PDA

View Full Version : Malware help



STN1225
2015-10-03, 21:14
Not sure if I am really infected but certain sites are not working as they should and download speeds have been slow. Downloading the scan tools for this site took a long, long time. They are posted below.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-10-2015
Ran by Alan (administrator) on DELL (03-10-2015 10:27:31)
Running from C:\Users\user\Desktop
Loaded Profiles: Alan (Available Profiles: Alan)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AECLSr64.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [678296 2012-07-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3759504 2012-07-20] (Dell Inc.)
HKLM\...\Run: [Dell Audio] => c:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe [20591616 2012-08-06] ()
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe [763520 2012-07-31] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [127616 2012-07-31] (Qualcomm Atheros Commnucations)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-16] (AVAST Software)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-784291939-2049310861-2985522810-1001\...\Run: [Google Update] => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-784291939-2049310861-2985522810-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-784291939-2049310861-2985522810-1001\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-784291939-2049310861-2985522810-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-16] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-09-12]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013-07-13]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 200.1.104.36 200.1.104.35
Tcpip\..\Interfaces\{ADF1526D-699B-4004-865B-2981DAC3C120}: [DhcpNameServer] 200.1.104.35 200.1.104.36
Tcpip\..\Interfaces\{FA97450F-E882-43C3-ABEF-371CF299A2F4}: [DhcpNameServer] 200.1.104.36 200.1.104.35

Internet Explorer:
==================
HKU\S-1-5-21-784291939-2049310861-2985522810-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/
HKU\S-1-5-21-784291939-2049310861-2985522810-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-07-31] (Qualcomm Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-16] (AVAST Software)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-29] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-16] (AVAST Software)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-29] (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Handler: WSWSVCUchrome - No CLSID Value

