Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browser/Adobe Reader stalling

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Browser/Adobe Reader stalling

Unread postby Gary R » December 9th, 2014, 7:04 pm

OK, since we can't get tools to work when your computer is booted into normal mode, let's see if we can remove the necessary items when your computer is booted into Recovery Environment. In this state it is unlikely that your infection (if that is what is causing the problems) will be active.

To do this, we're going to be using FRST again, but this time in a different manner.

  • Download FRST to a USB flash drive.
  • Plug the USB drive into the infected machine.

Boot your computer into Recovery Environment

  • Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
  • Select Repair your computer.
  • Select Language and click Next
  • Enter password (if necessary) and click OK, you should now see the screen below ...

Image

  • Select the Command Prompt option.
  • A command window will open.
    • Type notepad then hit Enter.
    • Notepad will open.
      • Click File > Open then select Computer.
      • Note down the drive letter for your USB Drive.
      • Close Notepad.
  • Back in the command window ....
    • Type e:/frst.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
    • FRST will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press Scan button.
      • When finished scanning it will make a log FRST.txt on the flash drive.
  • Close the command window.
  • Boot back into normal mode and post me the FRST.txt log please.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Re: Browser/Adobe Reader stalling

Unread postby sigsky » December 9th, 2014, 7:33 pm

It is so wonderful to be able to complete a task! Nice for my self-esteem. Excellent instructions.

I present the log - enjoy:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-12-2014
Ran by SYSTEM on MINWINPC on 09-12-2014 18:24:41
Running from i:\
Platform: Windows Vista (TM) Home Premium (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-23] (AVAST Software)
HKU\Default\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\John\...\Policies\Explorer: [NoStrCmpLogical] 1
BootExecute: autocheck autochk * SsiEfr.exesdnclean.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AlertService; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [195032 2006-11-18] (Intel(R) Corporation)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-23] (AVAST Software)
S2 DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [208896 2006-10-29] ()
S2 DSClockSyncTime; C:\Program Files\DS Clock\dsetime.exe [62264 2009-11-19] (Duality Software)
S2 IntelDHSvcConf; C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [36312 2006-11-18] (Intel(R) Corporation)
S3 ISSM; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [81880 2006-11-18] (Intel(R) Corporation)
S3 M1 Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [32216 2006-11-18] ()
S3 MCLServiceATL; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [174552 2006-11-18] (Intel(R) Corporation)
S3 npggsvc; C:\Windows\system32\GameMon.des [2794234 2009-02-15] (INCA Internet Co., Ltd.)
S3 Remote UI Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [550872 2006-11-18] (Intel(R) Corporation)
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [X]
S3 nosGetPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper_3004.dll [X]
S2 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [108032 2006-11-01] (Intel Corporation)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-23] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-23] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55240 2014-11-23] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2014-11-23] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-23] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-23] (AVAST Software)
S1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57928 2014-11-23] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [206248 2014-11-23] ()
S3 IntelDH; C:\Windows\System32\Drivers\IntelDH.sys [5504 2006-12-18] (Intel Corporation)
S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-01] (Intel® Corporation)
S2 nmsgopro; C:\Windows\System32\DRIVERS\nmsgopro.sys [28672 2006-09-27] (Gteko Ltd.)
S2 nmsunidr; C:\Windows\System32\DRIVERS\nmsunidr.sys [7424 2006-10-19] (Gteko Ltd.)
S3 StMp3Rec; C:\Windows\System32\Drivers\StMp3Rec.sys [38422 2005-08-16] (Generic)
S3 TSHWMDTCP; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [18904 2006-11-18] ()
S3 xcbdaNtsc; C:\Windows\System32\DRIVERS\xcbda.sys [155648 2007-05-22] (ViXS Systems Inc.)
S5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys [X]
S3 DFSR; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 netfilter; system32\drivers\netfilter.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SDDMI2; \??\C:\Windows\system32\DDMI2.sys [X]
S3 STHDA; system32\drivers\stwrt.sys [X]
S4 UmRdpService; No ImagePath
S3 usbscan; system32\DRIVERS\usbscan.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-09 18:24 - 2014-12-09 18:24 - 00000000 ___DC () C:\FRST
2014-12-08 16:12 - 2014-12-08 16:12 - 00602112 _____ (OldTimer Tools) C:\Users\John\Desktop\OTL.exe
2014-12-08 16:03 - 2014-12-08 16:03 - 00002464 _____ () C:\Windows\PFRO.log
2014-12-08 07:00 - 2014-12-08 07:00 - 00033488 _____ () C:\Users\John\Documents\temp.txt
2014-12-08 06:11 - 2014-12-08 06:11 - 02153472 _____ () C:\Users\John\Desktop\adwcleaner_4.104.exe
2014-12-08 06:11 - 2014-12-08 06:11 - 01111040 _____ (Farbar) C:\Users\John\Desktop\FRST.exe
2014-12-04 07:05 - 2014-12-04 07:05 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2014-12-03 09:18 - 2014-12-03 09:18 - 00000000 ____D () C:\Users\Public\Documents\VP3DLlaptop
2014-12-03 09:18 - 2014-12-03 09:18 - 00000000 ____D () C:\ProgramData\Documents\VP3DLlaptop
2014-12-02 17:32 - 2014-12-02 17:25 - 00450028 ____R () C:\Windows\System32\Drivers\etc\hosts.20141202-203215.backup
2014-11-30 14:45 - 2014-11-30 14:45 - 00000000 ____D () C:\Users\John\AppData\Roaming\Systweak
2014-11-25 11:11 - 2014-11-25 10:56 - 00450028 ____R () C:\Windows\System32\Drivers\etc\hosts.20141125-141140.backup
2014-11-25 10:53 - 2014-12-02 17:23 - 00000000 ____D () C:\ProgramData\TEMP
2014-11-23 14:41 - 2014-11-23 14:41 - 00000763 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-11-23 14:41 - 2014-11-23 14:41 - 00000763 _____ () C:\ProgramData\Desktop\Opera.lnk
2014-11-23 14:41 - 2014-11-23 14:41 - 00000000 ____D () C:\Users\John\AppData\Roaming\Opera Software
2014-11-23 14:40 - 2014-12-03 07:13 - 00000000 ____D () C:\Program Files\Opera
2014-11-23 14:39 - 2014-11-23 14:39 - 00075552 _____ () C:\Windows\System32\GDIPFONTCACHEV1.DAT
2014-11-23 12:51 - 2014-10-23 17:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2014-11-23 09:32 - 2014-11-23 09:32 - 00291352 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-11-23 09:32 - 2014-11-23 09:32 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-23 08:54 - 2014-12-09 09:45 - 00014527 _____ () C:\Windows\System32\debug.log
2014-11-18 06:14 - 2014-12-09 15:18 - 00493843 _____ () C:\Windows\WindowsUpdate.log
2014-11-17 10:40 - 2014-11-17 10:40 - 00000000 ____D () C:\ProgramData\Mozilla
2014-11-17 10:11 - 2014-11-17 10:11 - 00000000 ____D () C:\Users\John\AppData\Roaming\MPC-HC
2014-11-16 11:18 - 2014-11-16 11:20 - 00000000 ____D () C:\Windows\System32\C2MP
2014-11-12 05:13 - 2014-10-09 17:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\System32\termsrv.dll
2014-11-12 05:13 - 2014-10-09 17:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2014-11-12 05:13 - 2014-10-09 17:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2014-11-12 05:13 - 2014-10-09 15:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2014-11-12 05:12 - 2014-09-18 16:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2014-11-12 05:12 - 2014-08-26 16:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2014-11-12 05:12 - 2014-08-26 16:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2014-11-12 05:11 - 2014-10-23 17:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\packager.dll
2014-11-12 05:11 - 2014-08-11 18:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\System32\IMJP10K.DLL
2014-11-12 05:09 - 2014-10-17 17:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2014-11-12 05:09 - 2014-10-02 17:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll
2014-11-12 05:09 - 2014-10-02 17:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2014-11-12 05:09 - 2014-10-02 17:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2014-11-12 05:09 - 2014-10-02 17:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll
2014-11-12 05:03 - 2014-10-12 15:34 - 02054656 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-11-12 04:59 - 2014-10-27 11:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-11-12 04:59 - 2014-10-27 11:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-11-12 04:59 - 2014-10-27 11:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-11-12 04:59 - 2014-10-27 10:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-11-12 04:59 - 2014-10-27 10:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-11-12 04:59 - 2014-10-27 10:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-11-12 04:59 - 2014-10-27 10:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2014-11-12 04:59 - 2014-10-27 10:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-11-12 04:59 - 2014-10-27 10:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-11-12 04:59 - 2014-10-27 10:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2014-11-12 04:59 - 2014-10-27 10:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-11-12 04:59 - 2014-10-27 10:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-11-12 04:59 - 2014-10-27 10:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-11-12 04:59 - 2014-10-27 10:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-11-12 04:59 - 2014-10-27 10:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-11-12 04:59 - 2014-10-27 10:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-11-12 04:59 - 2014-10-27 10:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-11-12 04:59 - 2014-10-27 10:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2014-11-12 04:59 - 2014-10-27 10:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2014-11-12 04:59 - 2014-10-27 10:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2014-11-12 04:59 - 2014-10-27 10:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-11-12 04:45 - 2014-11-12 04:45 - 00000000 ____D () C:\Users\John\AppData\Roaming\AVAST Software
2014-11-11 15:58 - 2014-11-11 17:09 - 00000000 ____D () C:\Users\John\Local Settings\Application Data\AvgSetupLog
2014-11-11 15:58 - 2014-11-11 17:09 - 00000000 ____D () C:\Users\John\AppData\Local\AvgSetupLog
2014-11-11 15:58 - 2014-11-11 15:58 - 00000000 ____D () C:\Users\John\Local Settings\Application Data\Avg
2014-11-11 15:58 - 2014-11-11 15:58 - 00000000 ____D () C:\Users\John\AppData\Local\Avg
2014-11-10 07:33 - 2014-11-10 07:33 - 00089151 _____ () C:\Users\John\Documents\bookmarks.html
2014-11-09 06:23 - 2014-11-12 04:39 - 00000000 ___DC () C:\avast! sandbox
2014-11-09 06:18 - 2014-11-09 06:18 - 00000000 ____D () C:\Users\John\AppData\Roaming\InstallShield

