any help would be greatly appreciated :)
hello. im pretty sure infections have come from free games ive downloaded and torrent files. ive run malwarebytes, avira antivirus and comodo antivirus removing threats they have found but i suspect there is infections it hasnt picked up, my computer runs really slow out of safe mode and the cpu and processor usage stays at around 50 percent and above. i also cant find the tea timer thing in spybot to turn it off... so here are the FRST and aswMBR logs, im guessing i'll need to post spybot logs so let me know please.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:03-05-2016
Ran by Dick Bryden (administrator) on JOOB (04-05-2016 14:59:30)
Running from C:\Users\Dick Bryden\Desktop
Loaded Profiles: Dick Bryden (Available Profiles: Dick Bryden)
Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVAST Software) C:\Users\Dick Bryden\Desktop\aswMBR.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8092192 2009-11-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1578280 2009-10-10] (Synaptics Incorporated)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [AVG_UI] => "C:\Program Files\AVG\Av\avuirunnerx.exe" C:\Program Files\AVG\Av\avgui.exe
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-20] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-03-13] (Google Inc.)
HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\Run: [AVG-Secure-Search-Update_0913b] => C:\Users\Dick Bryden\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 862d9c604f2747d1936b65cbb87f5285-91d39ddd3a95dcdc1daff2f9296dceab9a99c7df --CMPID 0913b
HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\MountPoints2: {15fc6ff5-d454-11e4-9833-b482fe9bbb76} - E:\Windows\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\MountPoints2: {60e6cee6-512b-11e1-bdab-b482fe9bbb76} - "E:\WD SmartWare.exe" autoplay=true
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-04-20]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
BootExecute: autocheck autochk * sdnclean.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-1132959120-1673921071-3958761770-1000] => localhost:8080
AutoConfigURL: [S-1-5-21-1132959120-1673921071-3958761770-1000] => localhost:8080
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{398A13F5-762E-4A3E-947B-5403643B702C}: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{9751FFE6-2F56-4CCB-93C3-63816B848093}: [NameServer] 10.4.81.105 10.4.182.22
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll => No File
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll => No File
BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-11] (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-11] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-09] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Dick Bryden\AppData\Roaming\Mozilla\Firefox\Profiles\vu8muwuo.default
FF NewTab: about:newtab
FF DefaultSearchEngine: Google
FF DefaultSearchUrl: hxxps://www.google.com/search?trackid=sp-006
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxps://www.google.com/?trackid=sp-006
FF Keyword.URL: hxxps://www.google.com/search?trackid=sp-006
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-18] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-11] (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2008-11-13] (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-28] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Dick Bryden\AppData\Roaming\Mozilla\Firefox\Profiles\vu8muwuo.default\searchplugins\google-avast.xml [2016-04-03]
FF Extension: Avira Browser Safety - C:\Users\Dick Bryden\AppData\Roaming\Mozilla\Firefox\Profiles\vu8muwuo.default\Extensions\abs@avira.com [2016-04-25]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxp://www.istartsurf.com/?type=hppp&ts=1427867108&from=smt&uid=SAMSUNGXHM250HI_S20TJ9FZ521148"
CHR DefaultSearchKeyword: Default -> google.com.au
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => No File
CHR Plugin: (AVG Internet Security) - C:\Users\Dick Bryden\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll => No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Profile: C:\Users\Dick Bryden\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Dick Bryden\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-08]
CHR Extension: (Google Search) - C:\Users\Dick Bryden\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-09]
CHR Extension: (Tampermonkey) - C:\Users\Dick Bryden\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-04-12]
CHR Extension: (Avira Browser Safety) - C:\Users\Dick Bryden\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-04-25]
CHR Extension: (AdBlock) - C:\Users\Dick Bryden\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dick Bryden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Users\Dick Bryden\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-29] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-29] (Microsoft Corporation)
