GINA an unknown value in Advance Start up

Status
Not open for further replies.
Hi 2 more scans farbar completed thanks

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Ray at 2015-04-04 21:54:52
Running from C:\Users\Ray\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Spybot - Search and Destroy (Disabled - Up to date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ad-Aware Antivirus (HKLM\...\{35CC81F8-F385-4B79-91A8-3163420F5D01}_AdAwareUpdater) (Version: 11.6.306.7947 - Lavasoft)
Ad-Aware Web Companion (Version: 1.1.894.1779 - Lavasoft) Hidden
AdAwareInstaller (Version: 11.6.306.7947 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.6.306.7947 - Lavasoft) Hidden
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AudioBox USB driver (HKLM\...\USB_AUDIO_DEusb-audio.depresonusAudioBoxUSB) (Version: - )
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v6.40.00(T) - TOSHIBA CORPORATION)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Convert Genius v3.0 (HKLM\...\Convert Genius_is1) (Version: 3.0 - ACAUtilities, Inc.)
Desktop iCalendar Lite (HKLM\...\Desktop iCalendar Lite_is1) (Version: - Desksware, Inc.)
DVD Architect Studio 5.0 (HKLM\...\{E3D1078F-9660-11E2-9E28-F04DA23A5C58}) (Version: 5.0.178 - Sony)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Evidence Smart v3.8 (HKLM\...\Evidence Smart_is1) (Version: 3.8 - ACAUtilities, Inc.)
FFmpeg v0.6.2 for Audacity (HKLM\...\FFmpeg for Audacity_is1) (Version: - )
FileAlyzer 2 (HKLM\...\{29D3773E-54F4-23C2-D523-236A4453B845}_is1) (Version: 2.0.5.57 - Safer Networking Limited)
FormatFactory 3.3.5.0 (HKLM\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
HandBrake 0.9.9.1 (HKLM\...\HandBrake) (Version: 0.9.9.1 - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
LavasoftTcpService (Version: 2.3.3.0 - Lavasoft) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (HKLM\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Movie Studio Platinum 12.0 (HKLM\...\{6880D25E-9588-11E2-946C-F04DA23A5C58}) (Version: 12.0.895 - Sony)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MYOB AccountRight Plus v19.7 (HKLM\...\InstallShield_{99E420FC-372C-4107-BA85-4CC44E265C2A}) (Version: 19.7 - MYOB Technology Pty Ltd)
MYOB AccountRight Plus v19.7 (Version: 19.7 - MYOB Technology Pty Ltd) Hidden
MYOB ODBC Direct v10 AUS (HKLM\...\InstallShield_{55D5A77E-FAAA-4358-B3E5-6565E024F78B}) (Version: 10.1.0 - MYOB Technology Pty Ltd)
MYOB ODBC Direct v10 AUS (Version: 10.1.0 - MYOB Technology Pty Ltd) Hidden
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 1.6 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
PreSonus Studio One 2 (HKLM\...\PreSonus Studio One 2) (Version: 2.6.0.24200 - PreSonus Audio Electronics)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Recoveryer Ultimate Edition 2.5 (HKLM\...\Recoveryer Ultimate Edition_is1) (Version: - http://www.acautilities.com/rc/)
RegAlyzer (HKLM\...\{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1) (Version: 1.6.2.16 - Safer-Networking Ltd.)
Registry Easy v5.6 (HKLM\...\Registry Easy_is1) (Version: 5.6 - ACAUtilities, Inc.)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sony Vocal Eraser (HKLM\...\Sony Vocal Eraser_is1) (Version: 1.00 - iZotope, Inc.)
Sound Forge Audio Studio 10.0 (HKLM\...\{75648F62-925B-11E2-B9EF-F04DA23A5C58}) (Version: 10.0.245 - Sony)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.14 - TOSHIBA)
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Video Download Capture version 4.9.0 (HKLM\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 4.9.0 - APOWERSOFT LIMITED)
VLC media player 2.0.0 (HKLM\...\VLC media player) (Version: 2.0.0 - VideoLAN)
VSDC Free Video Editor version 2.1.8.150 (HKLM\...\VSDC Free Video Editor_is1) (Version: 2.1.8.150 - Flash-Integro LLC)
Web Companion (HKLM\...\{6531A1EB-1C55-4577-964C-9140D918CB29}_WebCompanion) (Version: 1.1.894.1779 - Lavasoft)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2577715357-3074203239-3946342261-1001_Classes\CLSID\{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}\InprocServer32 -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosBtExt.dll (TOSHIBA)