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-09 15:18 - 2006-11-02 04:47 - 00003296 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-09 15:18 - 2006-11-02 04:47 - 00003296 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-09 15:14 - 2007-03-27 07:45 - 00000041 _____ () C:\Windows\Filzip.ini
2014-12-09 15:14 - 2006-11-02 02:33 - 00784776 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-12-09 14:04 - 2014-05-10 15:04 - 00000000 ____D () C:\Users\John\Local Settings\Application Data\temp
2014-12-09 14:04 - 2007-03-27 11:02 - 00008994 _____ () C:\Windows\John8.xlb
2014-12-09 14:01 - 2013-11-15 11:33 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2014-12-09 14:01 - 2013-11-15 11:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2014-12-09 13:24 - 2014-09-05 13:43 - 00000000 ____D () C:\Users\John\AppData\Roaming\vlc
2014-12-09 11:43 - 2008-08-12 04:46 - 00000000 ____D () C:\Users\Public\Documents\Excel
2014-12-09 11:43 - 2008-08-12 04:46 - 00000000 ____D () C:\ProgramData\Documents\Excel
2014-12-08 16:03 - 2013-03-07 08:33 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-12-08 16:01 - 2014-03-13 05:43 - 00000079 _____ () C:\Windows\wininit.ini
2014-12-08 16:01 - 2009-08-24 09:59 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-12-08 16:01 - 2007-02-27 08:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-08 15:57 - 2007-03-22 12:39 - 00000000 ____D () C:\Program Files\Java
2014-12-08 12:53 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\System32\LogFiles
2014-12-07 12:12 - 2014-05-20 07:03 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-12-07 10:50 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\Speech
2014-12-07 10:31 - 2014-05-20 07:02 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-07 10:08 - 2008-02-18 10:21 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-12-07 10:08 - 2008-01-11 06:44 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-07 09:38 - 2007-02-23 18:05 - 00000000 ____D () C:\Users\John\Finance
2014-12-02 07:53 - 2006-11-02 04:47 - 00400152 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-11-27 10:23 - 2006-11-02 02:23 - 00450028 ____R () C:\Windows\System32\Drivers\etc\hosts.20141202-202508.backup
2014-11-26 18:17 - 2011-06-28 10:52 - 00000000 ____D () C:\ProgramData\DivX
2014-11-26 18:17 - 2007-02-22 20:14 - 00000000 ____D () C:\Program Files\DivX
2014-11-26 18:17 - 2006-12-18 09:12 - 00000000 ___HD () C:\users\IUSR_NMPR
2014-11-26 18:16 - 2014-10-10 10:53 - 00000000 ____D () C:\Program Files\Common Files\DivX Shared
2014-11-25 15:08 - 2007-02-22 11:26 - 00000000 ____D () C:\Internet
2014-11-25 11:11 - 2006-11-02 02:23 - 00450028 ____R () C:\Windows\System32\Drivers\etc\hosts.20141127-132355.backup
2014-11-25 09:31 - 2007-02-20 10:14 - 00095744 _____ () C:\Users\John\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-25 09:31 - 2007-02-20 10:14 - 00095744 _____ () C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-25 08:39 - 2008-07-03 06:35 - 00000000 ____D () C:\Users\John\Download
2014-11-24 09:31 - 2008-10-04 05:01 - 00000000 ____D () C:\Users\Public\Documents\Textfiles
2014-11-24 09:31 - 2008-10-04 05:01 - 00000000 ____D () C:\ProgramData\Documents\Textfiles
2014-11-23 14:41 - 2014-02-24 13:00 - 00000000 ____D () C:\Users\John\Local Settings\Application Data\Opera Software
2014-11-23 14:41 - 2014-02-24 13:00 - 00000000 ____D () C:\Users\John\AppData\Local\Opera Software
2014-11-23 14:03 - 2009-11-03 08:13 - 00000000 ____D () C:\ProgramData\avg9
2014-11-23 09:32 - 2014-04-24 02:13 - 00024184 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-11-23 09:32 - 2014-02-28 08:04 - 00787800 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsnx.sys
2014-11-23 09:32 - 2014-02-28 08:04 - 00423784 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
2014-11-23 09:32 - 2014-02-28 08:04 - 00206248 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-11-23 09:32 - 2014-02-28 08:04 - 00070384 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-11-23 09:32 - 2014-02-28 08:04 - 00057928 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2014-11-23 09:32 - 2014-02-28 08:04 - 00055240 _____ (AVAST Software) C:\Windows\System32\Drivers\aswrdr.sys
2014-11-23 09:32 - 2014-02-28 08:04 - 00049944 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-11-23 09:18 - 2007-02-20 10:09 - 00000000 ____D () C:\users\John
2014-11-23 09:18 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\System32\Msdtc
2014-11-23 09:17 - 2014-10-10 10:52 - 00000000 ____D () C:\Users\John\AppData\Roaming\LavFilters
2014-11-23 09:17 - 2014-10-10 10:52 - 00000000 ____D () C:\Users\John\AppData\Roaming\CDXReader
2014-11-23 09:17 - 2014-03-27 03:56 - 00000000 ____D () C:\Users\Public\Laptop
2014-11-23 09:17 - 2011-12-30 10:58 - 00000000 ____D () C:\Users\John\AppData\Roaming\dvdcss
2014-11-23 09:17 - 2011-08-30 08:05 - 00000000 ____D () C:\Users\John\AppData\Roaming\Winamp
2014-11-23 09:17 - 2011-06-28 10:52 - 00000000 ____D () C:\Users\John\AppData\Roaming\IrfanView
2014-11-23 09:17 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\System32\spool
2014-11-23 09:17 - 2006-11-02 02:22 - 52166656 _____ () C:\Windows\System32\config\software_previous
2014-11-23 09:17 - 2006-11-02 02:22 - 44302336 _____ () C:\Windows\System32\config\components_previous
2014-11-23 09:17 - 2006-11-02 02:22 - 20447232 _____ () C:\Windows\System32\config\system_previous
2014-11-23 09:17 - 2006-11-02 02:22 - 04980736 _____ () C:\Windows\System32\config\default_previous
2014-11-23 09:17 - 2006-11-02 02:22 - 00098304 _____ () C:\Windows\System32\config\sam_previous
2014-11-23 09:17 - 2006-11-02 02:22 - 00024576 _____ () C:\Windows\System32\config\security_previous
2014-11-23 09:16 - 2013-05-30 03:49 - 00000000 ____D () C:\Users\John\Local Settings\Application Data\File Renamer Basic
2014-11-23 09:16 - 2013-05-30 03:49 - 00000000 ____D () C:\Users\John\AppData\Local\File Renamer Basic
2014-11-23 09:16 - 2007-02-24 20:42 - 00000000 ____D () C:\Users\John\Local Settings\Application Data\Microsoft Games
2014-11-23 09:16 - 2007-02-24 20:42 - 00000000 ____D () C:\Users\John\AppData\Local\Microsoft Games
2014-11-23 09:16 - 2006-11-02 03:18 - 00000000 __RHD () C:\users\Default
2014-11-23 09:16 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\registration
2014-11-21 03:14 - 2014-05-20 07:02 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-11-21 03:14 - 2014-05-20 07:02 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-11-21 03:14 - 2011-01-29 05:54 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-11-20 08:01 - 2006-11-02 03:18 - 00000000 ___RD () C:\users\Public
2014-11-16 11:21 - 2007-02-24 17:00 - 00000000 ____D () C:\Windows\pss
2014-11-14 06:25 - 2010-04-18 07:14 - 00000000 ____D () C:\Program Files\SopCast
2014-11-12 19:36 - 2007-03-02 06:52 - 00000000 ____D () C:\Users\John\Documents\Textfiles
2014-11-12 08:33 - 2007-02-23 10:10 - 00000000 ____D () C:\Users\John\AppData\Roaming\Talkback
2014-11-12 07:52 - 2006-11-02 02:23 - 00449970 ____R () C:\Windows\System32\Drivers\etc\hosts.20141125-135618.backup
2014-11-12 06:56 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\rescache
2014-11-12 05:38 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-12 05:11 - 2014-05-07 14:48 - 00001919 _____ () C:\Users\Public\Desktop\Chrome.lnk
2014-11-12 05:11 - 2014-05-07 14:48 - 00001919 _____ () C:\ProgramData\Desktop\Chrome.lnk
2014-11-12 05:08 - 2013-07-24 17:18 - 00000000 ____D () C:\Windows\System32\MRT
2014-11-12 05:03 - 2006-11-02 02:24 - 100445232 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2014-11-12 04:39 - 2014-09-05 11:51 - 00000000 ____D () C:\Users\John\AppData\Roaming\XnView
2014-11-12 04:39 - 2014-02-28 07:21 - 00000000 ____D () C:\Program Files\AVAST Software
2014-11-12 04:39 - 2013-09-14 09:52 - 00000000 ____D () C:\Users\John\AppData\Roaming\MediaMonkey
2014-11-12 04:39 - 2013-06-11 15:58 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-11-12 04:39 - 2013-03-05 08:41 - 00000000 ____D () C:\ProgramData\Licenses
2014-11-12 04:39 - 2011-07-24 11:51 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-11-12 04:39 - 2011-02-10 18:17 - 00000000 ____D () C:\Users\John\AppData\Roaming\AVG10
2014-11-12 04:39 - 2009-04-03 10:10 - 00000000 ____D () C:\Users\John\AppData\Roaming\Thunderbird
2014-11-12 04:38 - 2014-09-05 11:57 - 00000000 ____D () C:\Program Files\VideoLAN
2014-11-12 04:38 - 2014-08-29 13:53 - 00000000 ____D () C:\Program Files\PopMan
2014-11-12 04:38 - 2014-07-02 07:50 - 00000000 ____D () C:\Program Files\Just Great Software
2014-11-12 04:38 - 2014-02-24 19:48 - 00000000 ____D () C:\Users\Default\Local Settings\Application Data\Trusteer
2014-11-12 04:38 - 2014-02-24 19:48 - 00000000 ____D () C:\Users\Default\AppData\Local\Trusteer
2014-11-12 04:38 - 2014-02-24 19:48 - 00000000 ____D () C:\Users\Default User\Local Settings\Application Data\Trusteer
2014-11-12 04:38 - 2014-02-24 19:48 - 00000000 ____D () C:\Users\Default User\AppData\Local\Trusteer
2014-11-12 04:38 - 2011-01-03 19:52 - 00000000 ____D () C:\Program Files\Celeris
2014-11-12 04:38 - 2008-08-08 17:17 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-11-12 04:38 - 2006-12-18 09:20 - 00000000 ____D () C:\Program Files\Google
2014-11-11 18:19 - 2007-02-21 08:12 - 00001356 ____R () C:\Users\John\Local Settings\Application Data\d3d9caps.dat
2014-11-11 18:19 - 2007-02-21 08:12 - 00001356 ____R () C:\Users\John\AppData\Local\d3d9caps.dat
2014-11-11 15:58 - 2007-03-20 08:39 - 00000000 ____D () C:\Users\John\Local Settings\Application Data\Help
2014-11-11 15:58 - 2007-03-20 08:39 - 00000000 ____D () C:\Users\John\AppData\Local\Help
2014-11-10 10:03 - 2011-02-10 17:56 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-10 09:42 - 2006-11-02 03:18 - 00000000 ___RD () C:\Windows\Web
2014-11-09 08:48 - 2013-08-29 11:30 - 00000000 ____D () C:\ProgramData\AVG
2014-11-09 06:25 - 2007-05-23 07:14 - 00000000 ____D () C:\Plugins
2014-11-09 06:18 - 2006-12-18 09:15 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================

