Jump to content

colby5scott

Members
  • Posts

    3
  • Joined

  • Last visited

Reputation

0 Neutral
  1. How strange, I recall removing Microsoft Security Essentials ages ago. When I put an anti-virus/Anti-spyware on a system, i am sure to remove the other system to prevent issues. Strange how it came back. As stated, this is my grandmothers laptop, and she might have recived a promt from windows, or something else, to re-install it, oh well, just going to have to place a note on the side of the screen to prevent it from occuring again. Also, the command for the disk check flashes a command line window for a moment before said window vanishes into the aether. I have restarted a few times to see if that would do it, as well as tried a safemode boot-up. None are working.
  2. Thank you for getting on this so fast, and here are the .txt files again. Strange, it still is giving me, "Error IO" Please also note, firefox was locking up almost periodicly and the laptop has been slower then it should be today. Pasted below, first the FRST, then Addition. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-08-2015 Ran by Jo (administrator) on JO-PC (28-08-2015 16:51:53) Running from C:\Users\Jo\Desktop Loaded Profiles: Jo (Available Profiles: Jo) Platform: Microsoft® Windows Vista™ Ultimate Service Pack 2 (X86) Language: English (United States) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Abbott Diabetes Care) C:\Program Files\Abbott Diabetes Care\FreeStyle Auto-Assist\adcmald.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Spotify Ltd) C:\Users\Jo\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngtool.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NVHotkey] => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-08-25] (AVAST Software) HKLM\...\Run: [] => [X] HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2620728 2015-07-22] (Malwarebytes Corporation) HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd) HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\...\Run: [spotify Web Helper] => C:\Users\Jo\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1964088 2015-03-22] (Spotify Ltd) HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\...\RunOnce: [Application Restart #4] => C:\Program Files\AVAST Software\Avast\sfzone\SafeZoneBrowser.exe [672928 2014-11-22] (AVAST Software) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-07-30] (AVAST Software) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006 HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006 SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-30] (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) Toolbar: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000 -> No Name - {F7779E8A-BA43-408B-9A57-5AB0B73EF1D4} - No File DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25 Tcpip\..\Interfaces\{D416CB1C-43BB-45F4-ADEB-3710F44E73EF}: [DhcpNameServer] 192.168.0.1 205.171.3.25 FireFox: ======== FF ProfilePath: C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\lztwazbs.default-1425151358994 FF DefaultSearchEngine: Google (avast) FF DefaultSearchEngine.US: Google (avast) FF DefaultSearchUrl: hxxps://www.google.com/search/?trackid=sp-006 FF SearchEngineOrder.1: Google (avast) FF SelectedSearchEngine: Google (avast) FF Homepage: about:home FF Keyword.URL: hxxps://www.google.com/search/?trackid=sp-006 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-14] () FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-26] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3572847436-2681761750-3751482269-1000: @nsroblox.roblox.com/launcher -> C:\Users\Jo\AppData\Local\Roblox\Versions\version-5eefa3cb1a8a4e28\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-3572847436-2681761750-3751482269-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\Jo\AppData\Local\Roblox\Versions\version-5eefa3cb1a8a4e28\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-3572847436-2681761750-3751482269-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-01-26] (Unity Technologies ApS) FF SearchPlugin: C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\lztwazbs.default-1425151358994\searchplugins\google-avast.xml [2015-04-19] FF Extension: FT DeepDark - C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\lztwazbs.default-1425151358994\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2015-08-25] FF Extension: WOT - C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\lztwazbs.default-1425151358994\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-07-09] FF Extension: Hush - private bookmarking - C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\lztwazbs.default-1425151358994\Extensions\hush@teameuler.com.xpi [2015-08-05] FF Extension: Lightbeam - C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\lztwazbs.default-1425151358994\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2015-02-28] FF Extension: Bluhell Firewall - C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\lztwazbs.default-1425151358994\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2015-02-28] FF Extension: NoScript - C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\lztwazbs.default-1425151358994\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-02-28] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-02-01] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-07] Chrome: ======= CHR Profile: C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Avast Online Security) - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-07-22] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-22] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-17] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 adcmald; C:\Program Files\Abbott Diabetes Care\FreeStyle Auto-Assist\adcmald.exe [535896 2013-08-05] (Abbott Diabetes Care) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-30] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109008 2015-07-30] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3218624 2015-07-14] (Avast Software) R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2010-01-11] (Stardock Corporation) [File not signed] R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [713016 2015-07-22] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation) S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-07-30] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26096 2015-07-30] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-07-30] (AVAST Software) R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2014-07-31] (ALWIL Software) R0 aswNdis2; C:\Windows\system32\Drivers\aswNdis2.sys [256160 2015-07-30] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-07-30] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-07-30] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788784 2015-07-30] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433264 2015-07-30] (AVAST Software) R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [161472 2015-07-30] (AVAST Software) S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-07-30] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-07-30] (AVAST Software) S3 CEDRIVER60; C:\Program Files\Cheat Engine 6.4\dbk32.sys [82880 2014-06-20] () R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47928 2015-07-22] () S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [94936 2015-08-21] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation) R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [95112 2015-07-30] (AVAST Software) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-07-14] (Avast Software) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-28 16:53 - 2015-08-28 16:53 - 00000000 ____D C:\snapshots 2015-08-27 21:02 - 2015-08-28 16:53 - 00016016 _____ C:\Users\Jo\Desktop\FRST.txt 2015-08-27 21:02 - 2015-08-27 21:03 - 00036501 _____ C:\Users\Jo\Desktop\Addition.txt 2015-08-27 21:01 - 2015-08-28 16:52 - 00000000 ____D C:\FRST 2015-08-27 20:59 - 2015-08-27 21:00 - 01690624 _____ (Farbar) C:\Users\Jo\Desktop\FRST.exe 2015-08-27 18:43 - 2015-08-28 06:24 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-08-21 20:08 - 2015-08-28 06:24 - 00001902 _____ C:\Windows\PFRO.log 2015-08-21 18:13 - 2015-08-21 18:13 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\39B5091B.sys 2015-08-21 18:10 - 2015-08-21 18:10 - 00159728 _____ C:\Windows\Minidump\Mini082115-01.dmp 2015-08-21 18:09 - 2015-08-21 18:09 - 389509015 _____ C:\Windows\MEMORY.DMP 2015-08-20 20:23 - 2015-08-20 20:23 - 00000000 ____D C:\Users\Jo\AppData\Roaming\Thunderbird 2015-08-20 20:23 - 2015-08-20 20:23 - 00000000 ____D C:\Users\Jo\AppData\Local\Thunderbird 2015-08-20 20:22 - 2015-08-20 20:31 - 00000513 _____ C:\Users\Jo\Desktop\Thunderbird How to Use -Colby.txt 2015-08-20 19:46 - 2015-08-20 19:46 - 00000868 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk 2015-08-20 19:46 - 2015-08-20 19:46 - 00000856 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk 2015-08-20 19:46 - 2015-08-20 19:46 - 00000000 ____D C:\Program Files\Mozilla Thunderbird 2015-08-20 19:44 - 2015-08-20 19:45 - 34018072 _____ (Mozilla) C:\Users\Jo\Downloads\Thunderbird Setup 38.2.0.exe 2015-08-19 02:10 - 2015-08-14 17:03 - 12386816 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-08-19 02:10 - 2015-08-14 16:56 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-08-19 02:10 - 2015-08-14 16:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-08-15 21:03 - 2015-08-15 21:03 - 00001878 _____ C:\Users\Public\Desktop\Skype.lnk 2015-08-15 21:03 - 2015-08-15 21:03 - 00000000 ___RD C:\Program Files\Skype 