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0wpdo2pa.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-21] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-21] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-784291939-2049310861-2985522810-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-784291939-2049310861-2985522810-1001: @talk.google.com/O1DPlugin -> C:\Users\user\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-784291939-2049310861-2985522810-1001: @tools.google.com/Google Update;version=3 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-784291939-2049310861-2985522810-1001: @tools.google.com/Google Update;version=9 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\user\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\user\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-26]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.tt/
CHR StartupUrls: Default -> "hxxps://www.google.tt/?gfe_rd=cr&ei=NNJEUpqTK8r28ga7rIH4BA"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-28]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-28]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-28]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-28]
CHR Extension: (Avast SafePrice) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-08-04]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-05]
CHR Extension: (Avast Online Security) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-10-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-28]
CHR Extension: (Abstract-Blue) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa [2014-07-17]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AECLFilters; C:\Windows\system32\AECLSr64.exe [99696 2012-08-06] (Andrea Electronics Corporation)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [207488 2012-07-31] (Qualcomm Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-16] (AVAST Software)
S2 CirrusAudioService; c:\Program Files\Cirrus Logic Audio Panel\Cirrvus.exe [7168 2012-08-06] (Cirrus Logic) [File not signed]
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe [145288 2015-04-09] (Dell Inc.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [File not signed]
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
S3 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe [289256 2015-07-31] (McAfee, Inc.)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-11-26] (SoftThinks SAS)
S2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-03-04] (Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-07-22] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-16] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-16] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-07-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-16] (AVAST Software)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-07-31] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 CirrusLFD; C:\Windows\system32\DRIVERS\CSLFDx64.sys [41328 2012-08-06] (Cirrus Logic)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-03] (Malwarebytes Corporation)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 GENERICDRV; \??\C:\Users\user\Downloads\amifldrv64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-03 10:27 - 2015-10-03 10:28 - 00023613 _____ C:\Users\user\Desktop\FRST.txt
2015-10-03 10:26 - 2015-10-03 10:27 - 00000000 ____D C:\FRST
2015-10-03 10:25 - 2015-10-03 10:25 - 02193408 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2015-10-03 09:56 - 2015-10-03 09:56 - 00000000 ____D C:\RegBackup
2015-10-03 08:40 - 2015-10-03 08:40 - 00000000 ___RD C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-10-02 20:16 - 2015-10-02 20:16 - 00000000 ____D C:\Program Files\Common Files\AV
2015-10-02 20:16 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2015-09-12 21:04 - 2015-09-12 21:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-09 06:58 - 2015-08-26 21:48 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-09-09 06:58 - 2015-08-26 13:00 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-09-09 06:58 - 2015-08-26 13:00 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-09-09 06:58 - 2015-08-26 13:00 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-09-09 06:58 - 2015-08-26 13:00 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-09-09 06:58 - 2015-08-26 09:46 - 03705344 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-09-09 06:58 - 2015-08-26 09:29 - 02240512 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-09-09 06:58 - 2015-08-26 09:27 - 00891904 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-09-09 06:58 - 2015-08-26 09:27 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2015-09-09 06:58 - 2015-08-26 09:26 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-09-09 06:58 - 2015-08-26 09:26 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-09-09 06:58 - 2015-08-26 09:26 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-09-09 06:57 - 2015-09-02 21:18 - 02531400 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2015-09-09 06:57 - 2015-09-02 21:17 - 01903848 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2015-09-09 06:57 - 2015-09-02 13:48 - 02345472 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-09-09 06:57 - 2015-09-02 12:09 - 01556992 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-09-09 06:57 - 2015-08-22 13:19 - 25188352 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-09-09 06:57 - 2015-08-22 12:22 - 19856384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-09-09 06:57 - 2015-07-30 12:18 - 00268288 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-09-09 06:57 - 2015-07-30 11:22 - 00230912 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2015-09-09 06:57 - 2015-07-22 09:19 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-09-09 06:57 - 2015-07-22 08:52 - 01633792 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-09-09 06:57 - 2015-07-17 09:15 - 00951296 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-09-09 06:57 - 2015-07-17 09:10 - 00749568 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2015-09-09 06:57 - 2015-06-27 06:47 - 00118616 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2015-09-09 06:56 - 2015-08-22 12:35 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-09-09 06:56 - 2015-08-22 12:34 - 00585216 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-09-09 06:56 - 2015-08-22 12:21 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-09-09 06:56 - 2015-08-22 12:20 - 05923840 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-09-09 06:56 - 2015-08-22 11:55 - 00504832 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-09-09 06:56 - 2015-08-22 11:50 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-09-09 06:56 - 2015-08-22 11:50 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-09-09 06:56 - 2015-08-22 11:45 - 00665600 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-09-09 06:56 - 2015-08-22 11:44 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-09-09 06:56 - 2015-08-22 11:41 - 14451712 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-09-09 06:56 - 2015-08-22 11:41 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-09-09 06:56 - 2015-08-22 11:41 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-09-09 06:56 - 2015-08-22 11:41 - 00374784 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-09-09 06:56 - 2015-08-22 11:39 - 02126336 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-09-09 06:56 - 2015-08-22 11:28 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-09-09 06:56 - 2015-08-22 11:26 - 02427392 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-09-09 06:56 - 2015-08-22 11:23 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-09-09 06:56 - 2015-08-22 11:22 - 12857344 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-09-09 06:56 - 2015-08-22 11:20 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-09-09 06:56 - 2015-08-22 11:18 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-09-09 06:56 - 2015-08-22 11:18 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-09-09 06:56 - 2015-08-22 11:18 - 00327168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-09-09 06:56 - 2015-08-22 11:14 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-09-09 06:56 - 2015-08-22 11:01 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-09-09 06:56 - 2015-08-22 11:00 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-09-09 06:56 - 2015-08-22 10:56 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-09-09 06:56 - 2015-08-22 10:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-09-09 06:55 - 2015-09-01 21:56 - 04175872 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-09-09 06:55 - 2015-09-01 21:55 - 00358912 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-09-09 06:55 - 2015-09-01 21:50 - 00044032 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-09-09 06:55 - 2015-09-01 21:17 - 00301568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-09-09 06:55 - 2015-09-01 21:13 - 00035840 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-09-09 06:55 - 2015-08-03 16:15 - 00074928 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-09-09 06:55 - 2015-08-03 16:15 - 00065600 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2015-09-09 06:55 - 2015-08-01 09:22 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-09-09 06:55 - 2015-07-31 22:47 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\schtasks.exe
2015-09-09 06:55 - 2015-07-31 22:45 - 00182784 _____ (Microsoft Corporation) C:\windows\SysWOW64\schtasks.exe
2015-09-09 06:55 - 2015-07-31 22:38 - 01265152 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll
2015-09-09 06:55 - 2015-07-31 22:37 - 00468992 _____ (Microsoft Corporation) C:\windows\system32\taskeng.exe
2015-09-09 06:55 - 2015-07-31 22:37 - 00359936 _____ (Microsoft Corporation) C:\windows\SysWOW64\taskeng.exe
2015-09-09 06:55 - 2015-07-22 09:34 - 02775552 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2015-09-09 06:55 - 2015-07-22 09:33 - 01728000 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Immersive.dll
2015-09-09 06:55 - 2015-07-22 09:25 - 02461184 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2015-09-09 06:55 - 2015-07-22 09:25 - 01546752 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Immersive.dll
2015-09-09 06:55 - 2015-07-18 13:31 - 00194048 _____ (Microsoft Corporation) C:\windows\system32\shacct.dll
2015-09-09 06:55 - 2015-07-18 13:29 - 00655872 _____ (Microsoft Corporation) C:\windows\system32\SettingSync.dll
2015-09-09 06:55 - 2015-07-18 13:29 - 00148480 _____ (Microsoft Corporation) C:\windows\SysWOW64\shacct.dll
2015-09-09 06:55 - 2015-07-18 13:27 - 00520192 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSync.dll
2015-09-09 06:55 - 2015-07-13 14:10 - 00411455 _____ C:\windows\system32\ApnDatabase.xml
2015-09-09 06:55 - 2015-07-09 11:14 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-09-09 06:55 - 2015-07-03 16:51 - 01380056 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-09-09 06:55 - 2015-07-03 09:00 - 01097216 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-09-09 06:55 - 2015-06-19 12:07 - 02819072 _____ (Microsoft Corporation) C:\windows\system32\SettingsHandlers.dll
2015-09-09 06:54 - 2015-07-13 22:27 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\tzsync.exe
2015-09-09 06:54 - 2015-07-10 14:06 - 00118272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bthpan.sys
2015-09-05 08:29 - 2015-09-05 08:29 - 00001912 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-09-05 08:29 - 2015-09-05 08:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-09-05 08:28 - 2015-09-05 08:28 - 00000000 ____D C:\Program Files\McAfee Security Scan

