Jump to content

constant Malicious Website Blocked messages preventing Internet connection


VWiemer

Recommended Posts

I am experiencing constant pop-ups from Malwarebytes Anti-Malware blocking malicious websites with different outbound and inbound IP addresses.  Cannot connect to the Internet.  Have run Anti-Malware Premium as well as Anti-Rootkit beta and IObit Malware Fighter with no problems detected.  Per the pinned forum instructions I downloaded Farbar Recovery Scan Tool (on another machine), installed via flash drive and ran.  Here are the FRST and Addition scan logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:19-11-2015
Ran by VWiemer (administrator) on PC08 (19-11-2015 15:40:43)
Running from C:\Users\VWiemer\Desktop
Loaded Profiles: VWiemer (Available Profiles: VWiemer & Administrator)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
(Smith Micro Software, Inc.) C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
() C:\Program Files\Synergy\synergyd.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Program Files\Synergy\synergyc.exe
(IObit) C:\Program Files\IObit\Smart Defrag 4\SmartDefrag.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Smith Micro Software, Inc.) C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
(Broadcom Corporation) C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Microsoft) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(PFU LIMITED) C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe
(© 2015 Microsoft Corporation) C:\Users\VWiemer\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(PFU LIMITED) C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFTips.exe
(IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASC.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [249856 2009-06-19] (Alps Electric Co., Ltd.)
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [458844 2009-07-31] (IDT, Inc.)
HKLM\...\Run: [DellControlPoint] => C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe [657920 2009-11-02] (Dell Inc.)
HKLM\...\Run: [DellConnectionManager] => C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe [1845248 2009-12-22] (Smith Micro Software, Inc.)
HKLM\...\Run: [WavXMgr] => C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [147328 2010-01-05] (Wave Systems Corp.)
HKLM\...\Run: [uSCService] => C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [34232 2010-01-05] (Broadcom Corporation)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [203776 2009-11-12] (Microsoft)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-29] (Microsoft Corporation)
HKLM\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1667072 2012-02-28] (AimerSoft)
HKLM\...\Run: [vdultimate_chrome] => C:\ProgramData\VideoDownloaderUltimate\Chrome\vdultimate.exe [954368 2014-03-17] (Link64 GmbH)
HKLM\...\Run: [scanSnap WIA Service Checker] => C:\Windows\SSDriver\fi5110\SsWiaChecker.exe [86016 2009-09-30] (PFU LIMITED)
HKLM\...\Run: [iObit Malware Fighter] => C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [5889824 2015-07-28] (IObit)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-3114991621-3823406564-3885859241-1136\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-12-22] (Google Inc.)
HKU\S-1-5-21-3114991621-3823406564-3885859241-1136\...\Run: [Advanced SystemCare 8] => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit)
HKU\S-1-5-21-3114991621-3823406564-3885859241-1136\...\Run: [bingSvc] => C:\Users\VWiemer\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3114991621-3823406564-3885859241-1136\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [220672 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Advanced SystemCare 7] => C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe [2281248 2014-08-22] (IObit)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll [2009-11-24] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [uninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll [2009-11-24] (Wave Systems Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk [2010-04-09]
ShortcutTarget: Dell ControlPoint System Manager.lnk -> C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk [2014-08-22]
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TdmNotify.lnk [2010-04-09]
ShortcutTarget: TdmNotify.lnk -> C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2010-10-07] (Apple Inc.)
Tcpip\..\Interfaces\{1EF1A17C-D0BC-49C1-9ED3-F7484FC16A34}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{1F63025A-38DD-4AA3-8EED-AEEC0A328F39}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3114991621-3823406564-3885859241-1136\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-3114991621-3823406564-3885859241-1136\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USREL/1
HKU\S-1-5-21-3114991621-3823406564-3885859241-1136\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.google.com/?gws_rd=ssl
hxxp://tulsa.lib.overdrive.com/249E6CE2-5AFB-43EC-99F4-50859BF355C2/10/50/en/Default.htm
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {6C0EAA0D-645E-447B-806E-F49AE7B08855} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3114991621-3823406564-3885859241-1136 -> URL hxxp://search.conduit.com/Results.aspx?ctid=CT3323913&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP6AFD0135-6632-4B2F-8091-26B46B17B7D7&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3114991621-3823406564-3885859241-1136 -> {6C0EAA0D-645E-447B-806E-F49AE7B08855} URL = hxxp://www.bing.com/search?FORM=SL5LDF&PC=SL5L&q={searchTerms}&src=IE-SearchBox
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-09-18] (IObit)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-10-08] (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll [2014-06-11] (Adblock)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-25] (Google Inc.)
BHO: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2015-04-01] (IObit)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-08] (Oracle Corporation)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-25] (Google Inc.)
Toolbar: HKU\S-1-5-21-3114991621-3823406564-3885859241-1136 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-25] (Google Inc.)
DPF: {BB28FF6E-2BF3-4897-9931-7CDFFAF09670} hxxp://192.168.0.4:8081/cgi-bin/design/html_template/WebACS.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\VWiemer\AppData\Roaming\Mozilla\Firefox\Profiles\5djs878i.default-1440426407054
FF Homepage: hxxp://www.rotaryswing.com/golf-instruction/video/groups/member-home.php?id=135765&page=page-1#
hxxps://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-25] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1218158.dll [2015-04-17] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-08] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2010-06-01] (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-25] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-25] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3114991621-3823406564-3885859241-1136: @citrixonline.com/appdetectorplugin -> C:\Users\VWiemer\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-10-23] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\VWiemer\AppData\Roaming\Mozilla\Firefox\Profiles\5djs878i.default-1440426407054\Extensions\ascsurfingprotection@iobit.com [2015-08-25] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-11-17] [not signed]