==================== Restore Points =========================

23-03-2015 00:56:55 Windows Backup
23-03-2015 12:47:33 Windows Update
27-03-2015 23:09:06 Windows Update
29-03-2015 12:10:12 Restore Point Created by FRST
29-03-2015 19:00:03 Windows Backup
01-04-2015 00:16:43 Windows Update
04-04-2015 09:58:34 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 13:04 - 2015-03-24 22:36 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {19B32017-B8B4-4AE8-9F32-5DF479BBDDD1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {29A94A78-9989-4AA9-849C-D0549AD3CC1E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-20] (Piriform Ltd)
Task: {3C3A5F8F-392A-44D7-B463-4BD79FFD09BE} - System32\Tasks\{01A379E2-0855-4A20-BA7A-287AC744EEE8} => pcalua.exe -a "C:\Program Files\Toshiba\Bluetooth Toshiba Stack\As0.exe" -d "C:\Program Files\Toshiba\Bluetooth Toshiba Stack" -c /MODE=0 /q
Task: {4EF50C74-FF7A-4DB7-8C71-5D4EDE709195} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8EC26925-9073-49E1-8F5F-FDC9E3097D37} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-22] (Adobe Systems Incorporated)
Task: {909D7733-86EA-4E37-B023-BE1C49ECEFB9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {9B828AB8-FDB6-4A71-BA7E-C35E05B03E27} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {C39E7B09-1360-414A-ACE2-CAF6ADE6D412} - System32\Tasks\{81E40D9F-EC32-43C1-8BF0-2091D72D5A30} => pcalua.exe -a "G:\DRIVERS and SOFTWARE PROGRAMS\DocuPrint M205b\fxdpm205bhb110210w2kcien.EXE" -d "G:\DRIVERS and SOFTWARE PROGRAMS\DocuPrint M205b"
Task: {D1EB0593-7D7C-403C-97E4-9D44BBDED797} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-10 18:49 - 2015-03-10 18:49 - 02563592 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareShellExtension.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 02423264 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\RCF.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00110104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_filesystem-vc100-mt-1_57.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00022032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_system-vc100-mt-1_57.dll
2015-02-18 22:31 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-02-18 22:31 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-18 22:31 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-03-10 18:49 - 2015-03-10 18:49 - 08216048 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
2015-03-10 18:49 - 2015-03-10 18:49 - 00048152 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_date_time-vc100-mt-1_57.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00090128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_thread-vc100-mt-1_57.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00029712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_chrono-vc100-mt-1_57.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00405520 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_locale-vc100-mt-1_57.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 01632248 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\HtmlFramework.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00870408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTrayDefaultSkin.dll
2015-02-23 13:02 - 2015-02-23 13:02 - 00072512 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2015-02-23 13:02 - 2015-02-23 13:02 - 00176488 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2015-02-23 13:02 - 2015-02-23 13:02 - 00046408 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2015-02-23 13:03 - 2015-02-23 13:03 - 00120152 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
2015-02-18 22:31 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-03-10 18:47 - 2015-03-10 18:47 - 00670808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
2015-03-10 18:49 - 2015-03-10 18:49 - 10575360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareServiceKernel.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00634896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_regex-vc100-mt-1_57.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00592896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareActivation.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00415760 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareApplicationUpdater.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00640512 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareGamingMode.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00087536 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareReset.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00104944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTime.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00770064 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdater.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00692768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdaterScheduler.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00866304 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIgnoreList.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00217600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareQuarantine.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00806408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiMalwareEngine.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00182280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiRootkitEngine.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00873480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerHistory.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 01019896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScanner.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00030224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_timer-vc100-mt-1_57.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00769544 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerScheduler.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00897040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtection.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00194048 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIncompatibles.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00711672 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiSpam.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00677376 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiPhishing.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 02370056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareParentalControl.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 02667008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareWebProtection.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 01013768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareEmailProtection.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00046616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_iostreams-vc100-mt-1_57.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00998408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNetworkProtection.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00766960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePromo.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00304632 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareFeedback.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 02125840 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareThreatWorkAlliance.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00973304 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePinCode.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00767480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNotice.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00767480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAvcEngine.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00928280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtectionHistory.dll
2015-02-23 13:02 - 2015-02-23 13:02 - 00017768 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
2015-02-23 13:02 - 2015-02-23 13:02 - 00012144 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
2015-02-23 13:02 - 2015-02-23 13:02 - 00034152 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2577715357-3074203239-3946342261-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: BackupStack => 2
MSCONFIG\Services: IHProtect Service => 2
MSCONFIG\Services: nefuquko => 2
MSCONFIG\Services: serverjo => 2
MSCONFIG\Services: serversu => 2
MSCONFIG\Services: voxilyni => 2
MSCONFIG\Services: WindowsMangerProtect => 2