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-03 10:23 - 2013-07-07 20:35 - 00000914 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-784291939-2049310861-2985522810-1001UA.job
2015-10-03 10:06 - 2013-10-26 12:14 - 01755658 _____ C:\windows\WindowsUpdate.log
2015-10-03 10:00 - 2013-08-22 10:36 - 00000000 ____D C:\windows\system32\sru
2015-10-03 09:33 - 2013-06-28 14:50 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-10-03 09:31 - 2013-06-28 12:16 - 00000916 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-03 08:52 - 2013-08-22 09:46 - 00489055 _____ C:\windows\setupact.log
2015-10-03 08:43 - 2013-01-21 06:50 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-10-03 08:41 - 2013-10-31 19:22 - 00003906 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{C79AD3D2-1A03-443C-A8BF-4EB65A453E8C}
2015-10-03 08:40 - 2013-06-28 12:15 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-03 08:39 - 2015-07-24 18:34 - 00000000 ____D C:\ProgramData\MCShield
2015-10-02 20:16 - 2014-07-26 10:10 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-10-02 19:12 - 2013-06-28 12:18 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2015-10-01 14:55 - 2013-09-01 21:07 - 00000000 ____D C:\Users\user\Documents\Official
2015-09-30 07:23 - 2013-07-07 20:35 - 00000862 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-784291939-2049310861-2985522810-1001Core.job
2015-09-27 10:22 - 2013-06-28 12:17 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-784291939-2049310861-2985522810-1001
2015-09-26 22:38 - 2013-06-28 12:17 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-25 20:52 - 2013-09-28 13:33 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2015-09-24 20:30 - 2014-12-07 09:57 - 00000000 ____D C:\Users\user\Documents\Games
2015-09-24 08:52 - 2013-08-22 10:36 - 00000000 ____D C:\windows\AppReadiness
2015-09-24 08:25 - 2015-08-07 18:18 - 00000000 ____D C:\Users\user\Documents\Tor Browser
2015-09-24 07:49 - 2013-09-29 23:04 - 00865408 _____ C:\windows\system32\PerfStringBackup.INI
2015-09-23 19:42 - 2013-08-22 09:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-09-23 19:31 - 2013-09-29 22:55 - 00232962 _____ C:\windows\PFRO.log
2015-09-23 19:30 - 2013-08-22 08:25 - 01048576 ___SH C:\windows\system32\config\BBI
2015-09-21 22:33 - 2013-06-28 14:50 - 00003718 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-09-21 19:21 - 2012-07-26 02:59 - 00000000 ____D C:\windows\CbsTemp
2015-09-20 19:55 - 2013-07-10 20:03 - 00000000 ____D C:\Users\user\Documents\Books
2015-09-20 19:54 - 2013-06-28 21:02 - 00000000 ____D C:\Users\user\Documents\E-Books
2015-09-17 07:18 - 2013-07-07 20:35 - 00003858 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-784291939-2049310861-2985522810-1001UA
2015-09-17 07:18 - 2013-07-07 20:35 - 00003478 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-784291939-2049310861-2985522810-1001Core
2015-09-15 06:41 - 2013-06-28 12:14 - 00000000 ____D C:\Users\user\AppData\Local\Google
2015-09-14 20:18 - 2015-04-17 17:51 - 00812008 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-09-14 20:18 - 2015-04-17 17:51 - 00178152 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-14 17:26 - 2013-06-28 12:16 - 00003888 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-14 17:26 - 2013-06-28 12:15 - 00003652 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-12 21:04 - 2013-06-28 14:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-12 19:06 - 2013-08-22 10:36 - 00000000 ____D C:\windows\rescache
2015-09-09 16:28 - 2013-08-22 09:44 - 00490656 _____ C:\windows\system32\FNTCACHE.DAT
2015-09-09 07:30 - 2013-09-29 22:51 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 07:30 - 2013-08-22 10:36 - 00000000 ____D C:\windows\PolicyDefinitions
2015-09-09 07:28 - 2013-06-28 12:20 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-09 07:14 - 2013-07-14 22:53 - 00000000 ____D C:\windows\system32\MRT

==================== Files in the root of some directories =======

2015-06-30 20:18 - 2015-07-21 09:52 - 0008704 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-14 19:10 - 2014-01-06 17:15 - 0007605 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
2013-09-12 21:55 - 2015-04-19 19:22 - 0003756 _____ () C:\ProgramData\hpzinstall.log
2013-01-21 06:46 - 2013-01-21 06:46 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-01-21 06:41 - 2013-01-21 06:42 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-01-21 06:42 - 2013-01-21 06:44 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-01-21 06:41 - 2013-01-21 06:41 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-01-21 06:44 - 2013-01-21 06:46 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-25 07:31

==================== End of FRST.txt ============================


aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-10-03 13:14:03
-----------------------------
13:14:03.926 OS Version: Windows x64 6.2.9200
13:14:03.926 Number of processors: 2 586 0x2A07
13:14:03.926 ComputerName: DELL UserName: Alan
13:14:10.134 Initialize success
13:14:10.243 VM: initialized successfully
13:14:10.243 VM: Intel CPU supported virtualized
13:14:12.422 VM: disk I/O iaStorA.sys
13:14:15.766 AVAST engine defs: 15100300
13:14:18.933 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002c
13:14:18.933 Disk 0 Vendor: ST320LM001_HN-M320MBB 2AR20003 Size: 305245MB BusType: 11
13:14:19.308 Disk 0 MBR read successfully
13:14:19.324 Disk 0 MBR scan
13:14:19.339 Disk 0 unknown MBR code
13:14:19.355 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
13:14:19.527 Disk 0 scanning C:\windows\system32\drivers
13:15:06.826 Service scanning
13:15:38.032 Modules scanning
13:15:38.032 Disk 0 trace - called modules:
13:15:38.094 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys
13:15:38.094 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000e64744e0]
13:15:38.110 3 CLASSPNP.SYS[fffff801fef83170] -> nt!IofCallDriver -> [0xffffe000e4456800]
13:15:38.110 5 ACPI.sys[fffff801feb68c21] -> nt!IofCallDriver -> \Device\0000002c[0xffffe000e50a97f0]
13:15:39.360 AVAST engine scan C:\windows
13:16:03.596 AVAST engine scan C:\windows\system32
13:26:58.663 AVAST engine scan C:\windows\system32\drivers
13:27:47.940 AVAST engine scan C:\Users\user
13:48:33.354 AVAST engine scan C:\ProgramData
13:53:01.083 Disk 0 statistics 4040330/0/0 @ 0.96 MB/s
13:53:01.083 Scan finished successfully
13:53:15.324 Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
13:53:15.324 The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"

Dakeyras
2015-10-04, 00:48
Hi. :)

Could you please post the Addition.txt log created by the Farbar Recovery Scan Tool for my review please, it should be on the desktop. Also could you send the below to a zip file:

C:\Users\user\Desktop\MBR.dat

So I can in turn download it and analyse, since aswMBR is currently reporting your machine has a unknown MBR code. This is not a cause for concern at this stage and merely view it as myself erring on the side of caution for your good self etc.