Chrome:
=======
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\41.0.2272.118\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\41.0.2272.118\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\41.0.2272.118\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll => No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll => No File
CHR Profile: C:\Users\VWiemer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Store) - C:\Users\VWiemer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2015-08-25]
CHR Extension: (Store) - C:\Users\VWiemer\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2014-03-13]
CHR Extension: (Ads Removal) - C:\Users\VWiemer\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen [2014-08-25]
CHR Extension: (Store) - C:\Users\VWiemer\AppData\Local\Google\Chrome\User Data\Default\Extensions\geeljcibkkackafmeepgadbfgmpjmdeg [2014-02-15]
CHR Extension: (Google Wallet) - C:\Users\VWiemer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-13]
CHR HKU\S-1-5-21-3114991621-3823406564-3885859241-1136\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3114991621-3823406564-3885859241-1136\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hknpjpodmmapnfjhnblgmalmaanpajhc] - <no Path\update_url>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [821024 2015-08-05] (IObit)
R2 buttonsvc32; C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe [278304 2009-11-20] (Dell Inc.)
R2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [812448 2009-12-17] (Broadcom Corporation)
R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [27040 2009-12-17] (Broadcom Corporation)
R2 dcpsysmgrsvc; c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [386848 2009-12-10] (Dell Inc.)
R2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [882464 2015-07-17] (IObit)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-21] (IObit)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1032192 2009-11-18] (Wave Systems Corp.) [File not signed]
R2 SMManager; C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [77312 2009-12-22] (Smith Micro Software, Inc.) [File not signed]
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\STacSV.exe [221266 2009-07-31] (IDT, Inc.)
R2 Synergy; C:\Program Files\Synergy\synergyd.exe [295616 2015-03-21] ()
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] () [File not signed]
R2 TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [1148264 2009-11-24] (Wave Systems Corp.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S2 Synergy+ Client; no ImagePath