==================== Accounts: =============================

Administrator (S-1-5-21-2577715357-3074203239-3946342261-500 - Administrator - Disabled)
Guest (S-1-5-21-2577715357-3074203239-3946342261-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2577715357-3074203239-3946342261-1002 - Limited - Enabled)
Ray (S-1-5-21-2577715357-3074203239-3946342261-1001 - Administrator - Enabled) => C:\Users\Ray

==================== Faulty Device Manager Devices =============

Name: GT-N7000
Description: GT-N7000
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: SAMSUNG Electronics Co. Ltd.
Service: WUDFRd
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/04/2015 09:53:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2015 09:22:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Desktop iCalendar Lite.exe, version: 2.0.0.290, time stamp: 0x51d7ac45
Faulting module name: mscorwks.dll, version: 2.0.50727.5485, time stamp: 0x53a121fa
Exception code: 0x80131506
Fault offset: 0x001c2812
Faulting process id: 0x%9
Faulting application start time: 0xDesktop iCalendar Lite.exe0
Faulting application path: Desktop iCalendar Lite.exe1
Faulting module path: Desktop iCalendar Lite.exe2
Report Id: Desktop iCalendar Lite.exe3

Error: (04/04/2015 09:22:52 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.5485 - Fatal Execution Engine Error (6F032812) (80131506)

Error: (04/04/2015 09:52:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/03/2015 00:30:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2015 08:36:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2015 00:57:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2015 00:11:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/30/2015 09:49:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/29/2015 06:28:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/04/2015 09:54:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (04/04/2015 09:54:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (04/04/2015 09:53:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error:
%%1058

Error: (04/04/2015 09:53:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the IE Search Set service to connect.

Error: (04/04/2015 09:53:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (04/04/2015 09:53:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (04/04/2015 09:52:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Media Center Extender Service service depends on the Remote Desktop Services service which failed to start because of the following error:
%%1058

Error: (04/04/2015 09:49:47 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (04/04/2015 09:52:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (04/04/2015 09:52:40 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.