S2 Rezip; C:\windows\SYSTEM32\Rezip.exe [311296 2009-03-05] () [File not signed]
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2102496 2015-06-16] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [224712 2015-07-24] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 f68c1dcb; "C:\windows\system32\rundll32.exe" "c:\Program Files\TerminusTurbo\TerminusTurbo.dll",serv
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BRCMDECO; C:\windows\System32\DRIVERS\BRCMHD32.sys [107008 2009-11-18] (Broadcom Corporation)
S0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [253704 2015-11-13] (Microsoft Corporation)
S3 samsung_hspa_datacard_cdc_acm; C:\windows\system32\DRIVERS\samsung_hspa_datacard_cdc_acm.sys [68608 2010-01-15] (Samsung)
R3 samsung_hspa_datacard_cdc_ecm; C:\windows\System32\DRIVERS\samsung_hspa_datacard_cdc_ecm.sys [81920 2010-01-15] (Samsung)
R3 samsung_hspa_datacard_dc_enum; C:\windows\system32\DRIVERS\samsung_hspa_datacard_dc_enum.sys [62464 2010-01-15] (Samsung)
S3 xnacc; C:\windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
R3 yukonw7; C:\windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U3 aswMBR; \??\C:\Users\DICKBR~1\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\DICKBR~1\AppData\Local\Temp\aswVmm.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-05-04 14:59 - 2016-05-04 15:00 - 00016273 _____ C:\Users\Dick Bryden\Desktop\FRST.txt
2016-05-04 14:48 - 2016-05-04 14:48 - 05198336 _____ (AVAST Software) C:\Users\Dick Bryden\Desktop\aswMBR.exe
2016-05-04 14:47 - 2016-05-04 14:59 - 00000000 ____D C:\FRST
2016-05-04 14:45 - 2016-05-04 14:46 - 01728000 _____ (Farbar) C:\Users\Dick Bryden\Desktop\FRST.exe
2016-05-02 15:16 - 2016-05-02 15:16 - 00000207 _____ C:\windows\tweaking.com-regbackup-JOOB-Windows-7-Starter-(32-bit).dat
2016-05-02 15:16 - 2016-05-02 15:16 - 00000000 ____D C:\RegBackup
2016-05-02 15:13 - 2016-05-02 15:13 - 00002185 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2016-05-02 15:13 - 2016-05-02 15:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-05-02 15:13 - 2016-05-02 15:13 - 00000000 ____D C:\Program Files\Tweaking.com
2016-05-02 14:52 - 2016-04-04 17:59 - 00000826 _____ C:\windows\system32\Drivers\etc\hosts.20160502-145203.backup
2016-05-02 14:30 - 2016-05-02 15:13 - 00017408 _____ C:\windows\Tweaking.com - Registry Backup Setup Log.txt
2016-05-02 13:49 - 2016-05-02 13:49 - 00002135 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-05-02 13:49 - 2016-05-02 13:49 - 00002123 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-05-02 13:49 - 2016-05-02 13:49 - 00000644 _____ C:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2016-05-02 13:49 - 2016-05-02 13:49 - 00000616 _____ C:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2016-05-02 13:49 - 2016-05-02 13:49 - 00000446 _____ C:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2016-05-02 13:49 - 2016-05-02 13:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-05-02 13:49 - 2015-06-16 17:19 - 00018688 _____ (Safer-Networking Ltd.) C:\windows\system32\sdnclean.exe
2016-04-29 01:16 - 2016-04-29 01:16 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-04-29 01:16 - 2016-04-29 01:16 - 00001945 _____ C:\windows\epplauncher.mif
2016-04-29 01:16 - 2016-04-29 01:16 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-04-28 20:10 - 2016-04-29 00:55 - 00000507 _____ C:\windows\wininit.ini
2016-04-28 17:58 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-04-28 17:50 - 2016-05-02 14:31 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-04-28 17:50 - 2016-05-02 14:26 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2016-04-25 16:15 - 2016-04-25 16:15 - 00013813 _____ C:\Users\Dick Bryden\Downloads\[kat.cr]nashville.season.2.s02.complete.torrent
2016-04-25 15:32 - 2016-04-25 15:32 - 00162516 _____ C:\Users\Dick Bryden\Downloads\[kat.cr]ufc.197.ppv.jones.vs.saint.preux.hdtv.x264.ebi.tjet.torrent
2016-04-25 15:25 - 2016-04-25 15:25 - 00106074 _____ C:\Users\Dick Bryden\Downloads\[kat.cr]ufc.197.prelims.webrip.x264.fmn.tjet.torrent
2016-04-25 04:33 - 2016-04-25 04:33 - 00000000 ____D C:\Users\Dick Bryden\AppData\Roaming\AVG
2016-04-25 04:18 - 2016-04-25 04:51 - 00000000 ____D C:\ProgramData\Avg
2016-04-25 04:16 - 2016-04-25 04:51 - 00000000 ____D C:\Users\Dick Bryden\AppData\Local\Avg
2016-04-25 04:16 - 2016-04-25 04:47 - 00000000 ____D C:\Users\Dick Bryden\AppData\Local\AvgSetupLog
2016-04-25 01:55 - 2016-04-25 01:56 - 04889864 _____ (Avira Operations GmbH & Co. KG) C:\Users\Dick Bryden\Downloads\avira_en_av_571cebf95be80__ws.exe
2016-04-25 00:03 - 2016-04-25 00:03 - 00025716 _____ C:\Users\Dick Bryden\Documents\CisReport_x86_v8.2.0.5005_20160425-000316.zip
2016-04-25 00:02 - 2016-04-25 00:02 - 00024629 _____ C:\Users\Dick Bryden\Documents\CisReport_x86_v8.2.0.5005_20160425-000223.zip