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2009-10-30] (Broadcom Corporation)
S3 CYUSB; C:\Windows\System32\Drivers\vploader.sys [16768 2006-04-16] (anchor chips) [File not signed]
S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2009-07-13] (Microsoft Corporation)
R3 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [21480 2015-03-25] (IObit)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-05-13] (REALiX)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-11-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S3 MIUSB2; C:\Windows\System32\Drivers\miusb2.sys [12989 2006-04-16] (cypress semiconductor) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [28632 2009-09-21] (Intel Corporation ) [File not signed]
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7523840 2014-06-02] (Intel Corporation)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
S3 QtsDongle; C:\Windows\System32\qtsusk.sys [10752 2006-10-31] (MicroWorks, Inc.)
R3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [32288 2015-03-25] (IObit.com)
S3 risdpcie; C:\Windows\system32\DRIVERS\risdpe86.sys [49152 2009-06-30] (REDC)
S3 rixdpcie; C:\Windows\system32\DRIVERS\rixdpe86.sys [38400 2009-07-04] (REDC)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2014-06-04] (IObit)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [25768 2015-08-24] (Synaptics Incorporated)
R3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [20944 2015-03-25] (IObit.com)
R2 WavxDMgr; C:\Windows\System32\DRIVERS\WavxDMgr.sys [211328 2010-01-05] (Wave Systems Corp.)
R3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [27496 2013-01-25] (Wondershare)
R3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [27496 2013-01-25] (Wondershare)
R3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [27496 2013-01-25] (Wondershare)
R3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [27496 2013-01-25] (Wondershare)
R3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [27496 2013-01-25] (Wondershare)
R3 WsAudio_DeviceS(1); C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [25704 2010-02-23] (Wondershare)
R3 WsAudio_DeviceS(2); C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [25704 2010-02-23] (Wondershare)
R3 WsAudio_DeviceS(3); C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [25704 2010-02-23] (Wondershare)
R3 WsAudio_DeviceS(4); C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [25704 2010-02-23] (Wondershare)
R3 WsAudio_DeviceS(5); C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys [25704 2010-02-23] (Wondershare)
S2 aswFsBlk; no ImagePath
S1 aswRdr; no ImagePath
S1 aswSP; no ImagePath
S3 catchme; no ImagePath
S3 NvtSp50; System32\Drivers\NvtSp50.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-19 15:40 - 2015-11-19 15:41 - 00024846 _____ C:\Users\VWiemer\Desktop\FRST.txt
2015-11-19 15:40 - 2015-11-19 15:33 - 01391104 _____ (Farbar) C:\Users\VWiemer\Desktop\frst.exe
2015-11-19 15:36 - 2015-11-19 15:40 - 00000000 ____D C:\FRST
2015-11-19 15:36 - 2015-11-19 15:36 - 00000794 _____ C:\Windows\setupact.log
2015-11-19 15:36 - 2015-11-19 15:36 - 00000000 _____ C:\Windows\setuperr.log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-19 15:40 - 2009-07-13 22:34 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-19 15:40 - 2009-07-13 22:34 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-19 15:39 - 2010-04-09 11:25 - 00786474 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-19 15:32 - 2009-07-13 22:55 - 01549111 _____ C:\Windows\WindowsUpdate.log
2015-11-19 15:27 - 2015-10-08 11:40 - 00000000 ____D C:\Users\VWiemer\Desktop\mbar
2015-11-19 15:27 - 2015-10-08 11:40 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-11-19 15:11 - 2014-11-17 10:18 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-19 14:46 - 2014-06-05 12:44 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-19 14:45 - 2012-10-10 09:53 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-19 14:26 - 2014-06-05 12:45 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-19 14:15 - 2015-06-29 09:41 - 00002133 _____ C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-11-19 14:08 - 2013-12-23 16:15 - 65105920 _____ C:\Windows\system32\config\SOFTWARE.iobit
2015-11-19 14:08 - 2013-12-23 16:15 - 45436928 _____ C:\Windows\system32\config\components.iobit
2015-11-19 14:08 - 2013-12-23 16:15 - 00262144 _____ C:\Windows\system32\config\DEFAULT.iobit
2015-11-19 14:08 - 2013-12-23 16:15 - 00065536 _____ C:\Windows\system32\config\SAM.iobit
2015-11-19 14:08 - 2013-12-23 16:15 - 00032768 _____ C:\Windows\system32\config\SECURITY.iobit
2015-11-19 13:59 - 2011-06-15 10:25 - 00000000 _____ C:\Users\VWiemer\AppData\Local\WavXMapDrive.bat
2015-11-19 13:58 - 2009-07-13 22:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-04 12:04 - 2014-02-12 08:39 - 00000000 ____D C:\ProgramData\ProductData
2015-10-22 20:14 - 2015-08-24 10:50 - 00002096 _____ C:\Users\Public\Desktop\Driver Booster 2.lnk

==================== Files in the root of some directories =======

2011-06-15 10:25 - 2015-11-19 13:59 - 0000000 _____ () C:\Users\VWiemer\AppData\Local\WavXMapDrive.bat