Restore point made on: 2014-12-02 12:12:02
Restore point made on: 2014-12-03 10:11:16
Restore point made on: 2014-12-04 11:12:35
Restore point made on: 2014-12-05 11:50:23
Restore point made on: 2014-12-06 10:24:20
Restore point made on: 2014-12-07 08:28:05
Restore point made on: 2014-12-07 10:05:41
Restore point made on: 2014-12-08 10:16:03
Restore point made on: 2014-12-08 15:57:17
Restore point made on: 2014-12-09 04:24:00

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 2021.09 MB
Available physical RAM: 1723.64 MB
Total Pagefile: 1952.98 MB
Available Pagefile: 1786.9 MB
Total Virtual: 2047.88 MB
Available Virtual: 1981.61 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:288.38 GB) (Free:140.2 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:111.78 GB) (Free:98.29 GB) NTFS
Drive i: () (Removable) (Total:0.24 GB) (Free:0.24 GB) FAT
Drive j: (NFSHS) (CDROM) (Total:0.57 GB) (Free:0 GB) CDFS
Drive r: (MS-RAMDRIVE) (Fixed) (Total:0.01 GB) (Free:0.01 GB) FAT
Drive x: (Recovery) (Fixed) (Total:9.71 GB) (Free:3.02 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: FF7CFDA7)
Partition 1: (Not Active) - (Size=9.7 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=288.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: E509E509)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 250 MB) (Disk ID: 00000000)

Partition: GPT Partition Type.


LastRegBack: 2014-12-09 14:57

==================== End Of Log ============================
sigsky
Regular Member
 
Posts: 17
Joined: August 23rd, 2009, 1:34 pm

Re: Browser/Adobe Reader stalling

Unread postby Gary R » December 10th, 2014, 2:30 am

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad. (don't include Code: Select all)
Code: Select all
BootExecute: autocheck autochk * SsiEfr.exesdnclean.exe
S1 netfilter; system32\drivers\netfilter.sys [X]
2014-12-08 16:03 - 2013-03-07 08:33 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-12-08 16:01 - 2009-08-24 09:59 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-12-08 16:01 - 2007-02-27 08:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
C:\windows\system32\drivers\netfilter.sys

    • Save it to your USB flashdrive as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

Boot into Recovery Environment

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt on your USB flashdrive.
  • Exit out of Recovery Environment and post me the log please.

Next ...

Boot up your computer as normal, and try to run a new scan with FRST, if you are able to run a complete scan then please post that log as well.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Browser/Adobe Reader stalling

Unread postby sigsky » December 10th, 2014, 9:55 am

First step went well. I will post fixlog.txt in a moment.

My computer has new windows updates pending. Should I allow them to install?

Upon restarting the computer and running a FRST scan from my desktop, I got the same result as the previous attempt, i.e:
Run as administrator and scan. After a few minutes a message appears: "Scan completed. The "FRST.txt" is saved in the same directory FRST tool is run." I click on OK and the following appears: "Cannot find the C:\Users\John\Desktop\FRST.txt file. Do you want to create a new file?" "Yes, No, Close". At the same time another box appears telling me where Addition.txt is found. If I click on Yes, the first message disappears but no txt file appears on my desktop. Clicking on the OK button in the box for Addition.txt results in the same not found/create? dialog and on clicking "Yes" again no txt file is created.

I was prepared to report this but thought I should try running the FRST scan using the exe file on the USB flashdrive, and it worked. Those attached logs are from the flash drive.
When I reopened my mail program to use the link to get back here my mail program froze with a spinning circle and not responding message. I ended that process using the Task List. and tried to restart the computer and I now have a blank screen the color of my desktop with only the mouse cursor showing. I think my only choice from here is to shut off the power, but I think I'll just let it stew until I hear back from you. I am posting from my laptop. phew! - the logs:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-12-2014
Ran by SYSTEM at 2014-12-10 08:13:44 Run:1
Running from j:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
BootExecute: autocheck autochk * SsiEfr.exesdnclean.exe
S1 netfilter; system32\drivers\netfilter.sys [X]
2014-12-08 16:03 - 2013-03-07 08:33 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-12-08 16:01 - 2009-08-24 09:59 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-12-08 16:01 - 2007-02-27 08:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
C:\windows\system32\drivers\netfilter.sys
*****************

HKLM\System\ControlSet001\Control\Session Manager\\BootExecute => Value was restored successfully.
netfilter => Service deleted successfully.
C:\Program Files\Spybot - Search & Destroy 2 => Moved successfully.
C:\Program Files\SpywareBlaster => Moved successfully.
C:\ProgramData\Spybot - Search & Destroy => Moved successfully.
"C:\windows\system32\drivers\netfilter.sys" => File/Directory not found.