2016-04-20 14:42 - 2016-04-20 14:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-20 14:28 - 2016-04-20 14:29 - 22851472 _____ (Malwarebytes ) C:\Users\Dick Bryden\Downloads\mbam-setup-2.2.1.1043 (1).exe
2016-04-20 14:07 - 2016-04-20 14:07 - 22851472 _____ (Malwarebytes ) C:\Users\Dick Bryden\Downloads\mbam-setup-2.2.1.1043.exe
2016-04-20 13:37 - 2016-05-04 14:50 - 01420000 _____ C:\windows\ntbtlog.txt
2016-04-18 16:54 - 2016-04-18 16:54 - 27858944 _____ C:\Users\Dick Bryden\Downloads\lps-gb-vt-x86.msi
2016-04-18 01:19 - 2016-04-18 02:18 - 00000000 ____D C:\Users\Dick Bryden\AppData\Local\sexmessenger
2016-04-18 01:15 - 2016-04-18 01:17 - 00143784 _____ (Rentabiliweb) C:\Users\Dick Bryden\Downloads\Setupsexmessenger (1).exe
2016-04-16 16:23 - 2016-04-16 16:23 - 00000000 _____ C:\Users\Dick Bryden\Downloads\BEIyc_Rz
2016-04-16 16:12 - 2016-04-16 16:13 - 00242104 _____ C:\Users\Dick Bryden\Downloads\Firefox Setup Stub 45.0.2 (1).exe
2016-04-16 16:10 - 2016-04-16 16:13 - 10629936 _____ (MEGA Limited) C:\Users\Dick Bryden\Downloads\MEGAsyncSetup.exe
2016-04-16 15:38 - 2016-04-16 15:38 - 00242104 _____ C:\Users\Dick Bryden\Downloads\Firefox Setup Stub 45.0.2.exe
2016-04-16 15:25 - 2016-04-16 15:25 - 00030000 _____ C:\Users\Dick Bryden\Downloads\download (1)
2016-04-16 14:44 - 2016-04-16 14:58 - 70360880 _____ C:\Users\Dick Bryden\Downloads\download
2016-04-16 14:41 - 2016-04-16 14:41 - 00000634 _____ C:\Users\Dick Bryden\Downloads\00_LIVE+AUSSIE+TV+STREAM+-+MOTOR-SPORT-RACES-MATCHES+-+PLAY+WITH+VLC.xspf.torrent
2016-04-12 22:59 - 2016-04-12 22:59 - 00000000 ____D C:\Users\Dick Bryden\AppData\Local\Microsoft Corporation
2016-04-12 22:57 - 2016-04-20 18:05 - 00002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
2016-04-12 22:57 - 2016-04-20 18:03 - 00002067 _____ C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
2016-04-12 22:57 - 2016-04-12 22:57 - 00000000 ____D C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2016-04-12 22:54 - 2016-04-12 22:55 - 08669472 _____ (Microsoft Corporation) C:\Users\Dick Bryden\Downloads\Windows7UpgradeAdvisorSetup.exe
2016-04-12 22:10 - 2016-04-25 04:08 - 00000000 ____D C:\ProgramData\Comodo
2016-04-12 22:08 - 2016-04-12 22:09 - 62707224 _____ (COMODO) C:\Users\Dick Bryden\Downloads\cispremium_only_installer.exe
2016-04-07 15:00 - 2016-04-07 15:01 - 00000672 _____ C:\Users\Dick Bryden\Downloads\desmume.ini
2016-04-07 14:37 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_43.dll
2016-04-07 14:37 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\windows\system32\d3dcsx_43.dll
2016-04-07 14:36 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_43.dll
2016-04-07 14:36 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\windows\system32\d3dx11_43.dll
2016-04-07 14:36 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\windows\system32\xinput1_3.dll
2016-04-04 23:43 - 2016-04-20 18:01 - 00000695 _____ C:\Users\Dick Bryden\Desktop\Movies.lnk
2016-04-04 01:25 - 2016-04-04 01:27 - 00000000 ____D C:\Users\Dick Bryden\Desktop\Moovies
2016-04-04 01:22 - 2016-04-04 01:23 - 00000000 ____D C:\Users\Dick Bryden\Desktop\Car Movies
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-05-04 14:26 - 2009-07-14 14:34 - 00010272 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-04 14:26 - 2009-07-14 14:34 - 00010272 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-04 14:18 - 2012-01-20 11:56 - 00000882 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-04 14:16 - 2012-12-14 08:41 - 00000228 _____ C:\windows\Tasks\AutoKMS.job
2016-05-04 14:16 - 2009-07-14 14:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-05-02 14:29 - 2016-02-15 12:10 - 00000000 ____D C:\Users\Dick Bryden\Desktop\Torrent Files
2016-04-29 03:32 - 2012-01-20 11:56 - 00000886 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-29 03:27 - 2009-07-27 06:06 - 00859368 _____ C:\windows\system32\PerfStringBackup.INI
2016-04-29 03:27 - 2009-07-14 12:37 - 00000000 ____D C:\windows\inf
2016-04-29 02:49 - 2013-06-04 17:49 - 00000304 _____ C:\windows\Tasks\DSite.job
2016-04-29 02:45 - 2014-07-24 09:30 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-04-28 17:58 - 2016-04-02 23:20 - 00000000 ____D C:\Program Files\Common Files\AV
2016-04-27 01:51 - 2009-07-14 12:37 - 00000000 ____D C:\windows\system32\NDF
2016-04-25 17:59 - 2015-03-20 13:17 - 00000000 ____D C:\Users\Dick Bryden\AppData\Roaming\vlc
2016-04-25 05:05 - 2012-02-06 13:35 - 00007598 _____ C:\Users\Dick Bryden\AppData\Local\Resmon.ResmonCfg
2016-04-25 04:51 - 2012-02-17 14:01 - 00000000 ____D C:\Program Files\AVG
2016-04-25 04:50 - 2012-02-17 13:52 - 00000000 ____D C:\ProgramData\MFAData
2016-04-25 03:50 - 2012-01-20 11:05 - 00000000 ____D C:\ProgramData\Skype