2015-08-15 21:03 - 2015-08-15 21:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-08-15 21:03 - 2015-08-15 21:03 - 00000000 ____D C:\Program Files\Common Files\Skype 2015-08-12 16:43 - 2015-07-21 14:55 - 01206192 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-08-12 16:43 - 2015-07-21 10:07 - 03605440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-08-12 16:43 - 2015-07-21 10:07 - 03553216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-08-12 16:43 - 2015-07-21 10:07 - 00140224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys 2015-08-12 16:43 - 2015-07-21 10:07 - 00056256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-08-12 16:43 - 2015-07-21 10:03 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll 2015-08-12 16:43 - 2015-07-21 10:03 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-08-12 16:43 - 2015-07-21 10:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-08-12 16:39 - 2015-07-31 13:27 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-08-12 16:38 - 2015-07-09 08:20 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2015-08-12 16:36 - 2015-07-10 13:37 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-08-12 16:34 - 2015-07-11 09:56 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-08-12 16:25 - 2015-07-18 10:03 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll 2015-08-12 16:18 - 2015-07-10 13:37 - 01402368 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-08-12 16:18 - 2015-07-10 13:37 - 01253376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-08-12 16:17 - 2015-07-31 16:08 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-08-12 16:17 - 2015-07-31 15:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2015-08-12 16:17 - 2015-07-31 15:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2015-08-12 16:17 - 2015-07-31 15:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2015-08-12 16:17 - 2015-07-31 15:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2015-08-12 16:17 - 2015-07-31 14:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2015-08-12 16:17 - 2015-07-31 14:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2015-08-12 16:17 - 2015-07-31 14:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2015-08-12 16:17 - 2015-07-31 14:33 - 02066944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-08-12 16:17 - 2015-07-31 14:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-08-12 16:17 - 2015-07-31 14:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-08-12 16:17 - 2015-07-31 14:33 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-08-12 16:15 - 2015-07-01 09:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2015-08-12 16:14 - 2015-07-09 08:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe 2015-08-12 16:14 - 2015-07-09 08:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\notepad.exe 2015-08-12 13:42 - 2015-07-22 14:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-08-12 13:42 - 2015-07-22 14:51 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-08-12 13:42 - 2015-07-22 14:47 - 09751040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-08-12 13:42 - 2015-07-22 14:46 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-08-12 13:42 - 2015-07-22 14:46 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-08-12 13:42 - 2015-07-22 14:45 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-08-12 13:42 - 2015-07-22 14:45 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2015-08-12 13:42 - 2015-07-22 14:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-08-12 13:42 - 2015-07-22 14:44 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-08-12 13:42 - 2015-07-22 14:44 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-08-12 13:42 - 2015-07-22 14:44 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-08-12 13:42 - 2015-07-22 14:44 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-08-12 13:42 - 2015-07-22 14:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-08-12 13:42 - 2015-07-22 14:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-08-12 13:42 - 2015-07-22 14:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-08-12 13:42 - 2015-07-22 14:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2015-08-12 13:42 - 2015-07-22 14:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2015-08-12 13:42 - 2015-07-22 14:43 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2015-08-12 13:42 - 2015-07-22 14:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-08-10 14:43 - 2015-08-16 11:53 - 00000000 ____D C:\ProgramData\SecTaskMan 2015-08-10 14:42 - 2015-08-10 14:42 - 00000915 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk 2015-08-10 14:42 - 2015-08-10 14:42 - 00000904 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk 2015-08-10 14:42 - 2015-08-10 14:42 - 00000892 _____ C:\Users\Public\Desktop\Security Task Manager.lnk 2015-08-10 14:42 - 2015-08-10 14:42 - 00000000 ____D C:\Program Files\Security Task Manager 2015-08-10 14:41 - 2015-08-10 14:42 - 02816040 _____ C:\Users\Jo\Downloads\SecurityTaskManager_Setup.exe 2015-08-09 16:18 - 2015-08-09 16:18 - 02248704 _____ C:\Users\Jo\Downloads\adwcleaner_4.208.exe 2015-08-05 17:34 - 2015-08-05 17:34 - 00204496 _____ (Malwarebytes) C:\Users\Jo\Downloads\startuplite-setup-1.07.exe 2015-08-05 17:32 - 2015-08-05 17:33 - 00065232 _____ (Malwarebytes) C:\Users\Jo\Downloads\regassassin-setup-1.03.exe 2015-08-05 17:32 - 2015-08-05 17:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2015-08-05 17:29 - 2015-08-05 17:29 - 02865192 _____ (Malwarebytes ) C:\Users\Jo\Downloads\mbae-setup-1.07.1.1015.exe 2015-07-30 19:55 - 2015-07-30 19:55 - 00313472 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2015-07-30 19:55 - 2015-07-30 19:55 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-28 16:48 - 2014-02-13 12:03 - 00000429 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2015-08-28 16:48 - 2011-02-23 11:03 - 00047746 _____ C:\ProgramData\nvModes.dat 2015-08-28 16:48 - 2011-02-23 11:03 - 00047746 _____ C:\ProgramData\nvModes.001 2015-08-28 16:47 - 2006-11-02 07:00 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-08-28 16:47 - 2006-11-02 06:46 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-08-28 16:47 - 2006-11-02 06:46 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-08-28 07:03 - 2008-01-20 19:37 - 01698845 _____ C:\Windows\WindowsUpdate.log 2015-08-28 07:03 - 2006-11-02 07:00 - 00032554 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-08-28 07:01 - 2012-05-13 16:35 - 00000250 _____ C:\Windows\Tasks\HP Photo Creations Messager.job 2015-08-28 07:00 - 2012-04-01 15:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-08-28 06:24 - 2012-05-07 10:58 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-08-27 18:20 - 2013-08-05 14:10 - 00000000 ____D C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox 2015-08-27 18:17 - 2011-03-03 08:38 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-08-27 18:17 - 2011-03-03 08:38 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-08-27 18:14 - 2014-09-06 12:49 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2015-08-25 17:07 - 2015-02-07 20:22 - 00002587 _____ C:\Users\Jo\Desktop\Microsoft Office Word 2007.lnk 2015-08-21 20:08 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\security 2015-08-21 20:07 - 2015-07-20 18:14 - 00000000 ____D C:\Users\Jo\Desktop\a colby folder 2015-08-21 19:19 - 2014-09-06 12:37 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-08-21 19:16 - 2006-11-02 06:46 - 00273096 _____ C:\Windows\system32\FNTCACHE.DAT 2015-08-21 18:31 - 2014-09-06 12:36 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-08-21 18:10 - 2015-07-18 21:31 - 00000000 ____D C:\Windows\Minidump 2015-08-18 18:01 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\Microsoft.NET 2015-08-15 21:03 - 2014-07-12 07:57 - 00000000 ____D C:\Users\Jo\AppData\Roaming\Skype 2015-08-15 21:03 - 2014-07-12 07:57 - 00000000 ____D C:\ProgramData\Skype 2015-08-14 06:00 - 2012-04-01 15:18 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-08-14 06:00 - 2011-06-06 06:46 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-08-12 18:35 - 2006-11-02 06:35 - 00000000 ____D C:\Windows\system32\XPSViewer 2015-08-12 16:45 - 2011-02-23 13:57 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-08-12 16:43 - 2011-02-23 12:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-08-12 16:43 - 2011-02-23 12:09 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-08-12 16:34 - 2013-08-15 20:45 - 00000000 ____D C:\Windows\system32\MRT 2015-08-12 16:26 - 2006-11-02 04:24 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2015-08-12 16:22 - 2006-11-02 04:33 - 00719076 _____ C:\Windows\system32\PerfStringBackup.INI 2015-08-05 17:31 - 2014-09-06 12:49 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit 2015-07-30 20:19 - 2014-08-07 05:24 - 00000000 ____D C:\Program Files\Cheat Engine 6.4 2015-07-30 19:55 - 2015-07-14 19:58 - 00161472 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys 2015-07-30 19:55 - 2014-07-07 12:51 - 00433264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2015-07-30 19:55 - 2014-07-07 12:51 - 00208664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2015-07-30 19:55 - 2014-07-07 12:51 - 00076000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-07-30 19:55 - 2014-07-07 12:51 - 00057888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2015-07-30 19:55 - 2014-07-07 12:51 - 00055200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys 2015-07-30 19:55 - 2014-07-07 12:51 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2015-07-30 19:55 - 2014-07-07 12:51 