==== End of Fixlog ====

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-12-2014
Ran by John (administrator) on SIGLERCENTRAL on 10-12-2014 08:25:19
Running from K:\
Loaded Profile: John (Available profiles: IUSR_NMPR & John)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
(Duality Software) C:\Program Files\DS Clock\dsetime.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\ehome\mcupdate.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-23] (AVAST Software)
HKU\S-1-5-21-4278196236-3910043076-1921008887-1001\...\Policies\Explorer: [NoStrCmpLogical] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4278196236-3910043076-1921008887-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html ... P&M=GM5420
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-4278196236-3910043076-1921008887-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.yahoo.com/?mkg=015
HKU\S-1-5-21-4278196236-3910043076-1921008887-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?typ ... yhs-001&p={searchTerms}
HKU\S-1-5-21-4278196236-3910043076-1921008887-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?typ ... yhs-001&p={searchTerms}
SearchScopes: HKLM -> {138235B3-FA12-4084-A20C-4EB5DA65EAE7} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?typ ... yhs-001&p={searchTerms}
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.certified-toolbar.com?si= ... id=2937&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4278196236-3910043076-1921008887-1001 -> {138235B3-FA12-4084-A20C-4EB5DA65EAE7} URL = http://search.certified-toolbar.com?si= ... id=2937&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4278196236-3910043076-1921008887-1001 -> {4087ADE5-5F1A-4EBF-8D7F-D54860D0DB64} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-4278196236-3910043076-1921008887-1001 -> {94533161-89D6-4D04-96C5-D5E2FBC84855} URL = http://www.bing.com/search?q={searchTerms}&form=OSDSRC
SearchScopes: HKU\S-1-5-21-4278196236-3910043076-1921008887-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?typ ... yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4278196236-3910043076-1921008887-1001 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKU\S-1-5-21-4278196236-3910043076-1921008887-1001 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.co ... 5.15.0.cab
DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} http://download.abacast.com/download/fi ... tup162.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Content Upload Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin: @veetle.com/vbp;version=0.9.17 -> C:\Program Files\Veetle\VLCBroadcast\npvbp.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-09-06]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-28]

Chrome:
=======
CHR HomePage: Default -> https://www.yahoo.com?fr=hp-avast&type=avastbcl
CHR StartupUrls: Default -> "https://twitter.com/"
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-07]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-07]
CHR Extension: (Avast Online Security) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-05-07]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-07]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-07]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-23]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AlertService; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [195032 2006-11-18] (Intel(R) Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-23] (AVAST Software)
R2 DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [208896 2006-10-29] () [File not signed]
R2 DSClockSyncTime; C:\Program Files\DS Clock\dsetime.exe [62264 2009-11-19] (Duality Software)
R2 IAANTMON; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [81920 2006-09-29] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 IntelDHSvcConf; C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [36312 2006-11-18] (Intel(R) Corporation)
S3 ISSM; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [81880 2006-11-18] (Intel(R) Corporation)
S3 M1 Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [32216 2006-11-18] ()
S3 MCLServiceATL; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [174552 2006-11-18] (Intel(R) Corporation)
S3 npggsvc; C:\Windows\system32\GameMon.des [2794234 2009-02-15] (INCA Internet Co., Ltd.) [File not signed]
S3 Remote UI Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [550872 2006-11-18] (Intel(R) Corporation)
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [X]
S3 nosGetPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper_3004.dll [X]
S2 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [108032 2006-11-02] (Intel Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55240 2014-11-23] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-23] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57928 2014-11-23] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-23] ()
R3 IntelDH; C:\Windows\System32\Drivers\IntelDH.sys [5504 2006-12-18] (Intel Corporation)
S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-02] (Intel® Corporation)
R2 nmsgopro; C:\Windows\System32\DRIVERS\nmsgopro.sys [28672 2006-09-27] (Gteko Ltd.)
R2 nmsunidr; C:\Windows\System32\DRIVERS\nmsunidr.sys [7424 2006-10-19] (Gteko Ltd.)
S3 Point32; C:\Windows\System32\DRIVERS\point32k.sys [24064 2006-11-07] (Microsoft Corporation) [File not signed]
S3 StMp3Rec; C:\Windows\System32\Drivers\StMp3Rec.sys [38422 2005-08-16] (Generic) [File not signed]
S3 TSHWMDTCP; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [18904 2006-11-18] ()
R3 xcbdaNtsc; C:\Windows\System32\DRIVERS\xcbda.sys [155648 2007-05-22] (ViXS Systems Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys [X]
U3 DFSR; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SDDMI2; \??\C:\Windows\system32\DDMI2.sys [X]
S3 STHDA; system32\drivers\stwrt.sys [X]
U4 UmRdpService; No ImagePath
S3 usbscan; system32\DRIVERS\usbscan.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-09 21:24 - 2014-12-10 08:25 - 00000000 ___DC () C:\FRST
2014-12-08 19:12 - 2014-12-08 19:12 - 00602112 _____ (OldTimer Tools) C:\Users\John\Desktop\OTL.exe
2014-12-08 19:03 - 2014-12-08 19:03 - 00002464 _____ () C:\Windows\PFRO.log
2014-12-08 10:00 - 2014-12-08 10:00 - 00033488 _____ () C:\Users\John\Documents\temp.txt
2014-12-08 09:11 - 2014-12-08 09:11 - 02153472 _____ () C:\Users\John\Desktop\adwcleaner_4.104.exe
2014-12-08 09:11 - 2014-12-08 09:11 - 01111040 _____ (Farbar) C:\Users\John\Desktop\FRST.exe
2014-12-04 10:05 - 2014-12-04 10:05 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2014-12-03 12:18 - 2014-12-03 12:18 - 00000000 ____D () C:\Users\Public\Documents\VP3DLlaptop
2014-12-02 20:32 - 2014-12-02 20:25 - 00450028 ____R () C:\Windows\system32\Drivers\etc\hosts.20141202-203215.backup
2014-11-30 17:45 - 2014-11-30 17:45 - 00000000 ____D () C:\Users\John\AppData\Roaming\Systweak
2014-11-25 14:11 - 2014-11-25 13:56 - 00450028 ____R () C:\Windows\system32\Drivers\etc\hosts.20141125-141140.backup
2014-11-25 13:53 - 2014-12-02 20:23 - 00000000 ____D () C:\ProgramData\TEMP
2014-11-23 17:41 - 2014-11-23 17:41 - 00000763 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-11-23 17:41 - 2014-11-23 17:41 - 00000763 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-11-23 17:41 - 2014-11-23 17:41 - 00000000 ____D () C:\Users\John\AppData\Roaming\Opera Software
2014-11-23 17:40 - 2014-12-03 10:13 - 00000000 ____D () C:\Program Files\Opera
2014-11-23 17:39 - 2014-11-23 17:39 - 00075552 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-11-23 15:51 - 2014-10-23 20:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-23 12:32 - 2014-11-23 12:32 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-23 12:32 - 2014-11-23 12:32 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-23 11:54 - 2014-12-10 08:06 - 00014806 _____ () C:\Windows\system32\debug.log
2014-11-18 09:14 - 2014-12-10 08:18 - 00551003 _____ () C:\Windows\WindowsUpdate.log
2014-11-17 13:40 - 2014-11-17 13:40 - 00000000 ____D () C:\ProgramData\Mozilla
2014-11-17 13:11 - 2014-11-17 13:11 - 00000000 ____D () C:\Users\John\AppData\Roaming\MPC-HC
2014-11-16 14:20 - 2014-11-16 14:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack
2014-11-16 14:18 - 2014-11-16 14:20 - 00000000 ____D () C:\Windows\system32\C2MP
2014-11-12 08:13 - 2014-10-09 20:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 08:13 - 2014-10-09 20:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 08:13 - 2014-10-09 20:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 08:13 - 2014-10-09 18:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 08:12 - 2014-09-18 19:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 08:12 - 2014-08-26 19:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 08:12 - 2014-08-26 19:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 08:11 - 2014-10-23 20:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 08:11 - 2014-08-11 21:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 08:09 - 2014-10-17 20:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 08:09 - 2014-10-02 20:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 08:09 - 2014-10-02 20:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 08:09 - 2014-10-02 20:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 08:09 - 2014-10-02 20:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 08:03 - 2014-10-12 18:34 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 07:59 - 2014-10-27 14:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 07:59 - 2014-10-27 14:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 07:59 - 2014-10-27 14:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 07:59 - 2014-10-27 13:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 07:59 - 2014-10-27 13:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 07:59 - 2014-10-27 13:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 07:59 - 2014-10-27 13:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-12 07:59 - 2014-10-27 13:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 07:59 - 2014-10-27 13:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 07:59 - 2014-10-27 13:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-12 07:59 - 2014-10-27 13:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 07:59 - 2014-10-27 13:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 07:59 - 2014-10-27 13:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 07:59 - 2014-10-27 13:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 07:59 - 2014-10-27 13:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 07:59 - 2014-10-27 13:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 07:59 - 2014-10-27 13:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 07:59 - 2014-10-27 13:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-12 07:59 - 2014-10-27 13:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-12 07:59 - 2014-10-27 13:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-12 07:59 - 2014-10-27 13:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 07:45 - 2014-11-12 07:45 - 00000000 ____D () C:\Users\John\AppData\Roaming\AVAST Software
2014-11-11 18:58 - 2014-11-11 20:09 - 00000000 ____D () C:\Users\John\AppData\Local\AvgSetupLog
2014-11-11 18:58 - 2014-11-11 18:58 - 00000000 ____D () C:\Users\John\AppData\Local\Avg
2014-11-10 10:33 - 2014-11-10 10:33 - 00089151 _____ () C:\Users\John\Documents\bookmarks.html