Microsoft Office Sessions:
=========================
Error: (03/07/2015 00:32:28 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6715.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6428 seconds with 1080 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2015-04-01 01:11:52.273
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-30 11:00:01.639
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-30 10:00:00.988
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-29 19:00:01.541
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-28 00:00:01.987
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-27 23:43:38.049
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-27 23:11:25.689
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-27 22:58:52.533
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-27 22:33:38.430
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-26 18:19:01.801
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU P7350 @ 2.00GHz
Percentage of memory in use: 34%
Total physical RAM: 3066.89 MB
Available physical RAM: 2017.8 MB
Total Pagefile: 6133.77 MB
Available Pagefile: 4954.87 MB
Total Virtual: 2047.88 MB
Available Virtual: 1893.61 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:39.7 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: D6B83A66)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Ray (administrator) on QOSMIO on 04-04-2015 21:54:25
Running from C:\Users\Ray\Desktop
Loaded Profiles: Ray (Available profiles: Ray)
Platform: Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
(Desksware) C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar Lite.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Lavasoft) C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
(Lavasoft Limited) C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Skype Technologies) C:\Program Files\Skype\Updater\Updater.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
() C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [ITSecMng] => C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2008-12-19] (TOSHIBA CORPORATION)
HKLM\...\Run: [ToshibaServiceStation] => C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe [8216048 2015-03-10] ()
HKU\S-1-5-21-2577715357-3074203239-3946342261-1001\...\Run: [Desktop iCalendar Lite.exe] => C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar Lite.exe [1087232 2013-07-06] (Desksware)
HKU\S-1-5-21-2577715357-3074203239-3946342261-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5503768 2015-02-20] (Piriform Ltd)
HKU\S-1-5-21-2577715357-3074203239-3946342261-1001\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [1298752 2015-02-23] (Lavasoft)
HKU\S-1-5-21-2577715357-3074203239-3946342261-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-2577715357-3074203239-3946342261-1001\...\Policies\Explorer: [NoSaveSettings] 1
HKU\S-1-5-21-2577715357-3074203239-3946342261-1001\...\Policies\Explorer: [link] 0x00000000
HKU\S-1-5-21-2577715357-3074203239-3946342261-1001\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-2577715357-3074203239-3946342261-1001\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-2577715357-3074203239-3946342261-1001\...\MountPoints2: {c3f238a3-49f1-11e3-bfb8-001eec3fd11f} - E:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2577715357-3074203239-3946342261-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-au/?ocid=iehp
HKU\S-1-5-21-2577715357-3074203239-3946342261-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10088_cnet_150302
SearchScopes: HKU\S-1-5-21-2577715357-3074203239-3946342261-1001 -> DefaultScope {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10088_cnet_150302&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2577715357-3074203239-3946342261-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?pc=COSP&ptag=D030215-AE491287838034FE996F&form=CONBDF&conlogo=CT3331986&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2577715357-3074203239-3946342261-1001 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10088_cnet_150302&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} http://www.pcpitstop.com/internet/pcpConnCheck.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\system32\LavasoftTcpService.dll [325944] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\system32\LavasoftTcpService.dll [325944] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\system32\LavasoftTcpService.dll [325944] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\system32\LavasoftTcpService.dll [325944] (Lavasoft Limited)
Winsock: Catalog9 48 C:\Windows\system32\LavasoftTcpService.dll [325944] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\3er9z533.default
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10088_cnet_150302
FF NewTab: hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10088_cnet_150302
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-17] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @videolan.org/vlc,version=2.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-02-18] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe [670808 2015-03-10] ()
R2 LavasoftTcpService; C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe [836984 2015-02-23] (Lavasoft Limited)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1740760 2014-09-03] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SearchProtectionService; C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17768 2015-02-23] ()
R3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [57216 2011-07-11] (TOSHIBA Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [26032 2014-04-09] (Wondershare)
S3 PRESONUS_AUDIOBOX_MIDI; C:\Windows\System32\drivers\psabusbm.sys [31864 2009-12-07] (Ploytec GmbH)
S3 PRESONUS_AUDIOBOX_USB; C:\Windows\System32\Drivers\psabusbu.sys [401016 2009-12-07] (Ploytec GmbH)
S3 PRESONUS_AUDIOBOX_WDM; C:\Windows\System32\drivers\psabusba.sys [40568 2009-12-07] (Ploytec GmbH)