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2015-07-30 19:54 - 2015-07-14 19:57 - 00095112 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys 2015-07-30 19:54 - 2014-07-31 06:22 - 00026096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2015-07-30 19:54 - 2014-07-07 12:51 - 00788784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2015-07-30 19:53 - 2014-07-31 06:21 - 00256160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdis2.sys ==================== Files in the root of some directories ======= 2012-04-28 11:40 - 2012-04-28 11:40 - 0000272 _____ () C:\Users\Jo\AppData\Roaming\.backup.dm 2015-05-19 13:47 - 2015-05-19 13:47 - 0021293 _____ () C:\Users\Jo\AppData\Roaming\UserTile.png 2011-02-23 09:24 - 2015-03-01 16:12 - 0001356 _____ () C:\Users\Jo\AppData\Local\d3d9caps.dat 2011-02-23 14:38 - 2015-03-04 17:45 - 0024576 _____ () C:\Users\Jo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-05-13 16:29 - 2012-05-13 16:29 - 0000057 _____ () C:\ProgramData\Ament.ini 2011-02-23 11:03 - 2015-08-28 16:48 - 0047746 _____ () C:\ProgramData\nvModes.001 2011-02-23 11:03 - 2015-08-28 16:48 - 0047746 _____ () C:\ProgramData\nvModes.dat ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-08-28 16:53 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version:27-08-2015 Ran by Jo (2015-08-28 16:54:30) Running from C:\Users\Jo\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3572847436-2681761750-3751482269-500 - Administrator - Disabled) Guest (S-1-5-21-3572847436-2681761750-3751482269-501 - Limited - Disabled) Jo (S-1-5-21-3572847436-2681761750-3751482269-1000 - Administrator - Enabled) => C:\Users\Jo ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - ) Abbott USB Data Cable Installation (Version: 1.00.0000 - Abbott Labs) Hidden Adobe AIR (HKLM\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated) Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated) Adobe Reader X (10.1.15) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.15 - Adobe Systems Incorporated) Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: - ) Advanced Video FX Engine (HKLM\...\Advanced Video FX Engine) (Version: - ) Avast Internet Security (HKLM\...\Avast) (Version: 10.3.2225 - AVAST Software) C771 USB Driver V1.0.11.0 (HKLM\...\{FC8BC9C6-7A6F-475E-848B-3FC3CA0BFE19}) (Version: 1.0.11.0 - CASIO) CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform) Cheat Engine 6.4 (HKLM\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden Dell Dock (HKLM\...\Dell Dock) (Version: 2.0 - Stardock Corporation) Dell Dock (Version: 2.0 - Stardock Corporation) Hidden Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.) Dell Webcam Center (HKLM\...\Dell Webcam Center) (Version: - ) Dell Webcam Manager (HKLM\...\Dell Webcam Manager) (Version: - ) Dropbox (HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.) FreeStyle Auto-Assist (HKLM\...\{ABA4BACF-C0E8-45FD-BDC7-92D1E7161183}) (Version: 2.0.3682.0 - Abbott Diabetes Care) Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.) Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.28.13 - Google Inc.) Hidden Horizon v2.7.9.0 (HKLM\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.7.9.0 - Daring Development Inc.) Hoyle Classic Games II (HKLM\...\Hoyle Classic Games II) (Version: - ) HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations) HP Photosmart 7510 series Basic Device Software (HKLM\...\{1BC72E97-FE98-48DF-82BF-C744F716BE28}) (Version: 25.0.617.0 - Hewlett-Packard Co.) HP Photosmart 7510 series Help (HKLM\...\{6357D25F-A9C9-4CC7-A1FB-0DCF344E7C40}) (Version: 140.0.2.2 - Hewlett Packard) HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) Laptop Integrated Webcam Driver (1.04.01.1011) (HKLM\...\Creative OEM002) (Version: - ) Live! Cam Avatar Creator (HKLM\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.0817.1 - Creative Technology Ltd.) Live! Cam Avatar v1.0 (HKLM\...\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}) (Version: 1.0 - Creative Technology Ltd.) Malwarebytes Anti-Exploit version 1.07.1.1015 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.07.1.1015 - Malwarebytes) Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Mozilla Firefox 40.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla) Mozilla Thunderbird 38.2.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 38.2.0 (x86 en-US)) (Version: 38.2.0 - Mozilla) Notepad++ (HKLM\...\Notepad++) (Version: 6.7.4 - Notepad++ Team) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation) RICOH R5C83x/84x Media Driver x86 Ver.3.34.03 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.34.03 - ) ROBLOX Player for Jo (HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation) Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio) SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.0.0 - DMAILER) Security Task Manager 2.1 (HKLM\...\Security Task Manager) (Version: 2.1 - Neuber Software) Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden Skype™ 7.8 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\...\Spotify) (Version: 1.0.2.6.g9977a14b - Spotify AB) Ultimate Extras sounds from Microsoft® Tinker™ (HKLM\...\UltSounds2) (Version: - Microsoft Corporation) Unity Web Player (HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\...\UnityWebPlayer) (Version: 4.6.2f1 - Unity Technologies ApS) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Sound Schemes (HKLM\...\UltSounds) (Version: - Microsoft Corporation) Yahoo! Detect (HKLM\...\YTdetect) (Version: - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation ) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation ) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation ) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Jo\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{76D50904-6780-4c8b-8986-1A7EE0B1716D}\InprocServer32 -> C:\Users\Jo\AppData\Local\Roblox\Versions\version-5eefa3cb1a8a4e28\RobloxProxy.dll (ROBLOX Corporation) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Jo\AppData\Local\Roblox\Versions\version-5eefa3cb1a8a4e28\RobloxProxy64.dll (ROBLOX Corporation) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) ==================== Restore Points ========================= 23-08-2015 01:56:18 Windows Update 27-08-2015 05:59:50 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 04:23 - 2006-09-18 15:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1BDC2FD2-5163-453E-BBA8-CB11A6538EEA} - System32\Tasks\hpUrlLauncher.exe_{CF0F894F-A499-443C-9E77-FFDFA81784D7} => C:\Program Files\HP\HP Photosmart 7510 series\Bin\utils\hpUrlLauncher.exe [2011-08-31] (Hewlett-Packard Co.) Task: {25B53FDD-3954-40B5-835E-13A534B074C5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {496346F5-9E3A-4579-9F61-B3409607E5A3} - System32\Tasks\avastBCLRestartS-1-5-21-3572847436-2681761750-3751482269-1000 => Firefox.exe Task: {548935E6-A6C6-4308-80BE-C4EF0E350073} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-14] (Adobe Systems Incorporated) Task: {5CC3C2EE-3489-4E2A-A767-DA0854CB9FD7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated) Task: {9CBE053E-494C-4339-8603-67706EA94702} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-30] (AVAST Software) Task: {BBB94DD8-8F01-4ACB-A9BB-0300A92D97E8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {C4CA4161-F1A4-4D87-B245-3CDC2573456B} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation) Task: {E87BC8F5-77B2-4DB4-88EB-0E12C2C86083} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15] () Task: {ED0D99C0-1D80-4843-9B45-EB74EDF37761} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe ==================== Loaded Modules (Whitelisted) ============== 2015-03-17 16:54 - 2015-07-30 19:55 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-03-17 16:53 - 2015-07-30 19:55 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-08-28 06:28 - 2015-08-28 06:28 - 02961408 _____ () C:\Program Files\AVAST Software\Avast\defs\15082800\algo.dll 2015-03-13 09:32 - 2015-03-17 16:55 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Jo\Documents\Cookies.eml:OECustomProperty AlternateDataStreams: C:\Users\Jo\Documents\Fw_.emljellie.eml:OECustomProperty AlternateDataStreams: C:\Users\Jo\Documents\Jellie1.eml:OECustomProperty AlternateDataStreams: C:\Users\Jo\Documents\pontoon boat seats.eml:OECustomProperty AlternateDataStreams: C:\Users\Jo\Documents\Universal FleetCard Application.eml:OECustomProperty ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jo\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg DNS Servers: 192.168.0.1 - 205.171.3.25 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Users^Jo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup MSCONFIG\startupfolder: C:^Users^Jo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupfolder: C:^Users^Jo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Photosmart 7510 series (Network).lnk => C:\Windows\pss\Monitor Ink Alerts - HP Photosmart 7510 series (Network).lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: BringMeSports_1c Browser Plugin Loader => C:\PROGRA~1\BRINGM~2\bar\1.bin\1cbrmon.exe MSCONFIG\startupreg: DELL Webcam Manager => "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe MSCONFIG\startupreg: FreeStyle AutoLaunch => "C:\Program Files\Abbott Diabetes Care\FreeStyle Auto-Assist\adclaunchd.exe" MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: OEM02Mon.exe => C:\Windows\OEM02Mon.exe MSCONFIG\startupreg: SanDiskSecureAccess_Manager.exe => C:\Users\Jo\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe MSCONFIG\startupreg: Spotify => "C:\Users\Jo\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Jo\AppData\Roaming\Spotify\SpotifyWebHelper.exe" MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [{F0F288E8-A3DC-462E-9AF8-6BED86304560}] => (Allow) LPort=80 FirewallRules: [{6DA5E4AA-42A5-4F16-86A8-DC19C9BDC97F}] => (Allow) LPort=80 FirewallRules: [{AAE3017B-2AD4-4779-8260-E5A667CF13DD}] => (Allow) LPort=80 FirewallRules: [{E2F7D8BD-1764-4B8D-8402-4D0D0B2DFD31}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe FirewallRules: [{DC185503-11B4-4744-8812-9C6960B144A5}] => (Allow) LPort=2869 FirewallRules: [{E8CA1788-0F83-4167-85AD-3F908E7296CA}] => (Allow) LPort=1900 FirewallRules: [TCP Query User{11C8BD56-3F59-4E47-BE86-D4743550BFB3}C:\program files\google\google earth\plugin\geplugin.exe] => (Block) C:\program files\google\google earth\plugin\geplugin.exe FirewallRules: [uDP Query User{22DDDA59-C0D1-41AE-982A-FA6A099E0206}C:\program files\google\google earth\plugin\geplugin.exe] => (Block) C:\program files\google\google earth\plugin\geplugin.exe FirewallRules: [{E67C31FF-7139-4813-96F1-267B2E964B04}] => (Allow) C:\Program Files\HP\HP Photosmart 7510 series\Bin\DeviceSetup.exe FirewallRules: [{F8992155-AD3B-4D02-A6E4-7A7B46ACE9F9}] => (Allow) C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPNetworkCommunicator.exe FirewallRules: [{79C3B774-7A86-4354-AEBF-7160126451E3}] => (Allow) C:\Users\Jo\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{9C8FE7B6-E564-4936-A05E-AF6D2083A64A}] => (Allow) C:\Users\Jo\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{7DA24230-ED57-42AA-A581-4366F7D6C7F8}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe FirewallRules: [{FC13AE88-C310-40F2-9CAA-8579E45CA7D8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{EB3478C0-AA77-4954-863C-AA27F99A550D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{4E6B0F5B-08A4-44E4-AA4C-37B7B7A5419E}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe FirewallRules: [uDP Query User{8092220D-F725-4A7B-BB48-CE6409DC0946}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe FirewallRules: [TCP Query User{D04D0EE5-4753-438C-B8E9-93C4123CE6B6}E:\users\jo\appdata\roaming\spotify\spotify.exe] => (Allow) E:\users\jo\appdata\roaming\spotify\spotify.exe FirewallRules: [uDP Query User{FDC161F5-157C-4B4B-BAA1-C2CD9DA29915}E:\users\jo\appdata\roaming\spotify\spotify.exe] => (Allow) E:\users\jo\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{78A20FF9-EEB3-4F28-913D-B4B97B9F1BF1}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe FirewallRules: [uDP Query User{C7241305-B6F7-4B1F-B1E4-8CE9D836E76E}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe FirewallRules: [TCP Query User{38DEBD9D-3382-4513-AC08-821360448AED}C:\users\jo\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\jo\appdata\roaming\spotify\spotify.exe FirewallRules: [uDP Query User{742A040A-DA9B-4A2C-BD79-53051A38EEE4}C:\users\jo\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\jo\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{47238215-D069-4CA8-8114-5A7ED647CBBE}C:\users\jo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jo\appdata\roaming\spotify\spotify.exe FirewallRules: [uDP Query User{9B7B392B-36C9-4414-AF28-738BBA18F95A}C:\users\jo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jo\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{63F799C6-C0F8-47F9-AA17-EF9672A76BF0}C:\program files\google\google earth\client\googleearth.exe] => (Allow) C:\program files\google\google earth\client\googleearth.exe FirewallRules: [uDP Query User{639ADFC3-B37F-43EB-A6BC-08B495E226E6}C:\program files\google\google earth\client\googleearth.exe] => (Allow) C:\program files\google\google earth\client\googleearth.exe FirewallRules: [{554BFA86-A671-4DD8-9B26-AFC2AACEB2EE}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{3EC65C10-BBBF-4419-A89D-8E76E2E70EF6}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{74CB4233-1288-473F-962A-C5082E665DE7}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= Name: Microsoft ISATAP Adapter Description: Microsoft ISATAP Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver ==================== Event log errors: ========================= Application errors: ================== Error: (08/28/2015 04:49:16 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/28/2015 06:26:01 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/27/2015 10:46:46 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, faulting module RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, exception code 0xc0000005, fault offset 0x000a8e8e, process id 0x1060, application start time 0xRobloxPlayerBeta.exe0. Error: (08/27/2015 08:50:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, faulting module RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, exception code 0xc0000005, fault offset 0x000a8e8e, process id 0x1078, application start time 0xRobloxPlayerBeta.exe0. Error: (08/27/2015 08:37:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, faulting module RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, exception code 0xc0000005, fault offset 0x000a8e8e, process id 0x868, application start time 0xRobloxPlayerBeta.exe0. Error: (08/27/2015 08:36:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, faulting module RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, exception code 0xc0000005, fault offset 0x000a8e8e, process id 0x1750, application start time 0xRobloxPlayerBeta.exe0. Error: (08/27/2015 08:05:23 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/27/2015 08:00:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, faulting module RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, exception code 0xc0000005, fault offset 0x000a8e8e, process id 0xa0c, application start time 0xRobloxPlayerBeta.exe0. Error: (08/27/2015 07:55:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, faulting module RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, exception code 0xc0000005, fault offset 0x000a8e8e, process id 0x13a0, application start time 0xRobloxPlayerBeta.exe0. Error: (08/27/2015 07:37:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, faulting module RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, exception code 0xc0000005, fault offset 0x000a8e8e, process id 0xfa0, application start time 0xRobloxPlayerBeta.exe0. System errors: ============= Error: (08/28/2015 04:49:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Error: (08/28/2015 06:39:12 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: 0x80070643Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.205.913.0){3F586AA3-D56D-4000-B6BE-93BF2F2368D2}201 Error: (08/28/2015 06:38:39 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.205.681.0 Update Source: %NT AUTHORITY59 Update Stage: 4.8.0204.00 Source Path: 4.8.0204.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (08/28/2015 06:26:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Error: (08/27/2015 08:05:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Error: (08/27/2015 06:11:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Error: (08/27/2015 06:02:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Error: (08/27/2015 07:34:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Windows Media Player Network Sharing Service%%1053 Error: (08/27/2015 07:34:35 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: 30000Windows Media Player Network Sharing Service Error: (08/27/2015 07:33:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Microsoft Office: ========================= CodeIntegrity: =================================== Date: 2015-08-28 16:53:59.868 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-08-28 16:53:59.650 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-08-28 16:53:59.431 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-08-28 16:53:59.197 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-08-28 16:53:58.370 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\39B5091B.sys because the set of per-page image hashes could not be found on the system. Date: 2015-08-28 16:53:58.152 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\39B5091B.sys because the set of per-page image hashes could not be found on the system. Date: 2015-08-28 16:53:57.778 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\39B5091B.sys because the set of per-page image hashes could not be found on the system. Date: 2015-08-28 16:53:57.512 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\39B5091B.sys because the set of per-page image hashes could not be found on the system. Date: 2015-08-28 16:53:17.218 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-08-28 16:53:16.547 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU T8300 @ 2.40GHz Percentage of memory in use: 44% Total physical RAM: 3069.14 MB Available physical RAM: 1707.16 MB Total Virtual: 6339.3 MB Available Virtual: 4902.25 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:149 GB) (Free:95.7 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive e: (The Epic drive) (Removable) (Total:1.88 GB) (Free:0.19 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 38000000) Partition 1: (Not Active) - (Size=55 MB) - (Type=DE) Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 1.9 GB) (Disk ID: 73736572) Partition 1: (Not Active) - (Size=866 GB) - (Type=72) Partition 2: (Not Active) - (Size=931.6 GB) - (Type=6C) Partition 00: (Not Active) - (Size=0) - (Type=00) ATTENTION ===> 0 byte partition bootkit. Partition 3: (Not Active) - (Size=224 KB) - (Type=00) ==================== End of Addition.txt ============================