2016-04-22 17:57 - 2014-07-24 11:30 - 00374944 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2016-04-20 18:06 - 2012-01-20 10:38 - 00001393 _____ C:\Users\Dick Bryden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-20 18:05 - 2016-02-14 13:18 - 00002129 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-20 18:05 - 2014-04-18 13:07 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-04-20 18:05 - 2010-03-13 11:27 - 00002545 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
2016-04-20 18:05 - 2010-03-13 11:27 - 00001093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
2016-04-20 18:05 - 2009-07-14 14:46 - 00001503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-04-20 18:05 - 2009-07-14 14:42 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-04-20 18:05 - 2009-07-14 14:42 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-04-20 18:05 - 2009-07-14 14:42 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-04-20 18:05 - 2009-07-14 14:42 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-04-20 18:03 - 2016-02-14 13:18 - 00002123 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-20 18:03 - 2014-04-18 13:07 - 00001983 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2016-04-20 18:03 - 2013-06-04 17:50 - 00001222 _____ C:\Users\Public\Desktop\Image Converter.lnk
2016-04-20 18:03 - 2010-03-13 11:10 - 00001782 _____ C:\Users\Public\Desktop\ChargeableUSB.lnk
2016-04-20 18:02 - 2009-07-14 14:46 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-04-20 18:02 - 2009-07-14 14:37 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-04-20 18:01 - 2016-03-24 15:56 - 00000723 _____ C:\Users\Dick Bryden\Desktop\Blender Shiznit.lnk
2016-04-20 18:01 - 2016-02-17 21:38 - 00000866 _____ C:\Users\Dick Bryden\Desktop\Downloads.lnk
2016-04-20 18:01 - 2015-03-21 19:26 - 00001081 _____ C:\Users\Dick Bryden\Desktop\YouCam(Webcam).lnk
2016-04-20 17:23 - 2015-04-04 12:07 - 00000000 ____D C:\Users\Dick Bryden\Desktop\Games
2016-04-20 15:08 - 2009-07-14 12:37 - 00000000 ____D C:\windows\AppCompat
2016-04-20 15:03 - 2013-06-04 17:49 - 00000000 ____D C:\Users\Dick Bryden\AppData\Roaming\DSite
2016-04-18 01:35 - 2014-07-24 09:30 - 00797376 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2016-04-18 01:35 - 2014-07-24 09:30 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2016-04-12 17:49 - 2013-07-28 08:27 - 00000300 _____ C:\Users\Dick Bryden\AppData\Roaming\WB.CFG
2016-04-09 14:45 - 2016-02-25 14:00 - 00000000 ____D C:\tmp
2016-04-08 17:53 - 2016-02-13 18:51 - 00000000 ____D C:\B3ender Sh5t
2016-04-07 14:57 - 2013-06-30 02:39 - 00000000 ____D C:\Program Files\QuickTime
2016-04-07 14:54 - 2015-03-23 12:06 - 00000000 ____D C:\Users\Dick Bryden\AppData\Roaming\Stykz
2016-04-07 14:53 - 2015-03-29 00:13 - 00000000 ____D C:\Users\Dick Bryden\Desktop\School Shit
2016-04-04 17:41 - 2016-04-02 23:11 - 00000000 ____D C:\ProgramData\AVAST Software
==================== Files in the root of some directories =======
2015-04-20 17:19 - 2016-02-12 14:23 - 0000020 _____ () C:\Users\Dick Bryden\AppData\Roaming\appdataFr3.bin
2013-07-28 08:27 - 2016-04-12 17:49 - 0000300 _____ () C:\Users\Dick Bryden\AppData\Roaming\WB.CFG
2013-06-17 15:42 - 2013-11-22 15:04 - 0000006 _____ () C:\Users\Dick Bryden\AppData\Roaming\WBPU-TTL.DAT
2013-07-17 20:22 - 2015-04-30 14:16 - 0001324 _____ () C:\Users\Dick Bryden\AppData\Roaming\wklnhst.dat
2012-02-06 13:35 - 2016-04-25 05:05 - 0007598 _____ () C:\Users\Dick Bryden\AppData\Local\Resmon.ResmonCfg
Some files in TEMP:
====================
C:\Users\Dick Bryden\AppData\Local\Temp\avgnt.exe
C:\Users\Dick Bryden\AppData\Local\Temp\ose00001.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-03-29 16:42
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version:03-05-2016
Ran by Dick Bryden (2016-05-04 15:00:58)
Running from C:\Users\Dick Bryden\Desktop
Microsoft Windows 7 Starter Service Pack 1 (X86) (2012-01-20 00:30:31)
Boot Mode: Safe Mode (with Networking)
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1132959120-1673921071-3958761770-500 - Administrator - Disabled)
Dick Bryden (S-1-5-21-1132959120-1673921071-3958761770-1000 - Administrator - Enabled) => C:\Users\Dick Bryden
Guest (S-1-5-21-1132959120-1673921071-3958761770-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Atheros Client Installation Program (HKLM\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.1.0805 - Atheros)
BatteryLifeExtender (HKLM\...\{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}) (Version: 1.0.1 - Samsung)
Blender (HKLM\...\{1115EF75-E8C1-4BA1-829F-1B8460D47701}) (Version: 2.76.2 - Blender Foundation)
Broadcom CrystalHD Decoder (HKLM\...\{A6E1E8AF-A00E-45A7-BE1B-4397897C8A3E}) (Version: 3.0.30.32 - Broadcom Corporation)
ChargeableUSB (HKLM\...\{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}) (Version: 1.0.0.0 - SAMSUNG)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3625 - CyberLink Corp.)