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-10 08:23 - 2007-03-27 10:45 - 00000041 _____ () C:\Windows\Filzip.ini
2014-12-10 08:19 - 2006-11-02 05:33 - 00784776 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-10 08:15 - 2014-05-07 17:47 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-10 08:15 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-10 08:15 - 2006-11-02 07:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-10 08:15 - 2006-11-02 07:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-10 08:06 - 2006-11-02 08:01 - 00032654 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-10 08:01 - 2013-12-22 23:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-09 22:10 - 2014-05-07 17:47 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-09 21:44 - 2008-08-12 07:46 - 00000000 ____D () C:\Users\Public\Documents\Excel
2014-12-09 21:44 - 2007-03-27 14:02 - 00008992 _____ () C:\Windows\John8.xlb
2014-12-09 17:01 - 2013-11-15 14:33 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-09 17:01 - 2013-11-15 14:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-09 16:24 - 2014-09-05 16:43 - 00000000 ____D () C:\Users\John\AppData\Roaming\vlc
2014-12-08 19:01 - 2014-03-13 08:43 - 00000079 _____ () C:\Windows\wininit.ini
2014-12-08 18:57 - 2007-03-22 15:39 - 00000000 ____D () C:\Program Files\Java
2014-12-08 15:53 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-12-07 15:12 - 2014-05-20 10:03 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-07 13:52 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Speech
2014-12-07 13:31 - 2014-05-20 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-07 13:31 - 2014-05-20 10:02 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-07 13:08 - 2008-02-18 13:21 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-12-07 13:08 - 2008-01-11 09:44 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-07 12:38 - 2007-02-23 21:05 - 00000000 ____D () C:\Users\John\Finance
2014-12-02 10:53 - 2006-11-02 07:47 - 00400152 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-27 13:23 - 2006-11-02 05:23 - 00450028 ____R () C:\Windows\system32\Drivers\etc\hosts.20141202-202508.backup
2014-11-26 21:17 - 2014-10-10 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-11-26 21:17 - 2011-06-28 13:52 - 00000000 ____D () C:\ProgramData\DivX
2014-11-26 21:17 - 2007-02-22 23:14 - 00000000 ____D () C:\Program Files\DivX
2014-11-26 21:17 - 2006-12-18 12:12 - 00000000 ___HD () C:\Users\IUSR_NMPR
2014-11-26 21:16 - 2014-10-10 13:53 - 00000000 ____D () C:\Program Files\Common Files\DivX Shared
2014-11-26 11:23 - 2014-10-10 13:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DirectVobSub
2014-11-25 18:08 - 2007-02-22 14:26 - 00000000 ____D () C:\Internet
2014-11-25 14:11 - 2006-11-02 05:23 - 00450028 ____R () C:\Windows\system32\Drivers\etc\hosts.20141127-132355.backup
2014-11-25 12:31 - 2007-02-20 13:14 - 00095744 _____ () C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-25 11:39 - 2008-07-03 09:35 - 00000000 ____D () C:\Users\John\Download
2014-11-24 12:31 - 2008-10-04 08:01 - 00000000 ____D () C:\Users\Public\Documents\Textfiles
2014-11-23 17:41 - 2014-02-24 16:00 - 00000000 ____D () C:\Users\John\AppData\Local\Opera Software
2014-11-23 17:03 - 2009-11-03 11:13 - 00000000 ____D () C:\ProgramData\avg9
2014-11-23 12:32 - 2014-04-24 05:13 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-23 12:32 - 2014-02-28 11:04 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-23 12:32 - 2014-02-28 11:04 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-11-23 12:32 - 2014-02-28 11:04 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-23 12:32 - 2014-02-28 11:04 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-23 12:32 - 2014-02-28 11:04 - 00057928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-11-23 12:32 - 2014-02-28 11:04 - 00055240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys
2014-11-23 12:32 - 2014-02-28 11:04 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-23 12:18 - 2007-02-20 13:09 - 00000000 ____D () C:\Users\John
2014-11-23 12:18 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-11-23 12:17 - 2014-10-10 13:52 - 00000000 ____D () C:\Users\John\AppData\Roaming\LavFilters
2014-11-23 12:17 - 2014-10-10 13:52 - 00000000 ____D () C:\Users\John\AppData\Roaming\CDXReader
2014-11-23 12:17 - 2014-03-27 06:56 - 00000000 ____D () C:\Users\Public\Laptop
2014-11-23 12:17 - 2011-12-30 13:58 - 00000000 ____D () C:\Users\John\AppData\Roaming\dvdcss
2014-11-23 12:17 - 2011-08-30 11:05 - 00000000 ____D () C:\Users\John\AppData\Roaming\Winamp
2014-11-23 12:17 - 2011-06-28 13:52 - 00000000 ____D () C:\Users\John\AppData\Roaming\IrfanView
2014-11-23 12:17 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\spool
2014-11-23 12:17 - 2006-11-02 05:22 - 52166656 _____ () C:\Windows\system32\config\software_previous
2014-11-23 12:17 - 2006-11-02 05:22 - 44302336 _____ () C:\Windows\system32\config\components_previous
2014-11-23 12:17 - 2006-11-02 05:22 - 20447232 _____ () C:\Windows\system32\config\system_previous
2014-11-23 12:17 - 2006-11-02 05:22 - 04980736 _____ () C:\Windows\system32\config\default_previous
2014-11-23 12:17 - 2006-11-02 05:22 - 00098304 _____ () C:\Windows\system32\config\sam_previous
2014-11-23 12:17 - 2006-11-02 05:22 - 00024576 _____ () C:\Windows\system32\config\security_previous
2014-11-23 12:16 - 2014-05-07 17:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-23 12:16 - 2013-05-30 06:49 - 00000000 ____D () C:\Users\John\AppData\Local\File Renamer Basic
2014-11-23 12:16 - 2007-02-24 23:42 - 00000000 ____D () C:\Users\John\AppData\Local\Microsoft Games
2014-11-23 12:16 - 2006-12-18 12:12 - 00000000 ___RD () C:\Users\IUSR_NMPR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-23 12:16 - 2006-12-18 12:12 - 00000000 ___RD () C:\Users\IUSR_NMPR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-23 12:16 - 2006-11-02 06:18 - 00000000 __RHD () C:\Users\Default
2014-11-23 12:16 - 2006-11-02 06:18 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-23 12:16 - 2006-11-02 06:18 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-23 12:16 - 2006-11-02 06:18 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-23 12:16 - 2006-11-02 06:18 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-23 12:16 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\registration
2014-11-21 06:14 - 2014-05-20 10:02 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-21 06:14 - 2014-05-20 10:02 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-21 06:14 - 2011-01-29 08:54 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-20 11:01 - 2006-11-02 06:18 - 00000000 ___RD () C:\Users\Public
2014-11-16 14:21 - 2007-02-24 20:00 - 00000000 ____D () C:\Windows\pss
2014-11-14 09:25 - 2010-04-18 10:14 - 00000000 ____D () C:\Program Files\SopCast
2014-11-12 22:36 - 2007-03-02 09:52 - 00000000 ____D () C:\Users\John\Documents\Textfiles
2014-11-12 11:33 - 2007-02-23 13:10 - 00000000 ____D () C:\Users\John\AppData\Roaming\Talkback
2014-11-12 10:52 - 2006-11-02 05:23 - 00449970 ____R () C:\Windows\system32\Drivers\etc\hosts.20141125-135618.backup
2014-11-12 09:56 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache
2014-11-12 08:38 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-12 08:11 - 2014-05-07 17:48 - 00001919 _____ () C:\Users\Public\Desktop\Chrome.lnk
2014-11-12 08:08 - 2013-07-24 20:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 08:03 - 2006-11-02 05:24 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-11-12 07:39 - 2014-09-05 14:51 - 00000000 ____D () C:\Users\John\AppData\Roaming\XnView
2014-11-12 07:39 - 2014-07-23 14:23 - 00000000 ____D () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Download App
2014-11-12 07:39 - 2014-07-02 09:16 - 00000000 ____D () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-11-12 07:39 - 2014-02-28 10:21 - 00000000 ____D () C:\Program Files\AVAST Software
2014-11-12 07:39 - 2013-09-14 12:52 - 00000000 ____D () C:\Users\John\AppData\Roaming\MediaMonkey
2014-11-12 07:39 - 2013-06-11 18:58 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-11-12 07:39 - 2013-03-05 11:41 - 00000000 ____D () C:\ProgramData\Licenses
2014-11-12 07:39 - 2011-07-24 14:51 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-11-12 07:39 - 2011-02-10 21:17 - 00000000 ____D () C:\Users\John\AppData\Roaming\AVG10
2014-11-12 07:39 - 2009-04-03 13:10 - 00000000 ____D () C:\Users\John\AppData\Roaming\Thunderbird
2014-11-12 07:39 - 2007-08-02 14:35 - 00000000 ____D () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-11-12 07:39 - 2007-02-20 13:10 - 00000000 ___RD () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-12 07:39 - 2007-02-20 13:10 - 00000000 ___RD () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-12 07:38 - 2014-09-05 14:57 - 00000000 ____D () C:\Program Files\VideoLAN
2014-11-12 07:38 - 2014-08-29 16:53 - 00000000 ____D () C:\Program Files\PopMan
2014-11-12 07:38 - 2014-07-02 10:50 - 00000000 ____D () C:\Program Files\Just Great Software
2014-11-12 07:38 - 2014-02-24 22:48 - 00000000 ____D () C:\Users\Default\AppData\Local\Trusteer
2014-11-12 07:38 - 2014-02-24 22:48 - 00000000 ____D () C:\Users\Default User\AppData\Local\Trusteer
2014-11-12 07:38 - 2011-01-03 22:52 - 00000000 ____D () C:\Program Files\Celeris
2014-11-12 07:38 - 2008-08-08 20:17 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-11-12 07:38 - 2006-12-18 12:20 - 00000000 ____D () C:\Program Files\Google
2014-11-11 21:19 - 2007-02-21 11:12 - 00001356 ____R () C:\Users\John\AppData\Local\d3d9caps.dat
2014-11-11 18:58 - 2007-03-20 11:39 - 00000000 ____D () C:\Users\John\AppData\Local\Help
2014-11-10 13:03 - 2011-02-10 20:56 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-10 12:42 - 2006-11-02 06:18 - 00000000 ___RD () C:\Windows\Web

