it to is program files instead of Windows. Is it ok to proceed with the set up anyway?

AdvancedSetup · September 14, 2015

No rush just checking in. Post back the logs when ready.

Thanks

RajaTheOracle · September 16, 2015

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 9/16/2015

Scan Time: 1:51:54 PM

Logfile:

Administrator: Yes

Version: 2.1.8.1057

Malware Database: v2015.09.16.04

Rootkit Database: v2015.08.16.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows Vista Service Pack 2

CPU: x86

File System: NTFS

User: Raja

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 348407

Time Elapsed: 15 min, 8 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

(end)

AdvancedSetup · September 17, 2015

Looks good so far, Please go ahead and run through the following steps and post back the logs when ready.

STEP 04
Please download Junkware Removal Tool to your desktop.

Shutdown your antivirus to avoid any conflicts.
Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next reply message
When completed make sure to re-enable your antivirus

STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
When it's done you'll see: Pending: Please uncheck elements you don't want removed.
Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Look over the log especially under Files/Folders for any program you want to save.
If there's a program you may want to save, just uncheck it from AdwCleaner.
If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
If you're ready to clean it all up.....click the Clean button.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
To restore an item that has been deleted:
Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

STEP 07

Please go here to run the online antivirus scannner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked
Click on Advanced Settings and ensure these options are ticked:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
[*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

Double-click to run it. When the tool opens click Yes to disclaimer.
Press the Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

RajaTheOracle · September 23, 2015

Hey, sorry about the late reply. I've been trying to complete Step 06, but now Malwarebytes won't complete any updates to continue its scan. It just loops while updating over and over. Any insight into this?

AdvancedSetup · September 23, 2015

Please skip the MBAM portion for now then and we'll get back to it. Please proceed with the other steps.

Thanks

RajaTheOracle · September 24, 2015

Ok, here are the logs; didn't indicate any detections from what I saw, but my computer has been trying to redirect me to random sites and Malwarebytes has been blocking it from doing so for a few days now:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 7.6.2 (09.14.2015:1)

OS: Windows Vista Home Premium x86

Ran by Raja on Sun 09/20/2015 at 18:26:39.90

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

~~~ Registry Values

~~~ Registry Keys

~~~ Files

Successfully deleted: [File] C:\Program Files\GUTA840.tmp

Successfully deleted: [File] C:\Users\Public\Desktop\ebay.lnk

Successfully deleted: [File] C:\Users\Raja\Appdata\Local\google\chrome\user data\default\local storage\hxxp_www.azlyrics.com_0.localstorage

Successfully deleted: [File] C:\Users\Raja\Appdata\Local\google\chrome\user data\default\local storage\hxxp_www.azlyrics.com_0.localstorage-journal

~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Raja\Appdata\Local\{4E8386F6-4403-4D95-94E4-54689F62C57F}

Successfully deleted: [Folder] C:\Program Files\bigfix

~~~ Chrome

[C:\Users\Raja\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Raja\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Raja\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Raja\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:

[]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 09/20/2015 at 18:31:55.21

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v5.008 - Logfile created 20/09/2015 at 18:52:57

# Updated 18/09/2015 by Xplode

# Database : 2015-09-20.1 [server]

# Operating system : Windows Vista Home Premium Service Pack 2 (x86)

# Username : Raja - RAJA-PC

# Running from : C:\Users\Raja\Downloads\AdwCleaner (1).exe

# Option : Scan

# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

Folder Found : C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}

***** [ Files ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

***** [ Web browsers ] *****

[C:\Users\Raja\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Found : aol.com

[C:\Users\Raja\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Found : ask.com

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [977 bytes] ##########

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:23-09-2015

Ran by Raja (administrator) on RAJA-PC (24-09-2015 17:08:52)