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [408280 2015-01-22] (BitDefender S.R.L.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-04 21:54 - 2015-04-04 21:54 - 00011656 _____ () C:\Users\Ray\Desktop\FRST.txt
2015-03-29 13:05 - 2015-03-29 13:05 - 00001969 _____ () C:\Users\Ray\Desktop\EsetThreatFound.txt
2015-03-29 12:22 - 2015-03-29 12:22 - 00000000 ____D () C:\Program Files\ESET
2015-03-24 23:24 - 2015-03-24 23:24 - 00002703 _____ () C:\Users\Ray\Desktop\RKreport_SCN_03242015_231402.log
2015-03-24 23:05 - 2015-04-01 01:06 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-03-24 23:05 - 2015-03-24 23:06 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-24 22:58 - 2015-03-24 23:03 - 16727128 _____ () C:\Users\Ray\Desktop\RogueKiller.exe
2015-03-24 22:13 - 2015-03-24 22:13 - 01135104 _____ (Farbar) C:\Users\Ray\Desktop\FRST.exe
2015-03-22 12:19 - 2015-03-22 12:22 - 00000000 ____D () C:\Users\Ray\Documents\1FITNESS
2015-03-17 12:48 - 2015-03-17 12:48 - 00000529 _____ () C:\Users\Ray\Desktop\aswMBR.txt
2015-03-17 12:11 - 2015-04-04 21:54 - 00000000 ____D () C:\FRST
2015-03-17 12:08 - 2015-03-17 12:08 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-QOSMIO-Windows-7-Home-Premium-(32-bit).dat
2015-03-17 12:07 - 2015-03-17 12:07 - 00000000 ____D () C:\RegBackup
2015-03-17 11:59 - 2015-03-17 11:59 - 00002185 _____ () C:\Users\Ray\Desktop\Tweaking.com - Registry Backup.lnk
2015-03-17 11:59 - 2015-03-17 11:59 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-03-17 11:59 - 2015-03-17 11:59 - 00000000 ____D () C:\Program Files\Tweaking.com
2015-03-14 19:03 - 2015-04-04 21:51 - 00001456 _____ () C:\Windows\setupact.log
2015-03-14 19:03 - 2015-03-14 19:03 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-14 19:02 - 2015-03-24 22:39 - 00004920 _____ () C:\Windows\PFRO.log
2015-03-14 18:00 - 2015-03-14 18:00 - 00000000 ____D () C:\CrimeWatch
2015-03-14 16:51 - 2015-03-14 16:51 - 00000000 ____D () C:\Users\Ray\AppData\Local\CrimeWatch
2015-03-14 16:50 - 2015-03-14 16:50 - 00001028 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-03-14 16:50 - 2015-03-14 16:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-03-14 16:50 - 2015-03-14 16:50 - 00000000 ____D () C:\Program Files\VideoLAN
2015-03-14 16:37 - 2015-03-14 16:37 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\omniboxes
2015-03-14 08:24 - 2015-03-14 08:24 - 00000000 ____D () C:\Users\Ray\Documents\TagsRevisited
2015-03-13 18:26 - 2015-02-24 13:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-13 18:26 - 2015-02-21 11:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-13 18:26 - 2015-02-21 11:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-13 18:26 - 2015-02-21 11:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-13 18:26 - 2015-02-21 10:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-13 18:26 - 2015-02-20 13:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-13 18:26 - 2015-02-20 13:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-13 18:26 - 2015-02-20 13:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-13 18:26 - 2015-02-20 13:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-13 18:26 - 2015-02-20 13:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-13 18:26 - 2015-02-20 13:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-13 18:26 - 2015-02-20 13:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-13 18:26 - 2015-02-20 13:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-13 18:26 - 2015-02-20 12:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-13 18:26 - 2015-02-20 12:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-13 18:26 - 2015-02-20 12:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-13 18:26 - 2015-02-20 12:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-13 18:26 - 2015-02-20 12:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-13 18:26 - 2015-02-20 12:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-13 18:26 - 2015-02-20 12:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-13 18:26 - 2015-02-20 12:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-13 18:26 - 2015-02-20 12:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-13 18:26 - 2015-02-20 12:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-13 18:26 - 2015-02-20 12:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-13 18:26 - 2015-02-20 12:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-13 18:26 - 2015-02-20 11:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-13 18:26 - 2015-02-20 11:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-13 18:25 - 2015-02-21 11:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-13 18:25 - 2015-02-20 13:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-13 18:25 - 2015-02-20 12:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-13 18:22 - 2015-02-13 16:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-13 18:22 - 2015-02-03 14:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-13 18:22 - 2015-01-17 13:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-13 18:21 - 2015-02-26 14:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-13 18:17 - 2015-02-03 14:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-13 18:16 - 2015-03-06 16:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-13 18:16 - 2015-03-06 16:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-13 18:16 - 2015-03-06 16:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-13 18:16 - 2015-03-06 16:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-13 18:16 - 2015-03-06 16:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-13 18:16 - 2015-03-06 16:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-13 18:16 - 2015-03-06 16:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-13 18:16 - 2015-03-06 16:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-13 18:16 - 2015-03-06 16:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-13 18:16 - 2015-03-06 16:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-13 18:16 - 2015-03-06 16:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-13 18:16 - 2015-03-06 16:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-13 