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.1 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}) (Version: 4.2.4 - Samsung)
Easy Resolution Manager (HKLM\...\{45535A5E-1F81-4F35-BE1D-43D10A7D03B4}) (Version: 1.0.0 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.5 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}) (Version: 4.0.0.3 - Samsung)
Free Torrent Opener (HKLM\...\Free Torrent Opener) (Version: 1.3 - BlueCPA)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
Image Converter (HKLM\...\Image Converter Image Converter) (Version: 1.0.0 - Image Converter)
Image Editor Packages (HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\Image Editor Packages) (Version: - ) <==== ATTENTION
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.1972 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 11.22.3.3 - Marvell)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Live Add-in 1.3 (HKLM\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
OpenAL (HKLM\...\OpenAL) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5983 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Software (HKLM\...\{F2BC3383-F000-410C-A038-3846ADBE8D90}) (Version: 1.01.0088 - REALTEK Semiconductor Corp.)
Samsung HSPA DataCard 4.3.29.7814 (HKLM\...\{27A34859-3E29-438B-BBF6-19BDC6CA9C06}) (Version: 4.3.29.7814 - Samsung)
Samsung Recovery Solution 4 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.5 - Samsung)
Samsung Support Center (HKLM\...\{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}) (Version: 1.0.21 - Samsung)
Samsung Update Plus (HKLM\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.10.0 - Synaptics Incorporated)
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 3.4.1 - Tweaking.com)
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.800 - Broadcom Corporation)
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\A6A8668C0A13640CA28FE2A7D9654BE4AE478B13) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) (HKLM\...\755087041320E005CB1E8A67C5C55A260EB81B90) (Version: 09/11/2009 6.2.0.9407 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{724FE766-71C2-4E6E-8379-CD0EF5E51BDD}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.28.17\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {05C1E80E-BCF9-4CF1-9F90-8858197F3AE3} - System32\Tasks\{EC196882-0894-4E8E-A41B-9416393FF897} => C:\Users\Dick Bryden\Downloads\super-drift-3d.exe
Task: {09E05A91-6566-42B0-9C63-0C004001A370} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-11] (SEC)
Task: {0C6BB33A-4D15-49E7-90BF-E5FA86BAFA68} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-04-02] (AVAST Software)
Task: {10840463-48F6-4BC1-8EAE-D11FC7519520} - System32\Tasks\{A64363C6-4F1A-4E3B-936F-5F391202FC3E} => C:\Program Files\Shmehao.com\Super Drift 3D\Super Drift 3D.exe
Task: {124E0A04-BA5A-4932-B548-03D5CCC84C6F} - System32\Tasks\AutoKMS => C:\windows\AutoKMS\AutoKMS.exe
Task: {1AEF9E41-AA77-4956-84AB-A6A19B675CFD} - System32\Tasks\{747E7019-9A4C-40B8-9ACD-1B3B8D7AD677} => C:\Users\Dick Bryden\Desktop\Nitroracers.exe
Task: {2359DB73-A9E4-491D-9EC2-1A0F4B717028} - System32\Tasks\{8AAF43CD-75D5-4A43-8944-2185E66B544B} => pcalua.exe -a "C:\Users\Dick Bryden\AppData\Local\Temp\Temp2_boona-racer-2000.zip\boonarac.exe"
Task: {28748748-DAC5-4894-AB96-3D135A13410D} - System32\Tasks\{3BA5A11C-56CB-4E97-B882-43391075B0FB} => C:\Program Files\GameTop.com\Nitro Racers\NitroRacers.exe
Task: {294AC12C-25C1-476F-AF19-DCC89D394D91} - System32\Tasks\{12FC3BB1-EFF1-4036-A4F9-7C815213FAA2} => Chrome.exe
Task: {2999829F-1713-488B-878C-2BE057CAA368} - System32\Tasks\{958800F9-D308-4852-98E4-7F17B07A3DCF} => pcalua.exe -a "C:\Users\Dick Bryden\AppData\Local\Temp\Temp1_boona-racer-2000.zip\boonarac.exe"
Task: {3F8D0360-3268-4DC6-90F8-6F517DC25F11} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-10-13] (Samsung Electronics Co., Ltd.)
Task: {417058BB-A6CC-4184-9F41-C14BCC6070FD} - System32\Tasks\{BFD37719-40EF-414C-BAC1-689037E9B2D2} => C:\Program Files\GameTop.com\Nitro Racers\NitroRacers.exe
Task: {41FE58E7-6030-4274-B70F-5688CEC9371F} - System32\Tasks\QtraxPlayer => 3897169018.portal.qtrax.com
Task: {43802977-1387-4283-8673-80B20FCBE3B9} - System32\Tasks\{F53A60B5-F3EC-4BE4-BDB3-D57F2844E9E8} => C:\Users\Dick Bryden\Desktop\Nitroracers.exe
Task: {446EE6EC-827B-4669-83AB-277B6E7DAC73} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-11-19] (Samsung Electronics. Co. Ltd.)
Task: {45EE8E20-1552-4431-8FC1-68358CD8F451} - System32\Tasks\{ACEE4F60-DE43-4ED3-95E1-73E46C4421F4} => C:\Program Files\Shmehao.com\Super Drift 3D\Super Drift 3D.exe
Task: {4C392E39-3645-462A-BD75-09AC6DADEA65} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-10-16] (SAMSUNG Electronics co., LTD.)