  3. Hello, I have been helping my grandmother out with her laptop, and recently, webpages have been failing to load, a blue screen of death occured, and occational freezing has occured. It has grown, and though Mbam scans have been frequent, nothing has been found albeit the occational pup, I worry for the state of the computer, and hope to save it, before all is lost. I am someone who spends his time trying to learn about the hardware of computers, not as much on the digital front. That is where you come in. I have been a long time user of Mbam, and Mbae, I hope we can get this resolved, below is the files, i was getting "Error IO" when attempting to attach the files. Lets get this party started, shall we? Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-08-2015 Ran by Jo (administrator) on JO-PC (27-08-2015 21:02:07) Running from C:\Users\Jo\Desktop Loaded Profiles: Jo (Available Profiles: Jo) Platform: Microsoft® Windows Vista™ Ultimate Service Pack 2 (X86) Language: English (United States) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Abbott Diabetes Care) C:\Program Files\Abbott Diabetes Care\FreeStyle Auto-Assist\adcmald.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe (Spotify Ltd) C:\Users\Jo\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NVHotkey] => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-08-25] (AVAST Software) HKLM\...\Run: [] => [X] HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2620728 2015-07-22] (Malwarebytes Corporation) HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd) HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\...\Run: [spotify Web Helper] => C:\Users\Jo\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1964088 2015-03-22] (Spotify Ltd) HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\...\RunOnce: [Application Restart #4] => C:\Program Files\AVAST Software\Avast\sfzone\SafeZoneBrowser.exe [672928 2014-11-22] (AVAST Software) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-07-30] (AVAST Software) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006 HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006 SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-30] (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) Toolbar: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000 -> No Name - {F7779E8A-BA43-408B-9A57-5AB0B73EF1D4} - No File DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25 Tcpip\..\Interfaces\{D416CB1C-43BB-45F4-ADEB-3710F44E73EF}: [DhcpNameServer] 192.168.0.1 205.171.3.25 FireFox: ======== FF ProfilePath: C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\lztwazbs.default-1425151358994 FF DefaultSearchEngine: Google (avast) FF DefaultSearchEngine.US: Google (avast) FF DefaultSearchUrl: hxxps://www.google.com/search/?trackid=sp-006 FF SearchEngineOrder.1: Google (avast) FF SelectedSearchEngine: Google (avast) FF Homepage: about:home FF Keyword.URL: hxxps://www.google.com/search/?trackid=sp-006 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-14] () FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-26] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3572847436-2681761750-3751482269-1000: @nsroblox.roblox.com/launcher -> C:\Users\Jo\AppData\Local\Roblox\Versions\version-5eefa3cb1a8a4e28\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-3572847436-2681761750-3751482269-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\Jo\AppData\Local\Roblox\Versions\version-5eefa3cb1a8a4e28\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-3572847436-2681761750-3751482269-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-01-26] (Unity Technologies ApS) FF SearchPlugin: C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\lztwazbs.default-1425151358994\searchplugins\google-avast.xml [2015-04-19] FF Extension: FT DeepDark - C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\lztwazbs.default-1425151358994\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2015-08-25] FF Extension: WOT - C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\lztwazbs.default-1425151358994\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-07-09] FF Extension: YouTube Enhancer Plus - C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\lztwazbs.default-1425151358994\Extensions\firefoxaddon@youtubeenhancer.com.xpi [2015-02-28] FF Extension: Hush - private bookmarking - C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\lztwazbs.default-1425151358994\Extensions\hush@teameuler.com.xpi [2015-08-05] FF Extension: Lightbeam - C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\lztwazbs.default-1425151358994\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2015-02-28] FF Extension: Bluhell Firewall - C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\lztwazbs.default-1425151358994\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2015-02-28] FF Extension: NoScript - C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\lztwazbs.default-1425151358994\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-02-28] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-02-01] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-07] Chrome: ======= CHR Profile: C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Avast Online Security) - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-07-22] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-22] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-17] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 adcmald; C:\Program Files\Abbott Diabetes Care\FreeStyle Auto-Assist\adcmald.exe [535896 2013-08-05] (Abbott Diabetes Care) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-30] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109008 2015-07-30] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3218624 2015-07-14] (Avast Software) R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2010-01-11] (Stardock Corporation) [File not signed] R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [713016 2015-07-22] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation) S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-07-30] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26096 2015-07-30] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-07-30] (AVAST Software) R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2014-07-31] (ALWIL Software) R0 aswNdis2; C:\Windows\system32\Drivers\aswNdis2.sys [256160 2015-07-30] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-07-30] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-07-30] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788784 2015-07-30] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433264 2015-07-30] (AVAST Software) R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [161472 2015-07-30] (AVAST Software) S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-07-30] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-07-30] (AVAST Software) S3 CEDRIVER60; C:\Program Files\Cheat Engine 6.4\dbk32.sys [82880 2014-06-20] () R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47928 2015-07-22] () S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [94936 2015-08-21] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation) R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [95112 2015-07-30] (AVAST Software) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-07-14] (Avast Software) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-27 21:02 - 2015-08-27 21:02 - 00016055 _____ C:\Users\Jo\Desktop\FRST.txt 2015-08-27 21:01 - 2015-08-27 21:02 - 00000000 ____D C:\FRST 2015-08-27 20:59 - 2015-08-27 21:00 - 01690624 _____ (Farbar) C:\Users\Jo\Desktop\FRST.exe 2015-08-27 18:43 - 2015-08-27 20:07 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-08-21 20:08 - 2015-08-25 16:19 - 00001546 _____ C:\Windows\PFRO.log 2015-08-21 18:13 - 2015-08-21 18:13 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\39B5091B.sys 2015-08-21 18:10 - 2015-08-21 18:10 - 00159728 _____ C:\Windows\Minidump\Mini082115-01.dmp 2015-08-21 18:09 - 2015-08-21 18:09 - 389509015 _____ C:\Windows\MEMORY.DMP 2015-08-20 20:23 - 2015-08-20 20:23 - 00000000 ____D C:\Users\Jo\AppData\Roaming\Thunderbird 2015-08-20 20:23 - 2015-08-20 20:23 - 00000000 ____D C:\Users\Jo\AppData\Local\Thunderbird 2015-08-20 20:22 - 2015-08-20 20:31 - 00000513 _____ C:\Users\Jo\Desktop\Thunderbird How to Use -Colby.txt 2015-08-20 19:46 - 2015-08-20 19:46 - 00000868 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk 2015-08-20 19:46 - 2015-08-20 19:46 - 00000856 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk 2015-08-20 19:46 - 2015-08-20 19:46 - 00000000 ____D C:\Program Files\Mozilla Thunderbird 2015-08-20 19:44 - 2015-08-20 19:45 - 34018072 _____ (Mozilla) C:\Users\Jo\Downloads\Thunderbird Setup 38.2.0.exe 2015-08-19 02:10 - 2015-08-14 17:03 - 12386816 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-08-19 02:10 - 2015-08-14 16:56 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-08-19 02:10 - 2015-08-14 16:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-08-15 21:03 - 2015-08-15 21:03 - 00001878 _____ C:\Users\Public\Desktop\Skype.lnk 2015-08-15 21:03 - 2015-08-15 21:03 - 00000000 ___RD C:\Program Files\Skype 2015-08-15 21:03 - 2015-08-15 21:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-08-15 21:03 - 2015-08-15 21:03 - 00000000 ____D C:\Program Files\Common Files\Skype 2015-08-12 16:43 - 2015-07-21 14:55 - 01206192 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-08-12 16:43 - 2015-07-21 10:07 - 03605440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-08-12 16:43 - 2015-07-21 10:07 - 