18:16 - 2015-03-06 16:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-13 18:16 - 2015-03-06 16:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-13 18:16 - 2015-03-06 16:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-13 18:16 - 2015-03-06 16:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-13 18:16 - 2015-03-06 16:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-13 18:16 - 2015-03-06 16:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-13 18:16 - 2015-02-20 15:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-13 18:16 - 2015-02-20 15:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-13 18:16 - 2015-02-20 15:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-13 18:16 - 2015-02-20 15:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-13 18:16 - 2015-02-20 14:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-13 18:16 - 2015-02-04 13:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-13 18:15 - 2015-02-03 14:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-13 18:15 - 2015-02-03 14:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-13 18:15 - 2015-02-03 14:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-13 18:15 - 2015-02-03 14:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-13 18:15 - 2015-02-03 14:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-13 18:15 - 2015-02-03 14:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-13 18:15 - 2015-02-03 14:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-13 18:15 - 2015-02-03 14:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-13 18:15 - 2015-02-03 14:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-13 18:15 - 2015-02-03 14:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-13 18:15 - 2015-02-03 14:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-13 18:15 - 2015-02-03 14:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-13 18:15 - 2015-02-03 14:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-13 18:15 - 2015-02-03 14:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-13 18:15 - 2015-02-03 14:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-13 18:15 - 2015-02-03 14:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-13 18:15 - 2015-02-03 14:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-13 18:15 - 2015-02-03 14:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-13 18:15 - 2015-02-03 14:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-13 18:15 - 2015-02-03 14:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-13 18:15 - 2015-02-03 13:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-13 18:15 - 2015-01-31 10:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-13 18:15 - 2014-11-01 09:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-13 18:15 - 2014-06-28 11:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-13 18:15 - 2014-06-28 11:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-11 07:52 - 2015-03-11 07:52 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-04 21:53 - 2015-03-03 00:53 - 00002321 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-04-04 21:52 - 2009-07-14 15:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-04 21:49 - 2013-11-11 15:55 - 01530301 _____ () C:\Windows\WindowsUpdate.log
2015-04-04 21:44 - 2015-02-17 23:12 - 00000000 ____D () C:\Users\Ray\Documents\VViruuus info
2015-04-04 21:22 - 2015-02-17 20:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-04 10:00 - 2009-07-14 15:34 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-04 10:00 - 2009-07-14 15:34 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-04 09:59 - 2010-11-21 08:01 - 00730320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-03 04:50 - 2014-10-31 09:18 - 00000000 ____D () C:\Users\Ray\Documents\ABORIGINAL INFORATION
2015-04-01 01:05 - 2013-11-27 22:42 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\vlc
2015-04-01 00:54 - 2014-11-11 02:19 - 00000000 ____D () C:\Program Files\Registry Easy
2015-03-30 11:15 - 2014-11-11 02:45 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-30 10:43 - 2013-11-10 23:28 - 00000000 ____D () C:\Plus19
2015-03-30 09:49 - 2013-11-10 23:00 - 00000204 _____ () C:\Windows\MYOBP.INI
2015-03-30 09:49 - 2013-11-10 23:00 - 00000039 _____ () C:\Windows\MYOB.INI
2015-03-29 17:34 - 2013-11-19 11:29 - 00000000 ____D () C:\Users\Ray\Documents\SEA RAY INVOICES
2015-03-29 12:01 - 2013-01-12 16:18 - 00000000 _____ () C:\sparkraw.log
2015-03-24 21:35 - 2013-11-23 23:37 - 00000000 ____D () C:\Program Files\KEEPASS
2015-03-24 21:03 - 2013-11-10 22:07 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-03-22 10:28 - 2014-06-17 01:25 - 00000000 ____D () C:\Users\Ray\AppData\Local\Adobe
2015-03-22 10:16 - 2013-11-11 13:10 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-22 10:16 - 2013-11-11 13:10 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-16 13:24 - 2009-07-14 15:53 - 00032574 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-14 19:30 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\rescache
2015-03-14 18:24 - 2015-03-04 17:23 - 00000000 ____D () C:\Users\Ray\Documents\CCleaner reg backup
2015-03-14 17:57 - 2015-02-21 22:36 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-14 17:57 - 2015-02-21 22:36 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-14 16:37 - 2013-11-10 20:58 - 00001306 _____ () C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-14 16:31 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\Resources
2015-03-14 16:12 - 2015-02-09 12:34 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-14 16:11 - 2013-11-18 23:19 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\Audacity
2015-03-14 08:45 - 2009-07-14 15:33 - 00406048 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-14 08:16 - 2013-11-12 23:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-13 21:11 - 2013-11-12 23:34 - 00000000 ____D () C:\Users\Ray\Documents\Netbank receipts Bank Statements
2015-03-11 08:09 - 2015-03-03 00:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft

==================== Files in the root of some directories =======

2014-09-22 12:46 - 2014-09-22 12:46 - 0004454 _____ () C:\Users\Ray\AppData\Local\recently-used.xbel
2014-09-14 17:38 - 2015-02-27 23:15 - 0007667 _____ () C:\Users\Ray\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\Ray\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-29 10:19

==================== End Of Log ============================
 
Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

start
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-2577715357-3074203239-3946342261-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?pc=COSP&ptag=D030215-AE491287838034FE996F&form=CONBDF&conlogo=CT3331986&q={searchTerms}
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
C:\Users\Ray\AppData\Roaming\omniboxes
C:\Users\Ray\AppData\Local\Temp\dllnt_dump.dll
EmptyTemp:
End

Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~`

Please open Malwarebytes Anti-Malware
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
  • The THREAT SCAN will automatically begin.
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
  • After rebooting the computer, copy and paste the mbam.log in your next reply.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

Please post these 2 logs when finished.

I need to know how your computer is now.
 
Malware bytes scan and farbar

Hi Jules omniboxes is still the default browser toolbox when I open IE from the windows start menu other than that It is running :laugh:twice as fast as usual!
-----------------------------------------------------------------------------------------------------------

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 07/04/2015
Scan Time: 10:53:32 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.04.07.02
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Ray