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-11-04 12:45

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:19-11-2015
Ran by VWiemer (2015-11-19 15:41:25)
Running from C:\Users\VWiemer\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2010-04-09 18:42:18)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3945309531-1710642515-3202623932-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-3945309531-1710642515-3202623932-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Out of date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Out of date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Enabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AccuSport_vSeries_V2.4.7 (HKLM\...\AccuSport_vSeries) (Version: V2.4.7 - AccuSport)
Adobe Digital Editions 3.0 (HKLM\...\Adobe Digital Editions 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
Advanced SystemCare 8 (HKLM\...\Advanced SystemCare 8_is1) (Version: 8.4.0 - IObit)
Aimersoft DRM Media Converter(Build 1.6.0.0) (HKLM\...\Aimersoft DRM Media Converter_is1) (Version:  - Aimersoft Software)
Bing Bar (HKLM\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
BioAPI Framework (Version: 1.0.1 - Dell Inc.) Hidden
Bonjour (HKLM\...\{2A981294-F14C-4F0F-9627-D793270922F8}) (Version: 2.0.4.0 - Apple Inc.)
Cable Master (HKLM\...\Cable Master) (Version:  - )
Cable Master 2.5 (HKLM\...\Cable Master 2.5) (Version:  - )
Cable Master Fix (HKLM\...\Cable Master Fix) (Version:  - )
calibre (HKLM\...\{48C84341-E4F7-42EC-BED5-7A5CAA3291F5}) (Version: 1.33.0 - Kovid Goyal)
Circuit Master (HKLM\...\Circuit Master) (Version:  - )
Circuit Master Fix (HKLM\...\Circuit Master Fix) (Version:  - )
Citrix Online Launcher (HKLM\...\{307ECD26-43D7-4AD4-82CF-794B63EDF096}) (Version: 1.0.141 - Citrix)
DCP32MMWrapper (Version: 1.6.453.66 - Broadcom Corporation) Hidden
Dell Backup and Recovery Manager (HKLM\...\{8DD67529-BA26-4D12-97A8-3853D0C4B67D}) (Version: 1.2.1 - Dell Inc.)
Dell Control Point (Version: 1.6.453.66 - Broadcom Corporation) Hidden
Dell ControlPoint Connection Manager (HKLM\...\{284D3B99-E8F5-4411-A7DD-7072EFCF3A46}) (Version: 1.4.0 - Dell Inc.)
Dell ControlPoint Security Manager (HKLM\...\{F4487649-7368-4217-AEA3-1E04DB3E2C5C}) (Version: 1.6.453.66 - Dell Inc.)
Dell ControlPoint System Manager (HKLM\...\{057159C5-3B94-4E36-9271-11615618CACE}) (Version: 1.4.00000 - Dell Inc.)
Dell ControlVault Host Components Installer (Version: 1.7.450.290 - Broadcom Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Dell Embassy Trust Suite by Wave Systems (Version: 03.05.00.079 - Wave Systems Corp) Hidden
Dell Security Device Driver Pack (HKLM\...\{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}) (Version: 1.4.050 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.2.101.230 - ALPS ELECTRIC CO., LTD.)
Document Manager Lite (Version: 06.09.00.147 - Wave Systems Corp.) Hidden
Driver Booster 2.4 (HKLM\...\Driver Booster_is1) (Version: 2.4 - IObit)
EMBASSY Security Center (Version: 04.00.00.071 - Wave Systems Corp) Hidden
EMBASSY Security Setup (Version: 04.00.00.058 - Wave Systems Corp) Hidden
Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{6C94A234-CA2C-4D3C-81E6-6AAA8069825D}) (Version: 2.5.5 - Garmin Ltd or its subsidiaries)
Gemalto (Version: 01.01.00.0000 - Wave Systems Corp) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
GoToMeeting 6.0.0.1259 (HKU\S-1-5-21-3114991621-3823406564-3885859241-1136\...\GoToMeeting) (Version: 6.0.0.1259 - CitrixOnline)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Network Connections 14.6.9.0 (HKLM\...\PROSetDX) (Version: 14.6.9.0 - Dell)
Intel® PROSet/Wireless WiFi Software API (HKLM\...\{98AAE759-09CD-4428-BE93-1AFA79D9F7CA}) (Version: 13.00.0000 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software Driver (HKLM\...\{8B45608A-DC45-4F3B-921F-61CDA22C9A83}) (Version: 13.00.0000 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
IObit Malware Fighter 3 (HKLM\...\IObit Malware Fighter_is1) (Version: 3.3 - IObit)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 5.0.3.171 - IObit)
Java 8 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTRU TCG Software Stack (Version: 2.1.29 - NTRU Cryptosystems) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OverDrive Media Console (HKLM\...\{7326DA0C-C09B-491C-81FF-6DA12B2256BB}) (Version: 3.3.0 - OverDrive, Inc.)
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.00.000 - Prolific Technology INC)
PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
Preboot Manager (Version: 03.00.00.085 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 06.04.00.057 - Wave Systems Corp.) Hidden
Roxio Creator DE 10.3 (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio)
ScanSnap (Version: 5.1.30.19 - PFU Limited) Hidden
ScanSnap Manager (HKLM\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V5.1L30 - PFU)
Search App by Ask (HKLM\...\{4F524A2D-5350-4500-76A7-A758B70C1801}) (Version: 12.24.1.51 - APN, LLC) <==== ATTENTION
Security Wizards (Version: 01.07.00.023 - Your Company Name) Hidden
Smart Defrag 4 (HKLM\...\Smart Defrag 4_is1) (Version: 4.2 - IObit)
SO32MMWrapper (Version: 1.6.453.66 - Broadcom Corporation) Hidden
Spreadsheet Sentry Version 3.3 (HKLM\...\Spreadsheet Sentry_is1) (Version:  - Software Security Limited)
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synergy (32-bit) (HKLM\...\{4F19293A-B880-4ABC-9237-34C5B4666982}) (Version: 1.6.3 - The Synergy Project)
Tiger Woods PGA TOUR 07 (HKLM\...\{B6829D65-F5C5-47F0-00BC-F5906EA94F4C}) (Version:  - )
Trusted Drive Manager (Version: 3.3.0.396 - Wave Systems Corp.) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
UPEK TouchChip Fingerprint Reader (Version: 1.2.0 - Dell Inc.) Hidden
VideoDownloaderUltimate for Chrome (HKU\S-1-5-21-3114991621-3823406564-3885859241-1136\...\VideoDownloaderUltimate_Chrome) (Version:  - Link64)
ViewSonic Monitor Drivers (HKLM\...\{B4FEA924-630D-11D4-B78E-005004566E4D}) (Version:  - )
Wave Infrastructure Installer (Version: 07.01.19.0000 - Wave Systems Corp) Hidden
Wave Support Software (Version: 05.10.00.062 - Wave Systems Corp) Hidden
WebACS 1.0.0.25 (HKLM\...\WebACS_is1) (Version:  - WebACS)
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3114991621-3823406564-3885859241-1136_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1259\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points =========================