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-10 08:20

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-12-2014
Ran by John at 2014-12-10 08:25:55
Running from K:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version: - TGRMN Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Championship Spades All-Stars 7.50 (HKLM\...\ChampSpades) (Version: 7.50 - DreamQuest)
Digital Media Reader (HKLM\...\InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}) (Version: 2.01.02.02 - AlcorMicro)
Digital Media Reader (Version: 2.01.02.02 - AlcorMicro) Hidden
DivX Setup (HKLM\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
Doom 3 (HKLM\...\InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}) (Version: 1.3 - Activision)
Doom 3 (Version: 1.3 - Activision) Hidden
Download App (HKU\S-1-5-21-4278196236-3910043076-1921008887-1001\...\Download App) (Version: 1.7.0 - CBS Interactive)
DS Clock (HKLM\...\DS Clock_is1) (Version: 2.4 - Duality Software)
EditPad Lite 7.3.1 (HKLM\...\EditPad Lite) (Version: 7.3.1 - Just Great Software)
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ffdshow v1.1.4399 [2012-03-22] (HKLM\...\ffdshow_is1) (Version: 1.1.4399.0 - )
FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version: - )
Filzip 3.06 (HKLM\...\Filzip 3.0.6.93_is1) (Version: 3.0.6 - Philipp Engel)
GameSpy Arcade (HKLM\...\GameSpy Arcade) (Version: - )
Gateway Recovery Center Installer (HKLM\...\{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}) (Version: 1.01.009 - Gateway)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - )
Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
Intel(R) PRO Network Connections Drivers (HKLM\...\PROSet) (Version: - )
Intel(R) Viiv(TM) Software (HKLM\...\Intel(R) Configuration Center) (Version: 1.6.429.0 - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
LaserJet 1020 series (HKLM\...\HP-LaserJet 1020 series) (Version: - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Media Player Codec Pack 4.3.4 (HKLM\...\Media Player - Codec Pack) (Version: 4.3.4 - Media Player Codec Pack)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Links 2001 (HKLM\...\Links 2001 2.0) (Version: - )
Microsoft Money 2006 (HKLM\...\Money2006b) (Version: 15 - Microsoft)
Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version: - )
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Opera Stable 26.0.1656.32 (HKLM\...\Opera 26.0.1656.32) (Version: 26.0.1656.32 - Opera Software ASA)
Personal Ancestral File 5 (HKLM\...\{D94A8E22-DF2B-4107-9E51-608A60A7671D}) (Version: - )
PopMan 1.3.1 (HKLM\...\PopMan-CH-Software_is1) (Version: - CH-Software)
SopCast 3.2.9 (HKLM\...\SopCast) (Version: 3.2.9 - www.sopcast.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Virtual Pool 3 DL (HKLM\...\{7B4873B0-71FF-4BAA-8072-1DEE154C54E4}) (Version: 3.3.1.1 - Celeris)
Virtual Pool 4 (HKLM\...\{E801BD2A-AB6B-4B8F-9599-B164AC726EC8}) (Version: 4.1.2.9 - Celeris)
Virtual Pool 4 Online (HKLM\...\{C074AFB2-07DF-46DF-96CD-38CEC2793AF7}) (Version: 4.3.8.3 - Celeris)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

02-12-2014 20:11:45 Scheduled Checkpoint
03-12-2014 18:11:01 Scheduled Checkpoint
04-12-2014 19:12:18 Scheduled Checkpoint
05-12-2014 19:50:02 Scheduled Checkpoint
06-12-2014 18:24:05 Scheduled Checkpoint
07-12-2014 16:27:48 Scheduled Checkpoint
07-12-2014 18:04:57 Removed Adobe Reader XI (11.0.08).
08-12-2014 18:15:48 Scheduled Checkpoint
08-12-2014 23:57:01 Removed Java 8 Update 11
09-12-2014 12:23:44 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2014-12-02 20:32 - 00450028 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {15A1CF78-CBE9-4147-BFF5-9440CE66C339} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-07] (Google Inc.)
Task: {1DC0B424-4F32-4C56-92F6-76FD16FA7B9D} - System32\Tasks\Opera scheduled Autoupdate 1416782460 => C:\Program Files\Opera\launcher.exe [2014-11-25] (Opera Software)
Task: {2733DA8B-E7D1-40C8-9BBC-9CC5DB2A8CE9} - \Jelbrus Secure Web Task No Task File <==== ATTENTION
Task: {3B82867E-F1CC-4A60-9872-2EBB4FC015E8} - System32\Tasks\Your File Updater => C:\Program Files\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: {4C9F52D4-AF85-4990-BF68-248326A1B634} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - John => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {725C8562-BB45-4E55-9D50-3C43BE706E11} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-07] (Google Inc.)
Task: {7ECC95E3-0595-4654-AA19-4F61F81B821D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-23] (AVAST Software)
Task: {851F01C9-5B14-4577-A9B6-33BFDF2D3AE6} - System32\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627} => C:\Windows\msb.exe
Task: {94352A4C-F333-44E2-8CDC-C1F1EC18CCFD} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4278196236-3910043076-1921008887-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {A27935DF-0070-4086-93DA-803537D71B61} - System32\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757} => C:\Users\John\AppData\Local\Temp\c.exe <==== ATTENTION
Task: {AF02248A-845E-4965-8B72-FD8009C8A41D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {AFFC1BA0-473F-413D-806D-B5DFBA45953D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {B0D63523-2B22-493C-811D-7C6E48B20AD6} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4278196236-3910043076-1921008887-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {EAC2B775-C7CE-4EA7-A07A-79AF00A8919C} - \GPUP No Task File <==== ATTENTION
Task: {EC86AAE5-8F51-4094-906A-7F7EA623D01D} - \Microsoft\Windows Defender\MP Scheduled Scan No Task File <==== ATTENTION
Task: {FBF23735-619F-4BD6-9118-D058E137276C} - System32\Tasks\Java check => C:\Program Files\Java\jre6\bin\jucheck.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{E57A22E8-06A3-46E2-A6A3-C443A62D321E}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2014-12-10 07:52 - 2014-12-10 07:52 - 02905088 _____ () C:\Program Files\AVAST Software\Avast\defs\14121000\algo.dll
2007-02-27 13:34 - 2004-09-08 13:45 - 00368128 _____ () C:\Program Files\Filzip\fzshext.dll
2007-05-18 08:00 - 2012-09-18 15:26 - 00169472 _____ () C:\Windows\System32\ZLhp1020.DLL
2011-09-15 10:04 - 2012-09-18 15:26 - 00059904 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\pphp1020.dll
2006-12-18 12:50 - 2006-12-12 10:04 - 00061440 _____ () C:\Windows\system32\igfxTMM.dll
2014-02-28 11:04 - 2014-11-23 12:32 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2006-10-29 12:03 - 2006-10-29 12:03 - 00208896 _____ () C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: avg8emc => 2
MSCONFIG\Services: avg8wd => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CodecPackUpdateChecker.lnk => C:\Windows\pss\CodecPackUpdateChecker.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Find Fast.lnk => C:\Windows\pss\Microsoft Find Fast.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Office Startup.lnk => C:\Windows\pss\Office Startup.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Download App.lnk => C:\Windows\pss\Download App.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ccleaner => "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
MSCONFIG\startupreg: CCUTRAYICON => "C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe"
MSCONFIG\startupreg: Codec Settings UAC Manager => "C:\Windows\system32\C2MP\CodecUACManager.exe"
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAAnotif => "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Kernel and Hardware Abstraction Layer => KHALMNPR.EXE
MSCONFIG\startupreg: NMSSupport => "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PopMan => C:\Program Files\PopMan\PopMan.exe -minimize
MSCONFIG\startupreg: SigmatelSysTrayApp => sttray.exe
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\John\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
MSCONFIG\startupreg: WinampAgent => "C:\Program Files\Winamp\winampa.exe"
MSCONFIG\startupreg: Windows Defender => "C:\Program Files\Windows Defender\MSASCui.exe" -hide
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-4278196236-3910043076-1921008887-500 - Administrator - Disabled)
Guest (S-1-5-21-4278196236-3910043076-1921008887-501 - Limited - Enabled)
IUSR_NMPR (S-1-5-21-4278196236-3910043076-1921008887-1000 - Limited - Enabled) => C:\Users\IUSR_NMPR
John (S-1-5-21-4278196236-3910043076-1921008887-1001 - Administrator - Enabled) => C:\Users\John