Task: {5231E600-2144-4CBA-9E04-CEF97BFDF7C6} - System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} => C:\ProgramData\cis144D.exe <==== ATTENTION
Task: {52F7BEFC-7EE6-403A-B17A-5E8FC09EC7DD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1132959120-1673921071-3958761770-1000Core => C:\Users\Dick Bryden\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {57224B13-EACF-4055-BF94-0C159384E4F4} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-04-20] ()
Task: {5A2F4A2E-3C57-4DF4-A870-547EF1351119} - System32\Tasks\{D22536AB-8023-4530-844F-BF41C0A9AF78} => C:\Program Files\GameTop.com\Nitro Racers\NitroRacers.exe
Task: {5A984BB2-9722-4678-831C-80ACEAD20C5F} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-12-21] (Samsung Electronics Co., Ltd.)
Task: {5DE35011-6CF4-419C-AE42-99A725F35D62} - System32\Tasks\{31F2DCF1-72A9-4F74-928F-43041AB97126} => pcalua.exe -a "C:\Users\Dick Bryden\Desktop\topfuel_setup.exe" -d "C:\Users\Dick Bryden\Desktop"
Task: {5E7095F3-2ACC-41AD-A937-AB4848572D8B} - System32\Tasks\{31F0C38E-C9A9-4E97-A01D-C06CC9B3E032} => pcalua.exe -a "C:\Users\Dick Bryden\Desktop\trialbike_setup.exe" -d "C:\Users\Dick Bryden\Desktop"
Task: {68006114-6183-4F5C-95BF-9DD51D705927} - System32\Tasks\{157945D1-9196-4CF1-8208-D22D9E11107C} => Chrome.exe
Task: {6DC55B74-594D-416E-8A57-1AF13A08F460} - System32\Tasks\{95704D09-EDB4-4BAD-8247-681CE7DD3B00} => Chrome.exe
Task: {6DF9388C-157C-4718-AB31-633543F4E1CF} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-18] (Adobe Systems Incorporated)
Task: {7419A3C1-1CB9-447F-AA35-FE2A8A72E5ED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-02-09] (Google Inc.)
Task: {7542A7E1-9CE5-41CB-B28A-4C7AF1CBD015} - System32\Tasks\DSite => C:\Users\DICKBR~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {7669A732-7080-483D-81DE-3277D389CEC1} - System32\Tasks\{49BF4408-CF8C-409B-AA8C-A0205DD15299} => pcalua.exe -a "C:\Users\Dick Bryden\AppData\Roaming\istartsurf\UninstallManager.exe" -c -ptid=smt
Task: {8E31879B-CE86-4A9B-AFD0-C30F20973660} - System32\Tasks\{37947E2E-52B1-4A8C-9FF9-2DFD7E3E7594} => C:\Program Files\Shmehao.com\Super Drift 3D\Super Drift 3D.exe
Task: {8E926034-CF4F-4605-AC42-47388D95F10C} - System32\Tasks\{E038B96D-D22F-4E0D-9544-F32F12FFC14D} => C:\Program Files\GameTop.com\Nitro Racers\NitroRacers.exe
Task: {9C750BDD-D4B1-44C0-8C85-849DEDF08E32} - System32\Tasks\{437008E5-A9BF-4AEF-AC88-39FCABF3550A} => C:\Program Files\Shmehao.com\Super Drift 3D\Super Drift 3D.exe
Task: {C9A76374-8226-4AE3-A27D-98DF1386D51D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-02-09] (Google Inc.)
Task: {D2D7245F-E579-4EEC-9A9D-329E3079090E} - System32\Tasks\{905B0282-A387-4735-AB2A-50FC30F934AC} => Chrome.exe
Task: {D4B6EDE0-3DB2-4A44-904F-BF757303B601} - System32\Tasks\{5199EB10-37CF-4052-B85D-949A5994844A} => pcalua.exe -a "C:\Program Files\GameTop.com\Nitro Racers\unins000.exe" -d "C:\Program Files\GameTop.com\Nitro Racers"
Task: {DACE4E83-F7B9-4ECE-AFF6-0285D1678E42} - System32\Tasks\{3044872A-1420-454D-9C72-66322D9CC7EA} => C:\Program Files\Mario Forever\Mario Forever.exe
Task: {E997196C-1AE3-487D-967B-E4573FBB65E3} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-10-26] (SAMSUNG Electronics)
Task: {EEBAB4BC-17AE-45E1-AB83-B3BD6163A1E0} - System32\Tasks\AutoKMSDaily => C:\windows\AutoKMS\AutoKMS.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\AutoKMS.job => C:\windows\AutoKMS\AutoKMS.exe
Task: C:\windows\Tasks\AutoKMSDaily.job => C:\windows\AutoKMS\AutoKMS.exe
Task: C:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\windows\Tasks\DSite.job => C:\Users\DICKBR~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\windows\system32\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\00_LIVE+AUSSIE+TV+STREAM+-+MOTOR-SPORT-RACES-MATCHES+-+PLAY+WITH+VLC.xspf.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\avira_en_av_571cebf95be80__ws.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\avira_en_av_571cebf95be80__ws.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\BEIyc_Rz:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\BEIyc_Rz:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\download:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\download (1):$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\Eyes of the Dead.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\Firefox Setup Stub 45.0.2 (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\Firefox Setup Stub 45.0.2 (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\Firefox Setup Stub 45.0.2.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\Firefox Setup Stub 45.0.2.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\Game Over.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\lps-gb-vt-x86.msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\Machine Head - Ghosts Will Haunt My Bones.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\MEGAsyncSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\MEGAsyncSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\Setupsexmessenger (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\Setupsexmessenger (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\Windows7UpgradeAdvisorSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\Windows7UpgradeAdvisorSetup.exe:$CmdZnID [26]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7896 more sites.