03553216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-08-12 16:43 - 2015-07-21 10:07 - 00140224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys 2015-08-12 16:43 - 2015-07-21 10:07 - 00056256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-08-12 16:43 - 2015-07-21 10:03 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll 2015-08-12 16:43 - 2015-07-21 10:03 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-08-12 16:43 - 2015-07-21 10:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-08-12 16:39 - 2015-07-31 13:27 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-08-12 16:38 - 2015-07-09 08:20 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2015-08-12 16:36 - 2015-07-10 13:37 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-08-12 16:34 - 2015-07-11 09:56 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-08-12 16:25 - 2015-07-18 10:03 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll 2015-08-12 16:18 - 2015-07-10 13:37 - 01402368 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-08-12 16:18 - 2015-07-10 13:37 - 01253376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-08-12 16:17 - 2015-07-31 16:08 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-08-12 16:17 - 2015-07-31 15:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2015-08-12 16:17 - 2015-07-31 15:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2015-08-12 16:17 - 2015-07-31 15:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2015-08-12 16:17 - 2015-07-31 15:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2015-08-12 16:17 - 2015-07-31 14:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2015-08-12 16:17 - 2015-07-31 14:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2015-08-12 16:17 - 2015-07-31 14:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2015-08-12 16:17 - 2015-07-31 14:33 - 02066944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-08-12 16:17 - 2015-07-31 14:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-08-12 16:17 - 2015-07-31 14:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-08-12 16:17 - 2015-07-31 14:33 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-08-12 16:15 - 2015-07-01 09:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2015-08-12 16:14 - 2015-07-09 08:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe 2015-08-12 16:14 - 2015-07-09 08:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\notepad.exe 2015-08-12 13:42 - 2015-07-22 14:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-08-12 13:42 - 2015-07-22 14:51 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-08-12 13:42 - 2015-07-22 14:47 - 09751040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-08-12 13:42 - 2015-07-22 14:46 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-08-12 13:42 - 2015-07-22 14:46 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-08-12 13:42 - 2015-07-22 14:45 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-08-12 13:42 - 2015-07-22 14:45 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2015-08-12 13:42 - 2015-07-22 14:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-08-12 13:42 - 2015-07-22 14:44 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-08-12 13:42 - 2015-07-22 14:44 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-08-12 13:42 - 2015-07-22 14:44 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-08-12 13:42 - 2015-07-22 14:44 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-08-12 13:42 - 2015-07-22 14:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-08-12 13:42 - 2015-07-22 14:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-08-12 13:42 - 2015-07-22 14:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-08-12 13:42 - 2015-07-22 14:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2015-08-12 13:42 - 2015-07-22 14:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2015-08-12 13:42 - 2015-07-22 14:43 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2015-08-12 13:42 - 2015-07-22 14:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-08-10 14:43 - 2015-08-16 11:53 - 00000000 ____D C:\ProgramData\SecTaskMan 2015-08-10 14:42 - 2015-08-10 14:42 - 00000915 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk 2015-08-10 14:42 - 2015-08-10 14:42 - 00000904 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk 2015-08-10 14:42 - 2015-08-10 14:42 - 00000892 _____ C:\Users\Public\Desktop\Security Task Manager.lnk 2015-08-10 14:42 - 2015-08-10 14:42 - 00000000 ____D C:\Program Files\Security Task Manager 2015-08-10 14:41 - 2015-08-10 14:42 - 02816040 _____ C:\Users\Jo\Downloads\SecurityTaskManager_Setup.exe 2015-08-09 16:18 - 2015-08-09 16:18 - 02248704 _____ C:\Users\Jo\Downloads\adwcleaner_4.208.exe 2015-08-05 17:34 - 2015-08-05 17:34 - 00204496 _____ (Malwarebytes) C:\Users\Jo\Downloads\startuplite-setup-1.07.exe 2015-08-05 17:32 - 2015-08-05 17:33 - 00065232 _____ (Malwarebytes) C:\Users\Jo\Downloads\regassassin-setup-1.03.exe 2015-08-05 17:32 - 2015-08-05 17:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2015-08-05 17:29 - 2015-08-05 17:29 - 02865192 _____ (Malwarebytes ) C:\Users\Jo\Downloads\mbae-setup-1.07.1.1015.exe 2015-07-30 19:55 - 2015-07-30 19:55 - 00313472 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2015-07-30 19:55 - 2015-07-30 19:55 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-27 21:01 - 2012-05-13 16:35 - 00000250 _____ C:\Windows\Tasks\HP Photo Creations Messager.job 2015-08-27 21:00 - 2012-04-01 15:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-08-27 20:43 - 2008-01-20 19:37 - 01634716 _____ C:\Windows\WindowsUpdate.log 2015-08-27 20:07 - 2012-05-07 10:58 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-08-27 20:05 - 2014-02-13 12:03 - 00000429 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2015-08-27 20:05 - 2011-02-23 11:03 - 00047746 _____ C:\ProgramData\nvModes.001 2015-08-27 20:04 - 2011-02-23 11:03 - 00047746 _____ C:\ProgramData\nvModes.dat 2015-08-27 20:04 - 2006-11-02 07:00 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-08-27 20:04 - 2006-11-02 06:46 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-08-27 20:04 - 2006-11-02 06:46 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-08-27 20:03 - 2006-11-02 07:00 - 00032554 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-08-27 18:20 - 2013-08-05 14:10 - 00000000 ____D C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox 2015-08-27 18:17 - 2011-03-03 08:38 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-08-27 18:17 - 2011-03-03 08:38 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-08-27 18:14 - 2014-09-06 12:49 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2015-08-25 17:07 - 2015-02-07 20:22 - 00002587 _____ C:\Users\Jo\Desktop\Microsoft Office Word 2007.lnk 2015-08-21 20:08 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\security 2015-08-21 20:07 - 2015-07-20 18:14 - 00000000 ____D C:\Users\Jo\Desktop\a colby folder 2015-08-21 19:19 - 2014-09-06 12:37 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-08-21 19:16 - 2006-11-02 06:46 - 00273096 _____ C:\Windows\system32\FNTCACHE.DAT 2015-08-21 18:31 - 2014-09-06 12:36 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-08-21 18:10 - 2015-07-18 21:31 - 00000000 ____D C:\Windows\Minidump 2015-08-18 18:01 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\Microsoft.NET 2015-08-15 21:03 - 2014-07-12 07:57 - 00000000 ____D C:\Users\Jo\AppData\Roaming\Skype 2015-08-15 21:03 - 2014-07-12 07:57 - 00000000 ____D C:\ProgramData\Skype 2015-08-14 06:00 - 2012-04-01 15:18 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-08-14 06:00 - 2011-06-06 06:46 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-08-12 18:35 - 2006-11-02 06:35 - 00000000 ____D C:\Windows\system32\XPSViewer 2015-08-12 16:45 - 2011-02-23 13:57 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-08-12 16:43 - 2011-02-23 12:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-08-12 16:43 - 2011-02-23 12:09 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-08-12 16:34 - 2013-08-15 20:45 - 00000000 ____D C:\Windows\system32\MRT 2015-08-12 16:26 - 2006-11-02 04:24 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2015-08-12 16:22 - 2006-11-02 04:33 - 00719076 _____ C:\Windows\system32\PerfStringBackup.INI 2015-08-05 17:31 - 2014-09-06 12:49 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit 2015-07-30 20:19 - 2014-08-07 05:24 - 00000000 ____D C:\Program Files\Cheat Engine 6.4 2015-07-30 19:55 - 2015-07-14 19:58 - 00161472 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys 2015-07-30 19:55 - 2014-07-07 12:51 - 00433264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2015-07-30 19:55 - 2014-07-07 12:51 - 00208664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2015-07-30 19:55 - 2014-07-07 12:51 - 00076000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-07-30 19:55 - 2014-07-07 12:51 - 00057888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2015-07-30 19:55 - 2014-07-07 12:51 - 00055200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys 2015-07-30 19:55 - 2014-07-07 12:51 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2015-07-30 19:55 - 2014-07-07 12:51 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2015-07-30 19:54 - 2015-07-14 19:57 - 00095112 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys 2015-07-30 19:54 - 2014-07-31 06:22 - 00026096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2015-07-30 19:54 - 2014-07-07 12:51 - 00788784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2015-07-30 19:53 - 2014-07-31 06:21 - 00256160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdis2.sys ==================== Files in the root of some directories ======= 2012-04-28 11:40 - 2012-04-28 11:40 - 0000272 _____ () C:\Users\Jo\AppData\Roaming\.backup.dm 2015-05-19 13:47 - 2015-05-19 13:47 - 0021293 _____ () C:\Users\Jo\AppData\Roaming\UserTile.png 2011-02-23 09:24 - 2015-03-01 16:12 - 0001356 _____ () C:\Users\Jo\AppData\Local\d3d9caps.dat 2011-02-23 14:38 - 2015-03-04 17:45 - 0024576 _____ () C:\Users\Jo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-05-13 16:29 - 2012-05-13 16:29 - 0000057 _____ () C:\ProgramData\Ament.ini 2011-02-23 11:03 - 2015-08-27 20:05 - 0047746 _____ () C:\ProgramData\nvModes.001 2011-02-23 11:03 - 2015-08-27 20:04 - 0047746 _____ () C:\ProgramData\nvModes.dat ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-08-27 20:12 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version:27-08-2015 Ran by Jo (2015-08-27 21:02:57) Running from C:\Users\Jo\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3572847436-2681761750-3751482269-500 - Administrator - Disabled) Guest (S-1-5-21-3572847436-2681761750-3751482269-501 - Limited - Disabled) Jo (S-1-5-21-3572847436-2681761750-3751482269-1000 - Administrator - Enabled) => C:\Users\Jo ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - ) Abbott USB Data Cable Installation (Version: 1.00.0000 - Abbott Labs) Hidden Adobe AIR (HKLM\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated) Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated) Adobe Reader X (10.1.15) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.15 - Adobe Systems Incorporated) Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: - ) Advanced Video FX Engine (HKLM\...\Advanced Video FX Engine) (Version: - ) Avast Internet Security (HKLM\...\Avast) (Version: 10.3.2225 - AVAST Software) C771 USB Driver V1.0.11.0 (HKLM\...\{FC8BC9C6-7A6F-475E-848B-3FC3CA0BFE19}) (Version: 1.0.11.0 - CASIO) CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform) Cheat Engine 6.4 (HKLM\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden Dell Dock (HKLM\...\Dell Dock) (Version: 2.0 - Stardock Corporation) Dell Dock (Version: 2.0 - Stardock Corporation) Hidden Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.) Dell Webcam Center (HKLM\...\Dell Webcam Center) (Version: - ) Dell Webcam Manager (HKLM\...\Dell Webcam Manager) (Version: - ) Dropbox (HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.) FreeStyle Auto-Assist (HKLM\...\{ABA4BACF-C0E8-45FD-BDC7-92D1E7161183}) (Version: 2.0.3682.0 - Abbott Diabetes Care) Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.) Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.28.13 - Google Inc.) Hidden Horizon v2.7.9.0 (HKLM\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.7.9.0 - Daring Development Inc.) Hoyle Classic Games II (HKLM\...\Hoyle Classic Games II) (Version: - ) HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations) HP Photosmart 7510 series Basic Device Software (HKLM\...\{1BC72E97-FE98-48DF-82BF-C744F716BE28}) (Version: 25.0.617.0 - Hewlett-Packard Co.) HP Photosmart 7510 series Help (HKLM\...\{6357D25F-A9C9-4CC7-A1FB-0DCF344E7C40}) (Version: 140.0.2.2 - Hewlett Packard) HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) Laptop Integrated Webcam Driver (1.04.01.1011) (HKLM\...\Creative OEM002) (Version: - ) Live! Cam Avatar Creator (HKLM\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.0817.1 - Creative Technology Ltd.) Live! Cam Avatar v1.0 (HKLM\...\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}) (Version: 1.0 - Creative Technology Ltd.) Malwarebytes Anti-Exploit version 1.07.1.1015 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.07.1.1015 - Malwarebytes) Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Mozilla Firefox 40.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla) Mozilla Thunderbird 38.2.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 38.2.0 (x86 en-US)) (Version: 38.2.0 - Mozilla) Notepad++ (HKLM\...\Notepad++) (Version: 6.7.4 - Notepad++ Team) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation) RICOH R5C83x/84x Media Driver x86 Ver.3.34.03 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.34.03 - ) ROBLOX Player for Jo (HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation) Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio) SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.0.0 - DMAILER) Security Task Manager 2.1 (HKLM\...\Security Task Manager) (Version: 2.1 - Neuber Software) Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden Skype™ 7.8 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\...\Spotify) (Version: 1.0.2.6.g9977a14b - Spotify AB) Ultimate Extras sounds from Microsoft® Tinker™ (HKLM\...\UltSounds2) (Version: - Microsoft Corporation) Unity Web Player (HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\...\UnityWebPlayer) (Version: 4.6.2f1 - Unity Technologies ApS) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Sound Schemes (HKLM\...\UltSounds) (Version: - Microsoft Corporation) Yahoo! Detect (HKLM\...\YTdetect) (Version: - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation ) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation ) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation ) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Jo\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{76D50904-6780-4c8b-8986-1A7EE0B1716D}\InprocServer32 -> C:\Users\Jo\AppData\Local\Roblox\Versions\version-5eefa3cb1a8a4e28\RobloxProxy.dll (ROBLOX Corporation) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Jo\AppData\Local\Roblox\Versions\version-5eefa3cb1a8a4e28\RobloxProxy64.dll (ROBLOX Corporation) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3572847436-2681761750-3751482269-1000_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) ==================== Restore Points ========================= 23-08-2015 01:56:18 Windows Update 27-08-2015 05:59:50 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 04:23 - 2006-09-18 15:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1BDC2FD2-5163-453E-BBA8-CB11A6538EEA} - System32\Tasks\hpUrlLauncher.exe_{CF0F894F-A499-443C-9E77-FFDFA81784D7} => C:\Program Files\HP\HP Photosmart 7510 series\Bin\utils\hpUrlLauncher.exe [2011-08-31] (Hewlett-Packard Co.) Task: {25B53FDD-3954-40B5-835E-13A534B074C5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {496346F5-9E3A-4579-9F61-B3409607E5A3} - System32\Tasks\avastBCLRestartS-1-5-21-3572847436-2681761750-3751482269-1000 => Firefox.exe Task: {548935E6-A6C6-4308-80BE-C4EF0E350073} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-14] (Adobe Systems Incorporated) Task: {5CC3C2EE-3489-4E2A-A767-DA0854CB9FD7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated) Task: {9CBE053E-494C-4339-8603-67706EA94702} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-30] (AVAST Software) Task: {BBB94DD8-8F01-4ACB-A9BB-0300A92D97E8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {C4CA4161-F1A4-4D87-B245-3CDC2573456B} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation) Task: {E87BC8F5-77B2-4DB4-88EB-0E12C2C86083} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15] () Task: {ED0D99C0-1D80-4843-9B45-EB74EDF37761} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe ==================== Loaded Modules (Whitelisted) ============== 2015-03-17 16:54 - 2015-07-30 19:55 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-03-17 16:53 - 2015-07-30 19:55 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-08-27 18:13 - 2015-08-27 18:13 - 02961408 _____ () C:\Program Files\AVAST Software\Avast\defs\15082701\algo.dll 2015-03-13 09:32 - 2015-03-17 16:55 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Jo\Documents\Cookies.eml:OECustomProperty AlternateDataStreams: C:\Users\Jo\Documents\Fw_.emljellie.eml:OECustomProperty AlternateDataStreams: C:\Users\Jo\Documents\Jellie1.eml:OECustomProperty AlternateDataStreams: C:\Users\Jo\Documents\pontoon boat seats.eml:OECustomProperty AlternateDataStreams: C:\Users\Jo\Documents\Universal FleetCard Application.eml:OECustomProperty ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3572847436-2681761750-3751482269-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jo\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg DNS Servers: 192.168.0.1 - 205.171.3.25 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Users^Jo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup MSCONFIG\startupfolder: C:^Users^Jo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupfolder: C:^Users^Jo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Photosmart 7510 series (Network).lnk => C:\Windows\pss\Monitor Ink Alerts - HP Photosmart 7510 series (Network).lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: BringMeSports_1c Browser Plugin Loader => C:\PROGRA~1\BRINGM~2\bar\1.bin\1cbrmon.exe MSCONFIG\startupreg: DELL Webcam Manager => "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe MSCONFIG\startupreg: FreeStyle AutoLaunch => "C:\Program Files\Abbott Diabetes Care\FreeStyle Auto-Assist\adclaunchd.exe" MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: OEM02Mon.exe => C:\Windows\OEM02Mon.exe MSCONFIG\startupreg: SanDiskSecureAccess_Manager.exe => C:\Users\Jo\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe MSCONFIG\startupreg: Spotify => "C:\Users\Jo\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Jo\AppData\Roaming\Spotify\SpotifyWebHelper.exe" MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [{F0F288E8-A3DC-462E-9AF8-6BED86304560}] => (Allow) LPort=80 FirewallRules: [{6DA5E4AA-42A5-4F16-86A8-DC19C9BDC97F}] => (Allow) LPort=80 FirewallRules: [{AAE3017B-2AD4-4779-8260-E5A667CF13DD}] => (Allow) LPort=80 FirewallRules: [{E2F7D8BD-1764-4B8D-8402-4D0D0B2DFD31}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe FirewallRules: [{DC185503-11B4-4744-8812-9C6960B144A5}] => (Allow) LPort=2869 FirewallRules: [{E8CA1788-0F83-4167-85AD-3F908E7296CA}] => (Allow) LPort=1900 FirewallRules: [TCP Query User{11C8BD56-3F59-4E47-BE86-D4743550BFB3}C:\program files\google\google earth\plugin\geplugin.exe] => (Block) C:\program files\google\google earth\plugin\geplugin.exe FirewallRules: [uDP Query User{22DDDA59-C0D1-41AE-982A-FA6A099E0206}C:\program files\google\google earth\plugin\geplugin.exe] => (Block) C:\program files\google\google earth\plugin\geplugin.exe FirewallRules: [{E67C31FF-7139-4813-96F1-267B2E964B04}] => (Allow) C:\Program Files\HP\HP Photosmart 7510 series\Bin\DeviceSetup.exe FirewallRules: [{F8992155-AD3B-4D02-A6E4-7A7B46ACE9F9}] => (Allow) C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPNetworkCommunicator.exe FirewallRules: [{79C3B774-7A86-4354-AEBF-7160126451E3}] => (Allow) C:\Users\Jo\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{9C8FE7B6-E564-4936-A05E-AF6D2083A64A}] => (Allow) C:\Users\Jo\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{7DA24230-ED57-42AA-A581-4366F7D6C7F8}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe FirewallRules: [{FC13AE88-C310-40F2-9CAA-8579E45CA7D8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{EB3478C0-AA77-4954-863C-AA27F99A550D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{4E6B0F5B-08A4-44E4-AA4C-37B7B7A5419E}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe FirewallRules: [uDP Query User{8092220D-F725-4A7B-BB48-CE6409DC0946}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe FirewallRules: [TCP Query User{D04D0EE5-4753-438C-B8E9-93C4123CE6B6}E:\users\jo\appdata\roaming\spotify\spotify.exe] => (Allow) E:\users\jo\appdata\roaming\spotify\spotify.exe FirewallRules: [uDP Query User{FDC161F5-157C-4B4B-BAA1-C2CD9DA29915}E:\users\jo\appdata\roaming\spotify\spotify.exe] => (Allow) E:\users\jo\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{78A20FF9-EEB3-4F28-913D-B4B97B9F1BF1}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe FirewallRules: [uDP Query User{C7241305-B6F7-4B1F-B1E4-8CE9D836E76E}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe FirewallRules: [TCP Query User{38DEBD9D-3382-4513-AC08-821360448AED}C:\users\jo\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\jo\appdata\roaming\spotify\spotify.exe FirewallRules: [uDP Query User{742A040A-DA9B-4A2C-BD79-53051A38EEE4}C:\users\jo\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\jo\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{47238215-D069-4CA8-8114-5A7ED647CBBE}C:\users\jo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jo\appdata\roaming\spotify\spotify.exe FirewallRules: [uDP Query User{9B7B392B-36C9-4414-AF28-738BBA18F95A}C:\users\jo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jo\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{63F799C6-C0F8-47F9-AA17-EF9672A76BF0}C:\program files\google\google earth\client\googleearth.exe] => (Allow) C:\program files\google\google earth\client\googleearth.exe FirewallRules: [uDP Query User{639ADFC3-B37F-43EB-A6BC-08B495E226E6}C:\program files\google\google earth\client\googleearth.exe] => (Allow) C:\program files\google\google earth\client\googleearth.exe FirewallRules: [{554BFA86-A671-4DD8-9B26-AFC2AACEB2EE}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{3EC65C10-BBBF-4419-A89D-8E76E2E70EF6}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{74CB4233-1288-473F-962A-C5082E665DE7}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= Name: Microsoft ISATAP Adapter Description: Microsoft ISATAP Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver ==================== Event log errors: ========================= Application errors: ================== Error: (08/27/2015 08:50:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, faulting module RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, exception code 0xc0000005, fault offset 0x000a8e8e, process id 0x1078, application start time 0xRobloxPlayerBeta.exe0. Error: (08/27/2015 08:37:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, faulting module RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, exception code 0xc0000005, fault offset 0x000a8e8e, process id 0x868, application start time 0xRobloxPlayerBeta.exe0. Error: (08/27/2015 08:36:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, faulting module RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, exception code 0xc0000005, fault offset 0x000a8e8e, process id 0x1750, application start time 0xRobloxPlayerBeta.exe0. Error: (08/27/2015 08:05:23 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/27/2015 08:00:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, faulting module RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, exception code 0xc0000005, fault offset 0x000a8e8e, process id 0xa0c, application start time 0xRobloxPlayerBeta.exe0. Error: (08/27/2015 07:55:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, faulting module RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, exception code 0xc0000005, fault offset 0x000a8e8e, process id 0x13a0, application start time 0xRobloxPlayerBeta.exe0. Error: (08/27/2015 07:37:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, faulting module RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, exception code 0xc0000005, fault offset 0x000a8e8e, process id 0xfa0, application start time 0xRobloxPlayerBeta.exe0. Error: (08/27/2015 07:32:41 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, faulting module RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, exception code 0xc0000005, fault offset 0x000a8e8e, process id 0x1450, application start time 0xRobloxPlayerBeta.exe0. Error: (08/27/2015 07:10:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, faulting module RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, exception code 0xc0000005, fault offset 0x000a8e8e, process id 0xe18, application start time 0xRobloxPlayerBeta.exe0. Error: (08/27/2015 07:08:17 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, faulting module RobloxPlayerBeta.exe, version 0.210.0.62960, time stamp 0x55dbb113, exception code 0xc0000005, fault offset 0x000a8e8e, process id 0x17d4, application start time 0xRobloxPlayerBeta.exe0. System errors: ============= Error: (08/27/2015 08:05:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Error: (08/27/2015 06:11:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Error: (08/27/2015 06:02:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Error: (08/27/2015 07:34:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Windows Media Player Network Sharing Service%%1053 Error: (08/27/2015 07:34:35 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: 30000Windows Media Player Network Sharing Service Error: (08/27/2015 07:33:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Error: (08/27/2015 05:47:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Error: (08/26/2015 06:00:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Adobe Flash Player Update Service%%1053 Error: (08/26/2015 06:00:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: 30000Adobe Flash Player Update Service Error: (08/26/2015 05:59:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Microsoft Office: ========================= CodeIntegrity: =================================== Date: 2015-08-27 21:02:49.645 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-08-27 21:02:49.427 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-08-27 21:02:49.208 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-08-27 21:02:48.990 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-08-27 21:02:48.413 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\39B5091B.sys because the set of per-page image hashes could not be found on the system. Date: 2015-08-27 21:02:48.194 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\39B5091B.sys because the set of per-page image hashes could not be found on the system. Date: 2015-08-27 21:02:47.976 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\39B5091B.sys because the set of per-page image hashes could not be found on the system. Date: 2015-08-27 21:02:47.711 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\39B5091B.sys because the set of per-page image hashes could not be found on the system. Date: 2015-08-27 21:02:26.510 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-08-27 21:02:26.292 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU T8300 @ 2.40GHz Percentage of memory in use: 42% Total physical RAM: 3069.14 MB Available physical RAM: 1751.76 MB Total Virtual: 6341.3 MB Available Virtual: 4913.3 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:149 GB) (Free:95.88 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive e: (The Epic drive) (Removable) (Total:1.88 GB) (Free:0.19 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 38000000) Partition 1: (Not Active) - (Size=55 MB) - (Type=DE) Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 1.9 GB) (Disk ID: 73736572) Partition 1: (Not Active) - (Size=866 GB) - (Type=72) Partition 2: (Not Active) - (Size=931.6 GB) - (Type=6C) Partition 00: (Not Active) - (Size=0) - (Type=00) ATTENTION ===> 0 byte partition bootkit. Partition 3: (Not Active) - (Size=224 KB) - (Type=00) ==================== End of Addition.txt ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.