Also there is evidence you may have been using the Tor Browser, if not aware this is actually not as secure as once was and has the potential to provide a conduit for malware to gain a foothold.

STN1225
2015-10-04, 01:50
Thanks for taking a look at my problem. Here is what you requested.

12378


Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-10-2015
Ran by Alan (2015-10-03 10:29:18)
Running from C:\Users\user\Desktop
Windows 8.1 (X64) (2013-10-26 18:27:22)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-784291939-2049310861-2985522810-500 - Administrator - Disabled)
Alan (S-1-5-21-784291939-2049310861-2985522810-1001 - Administrator - Enabled) => C:\Users\user
Guest (S-1-5-21-784291939-2049310861-2985522810-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2223 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
calibre (HKLM-x32\...\{AB116F72-C91A-40F2-A25A-949B5D065EBB}) (Version: 2.3.0 - Kovid Goyal)
Cirrus Logic Audio Panel (Version: 1.2.10.0 - Cirrus Logic) Hidden
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.5 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.5 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{FEFDCDCF-C49C-45D0-AAF8-5345858ADEC7}) (Version: 1.2.1.0 - Dell Inc.)
Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{D9ED3EFC-AB00-4CE0-ADED-80EE6B1158A7}) (Version: 2.2.2000.0 - Dell Products, LP)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.2.57295 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.210 - ALPS ELECTRIC CO., LTD.)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DJ_AIO_06_F2400_SW_Min (x32 Version: 140.0.851.000 - Hewlett-Packard) Hidden
F2400 (x32 Version: 140.0.851.000 - Hewlett-Packard) Hidden
File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version: - Pow Tools)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet F2400 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{BCDD692B-172D-440A-9A1B-501C71D72CC8}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.163.2 - McAfee, Inc.)
MCShield ::Anti-Malware Tool:: (HKLM-x32\...\MCShield) (Version: 3.0.5.28 - MyCity)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio Express 2012 for Windows 8 - ENU (HKLM-x32\...\{b6391d7a-479c-494c-a76f-cad96a8a73ac}) (Version: 11.0.50727.1 - Microsoft Corporation)
Might & Magic: Duel of Champions (HKLM-x32\...\Steam App 256410) (Version: - Ubisoft Quebec)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version: - Panda Security)
PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.204 - Qualcomm Atheros Communications)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.003 - Dell Inc.)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-784291939-2049310861-2985522810-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-784291939-2049310861-2985522810-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-784291939-2049310861-2985522810-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-784291939-2049310861-2985522810-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