IE restricted site: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\123simsen.com -> www.123simsen.com
There are 7896 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 12:04 - 2016-05-02 14:52 - 00452290 ____R C:\windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
There are 15518 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 10.1.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{B46E3084-1F2D-4B8F-B95C-CB1E88D34D10}] => (Allow) C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe
FirewallRules: [{B8AC5A8E-2A67-4AE4-87B0-BEBD6891F2DA}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{77E63E27-7E9D-4384-8A00-75F4D151060A}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{A64AD628-4233-4E5A-A36F-02E08EDE828D}] => (Allow) svchost.exe
FirewallRules: [{92FC50AF-969E-4CE7-A3F6-5A70C66B336E}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{215C4CE1-54DD-4F28-95AA-BACD9B9AE01A}] => (Allow) C:\Program Files\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{3AF8C1F3-7076-4AF7-AC77-661FB5C5D93E}] => (Allow) C:\Program Files\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{811B1E6E-FD46-4E1F-8185-822944CFCB66}] => (Allow) C:\Program Files\AVG\AVG2012\avgnsx.exe
FirewallRules: [{7FE45947-7CD3-41BB-84AF-0F44AEF5DA3C}] => (Allow) C:\Program Files\AVG\AVG2012\avgnsx.exe
FirewallRules: [{95844A80-9433-425E-89A9-9E082DB558A4}] => (Allow) C:\Program Files\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{BFE0047C-74CE-4519-802D-6E8425A33DC4}] => (Allow) C:\Program Files\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{2BAF1770-EB77-4C17-8E1F-BA36DACC28BD}] => (Allow) C:\Program Files\AVG\AVG2012\avgemcx.exe
FirewallRules: [{91C25921-7ECD-4979-8411-424711C66F60}] => (Allow) C:\Program Files\AVG\AVG2012\avgemcx.exe
FirewallRules: [{512F25BA-0023-4578-88E9-E7F8B9DB7D7B}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{24B908A2-3718-4FD1-8B13-2AB1E99D34C6}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{5DE288A1-068A-44B1-BC19-71DDE523B61C}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{09DC7826-45BE-4F9B-919C-A56370824800}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{40356BA9-9320-4065-A56C-E57208559E04}] => (Allow) C:\Program Files\AVG\AVG2013\avgnsx.exe
FirewallRules: [{C795DDCC-DD95-40FA-98CE-75AA1496717E}] => (Allow) C:\Program Files\AVG\AVG2013\avgnsx.exe
FirewallRules: [{50D7F556-7AFE-4AED-A97D-EBA799CB0E6A}] => (Allow) C:\Program Files\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{3649D2AB-452B-4B3F-9DDC-BAF8A99AEA1C}] => (Allow) C:\Program Files\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{FF7DFE02-B440-45ED-B38C-9F28CB191203}] => (Allow) C:\Program Files\AVG\AVG2013\avgemcx.exe
FirewallRules: [{4EDD69DF-7EF4-45A6-BE6D-062DFFAC61B3}] => (Allow) C:\Program Files\AVG\AVG2013\avgemcx.exe
FirewallRules: [{BF2222C2-4C03-48DE-9804-EBDBCF2BD879}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{C4A9D485-2193-4E60-B2ED-0FBCD32C4FA7}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{8A3B22C9-CC24-4874-8701-13CFCDD5569A}] => (Allow) C:\Program Files\AVG\AVG2014\avgnsx.exe
FirewallRules: [{FD7BA169-3882-485F-88ED-414848792AA0}] => (Allow) C:\Program Files\AVG\AVG2014\avgnsx.exe
FirewallRules: [{D6B656B2-5D0C-4CE5-887F-65B0C6EA6E4A}] => (Allow) C:\Program Files\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{81CF0DD3-022B-499E-A609-1C98C005D6C0}] => (Allow) C:\Program Files\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{0D88D531-9BD5-46C9-9911-229360C0E349}] => (Allow) C:\Program Files\AVG\AVG2014\avgemcx.exe
FirewallRules: [{25A79636-4F3B-412C-A978-D39014207A3C}] => (Allow) C:\Program Files\AVG\AVG2014\avgemcx.exe
FirewallRules: [TCP Query User{2D70E451-4CE8-4EF1-A3E2-1F9ED21D0B61}C:\program files\free torrent opener\free torrent opener.exe] => (Allow) C:\program files\free torrent opener\free torrent opener.exe
FirewallRules: [UDP Query User{224F1C89-6444-4F3F-99E7-340AD1A9EDBE}C:\program files\free torrent opener\free torrent opener.exe] => (Allow) C:\program files\free torrent opener\free torrent opener.exe
FirewallRules: [{A637B0E8-BF9F-4D48-936A-630F860BC51E}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{87AE7810-EE50-46D6-9157-FCDC79AFFC66}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{63C4CCC2-DF51-4813-9286-8284D6689371}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{C7632223-A70C-49D4-95C4-571526AA1365}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe
FirewallRules: [{3F558852-9C6F-40D5-A80B-2282AAC4898D}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
01-05-2016 02:17:05 Windows Update
==================== Faulty Device Manager Devices =============
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/25/2016 05:06:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: SHELL32.dll, version: 6.1.7601.18517, time stamp: 0x53aa285b
Exception code: 0xc0000005
Fault offset: 0x0017a615
Faulting process id: 0x5fc
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Error: (04/25/2016 03:48:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000374
Fault offset: 0x000c3873
Faulting process id: 0x3e8
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Error: (04/25/2016 04:46:02 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.