08-10-2015 12:11:57 Restore Operation
15-10-2015 20:47:43 Windows Update
22-10-2015 20:22:56 Windows Update
04-11-2015 12:51:36 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:04 - 2011-06-13 17:08 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {044A1535-928A-48DB-A153-99DDF82000D8} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-09-18] (IObit)
Task: {23D7D5DF-3A89-4F66-A6A0-DB2BADC3E5C2} - System32\Tasks\Driver Booster SkipUAC (VWiemer) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe [2015-07-06] (IObit)
Task: {3919ED2F-F9BD-45A0-9818-13713AE1B71F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-25] (Google Inc.)
Task: {5FDD10A1-EE45-4F39-ABB3-51D2077587F9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-25] (Google Inc.)
Task: {9B7A2726-302E-492A-907B-451F82A18EB7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-25] (Adobe Systems Incorporated)
Task: {ABFBBBE5-0BD5-47EF-92AC-72E5D6D9107C} - System32\Tasks\Driver Booster Scan => C:\Program Files\IObit\Driver Booster\Scheduler.exe [2015-07-06] (IObit)
Task: {B7A1F5CC-48EA-40E5-89CE-C4A3073D78FC} - System32\Tasks\Driver Booster Update => C:\Program Files\IObit\Driver Booster\AutoUpdate.exe [2015-07-06] (IObit)
Task: {C3E7D713-A1DB-41E8-94C3-0E820C348192} - System32\Tasks\ASC8_SkipUac_VWiemer => C:\Program Files\IObit\Advanced SystemCare 8\ASC.exe [2015-08-17] (IObit)
Task: {C97B885D-7B1C-4126-8652-3ACC5F25B907} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {CDB100DD-F507-4E23-93FD-5916F1DE93D6} - System32\Tasks\Uninstaller_SkipUac_VWiemer => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-09-18] (IObit)
Task: {EED69685-9CE2-4276-912C-119C4D040C99} - System32\Tasks\SmartDefrag4_Startup => C:\Program Files\IObit\Smart Defrag 4\SmartDefrag.exe [2015-07-20] (IObit)
Task: {EEE7958C-08E8-46F6-85DB-0CEA5B176368} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe [2015-08-12] (IObit)
Task: {FFC370A3-3B58-49B7-AA04-7D1E047443BC} - System32\Tasks\SmartDefrag4_Update => C:\Program Files\IObit\Smart Defrag 4\AutoUpdate.exe [2015-03-03] (IObit)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-08-24 10:45 - 2015-01-09 17:46 - 00517408 _____ () C:\Program Files\IObit\IObit Malware Fighter\sqlite3.dll
2009-12-22 10:21 - 2009-12-22 10:21 - 00128512 _____ () C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMBIOSController.dll
2009-12-22 10:23 - 2009-12-22 10:23 - 01211904 _____ () C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMILANDW.dll
2015-03-21 21:33 - 2015-03-21 21:33 - 00295616 _____ () C:\Program Files\Synergy\synergyd.exe
2015-03-21 21:33 - 2015-03-21 21:33 - 00782016 _____ () C:\Program Files\Synergy\synergyc.exe
2009-11-19 14:47 - 2009-11-19 14:47 - 00249856 _____ () C:\Windows\system32\wxvault.dll
2015-05-13 12:58 - 2013-01-15 17:47 - 00893248 _____ () C:\Program Files\IObit\Smart Defrag 4\webres.dll
2009-12-22 10:19 - 2009-12-22 10:19 - 00573440 _____ () C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SmithMicro.Message.XmlSerializers.dll
2009-11-13 07:17 - 2009-11-13 07:17 - 00010752 _____ () C:\Windows\system32\Wavx_ESC_Logging.dll
2008-11-12 12:24 - 2008-11-12 12:24 - 00004608 _____ () C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
2015-03-05 10:40 - 2013-01-15 17:47 - 00893248 _____ () C:\Program Files\IObit\Advanced SystemCare 8\webres.dll
2014-08-22 10:42 - 2011-04-08 12:53 - 00376832 _____ () C:\Program Files\PFU\ScanSnap\Driver\PfuSsConfig.dll
2014-08-22 10:42 - 2011-03-16 14:30 - 00233472 _____ () C:\Program Files\PFU\ScanSnap\Driver\PfuSsExtention.dll
2014-08-22 10:42 - 2003-03-26 17:46 - 00135168 _____ () C:\Program Files\PFU\ScanSnap\Driver\PfuSsImgIO.dll
2014-08-22 10:42 - 2010-08-24 15:56 - 00167936 _____ () C:\Program Files\PFU\ScanSnap\Driver\SSsltsa.dll
2014-06-02 13:16 - 2015-03-27 14:39 - 00182080 _____ () C:\Program Files\IObit\IObit Malware Fighter\unrar.dll
2014-06-02 13:16 - 2015-01-09 17:46 - 00145184 _____ () C:\Program Files\IObit\IObit Malware Fighter\zlibwapi.dll
2015-08-24 10:45 - 2014-10-16 09:26 - 00622880 _____ () C:\Program Files\IObit\IObit Malware Fighter\ProductStatistics.dll
2015-03-05 10:42 - 2015-09-18 12:48 - 00348960 _____ () C:\Program Files\IObit\IObit Uninstaller\madExcept_.bpl
2015-03-05 10:42 - 2015-09-18 12:47 - 00183584 _____ () C:\Program Files\IObit\IObit Uninstaller\madBasic_.bpl
2015-03-05 10:42 - 2015-09-18 12:48 - 00050976 _____ () C:\Program Files\IObit\IObit Uninstaller\madDisAsm_.bpl
2015-03-05 10:40 - 2014-12-10 08:14 - 01284896 _____ () C:\Program Files\IObit\Advanced SystemCare 8\Scan.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3114991621-3823406564-3885859241-1136\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3114991621-3823406564-3885859241-1136\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3114991621-3823406564-3885859241-1136\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3114991621-3823406564-3885859241-1136\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3114991621-3823406564-3885859241-1136\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3114991621-3823406564-3885859241-1136\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3114991621-3823406564-3885859241-1136\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3114991621-3823406564-3885859241-1136\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3114991621-3823406564-3885859241-1136\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3114991621-3823406564-3885859241-1136\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3114991621-3823406564-3885859241-1136\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3114991621-3823406564-3885859241-1136\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3114991621-3823406564-3885859241-1136\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3114991621-3823406564-3885859241-1136\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3114991621-3823406564-3885859241-1136\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3114991621-3823406564-3885859241-1136\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3114991621-3823406564-3885859241-1136\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3114991621-3823406564-3885859241-1136\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3114991621-3823406564-3885859241-1136\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3114991621-3823406564-3885859241-1136\...\100sexlinks.com -> 100sexlinks.com