09-09-2015 07:01:38 Windows Update
18-09-2015 20:35:06 Scheduled Checkpoint
26-09-2015 19:07:59 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2015-09-05 08:29 - 00450861 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07814D79-D6A0-4065-8C8F-6753DE2E8E1A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-784291939-2049310861-2985522810-1001UA => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {1AE8E228-E6DF-466E-B909-2FFA3B96DF51} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {2A3BFB2E-A678-449B-9B52-D662E517254E} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {2B9BC4A8-513F-4532-B5B6-9F7C307802F7} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {4CAC6ADD-ED4A-4BB4-8C5B-7243330AA730} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-03-04] (Dell Inc.)
Task: {591AD833-156C-48E1-9925-6EB82FB81A9F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-784291939-2049310861-2985522810-1001Core => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {7888F181-D3DF-4857-A75E-010B654718A0} - System32\Tasks\{74AF0438-94B8-47AD-AC0B-DE2C03D96500} => pcalua.exe -a "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" -c --lang=enUS --uid=hs_beta --displayname="Hearthstone"
Task: {88F2221D-74DF-43D7-A1BF-E7840AFFD5FE} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {90EC884F-11D6-4850-949D-20DE44D660EF} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {B55947DA-A9D6-419E-B718-88EBA81ECE2A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {B65F4644-EBA6-42C0-B49E-766642BE1B39} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B81BB8EA-1320-4EAD-B316-25E3C82582F8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-21] (Adobe Systems Incorporated)
Task: {C6FD9CB4-119D-4CAE-8122-180DD6FD2530} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {D86E73E4-D678-4F0B-BA6A-FA9A5E1AC238} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {E170109E-8FAC-414A-92A1-A1CD3BA97EA7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-16] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-784291939-2049310861-2985522810-1001Core.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-784291939-2049310861-2985522810-1001UA.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-01-21 06:44 - 2012-04-24 21:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-05-14 19:59 - 2012-04-01 00:06 - 02689536 _____ () C:\Program Files\File Shredder\fsshell.dll
2015-03-29 09:30 - 2014-10-24 14:16 - 00721263 _____ () C:\windows\SysWOW64\WSCM64.dll
2012-08-06 22:16 - 2012-08-06 22:16 - 20591616 _____ () C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe
2012-08-06 22:16 - 2012-08-06 22:16 - 03765248 _____ () C:\Program Files\Cirrus Logic Audio Panel\en-US\CirrusAudioPanel_Dell.resources.dll
2012-08-06 22:16 - 2012-08-06 22:16 - 00048128 _____ () C:\Program Files\Cirrus Logic Audio Panel\CoreAudioApi.dll
2012-08-06 22:16 - 2012-08-06 22:16 - 00013312 _____ () C:\Program Files\Cirrus Logic Audio Panel\LocalizationControlsLib.dll
2012-08-06 22:16 - 2012-08-06 22:16 - 00270848 _____ () C:\Program Files\Cirrus Logic Audio Panel\LocalizeLanguage.dll
2012-08-06 22:16 - 2012-08-06 22:16 - 00011776 _____ () C:\Program Files\Cirrus Logic Audio Panel\ExtendedWindowsControls.dll
2012-07-31 22:10 - 2012-07-31 22:10 - 00384128 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ContactsApi.dll
2012-12-14 02:42 - 2012-12-14 02:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-07-16 06:57 - 2015-07-16 06:57 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-16 06:57 - 2015-07-16 06:57 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-09-22 22:46 - 2015-09-22 22:46 - 02965504 _____ () C:\Program Files\AVAST Software\Avast\defs\15092201\algo.dll
2015-09-23 19:46 - 2015-09-23 19:46 - 02966016 _____ () C:\Program Files\AVAST Software\Avast\defs\15092301\algo.dll
2015-10-03 09:46 - 2015-10-03 09:46 - 02966528 _____ () C:\Program Files\AVAST Software\Avast\defs\15100300\algo.dll
2014-07-26 10:11 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-07-26 10:11 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-07-26 10:11 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-07-26 10:11 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-07-26 10:11 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-01-21 06:30 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-01-21 06:42 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 14:34 - 2012-06-08 14:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-07-01 14:26 - 2015-07-01 14:26 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-03-29 09:30 - 2014-10-31 16:37 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2015-03-29 09:30 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2015-09-26 22:38 - 2015-09-23 21:34 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libglesv2.dll
2015-09-26 22:38 - 2015-09-23 21:34 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\user\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7868 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-784291939-2049310861-2985522810-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\user\Pictures\Wallpaper\4703-dismembered-robot-1920x1080-3d-wallpaper.jpg
DNS Servers: 200.1.104.36 - 200.1.104.35
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKU\S-1-5-21-784291939-2049310861-2985522810-1001\...\StartupApproved\Run: => "Google Update"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{A679E423-162B-4517-9D2D-49D150FCCEE9}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{FEE54D13-5CA6-4595-AA92-FCB87068F2A2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{A8CCCFEC-31AD-4C99-98ED-E2F8C1A21F59}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{BB2CAB2A-A160-4CBB-B369-5D4ED8B0B6AD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{98F4DCE3-7DEB-4C51-A6FE-608EBC9CA998}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{FEEB2C42-37C4-4E19-AAE7-32D7555A024B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{37A6E584-5E72-4355-BEB8-A87F751CA5AE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{FC53E9ED-A45A-4C33-94EF-08A549D5F468}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{E9020C13-DBA4-4BCA-8E32-51AA99289272}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{4B3FAC1A-048A-49A6-B306-87A84EC480A1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{1FFFB9D7-EC16-4DF7-8B00-4A5BE2A16D69}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{059E7E8F-C664-41B0-98D4-CD27C6AF161C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{0447AC70-75E6-41CA-8E60-4229589D0E2B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{C31A492A-9786-4BAF-839C-B022ACD38703}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS4258\hppiw.exe
FirewallRules: [{E8F1CB1B-E6DE-492E-9D32-2535D0C69FA3}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS4258\hppiw.exe
FirewallRules: [{D91BE12D-F546-4DF4-B240-CDC5E46081B0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{949A3F81-AC6F-4D2D-9656-0033215CC7FA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{8F4BC650-91A8-404F-926B-C4BDF849290B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{038BCBE1-F971-49E6-991B-70F807CAEF7C}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Win7Ui.exe
FirewallRules: [{101EC4CE-9D35-484A-9D16-5E48B0F58160}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
FirewallRules: [{F62B6D44-9251-4D65-AA14-F4BA1FE02A90}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
FirewallRules: [{772CFE55-8698-46FC-843D-5094C8C56361}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Btvstack.exe
FirewallRules: [{F10FCD35-4220-4F44-9EEB-DFB4995348B7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2E2A8443-6FF0-473D-89DC-9215E7E4CDFD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4B9F35BD-2F67-4715-930F-49295424C993}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Might & Magic - Duel of Champions\Game.exe
FirewallRules: [{3417CCA2-AD11-49D7-A78B-3DDFF224E1A1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Might & Magic - Duel of Champions\Game.exe
FirewallRules: [{127CA207-8044-48BD-992D-ED4F79AF0171}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Might & Magic - Duel of Champions\Game.exe
FirewallRules: [{CAAD1DD9-1902-4DFE-95FF-397BD4679499}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Might & Magic - Duel of Champions\Game.exe
FirewallRules: [{55F8FE54-4A10-4BB1-BBCA-F8B374C31986}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Elsword\data\x2.exe
FirewallRules: [{9DBDCD30-F6A5-4BA5-9411-3FB211DE48B7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Elsword\data\x2.exe
FirewallRules: [{DD199D1E-A371-4160-A7DF-1B6695D496D7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{30AFA730-9924-43A4-A0E3-5B95106FBE84}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{A7AE21E4-A18F-497C-AA48-E2BB534AC4F1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{A44C8E89-04BB-4A35-8CBF-3A0E80425238}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{255D9694-8E54-4449-A639-A90CE049F456}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{F4C8FC03-7C9F-47E3-AD2A-4259E45592D0}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{451AA4D1-6E55-4162-8661-EC013BDED175}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{CF2640A0-65FC-49E0-BD10-2B3C162361B0}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{CAD9A21C-FDF6-44C3-9068-2E26A993BFAC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{785B530C-4C92-4CE2-AA3B-7A6A2A854572}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{B7FC5931-3CF8-414B-B6FB-7CB98F4D07B7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{B109C377-D770-4CF8-8EC7-6E14761FF679}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{1A1F5599-EC4B-4918-A501-808ADB073682}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{CD815252-0782-45EF-8BD4-362225EDE89C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{932C5D4F-D160-465F-961A-2B617139B289}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{77EEF96A-5E48-4273-9C43-E51633021224}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [TCP Query User{38A586F9-AAB1-4EBD-827C-AE35C66064A9}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{3636B944-5363-469A-99CC-109E86350D16}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [{F8D05E8C-025C-4013-91B2-B90854D96F57}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{815EB691-A6C9-4595-AC0A-31FB25339AEA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{F8AED90B-104A-4681-B0C3-F451B87EF049}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{2BC26A33-B09B-45E3-AFCE-40F78F1851CA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{5268E425-7525-4A49-85C7-70C049ABB278}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EDA3368F-5012-432D-ABA0-E0C423E0A80E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FA3618C8-8A14-46EE-8A28-2B0C620BF133}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{FF5AC3DF-3FA6-49AD-8CD5-A4354608EF3E}] => (Allow) LPort=2869
FirewallRules: [{7CC6E7FD-FD5D-422A-ADED-4840190C6421}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{FDB40A38-B4EE-4865-97A3-48646F320434}C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe] => (Allow) C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe
FirewallRules: [UDP Query User{57EE1491-744E-4A68-B512-750675779CAE}C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe] => (Allow) C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe
FirewallRules: [TCP Query User{6643D38C-5FCC-423C-8104-AAAB2455D488}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{B2C120C7-2AD5-4A13-A0E6-9939CBFFA4C0}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{C90363ED-28E4-41C8-B117-AB45BAD23B2B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/03/2015 09:24:56 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 215c