System Error:
The system cannot find the file specified.
.
Error: (04/18/2016 05:34:39 PM) (Source: PerfNet) (EventID: 2002) (User: )
Description:
Error: (04/12/2016 10:17:22 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM CisFileRatingChangeCisFileRatingChange//./root/cis
Error: (04/12/2016 10:17:22 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM CisStatusChangeCisStatusChange//./root/cis
Error: (04/12/2016 10:17:22 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM CisNotificationCisNotification//./root/cis
Error: (04/12/2016 10:17:22 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM FwAlertFwAlert//./root/cis
Error: (04/12/2016 10:17:22 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM DfAlertDfAlert//./root/cis
Error: (04/12/2016 10:17:22 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM AvAlertAvAlert//./root/cis
System errors:
=============
Error: (05/04/2016 02:55:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (05/04/2016 02:55:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (05/04/2016 02:55:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (05/04/2016 02:55:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (05/04/2016 02:55:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (05/04/2016 02:55:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (05/04/2016 02:55:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (05/04/2016 02:55:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (05/04/2016 02:55:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (05/04/2016 02:55:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
CodeIntegrity:
===================================
Date: 2016-05-04 14:59:58.227
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.
Date: 2016-05-04 14:59:57.181
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.
Date: 2016-05-04 14:19:33.869
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.
Date: 2016-05-02 14:26:48.356
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.
Date: 2016-05-02 14:26:47.311
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.
Date: 2016-05-02 14:25:39.197
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.
Date: 2016-05-02 14:25:38.121
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.
Date: 2016-05-02 13:58:54.163
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.
Date: 2016-05-02 13:58:53.117
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.
Date: 2016-05-02 13:52:13.126
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Atom(TM) CPU N450 @ 1.66GHz
Percentage of memory in use: 55%
Total physical RAM: 2037.3 MB
Available physical RAM: 902.16 MB
Total Virtual: 4074.59 MB
Available Virtual: 2929.19 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:40 GB) (Free:1.56 GB) NTFS
Drive d: () (Fixed) (Total:177.79 GB) (Free:133.04 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 137641B8)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=177.8 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2016-05-04 15:14:38
-----------------------------
15:14:38.502 OS Version: Windows 6.1.7601 Service Pack 1
15:14:38.502 Number of processors: 2 586 0x1C0A
15:14:38.517 ComputerName: JOOB UserName:
15:14:45.771 Initialize success
15:14:46.161 VM: initialized successfully
15:14:46.161 VM: Intel CPU virtualization not supported
15:17:50.085 AVAST engine defs: 16050301
15:20:15.337 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
15:20:15.353 Disk 0 Vendor: SAMSUNG_ 2AC1 Size: 238475MB BusType: 3
15:20:15.712 Disk 0 MBR read successfully
15:20:15.727 Disk 0 MBR scan
15:20:16.180 Disk 0 unknown MBR code
15:20:16.211 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
15:20:16.367 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
15:20:16.414 Disk 0 default boot code
15:20:16.601 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 40960 MB offset 31664128
15:20:16.835 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 182052 MB offset 115550208
15:20:17.038 Disk 0 scanning sectors +488392704
15:20:17.599 Disk 0 scanning C:\windows\system32\drivers
15:21:49.249 Service scanning
15:23:32.693 Modules scanning
15:23:32.740 Disk 0 trace - called modules:
15:23:32.787 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
15:23:32.818 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8598b7c8]
15:23:32.834 3 CLASSPNP.SYS[8899c59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84f47028]
15:23:34.893 AVAST engine scan C:\windows
15:24:08.963 AVAST engine scan C:\windows\system32
15:44:17.263 AVAST engine scan C:\windows\system32\drivers
15:45:42.455 AVAST engine scan C:\Users\Dick Bryden
15:58:11.069 AVAST engine scan C:\ProgramData
16:01:36.553 Disk 0 statistics 2613604/0/0 @ 2.63 MB/s
16:01:36.600 Scan finished successfully
16:45:10.649 Disk 0 MBR has been saved successfully to "C:\Users\Dick Bryden\Desktop\MBR.dat"
16:45:10.949 The log file has been saved successfully to "C:\Users\Dick Bryden\Desktop\aswMBR.txt"
AdwCleaner
Run as administrator to run the programme.
Scan.
Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
Clean.
ESET Online Scan
. If no threats were found, skip the next two bullet points.
and save the file to your Desktop, naming it something such as "MyEsetScan".
and click 
.
Originally Posted by JooB87