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 304936
Time Elapsed: 4 min, 36 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 9
PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, Quarantined, [01bd91d8b6d4171fd8bbb907f90aa060],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, Quarantined, [fdc1a2c79ded7abc583ac9f7c63dff01],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, Quarantined, [2599d5940d7df640ace4358bb94ad22e],
PUP.Optional.Iminent.A, HKU\S-1-5-21-2577715357-3074203239-3946342261-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, Quarantined, [5569195032586bcbc40016a6857e9d63],
PUP.Optional.Iminent.A, HKU\S-1-5-21-2577715357-3074203239-3946342261-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, Quarantined, [0eb0ea7f612939fda71e8933da29d030],
PUP.Optional.Linkey.A, HKU\S-1-5-21-2577715357-3074203239-3946342261-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Linkey, Quarantined, [4e7075f4820806302b9b3f7da45fca36],
PUP.Optional.Vosteran.A, HKU\S-1-5-21-2577715357-3074203239-3946342261-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, Quarantined, [edd17aefaddd3bfb3592fac2dc27af51],
PUP.Optional.Wajam.A, HKU\S-1-5-21-2577715357-3074203239-3946342261-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, Quarantined, [f1cd58118bff58de9c2cdce0a063ab55],
PUP.Optional.Wajam.A, HKU\S-1-5-21-2577715357-3074203239-3946342261-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SIMPLYTECH\HomeTabWajIEnhance, Quarantined, [378771f8fc8ef73fc3ce2d93fd06738d],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


-----------------------------------------------------------------------------------------------------------------------------

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Ray at 2015-04-07 22:25:50 Run:4
Running from C:\Users\Ray\Desktop
Loaded Profiles: Ray (Available profiles: Ray)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-2577715357-3074203239-3946342261-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?pc=COSP&ptag=D030215-AE491287838034FE996F&form=CONBDF&conlogo=CT3331986&q={searchTerms}
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
C:\Users\Ray\AppData\Roaming\omniboxes
C:\Users\Ray\AppData\Local\Temp\dllnt_dump.dll
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-2577715357-3074203239-3946342261-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} => not found.
C:\Users\Ray\AppData\Roaming\omniboxes => Moved successfully.
C:\Users\Ray\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
EmptyTemp: => Removed 221.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog 22:26:07 ====
 
Instructions on how to backup your Favorites/Bookmarks and other data can be found below.

xehzOq95.png.pagespeed.ic.1o1xpAkZbO.png
Backup Internet Explorer Favorites

Proceed with the reset once done.

xehzOq95.png.pagespeed.ic.1o1xpAkZbO.png
Internet Explorer: How to reset Internet Explorer settings

~~~~~~~~~~~~~~`

Shortcut Cleaner

Please download Shortcut Cleaner from the link below and save it to your Desktop.

  • Double-click sc-cleaner.exe to run it.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
 
Great omniboxes is gone

Shortcut Cleaner 1.3.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
http://www.bleepingcomputer.com/download/shortcut-cleaner/

Windows Version: Windows 7 Home Premium Service Pack 1
Program started at: 04/08/2015 10:54:57 AM.

Scanning for registry hijacks:

* No issues found in the Registry.

Searching for Hijacked Shortcuts:

Great omniboxes is gone I have my favourites and IE IS DEFAULTED ***********************:):):):):) cheers all round thanks Jules

-----------------------------------------------------------------------------

Searching C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\Ray\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\Ray\Desktop


0 bad shortcuts found.

Program finished at: 04/08/2015 10:54:58 AM
Execution time: 0 hours(s), 0 minute(s), and 0 seconds(s)
 
Thats good news.

AFZxnZc.jpg
DelFix

  • Please download DelFix
    or from here http://www.bleepingcomputer.com/download/delfix/ and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
  • Click the Run button.
-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

~~~~~~~~~~~~~~~~~`

The following programmes come highly recommended in the security community.
  • xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpg
    AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
  • E8I37RF.png
    CryptoPrevent places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
  • EG85Vjt.png
    Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
  • x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpg
    Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
  • xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png
    NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
  • Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
  • DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png
    Secuina PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
  • xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg
    SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.png
    Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

Want to help others? Join the ClassRoom and learn how.
 
Glad we could help. :)
sparkle.gif


Since this issue appears resolved ... this Topic is closed.
 
Status
Not open for further replies.
Back
Top