==================== Faulty Device Manager Devices =============

Name: Microsoft 6to4 Adapter #2
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/10/2014 08:24:25 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST.exe version 7.12.2014.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: b84
Start Time: 01d0147c754d2d8f
Termination Time: 7

Error: (12/10/2014 08:02:53 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program notepad.exe version 6.0.6000.16386 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: a58
Start Time: 01d014792bb2e41e
Termination Time: 28

Error: (12/09/2014 10:47:08 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier2\security.cpp78800706e5

Error: (12/09/2014 00:21:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: f78
Start Time: 01d013d474452698
Termination Time: 13

Error: (12/09/2014 07:23:49 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service getPlusHelper since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (12/09/2014 05:59:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 5c4
Start Time: 01d0139e9f9edbc1
Termination Time: 13

Error: (12/08/2014 10:58:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: be4
Start Time: 01d01362455a9b4e
Termination Time: 5

Error: (12/08/2014 07:33:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 670
Start Time: 01d01347436010a6
Termination Time: 16

Error: (12/08/2014 07:29:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: da8
Start Time: 01d01346d1c7a0c6
Termination Time: 11

Error: (12/08/2014 07:26:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 5b4
Start Time: 01d013467c16cc29
Termination Time: 7


System errors:
=============
Error: (12/10/2014 08:21:52 AM) (Source: DCOM) (EventID: 10016) (User: SIGLERCENTRAL)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}SIGLERCENTRALJohnS-1-5-21-4278196236-3910043076-1921008887-1001LocalHost (Using LRPC)

Error: (12/10/2014 08:21:52 AM) (Source: DCOM) (EventID: 10016) (User: SIGLERCENTRAL)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}SIGLERCENTRALJohnS-1-5-21-4278196236-3910043076-1921008887-1001LocalHost (Using LRPC)

Error: (12/10/2014 08:21:52 AM) (Source: DCOM) (EventID: 10016) (User: SIGLERCENTRAL)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}SIGLERCENTRALJohnS-1-5-21-4278196236-3910043076-1921008887-1001LocalHost (Using LRPC)

Error: (12/10/2014 08:21:52 AM) (Source: DCOM) (EventID: 10016) (User: SIGLERCENTRAL)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}SIGLERCENTRALJohnS-1-5-21-4278196236-3910043076-1921008887-1001LocalHost (Using LRPC)

Error: (12/10/2014 08:21:52 AM) (Source: DCOM) (EventID: 10016) (User: SIGLERCENTRAL)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}SIGLERCENTRALJohnS-1-5-21-4278196236-3910043076-1921008887-1001LocalHost (Using LRPC)

Error: (12/10/2014 08:20:28 AM) (Source: DCOM) (EventID: 10016) (User: SIGLERCENTRAL)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}SIGLERCENTRALJohnS-1-5-21-4278196236-3910043076-1921008887-1001LocalHost (Using LRPC)

Error: (12/10/2014 08:20:27 AM) (Source: DCOM) (EventID: 10016) (User: SIGLERCENTRAL)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}SIGLERCENTRALJohnS-1-5-21-4278196236-3910043076-1921008887-1001LocalHost (Using LRPC)

Error: (12/10/2014 08:20:27 AM) (Source: DCOM) (EventID: 10016) (User: SIGLERCENTRAL)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}SIGLERCENTRALJohnS-1-5-21-4278196236-3910043076-1921008887-1001LocalHost (Using LRPC)

Error: (12/10/2014 08:20:27 AM) (Source: DCOM) (EventID: 10016) (User: SIGLERCENTRAL)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}SIGLERCENTRALJohnS-1-5-21-4278196236-3910043076-1921008887-1001LocalHost (Using LRPC)

Error: (12/10/2014 08:20:27 AM) (Source: DCOM) (EventID: 10016) (User: SIGLERCENTRAL)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}SIGLERCENTRALJohnS-1-5-21-4278196236-3910043076-1921008887-1001LocalHost (Using LRPC)


Microsoft Office Sessions:
=========================
Error: (12/10/2014 08:24:25 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST.exe7.12.2014.1b8401d0147c754d2d8f7

Error: (12/10/2014 08:02:53 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: notepad.exe6.0.6000.16386a5801d014792bb2e41e28

Error: (12/09/2014 10:47:08 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier2\security.cpp78800706e5

Error: (12/09/2014 00:21:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OTL.exe3.2.69.0f7801d013d47445269813

Error: (12/09/2014 07:23:49 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service getPlusHelper since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (12/09/2014 05:59:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OTL.exe3.2.69.05c401d0139e9f9edbc113

Error: (12/08/2014 10:58:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OTL.exe3.2.69.0be401d01362455a9b4e5

Error: (12/08/2014 07:33:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OTL.exe3.2.69.067001d01347436010a616

Error: (12/08/2014 07:29:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OTL.exe3.2.69.0da801d01346d1c7a0c611

Error: (12/08/2014 07:26:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OTL.exe3.2.69.05b401d013467c16cc297


CodeIntegrity Errors:
===================================
Date: 2014-12-10 08:25:49.445
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-12-10 08:25:48.987
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-12-10 08:25:48.515
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-12-10 08:25:48.056
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-12-10 08:25:47.454
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-12-10 08:25:46.997
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-12-10 08:25:46.528
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-12-10 08:25:46.061
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-12-10 08:21:50.937
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-12-10 08:21:50.475
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
Percentage of memory in use: 47%
Total physical RAM: 2020.99 MB
Available physical RAM: 1056.78 MB
Total Pagefile: 4283.25 MB
Available Pagefile: 3369.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1919.09 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:288.38 GB) (Free:139.65 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:9.71 GB) (Free:3.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (NFSHS) (CDROM) (Total:0.57 GB) (Free:0 GB) CDFS
Drive i: () (Fixed) (Total:111.78 GB) (Free:98.29 GB) NTFS
Drive k: () (Removable) (Total:0.24 GB) (Free:0.24 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: FF7CFDA7)
Partition 1: (Not Active) - (Size=9.7 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=288.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: E509E509)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 250 MB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
sigsky
Regular Member
 
Posts: 17
Joined: August 23rd, 2009, 1:34 pm

Re: Browser/Adobe Reader stalling

Unread postby Gary R » December 10th, 2014, 10:30 am

Don't update Windows yet, your OS is not in a stable condition at the moment, so there's no way to know what effect installing updates might have.

OK, let's see if we can remove the things we found earlier by running FRST from your USB drive in normal mode again.

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad (don't include Code: Select all) .
Code: Select all
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4278196236-3910043076-1921008887-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.certified-toolbar.com?si= ... id=2937&q= {searchTerms}
SearchScopes: HKU\S-1-5-21-4278196236-3910043076-1921008887-1001 -> {138235B3-FA12-4084-A20C-4EB5DA65EAE7} URL = http://search.certified-toolbar.com?si= ... id=2937&q= {searchTerms}
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path
2014-12-08 10:00 - 2014-12-08 10:00 - 00033488 _____ () C:\Users\John\Documents\temp.txt
Task: {2733DA8B-E7D1-40C8-9BBC-9CC5DB2A8CE9} - \Jelbrus Secure Web Task No Task File <==== ATTENTION
Task: {3B82867E-F1CC-4A60-9872-2EBB4FC015E8} - System32\Tasks\Your File Updater => C:\Program Files\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: {A27935DF-0070-4086-93DA-803537D71B61} - System32\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757} => C:\Users\John\AppData\Local\Temp\c.exe <==== ATTENTION
Task: {EAC2B775-C7CE-4EA7-A07A-79AF00A8919C} - \GPUP No Task File <==== ATTENTION
Task: {EC86AAE5-8F51-4094-906A-7F7EA623D01D} - \Microsoft\Windows Defender\MP Scheduled Scan No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
C:\Users\John\AppData\Roaming\uTorrent
EmptyTemp:
Hosts:
cmd: ipconfig /flushdns

    • Save it to the same folder/directory that FRST.exe is in (on your USB drive), naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST.exe
    • Please post me the log
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Browser/Adobe Reader stalling