Start Time: 01d0fde68f8364fe

Termination Time: 4294967295

Application Path: C:\windows\syswow64\wwahost.exe

Report Id: 838603c0-69da-11e5-bed9-f4b7e22a50e4

Faulting package full name: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App

Error: (10/02/2015 10:16:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 22e8

Start Time: 01d0fd891ead7514

Termination Time: 4294967295

Application Path: C:\WINDOWS\syswow64\backgroundTaskHost.exe

Report Id: 140a6ff7-697d-11e5-bed9-f4b7e22a50e4

Faulting package full name: 41038Axilesoft.InfinityTileClock_1.2.5.77_x86__wxjjre7dryqb6

Faulting package-relative application ID: App

Error: (10/02/2015 10:01:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3240

Start Time: 01d0fd8706407f88

Termination Time: 4294967295

Application Path: C:\windows\syswow64\wwahost.exe

Report Id: fcff0e68-697a-11e5-bed9-f4b7e22a50e4

Faulting package full name: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App

Error: (09/29/2015 10:52:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DELL)
Description: Activation of app 41038Axilesoft.InfinityTileClock_wxjjre7dryqb6!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/29/2015 10:14:35 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)

Error: (09/23/2015 07:43:51 PM) (Source: CirrusAudioService) (EventID: 0) (User: )
Description: Service cannot be started. System.TypeLoadException: Could not load type 'CirrusLogicSquared.LogicSquared' from assembly 'LogicSquared, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'.
at CirrusService.ServiceContractImpl..ctor()
at CirrusService.CirrusService.CreateServiceHost()
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (09/22/2015 06:18:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
Faulting module name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
Exception code: 0x40000015
Fault offset: 0x00052d24
Faulting process id: 0x2f64
Faulting application start time: 0xjucheck.exe0
Faulting application path: jucheck.exe1
Faulting module path: jucheck.exe2
Report Id: jucheck.exe3
Faulting package full name: jucheck.exe4
Faulting package-relative application ID: jucheck.exe5

Error: (09/21/2015 04:57:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
Faulting module name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
Exception code: 0x40000015
Fault offset: 0x00052d24
Faulting process id: 0x454c
Faulting application start time: 0xjucheck.exe0
Faulting application path: jucheck.exe1
Faulting module path: jucheck.exe2
Report Id: jucheck.exe3
Faulting package full name: jucheck.exe4
Faulting package-relative application ID: jucheck.exe5

Error: (09/21/2015 04:49:52 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)

Error: (09/17/2015 09:18:03 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)


System errors:
=============
Error: (10/03/2015 10:23:06 AM) (Source: DCOM) (EventID: 10010) (User: DELL)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (10/03/2015 10:22:36 AM) (Source: DCOM) (EventID: 10010) (User: DELL)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (10/03/2015 10:06:13 AM) (Source: DCOM) (EventID: 10010) (User: DELL)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (10/03/2015 10:05:43 AM) (Source: DCOM) (EventID: 10010) (User: DELL)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (10/03/2015 09:20:53 AM) (Source: DCOM) (EventID: 10010) (User: DELL)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (10/03/2015 09:20:23 AM) (Source: DCOM) (EventID: 10010) (User: DELL)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (10/03/2015 08:42:03 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (10/03/2015 08:41:33 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (10/03/2015 08:41:03 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (10/03/2015 08:40:33 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU B820 @ 1.70GHz
Percentage of memory in use: 49%
Total physical RAM: 3959.1 MB
Available physical RAM: 2000.75 MB
Total Virtual: 4663.1 MB
Available Virtual: 1970.18 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:288.08 GB) (Free:220.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 68EBE124)

Partition: GPT.

==================== End of Addition.txt ============================

Dakeyras
2015-10-05, 01:06
Hi. :)


Thanks for taking a look at my problem.
You're welcome!


Here is what you requested.
Thanks, all good and no further action is required with regard to that since your machine is actually currently using a GUID Partition Table(GPT) and hence aswMBR flagged a unknown MBR(Master Boot Record) code.

Now with regard to the current issuies your machine is experiancing, there is actually no real evidence of anything malware related being the root cause so far. However I will not rule this out just yet, anyway lets proceed as follows shall we...

Java Advice:

There has been a recent severe explotation of this software. Even though this exploit has been reportedly fixed there is still a vulnerability with the software. Which basically means the software is in a constant state of what is known as a zero day type breach and will always be considered a security risk by the Anti-Malware security community.

The below is currently all that it is installed Java related:-

Java 8 Update 51
Java 8 Update 60

So it would be prudent to uninstall both verisons. If however though you opt to keep Java, merely leave Java 8 Update 60 installed as this is apparently the latest version. Then follow the advice below:-

How to Disable Java in your Web Browser (http://www.geekstogo.com/2600/how-to-disable-java-in-your-web-browser/)

Security Software Conflict Advise:

It appears at present you have both MCShield and Panda USB Vaccine installed and active in system memeory. Since both provide basically the same type of protection my friendly advise is choose to uninstall one of them. Also the presently installed McAfee Security Scan Plus apart from being also active in system memory is a waste of installation space in my humble opinion.

Uninstalling two of the above may improve matters performance wise.

Scan with Zoek:

Please download Zoek (http://download.bleepingcomputer.com/smeenk/zoek.exe) and save to to the desktop.

You will need to temp' disable your current installed Anti-Virus/Security software, how to do so can be read here (http://www.bleepingcomputer.com/forums/topic114351.html).


Right-click on zoek.exe and select Run as Administrator .
Once the GUI(graphical user interface) has loaded >> click on the More Options tab >> select Auto Clean only.
Ensure the option Scan All Users is selected >> now click on the Run Script tab.
Zoek will momentary close and a new GUI will appear and the scan will commence.
Please be patient as the scan may take some time depending on the specifications of your computer.
Once the scan is completed a log file named zoek-results.log will open via notepad, post the contents in your next reply.
If the sytem requires a reboot after the aforementioned scan, click on OK at the prompt(the log will appear after the reboot).
The zoek-results.log can also be found on your system drive.

Note: Do not forget to re-enable your Security software after running the above scan and below scans!

Scan with Panda Cloud Cleaner:

Please download Panda Cloud Cleaner (http://pandacloudcleaner.pandasecurity.com/facebook/) and save to your desktop.

Alternate downloads are here (http://acs.pandasoftware.com/pandacloudcleaner/installers/activescan/PandaCloudCleaner.exe) and here (http://www.majorgeeks.com/files/details/panda_cloud_cleaner.html).


Right-click on PandaCloudCleaner.exe and select Run as Administrator >> Next > >> >> Next >
Ensure Launch Panda Cloud Cleaner is selected >> Finish >> once the GUI(graphical user interface) appears >> click on Accept and Scan
Please be patient as the scan may take some time to complete depending on your system's specifications.
Once the scan has completed, if Scan finished with detections is denoted in the GUI do not take any action and or have Panda Cloud Cleaner clean absolutely anything!
Now within the GUI click on the > tab >> then on View Report >> a notepad file should now open called PCloudCleaner.txt
Save this to your desktop and post the contents in your next reply.
Then click on Back >> Exit

Note: When I give the all clear feel free to uninstall Panda Cloud Cleaner if you so wish.

Next:

When completed the above, please post back the following in the order asked for:


How is your computer performing now, any further symptoms and or problems encountered?
Zoek Log.
Panda Cloud Cleaner Log.

STN1225
2015-10-05, 04:37
The computer has been running well. The sites that were not running are back to normal, mostly. Videos still load slower than before but at least they are loading.

The Panda cleaner ran but there was no option to save a log. I pressed the > button for all three and still no log option. This was the only thing I saw on the page that I thought might be relevant:

Key: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED
Value: HIDEFILEEXT

It did find stuff though. Here is a screenshot of the results page.

12379


Here is the other log.


Zoek.exe v5.0.0.1 Updated 04-October-2015
Tool run by Alan on Sun 10/04/2015 at 20:01:02.21.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\user\Desktop\zoek.exe [Scan all users] [Checkboxes used]

==== System Restore Info ======================

10/4/2015 8:03:17 PM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Wondershare deleted successfully
C:\PROGRA~2\COMMON~1\Blizzard Entertainment deleted successfully
C:\Users\user\AppData\Roaming\Wondershare Video Converter Ultimate deleted successfully
C:\Users\user\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A} deleted successfully
C:\Users\user\AppData\Local\Adobe deleted successfully
C:\Users\user\AppData\Local\calibre-cache deleted successfully
C:\Users\user\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\user\AppData\Local\EmieSiteList deleted successfully
C:\Users\user\AppData\Local\EmieUserList deleted successfully
C:\Users\user\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-784291939-2049310861-2985522810-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4E39681-15F8-4fda-B8A3-B5C98378F2F3} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\Wondershare not found
C:\Users\user\AppData\Roaming\calibre deleted
C:\Users\user\.android deleted
C:\PROGRA~3\Wondershare Video Converter Ultimate deleted
C:\PROGRA~3\{6AACA38B-2810-4B47-BDEC-D7A1F38B1531} deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\user\AppData\Local\Wondershare deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\user\AppData\LocalLow\Unity deleted
C:\windows\wininit.ini deleted
C:\windows\SysNative\config\systemprofile\Searches deleted
C:\windows\Syswow64\Hotspot Shield deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll" deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll" deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\DAQExp.dll" deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\WSHelper.exe" deleted
"C:\PROGRA~2\COMMON~1\Wondershare" deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0wpdo2pa.default
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.defaultenginename.US", "Google");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [07/16/2015 06:57 AM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0wpdo2pa.default
- Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0wpdo2pa.default
1A62BB86D17B8DC0D4339BACC8D60635 - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll - Shockwave Flash
7D127425BBE91DF37448A7F44C1DDA52 - C:\Users\user\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll - Google Update
49D429EBF5305FC9ADD7545B7C914333 - C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
6BEAD7859E8A087BE04556AB5A78855C - C:\Users\user\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer


==== Chromium Look ======================

Google Chrome Version: 45.0.2454.101

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eofcbnmajmjmplflapaojjnihcjkigck - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx[08/04/2014 06:16 AM]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[07/01/2015 02:25 PM]

Avast SafePrice - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Avast Online Security - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Chrome Hotword Shared Module - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Abstract-Blue - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa

==== Chromium Fix ======================

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage deleted successfully
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal deleted successfully
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_musicfinder.me_0.localstorage deleted successfully
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_musicfinder.me_0.localstorage-journal deleted successfully
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://dell13.msn.com/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://dell13.msn.com/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Empty IE Cache ======================

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\0wpdo2pa.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=146 folders=76 263689641 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\user\AppData\Local\Temp will be emptied at reboot
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\user\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Sun 10/04/2015 at 20:34:25.59 ======================

Dakeyras
2015-10-05, 16:23
Hi. :)


The computer has been running well.
Good and as it stands with regards to the online scan all is fine and appears to be what is known as false postive detections. Now taking into account some of the elements Zoek removed/reset I think it prudent to err on the side of caution and run one more scan.

Afterwards post the requested log for my review and let myself know if any further issuies remaining please.

Scan with JRT:

Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.

Alternate download is here (http://thisisudax.org/downloads/JRT.exe).

Note: Temp' disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here (http://www.bleepingcomputer.com/forums/topic114351.html).


Right-click on on JRT.exe and select Run as Administrator to launch the application >> follow the on-screen prompt.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next reply.

Note: Reboot your machine and ensure all disabled security software is now enabled etc.

STN1225
2015-10-05, 16:56
The requested log is below.

Aside from this, I noticed something else has changed. Recently I noticed my machine running hot, oftentimes while sitting there, not running any programs. Since implementing your fixes though, I have found that it is running cooler. I don't know exactly when this happened, but I think it was when I was uninstalling the programs you suggested. Is it possible those programs were making my machine run hot all this time?


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 8.1 x64
Ran by Alan on Mon 10/05/2015 at 9:48:56.36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\windows\system32\tasks\PCDEventLauncherTask



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Users\user\Appdata\Local\google\chrome\user data\default\local storage\hxxp_st.chatango.com_0.localstorage
Successfully deleted: [File] C:\Users\user\Appdata\Local\google\chrome\user data\default\local storage\hxxp_st.chatango.com_0.localstorage-journal



~~~ Folders



~~~ Chrome


[C:\Users\user\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\user\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\user\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\user\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 10/05/2015 at 9:53:05.15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Dakeyras
2015-10-05, 22:53
Hi. :)


Is it possible those programs were making my machine run hot all this time?
Aye that is a entirely feasible scenario, congratulations your computer appears to be malware free!

Clean-Up with DelFix:

Please download DelFix (https://toolslib.net/downloads/viewdownload/2-delfix) to your desktop.


Right-click on delfix.exe and select Run as Administrator to launch the application.
Referring to the image below, select the three options denoted:

http://i223.photobucket.com/albums/dd202/Dakeyras_album/DF2.gif

Then click on Run.
Once it has finished processing, a notepad file named DelFix.txt will open. Post the contents in your next reply for my review.
The log can also be located at the root of the system drive, C:\DelFix.txt.
After you have posted the aforementioned DelFix.txt, delete it and empty the Recycle Bin.

Note: The above application/overall process will flush old System Restore points and create a new clean one. It should also clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.

Now some advice for on-line safety:

The below are worth reading/bookmarking for future reference:

Computer Security - a short guide to staying safer online (http://www.malwareremoval.com/forum/viewtopic.php?f=4&t=54766)

So how did I get infected in the first place? (https://forums.spybot.info/showthread.php?279-So-how-did-I-get-infected-in-the-first-place)

Next:

Any questions? Feel free to ask, if not stay safe!

STN1225
2015-10-06, 01:18
No questions. Thanks for all your help.

# DelFix v1.011 - Logfile created 05/10/2015 at 18:20:12
# Updated 18/08/2015 by Xplode
# Username : Alan - DELL
# Operating System : Windows 8.1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\RegBackup
Deleted : C:\zoek-results.log
Deleted : C:\Users\user\Desktop\Addition.txt
Deleted : C:\Users\user\Desktop\aswMBR.exe
Deleted : C:\Users\user\Desktop\aswMBR.txt
Deleted : C:\Users\user\Desktop\FRST.txt
Deleted : C:\Users\user\Desktop\FRST64.exe
Deleted : C:\Users\user\Desktop\JRT.exe
Deleted : C:\Users\user\Desktop\JRT.txt
Deleted : C:\Users\user\Desktop\MBR.dat
Deleted : C:\Users\user\Desktop\MBR.zip
Deleted : C:\Users\user\Desktop\zoek-results.txt
Deleted : C:\Users\user\Desktop\zoek.exe

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #120 [Scheduled Checkpoint | 09/19/2015 01:35:06]
Deleted : RP #121 [Scheduled Checkpoint | 09/27/2015 00:07:59]
Deleted : RP #122 [zoek.exe restore point | 10/05/2015 01:02:34]

New restore point created !

########## - EOF - ##########

Dakeyras
2015-10-06, 11:58
Acknowledged and you're most welcome! :)

Dakeyras
2015-10-07, 16:02
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)