There are 4793 more sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3114991621-3823406564-3885859241-1136\Control Panel\Desktop\\Wallpaper -> C:\Users\VWiemer\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{76C33726-4648-43E4-BAAF-47ECA6E0FDC2}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{04FE0DD2-55D6-4A38-889A-D037F9F2D719}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{1F0A7C8C-F219-4000-A5B4-DF97E0207704}] => (Allow) svchost.exe
FirewallRules: [{3CDF36E1-7150-4B45-AE66-DB7E37082D24}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{458382EF-680C-456B-9001-A807D615440B}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe
FirewallRules: [{98D3FE43-9587-4C31-8D25-1F41AE56DFD9}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
FirewallRules: [{E584DF56-21DF-4DD0-AD0F-F4F0D3F2151B}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{9F4588DB-36C5-4638-BDD3-D81D1DDAA06D}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{2D2E1761-5CF4-4063-8621-0C2325FE0BE6}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{FF921195-2748-45AC-AD8D-3BD898328FF2}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{8670FB65-2FB0-4DA5-BAF6-77D62BAA769B}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe
FirewallRules: [{19B86A7A-E9A6-4184-962B-0D90F76514CB}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe
FirewallRules: [{3402BCC8-3391-4E3D-8D46-E13321144B64}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{662B0F40-4157-4BED-943C-39570779CCAB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{D12EABB3-BC38-44A3-80FF-76DFAE58E193}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{A3F8CDDD-E126-4D24-B58D-37791F025B30}] => (Allow) C:\Program Files\Synergy\synergys.exe
FirewallRules: [{1CB7254A-5212-4698-9F4F-F0DF352F70DF}] => (Allow) C:\Program Files\Synergy\synergys.exe
FirewallRules: [{CB0DAC7B-4685-41E3-BA74-3424E72840CA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6E31E0EF-CA14-46A4-B7E7-E1EBD6FFB9C2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{2FCF71E8-E6B0-49B9-B035-8305853C8898}C:\program files\synergy\synergy.exe] => (Allow) C:\program files\synergy\synergy.exe
FirewallRules: [uDP Query User{FF0F6DFD-92CB-4566-930C-5367EC4E5A5F}C:\program files\synergy\synergy.exe] => (Allow) C:\program files\synergy\synergy.exe
FirewallRules: [TCP Query User{E1B65498-7F6D-45EA-B00A-C292B60F68F6}C:\program files\synergy\synergy.exe] => (Block) C:\program files\synergy\synergy.exe
FirewallRules: [uDP Query User{67F80822-286D-4E06-86D0-82749820A69A}C:\program files\synergy\synergy.exe] => (Block) C:\program files\synergy\synergy.exe
FirewallRules: [{937F2B10-6D99-421D-85A2-A24972B5BC07}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C4F5F3DC-8CBA-4B5C-8854-287EC5D53546}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{454343CB-6330-4C11-9897-B3BB056A8251}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: aswRdr
Description: aswRdr
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswRdr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: aswSP
Description: aswSP
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswSP
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/19/2015 01:58:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EvtEng.exe, version: 13.0.0.0, time stamp: 0x4ab8042e
Faulting module name: EvtEng.exe, version: 13.0.0.0, time stamp: 0x4ab8042e
Exception code: 0x40000015
Fault offset: 0x0007adce
Faulting process id: 0x848
Faulting application start time: 0xEvtEng.exe0
Faulting application path: EvtEng.exe1
Faulting module path: EvtEng.exe2
Report Id: EvtEng.exe3

Error: (11/19/2015 01:58:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WLANExt.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc89a
Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeaf722
Exception code: 0x40000015
Fault offset: 0x0005620a
Faulting process id: 0x720
Faulting application start time: 0xWLANExt.exe0
Faulting application path: WLANExt.exe1
Faulting module path: WLANExt.exe2
Report Id: WLANExt.exe3

Error: (11/19/2015 01:58:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: STacSV.exe, version: 1.0.6227.0, time stamp: 0x4a7363b2
Faulting module name: STacSV.exe, version: 1.0.6227.0, time stamp: 0x4a7363b2
Exception code: 0xc0000005
Fault offset: 0x00002b16
Faulting process id: 0x484
Faulting application start time: 0xSTacSV.exe0
Faulting application path: STacSV.exe1
Faulting module path: STacSV.exe2
Report Id: STacSV.exe3

Error: (11/04/2015 00:03:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EvtEng.exe, version: 13.0.0.0, time stamp: 0x4ab8042e
Faulting module name: EvtEng.exe, version: 13.0.0.0, time stamp: 0x4ab8042e
Exception code: 0x40000015
Fault offset: 0x0007adce
Faulting process id: 0x844
Faulting application start time: 0xEvtEng.exe0
Faulting application path: EvtEng.exe1
Faulting module path: EvtEng.exe2
Report Id: EvtEng.exe3

Error: (11/04/2015 00:03:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WLANExt.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc89a
Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeaf722
Exception code: 0x40000015
Fault offset: 0x0005620a
Faulting process id: 0x718
Faulting application start time: 0xWLANExt.exe0
Faulting application path: WLANExt.exe1
Faulting module path: WLANExt.exe2
Report Id: WLANExt.exe3

Error: (11/04/2015 00:02:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: STacSV.exe, version: 1.0.6227.0, time stamp: 0x4a7363b2
Faulting module name: STacSV.exe, version: 1.0.6227.0, time stamp: 0x4a7363b2
Exception code: 0xc0000005
Fault offset: 0x00002b16
Faulting process id: 0x48c
Faulting application start time: 0xSTacSV.exe0
Faulting application path: STacSV.exe1
Faulting module path: STacSV.exe2
Report Id: STacSV.exe3

Error: (10/22/2015 08:35:18 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid

Error: (10/22/2015 08:35:18 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid

Error: (10/22/2015 08:33:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
Faulting module name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
Exception code: 0x40000015
Fault offset: 0x00052d24
Faulting process id: 0x10b4
Faulting application start time: 0xjucheck.exe0
Faulting application path: jucheck.exe1
Faulting module path: jucheck.exe2
Report Id: jucheck.exe3

Error: (10/22/2015 08:20:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EvtEng.exe, version: 13.0.0.0, time stamp: 0x4ab8042e
Faulting module name: EvtEng.exe, version: 13.0.0.0, time stamp: 0x4ab8042e
Exception code: 0x40000015
Fault offset: 0x0007adce
Faulting process id: 0x834
Faulting application start time: 0xEvtEng.exe0
Faulting application path: EvtEng.exe1
Faulting module path: EvtEng.exe2
Report Id: EvtEng.exe3

System errors:
=============
Error: (11/19/2015 03:27:59 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Time service terminated with the following error:
%%1792

Error: (11/19/2015 03:27:59 PM) (Source: Microsoft-Windows-Time-Service) (EventID: 46) (User: NT AUTHORITY)
Description: The time service encountered an error and was forced to shut down. The error was: 0x80070700: An attempt was made to logon, but the network logon service was not started.

Error: (11/19/2015 02:28:37 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 115.25.0.0

 Update Source: %NT AUTHORITY51

 Update Stage: 4.8.0204.00

 Source Path: 4.8.0204.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\NETWORK SERVICE

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (11/19/2015 02:28:37 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.207.3264.0

 Update Source: %NT AUTHORITY51

 Update Stage: 4.8.0204.00

 Source Path: 4.8.0204.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\NETWORK SERVICE

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (11/19/2015 02:28:37 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.207.3264.0

 Update Source: %NT AUTHORITY51

 Update Stage: 4.8.0204.00

 Source Path: 4.8.0204.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\NETWORK SERVICE

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (11/19/2015 02:28:34 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.207.3264.0

 Update Source: %NT AUTHORITY59

 Update Stage: 4.8.0204.00

 Source Path: 4.8.0204.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (11/19/2015 02:09:48 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 115.25.0.0

 Update Source: %NT AUTHORITY51

 Update Stage: 4.8.0204.00

 Source Path: 4.8.0204.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\NETWORK SERVICE

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (11/19/2015 02:09:48 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.207.3264.0

 Update Source: %NT AUTHORITY51

 Update Stage: 4.8.0204.00

 Source Path: 4.8.0204.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\NETWORK SERVICE

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (11/19/2015 02:09:48 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.207.3264.0

 Update Source: %NT AUTHORITY51

 Update Stage: 4.8.0204.00

 Source Path: 4.8.0204.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\NETWORK SERVICE

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (11/19/2015 02:09:48 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.207.3264.0

 Update Source: %NT AUTHORITY59

 Update Stage: 4.8.0204.00

 Source Path: 4.8.0204.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

CodeIntegrity:
===================================
  Date: 2015-10-18 22:32:13.921
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-10-18 22:32:13.907
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-10-18 22:32:13.494
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-10-18 22:32:13.480
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

==================== Memory info ===========================

Processor: Intel® Core2 Duo CPU P8700 @ 2.53GHz
Percentage of memory in use: 65%
Total physical RAM: 1999.92 MB
Available physical RAM: 693.06 MB
Total Virtual: 3999.84 MB
Available Virtual: 1934.41 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:224.9 GB) (Free:37.96 GB) NTFS
Drive e: () (Removable) (Total:1.98 GB) (Free:1.98 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 60000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Active) - (Size=7.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=224.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 12474AAE)
Partition 1: (Active) - (Size=2 GB) - (Type=06)

==================== End of Addition.txt ============================

 

Link to post
Share on other sites

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • I volunteer to help you, so please, do not ask for help for your company/business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

:excl: There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  warning.gif Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 


FRST.gif Scan with Farbar Recovery Scan Tool

 

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please upload them into your next reply.
Link to post
Share on other sites

remove%20outdated.jpg Uninstall some programs

We need to uninstall some unwanted/unneeded programs.

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of programs to uninstall:

  • Search App by Ask

After completing uninstalls, please manually reboot your machine!

Note: If you get the message like: An error occurred while trying to uninstall, just press Yes.
Note: If you are unable to uninstall all programs, please inform me, but continue with other steps.



I do not recommend usage of IOBIT products, they have bad reputation, and are prone to create problems. The company behind this product was found to be stealing the MBAM database. That is why I suggest to uninstall:
Advanced SystemCare 8
Driver Booster
Game Booster
IObit Malware Fighter
IObit Uninstaller
Smart Defrag 2
Surfing Protection
 
When you see a word "Booster", "Optimizer", "TuneUp" or similar it is often some kind of silly application. You cannot "boost" you system more than it actually is. Microsoft optimized Windows perfectly and they are constantly working on improvements, so these tools are just selling you nothing but "fog".
 
Only way to actually boost your system is to upgrade your hardware by adding SSD, more processor power or more ram memory.



FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
  • Please include their content into your next reply.
Link to post
Share on other sites

FRST.gif Fix with Farbar Recovery Scan Tool
 


icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

fixlist.txt

Link to post
Share on other sites

Ok, when I restarted my computer and ran Anti-Malware it came up with no findings.  So I turned on the Real-Protection and turned on the Wi-Fi connection and no malicious website messages appeared.  I opened up both Internet Explorer and Firefox with no problems.  I think I am cured!  Thanks so much for your assistance.

Link to post
Share on other sites

Since there are no more problems, we can declare this PC clean thumbs_up_smiley.gif

Now, we can proceed with post-cleanup procedures. Let's remove my tools and create a new, non infected restore point concurrently deleting old ones.

Step 1. - Creation of system restore point and tools removal.

Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run and wait until the tool completes his work.
  • All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt). I don't need it for review.
Tool deletes old system restore points and creates a fresh system restore point after cleaning.

Step 2. - Tips and tricks to keep your computer clean, safe and in a good shape.

Security tips - highly recommended reading:

Maintenance tips:Additional software that I personally use and install on all my clients devices:
  • Malwarebytes' Anti-Malware (paid version highly recommended) - to scan your system from time to time in search for malware.
  • Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
  • McShield - to prevent infections spread by removable media.
  • Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.
  • Adblock - to surf the web without annoying ads!
  • Qualys BrowserCheck - cloud service that scans your browsers and plugins to see if they’re all up-to-date.

My help is free for everybody.

If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation: btn_donateCC_LG.gif

Thank you!

Stay safe,

TwinHeadedEagle :)

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.