Unread postby sigsky » December 10th, 2014, 11:10 am

Oops, I forgot to rebboot in repair mode. I hope that doesn't invalidate results. Here is the log produced:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-12-2014
Ran by John at 2014-12-10 10:02:12 Run:2
Running from k:\
Loaded Profile: John (Available profiles: IUSR_NMPR & John)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4278196236-3910043076-1921008887-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.certified-toolbar.com?si= ... id=2937&q= {searchTerms}
SearchScopes: HKU\S-1-5-21-4278196236-3910043076-1921008887-1001 -> {138235B3-FA12-4084-A20C-4EB5DA65EAE7} URL = http://search.certified-toolbar.com?si= ... id=2937&q= {searchTerms}
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path
2014-12-08 10:00 - 2014-12-08 10:00 - 00033488 _____ () C:\Users\John\Documents\temp.txt
Task: {2733DA8B-E7D1-40C8-9BBC-9CC5DB2A8CE9} - \Jelbrus Secure Web Task No Task File <==== ATTENTION
Task: {3B82867E-F1CC-4A60-9872-2EBB4FC015E8} - System32\Tasks\Your File Updater => C:\Program Files\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: {A27935DF-0070-4086-93DA-803537D71B61} - System32\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757} => C:\Users\John\AppData\Local\Temp\c.exe <==== ATTENTION
Task: {EAC2B775-C7CE-4EA7-A07A-79AF00A8919C} - \GPUP No Task File <==== ATTENTION
Task: {EC86AAE5-8F51-4094-906A-7F7EA623D01D} - \Microsoft\Windows Defender\MP Scheduled Scan No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
C:\Users\John\AppData\Roaming\uTorrent
EmptyTemp:
Hosts:
cmd: ipconfig /flushdns
*****************

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-4278196236-3910043076-1921008887-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key deleted successfully.
"HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key not found.
"HKU\S-1-5-21-4278196236-3910043076-1921008887-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{138235B3-FA12-4084-A20C-4EB5DA65EAE7}" => Key deleted successfully.
"HKCR\CLSID\{138235B3-FA12-4084-A20C-4EB5DA65EAE7}" => Key not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk" => Key deleted successfully.
C:\Users\John\Documents\temp.txt => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2733DA8B-E7D1-40C8-9BBC-9CC5DB2A8CE9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2733DA8B-E7D1-40C8-9BBC-9CC5DB2A8CE9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Jelbrus Secure Web Task" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3B82867E-F1CC-4A60-9872-2EBB4FC015E8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B82867E-F1CC-4A60-9872-2EBB4FC015E8}" => Key deleted successfully.
C:\Windows\System32\Tasks\Your File Updater => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Your File Updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A27935DF-0070-4086-93DA-803537D71B61}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A27935DF-0070-4086-93DA-803537D71B61}" => Key deleted successfully.
C:\Windows\System32\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BB65B0FB-5712-401b-B616-E69AC55E2757}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EAC2B775-C7CE-4EA7-A07A-79AF00A8919C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EAC2B775-C7CE-4EA7-A07A-79AF00A8919C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GPUP" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC86AAE5-8F51-4094-906A-7F7EA623D01D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MP Scheduled Scan" => Key deleted successfully.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
"C:\Users\John\AppData\Roaming\uTorrent" => File/Directory not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 396.6 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====
sigsky
Regular Member
 
Posts: 17
Joined: August 23rd, 2009, 1:34 pm

Re: Browser/Adobe Reader stalling

Unread postby Gary R » December 10th, 2014, 11:52 am

If you haven't already done so, please reboot your computer.

Once that has been done, Please run a scan with ESET Online Scanner (this can sometimes take hours to complete, but it is very thorough)

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on Run ESET Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed click on Start to start the scan.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed you will be presented with a list of found threats ....
    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop
  • Exit out of ESET Online Scanner.
  • Post me the contents of ESET.txt please.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Browser/Adobe Reader stalling

Unread postby sigsky » December 10th, 2014, 1:50 pm

I uninstalled Firefox a while ago, I'll try to re-install if you wish.

Using IE, I get to the EULA and accept then 1 of 2 things happens
either
I get a message saying it has timed out. Retry
or
I get a message"Install 'OnlineScanner.cab from ..............................'. I click on Install and get a message that request must be resent. I click on try again and I am back to EULA page. Avast shields are off
I did this several times.

The website mentions needing to run esetsmartinstaller for Firefox or Chrome so I decided to try using Chrome.
esetsmartinstaller_enu eas downloaded but when I started it, it ram momentarily then terminated with the message "An unsupported operation was attempted"

Thanks for helping

Avast shields up
sigsky
Regular Member
 
Posts: 17
Joined: August 23rd, 2009, 1:34 pm

Re: Browser/Adobe Reader stalling

Unread postby Gary R » December 10th, 2014, 6:28 pm

OK, let's try something else ....

Please run Microsoft Safety Scanner
  • Click Download Now (this is a large download, approx. 70Mb)
  • If you are asked about 32-bit or 64-bit, click on the type matching your Windows system.
  • If asked to Run or Save, choose Run.
  • OK the User Account Permission or the query "Do you want to run this software".
  • If you get a message saying "running this type of program could harm your computer" or similar, just ignore it and tell it to Run anyway.
  • Click the box to Accept the license agreement.
  • Click Next.
  • Click Next to run the Scan.
  • Click the Quick Scan button. (... also Full Scan option)
  • Click Next
    • (If it finds nothing, it will just Exit. It still creates a report.)
    • If it has found anything, check the box titled "Help Remove potentially unwanted software"
      • Click Next (the Dialog label will become "Cleaning your computer").
      • After this operation completes, click Finish.
      • When removals are complete, it will report through a link, "View detailed results of the scan"
      • Clicking the link will popup a report in Notepad.
      • Please post the contents of the file in your reply.
      • The file is also saved in C:\Windows\debug\msert.log
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Browser/Adobe Reader stalling

Unread postby sigsky » December 10th, 2014, 7:03 pm

In Chrome, when I download something, it automatically saves it to my computer. I have UAC turned off so I don't get asked. When I run the msert.exe file I immediately get the Message"An error has occurred. Please visit the Microsoft Safety Scanner Help Page for more details.
The link in the message takes me to this page
http://support.microsoft.com/kb/2520970

I followed the instructions there to ascertain an error number but there was no file msert to double click

Maybe I should download this to the flash drive and try to run it from there?
sigsky
Regular Member
 
Posts: 17
Joined: August 23rd, 2009, 1:34 pm

Re: Browser/Adobe Reader stalling

Unread postby sigsky » December 10th, 2014, 7:50 pm

Hope this doesn't get me in trouble, but I downloaded msert from a different computer and ran it from the flash drive on our infected machine. It reported no infections. Here is the log file


Microsoft Safety Scanner v1.0, (build 1.189.1816.0)
Started On Wed Dec 10 18:24:52 2014
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))

Results Summary:
----------------
No infection found.
Microsoft Safety Scanner Finished On Wed Dec 10 18:45:16 2014


Return code: 0 (0x0)
sigsky
Regular Member
 
Posts: 17
Joined: August 23rd, 2009, 1:34 pm

Re: Browser/Adobe Reader stalling

Unread postby Gary R » December 11th, 2014, 2:24 am

I'm pretty certain by now that your problems are not Malware related, ie they are not being caused by any active infection on your machine, but are due to some fundamental corruption of your OS, which is not functioning as it should be.

Whether this corruption was initially caused by an infection that is now no longer present on your machine is hard to say, however finding the exact cause would be like looking for a needle in a haystack blindfolded, since most of the tools we've used are having problems running properly on your machine.

I'm afraid the only really viable way for you to recover your machine back to full functionality in a reasonable time period, is to back up your personal files and folders to some detachable media, and then to reformat your hard drive and re-install Windows. (see .... viewtopic.php?p=613842#p613842)

If your computer is an OEM machine (one produced by one of the major manufacturers), then there's usually a "Return to factory condition" option that will serve the same purpose. (see .... viewtopic.php?p=613793#p613793)

I know that this is probably not what you wanted to hear, most people seem to prefer to walk over hot coals rather than repave their system, but I really don't believe you have too many other options.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Browser/Adobe Reader stalling

Unread postby sigsky » December 11th, 2014, 8:51 am

Gary R,

I was afraid this was the direction we were heading. I've had this computer since 2007 and it has been perfectly adequate for my needs, but it is probably time to take advantage of the Christmas sales and just replace it. I have a few old games that I love to play and I hate the thought of migrating them to a new OS. Reinstalling Windows Vista on this machine will be a good learning exercise for me.

My sincere thanks for your time and effort in assisting me.

John
sigsky
Regular Member
 
Posts: 17
Joined: August 23rd, 2009, 1:34 pm

Re: Browser/Adobe Reader stalling

Unread postby Gary R » December 11th, 2014, 9:58 am

You're welcome John, sorry we couldn't have had a more convenient solution, but I believe with a clean install your machine will probably still be usable at least for the time being.

Windows 10 is likely to be released next year in the late Summer, so if you're looking to upgrade it might be worth waiting for that rather than purchasing a Windows 8 machine now. W8 is not IMO a particularly good OS, and from what I've seen of the pre-release version of W10, it looks like its going to be much better.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Browser/Adobe Reader stalling

Unread postby sigsky » December 11th, 2014, 10:32 am

Thanks for the advice. I have a laptop with Windows 8.1 and I don't particularly care for it so I will wait for Windows 10 as you suggested.
sigsky
Regular Member
 
Posts: 17
Joined: August 23rd, 2009, 1:34 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 269 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware