1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

browser infected?

Discussion in 'Virus & Other Malware Removal' started by edstl, Dec 2, 2014.

Thread Status:
Not open for further replies.
Advertisement
  1. edstl

    edstl Thread Starter

    Joined:
    Jul 4, 2014
    Messages:
    33
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Professional, Service Pack 1, 32 bit
    Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz, x64 Family 6 Model 15 Stepping 2
    Processor Count: 2
    RAM: 2037 Mb
    Graphics Card: Intel(R) Q965/Q963 Express Chipset Family, 384 Mb
    Hard Drives: C: Total - 953767 MB, Free - 878767 MB;
    Motherboard: Dell Inc., 0MM599
    Antivirus: Microsoft Security Essentials, Updated and Enabled

    Browser tries to open something Avast doesn't like and can't fix
     
  2. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Hi edstl,
    -----------------------------------------------------------
    Download and Run the Farbar Scan Tool
    • Download FRST and save to your Desktop.
    • Double click Frst.exe to launch it.
    • FRST will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press the Scan button.
      • When finished scanning, 2 logs will open on your Desktop, FRST.txt and Addition.txt
      • Please post them in your next reply.
    If you lose track of them, they will be saved in the same location as FRST.exe
    Feel free to use separate replies if it's more convenient.

    askey127
     
  3. edstl

    edstl Thread Starter

    Joined:
    Jul 4, 2014
    Messages:
    33
    Here it is
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-12-2014
    Ran by Barry (administrator) on BARRY-PC on 03-12-2014 16:31:03
    Running from C:\Users\Barry\Desktop
    Loaded Profile: Barry (Available profiles: Barry)
    Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Microsoft Corporation) C:\Windows\System32\dinotify.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Microsoft Corporation) C:\Windows\System32\wuauclt.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-12-02] (AVAST Software)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x73D4DAB99DF7CF01
    HKU\S-1-5-21-1877587483-2284044139-4259763531-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    HKU\S-1-5-21-1877587483-2284044139-4259763531-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    HKU\S-1-5-21-1877587483-2284044139-4259763531-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xACBD98A7C35DCF01
    HKU\S-1-5-21-1877587483-2284044139-4259763531-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    SearchScopes: HKU\S-1-5-21-1877587483-2284044139-4259763531-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
    SearchScopes: HKU\S-1-5-21-1877587483-2284044139-4259763531-1000 -> {8EAE2A8B-0FA0-4BDB-BAC9-041C908414F7} URL = https://www.google.com/search?q={searchTerms}
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

    FireFox:
    ========
    FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-02]

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR DefaultSearchKeyword: Default -> D7A67ADE0B8DC76F7C332BE6FE21F10A6DC04C0862076D86A610D6ECC0E5CCCD
    CHR DefaultSearchURL: Default -> CA49D21FDA37B5A62B0EF4B22923276F8E21663835905C63ADC23C475C609AA6
    CHR Profile: C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Simple Select Search) - C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aagminaekdpcfimcbhknlgjmpnnnmooo [2014-11-19]
    CHR Extension: (Avast Online Security) - C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-02]
    CHR Extension: (Wikipedia search) - C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmmlmagkbjnbhonjmeihmahmeabaafc [2014-12-01]
    CHR Extension: (WowCoupon) - C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipfpakopljegjlefiklhjddokdchcpik [2014-11-19]
    CHR Extension: (AVIM Vietnamese Input Method) - C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\opgbbffpdglhkpglnlkiclakjlpiedoh [2014-11-18]
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-02]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-02] (AVAST Software)
    R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-12-02] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-12-02] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-12-02] (AVAST Software)
    R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-12-02] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-12-02] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-12-02] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-12-02] (AVAST Software)
    R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-12-02] ()
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
    R1 netfilter; C:\Windows\System32\drivers\netfilter.sys [31744 2014-09-29] (NetFilterSDK.com) [File not signed]

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-03 16:31 - 2014-12-03 16:31 - 00009048 _____ () C:\Users\Barry\Desktop\FRST.txt
    2014-12-03 16:22 - 2014-12-03 16:31 - 00000000 ____D () C:\FRST
    2014-12-03 16:21 - 2014-12-03 16:17 - 01110016 _____ (Farbar) C:\Users\Barry\Desktop\FRST.exe
    2014-12-03 16:08 - 2014-12-03 16:08 - 00002963 _____ () C:\Users\Barry\Desktop\HiJackThis.lnk
    2014-12-03 16:08 - 2014-12-03 16:08 - 00000000 ____D () C:\Users\Barry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    2014-12-03 16:08 - 2014-12-03 16:08 - 00000000 ____D () C:\Program Files\Trend Micro
    2014-12-03 14:04 - 2014-12-03 14:05 - 00002040 _____ () C:\Users\Barry\Desktop\Rkill.txt
    2014-12-02 17:17 - 2014-12-02 17:18 - 00509440 _____ (Tech Support Guy System) C:\Users\Barry\Downloads\SysInfo.exe
    2014-12-02 11:50 - 2014-12-02 13:20 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-12-02 11:49 - 2014-12-02 11:49 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-12-02 11:49 - 2014-12-02 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-12-02 11:49 - 2014-12-02 11:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-12-02 11:49 - 2014-12-02 11:49 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-12-02 11:49 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-12-02 11:49 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-12-02 11:49 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-12-02 11:46 - 2014-12-02 11:46 - 00000000 ____D () C:\Users\Barry\AppData\Roaming\AVAST Software
    2014-12-02 11:45 - 2014-12-02 11:45 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
    2014-12-02 11:45 - 2014-12-02 11:45 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
    2014-12-02 11:45 - 2014-12-02 11:45 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2014-12-02 11:45 - 2014-12-02 11:45 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2014-12-02 11:45 - 2014-12-02 11:45 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2014-12-02 11:45 - 2014-12-02 11:45 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2014-12-02 11:45 - 2014-12-02 11:45 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2014-12-02 11:45 - 2014-12-02 11:45 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2014-12-02 11:45 - 2014-12-02 11:45 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-12-02 11:45 - 2014-12-02 11:45 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2014-12-02 11:45 - 2014-12-02 11:45 - 00002121 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2014-12-02 11:45 - 2014-12-02 11:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2014-12-02 11:44 - 2014-12-02 11:44 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-12-02 11:43 - 2014-12-02 11:44 - 00000000 ____D () C:\ProgramData\AVAST Software
    2014-12-02 11:42 - 2014-12-02 11:42 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Barry\Downloads\mbam-setup-2.0.3.1025.exe
    2014-12-02 11:41 - 2014-12-02 11:41 - 05006864 _____ (AVAST Software) C:\Users\Barry\Downloads\avast_free_antivirus_setup_online.exe
    2014-11-30 13:59 - 2014-11-30 13:59 - 00000000 ____D () C:\Users\Barry\AppData\Local\Apps\2.0
    2014-11-29 16:10 - 2014-12-02 13:31 - 00000000 ____D () C:\ProgramData\LizardSales
    2014-11-19 10:36 - 2014-11-19 10:57 - 00000000 ____D () C:\ProgramData\saveron
    2014-11-19 10:27 - 2014-11-10 20:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-11-19 10:27 - 2014-11-10 20:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
    2014-11-18 18:10 - 2014-12-01 21:37 - 00000000 ____D () C:\ProgramData\9f81e61241ab5dd3
    2014-11-18 18:10 - 2014-11-19 10:58 - 00000000 ____D () C:\ProgramData\dealpeak
    2014-11-17 08:55 - 2014-11-17 08:55 - 00000000 __SHD () C:\Users\Barry\AppData\Local\EmieBrowserModeList
    2014-11-12 11:29 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2014-11-12 11:29 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2014-11-12 11:29 - 2014-10-09 18:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-11-12 11:29 - 2014-10-02 19:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2014-11-12 11:29 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2014-11-12 11:29 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2014-11-12 11:29 - 2014-10-02 19:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2014-11-12 11:29 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2014-11-12 11:29 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2014-11-12 11:29 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-11-12 11:29 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2014-11-12 11:29 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2014-11-12 11:29 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-11-12 11:29 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-11-12 11:29 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2014-11-12 11:29 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2014-11-12 11:29 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
    2014-11-12 11:28 - 2014-11-07 13:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-11-12 11:28 - 2014-11-05 21:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-11-12 11:28 - 2014-11-05 21:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-11-12 11:28 - 2014-11-05 21:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-11-12 11:28 - 2014-11-05 21:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-11-12 11:28 - 2014-11-05 21:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-11-12 11:28 - 2014-11-05 21:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-11-12 11:28 - 2014-11-05 21:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-11-12 11:28 - 2014-11-05 21:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-11-12 11:28 - 2014-11-05 21:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-11-12 11:28 - 2014-11-05 21:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-11-12 11:28 - 2014-11-05 21:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-11-12 11:28 - 2014-11-05 20:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-11-12 11:28 - 2014-11-05 20:59 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-11-12 11:28 - 2014-11-05 20:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-11-12 11:28 - 2014-11-05 20:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-11-12 11:28 - 2014-11-05 20:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-11-12 11:28 - 2014-11-05 20:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-11-12 11:28 - 2014-11-05 20:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-11-12 11:28 - 2014-11-05 20:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-11-12 11:28 - 2014-11-05 20:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-11-12 11:28 - 2014-11-05 20:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-11-12 11:28 - 2014-11-05 20:22 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-11-12 11:28 - 2014-11-05 20:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-11-12 11:28 - 2014-11-05 20:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-11-12 11:28 - 2014-11-05 20:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-11-12 11:28 - 2014-11-05 20:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-11-12 11:28 - 2014-11-05 19:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-11-12 11:28 - 2014-11-05 19:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-11-12 11:28 - 2014-11-05 19:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-11-12 11:28 - 2014-11-05 11:50 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2014-11-12 11:28 - 2014-11-05 11:50 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-11-12 11:28 - 2014-11-05 11:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-11-12 11:28 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
    2014-11-12 11:28 - 2014-10-13 19:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2014-11-12 11:28 - 2014-10-13 19:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-11-12 11:28 - 2014-10-13 19:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
    2014-11-12 11:28 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2014-11-12 11:28 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2014-11-09 21:19 - 2014-11-09 21:20 - 00016384 ___SH () C:\Users\Barry\Documents\Thumbs.db
    2014-11-03 13:21 - 2014-11-03 13:38 - 00000000 ____D () C:\http_filter
    2014-11-03 13:20 - 2014-10-28 18:09 - 00044248 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\netmon_wfp.sys
    2014-11-03 13:18 - 2014-11-03 13:41 - 00000000 ____D () C:\Program Files\Klip Pal
    2014-11-03 13:17 - 2014-11-03 13:41 - 00000005 _____ () C:\end
    2014-11-03 13:17 - 2014-11-03 13:17 - 00000000 ____D () C:\Users\Barry\AppData\Local\Pro_PC_Cleaner
    2014-11-03 13:16 - 2014-11-03 13:30 - 00000000 ____D () C:\Users\Barry\Documents\ProPCCleaner

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-03 16:14 - 2009-07-13 22:34 - 00032256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-12-03 16:14 - 2009-07-13 22:34 - 00032256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-12-03 16:11 - 2014-06-15 07:54 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-12-03 16:05 - 2014-04-08 16:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-12-03 14:05 - 2014-04-08 11:02 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-12-03 14:03 - 2009-07-13 22:39 - 00113836 _____ () C:\Windows\setupact.log
    2014-12-03 13:05 - 2014-06-15 07:54 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-12-02 17:15 - 2014-04-08 12:34 - 01399049 _____ () C:\Windows\WindowsUpdate.log
    2014-12-02 17:03 - 2014-04-09 07:42 - 00079058 _____ () C:\Windows\PFRO.log
    2014-12-02 17:03 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-12-02 13:31 - 2014-10-28 07:48 - 00000000 ____D () C:\Program Files\Bench
    2014-12-02 13:18 - 2014-06-15 07:54 - 00000000 ____D () C:\Program Files\Google
    2014-12-02 11:39 - 2014-06-15 07:54 - 00000000 ____D () C:\Users\Barry\AppData\Local\Google
    2014-11-30 13:51 - 2014-04-09 14:58 - 00000000 ____D () C:\Users\Barry\AppData\Roaming\Adobe
    2014-11-29 15:51 - 2014-04-08 16:54 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2014-11-29 15:51 - 2014-04-08 16:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2014-11-13 07:21 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\rescache
    2014-11-13 03:34 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\Microsoft.NET
    2014-11-13 03:27 - 2009-07-13 22:33 - 00407384 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-11-13 03:26 - 2014-05-07 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-11-13 03:10 - 2014-04-08 15:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-11-13 03:05 - 2014-04-08 15:25 - 00000000 ____D () C:\Windows\system32\MRT
    2014-11-13 03:02 - 2014-04-08 15:25 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

    Some content of TEMP:
    ====================
    C:\Users\Barry\AppData\Local\Temp\9BE0613B-DD9E-F4AE-7A61-828D425438B1.dll
    C:\Users\Barry\AppData\Local\Temp\9BE0613B-DD9E-F4AE-7A61-828D425438B1.exe
    C:\Users\Barry\AppData\Local\Temp\APNSetup.exe
    C:\Users\Barry\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
    C:\Users\Barry\AppData\Local\Temp\Media Player Zdck_cleaner.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-11-25 09:51

    ==================== End Of Log ============================

    Addition file
    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-12-2014
    Ran by Barry at 2014-12-03 16:31:46
    Running from C:\Users\Barry\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
    Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
    Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
    Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
    Interenet Optimizer (HKLM\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{c632643}) (Version: - BullPoint) <==== ATTENTION
    Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.710 - Oracle)
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    30-10-2014 02:54:22 Windows Update
    02-11-2014 14:33:15 Windows Update
    06-11-2014 00:46:11 Windows Update
    09-11-2014 15:00:53 Windows Update
    12-11-2014 23:12:32 Windows Update
    13-11-2014 09:00:30 Windows Update
    17-11-2014 14:16:45 Windows Update
    20-11-2014 09:00:26 Windows Update
    23-11-2014 17:04:01 Windows Update
    29-11-2014 22:01:47 Windows Update
    02-12-2014 17:44:05 avast! antivirus system restore point
    02-12-2014 23:14:27 Windows Update
    03-12-2014 22:07:19 Installed HiJackThis

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 20:04 - 2014-10-28 09:37 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {3142AD21-7112-4149-8422-7D14D8B3790E} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files\Pro PC Cleaner\Splash.exe
    Task: {36F3B172-D6C1-4423-8994-B2ACCE82B740} - System32\Tasks\APSnotifierPP3 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: {3C251CA1-EAAC-4C28-BD8A-FC9573C40CE0} - System32\Tasks\ProPCCleaner_Start => C:\Program Files\Pro PC Cleaner\ProPCCleaner.exe
    Task: {3ED3A15C-9003-42E9-BD75-15B1A5921584} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-02] (AVAST Software)
    Task: {40A81679-E229-4D06-833B-9CE8EAA7D10C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-29] (Adobe Systems Incorporated)
    Task: {938CC776-99A0-4155-AF60-6526E1FF5B65} - System32\Tasks\APSnotifierPP2 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: {CAAB7C8B-A909-457B-9589-6BF94B6D5234} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-06-15] (Google Inc.)
    Task: {EA2677C4-E946-4C6A-B755-258B673ED72B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-06-15] (Google Inc.)
    Task: {FBEC3227-67B8-46DF-A86F-60E47BA8B1DE} - System32\Tasks\APSnotifierPP1 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-12-02 11:45 - 2014-12-02 11:45 - 02904576 _____ () C:\Program Files\AVAST Software\Avast\defs\14120201\algo.dll
    2014-12-03 13:06 - 2014-12-03 13:06 - 02904576 _____ () C:\Program Files\AVAST Software\Avast\defs\14120301\algo.dll
    2014-12-02 11:45 - 2014-12-02 11:45 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\Barry\Desktop\photos:Roxio EMC Stream
    AlternateDataStreams: C:\Users\Barry\Documents\.DS_Store:AFP_AfpInfo
    AlternateDataStreams: C:\Users\Barry\Documents\Downloads:Roxio EMC Stream
    AlternateDataStreams: C:\Users\Barry\Documents\My Scans:Roxio EMC Stream

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ========================= Accounts: ==========================

    Administrator (S-1-5-21-1877587483-2284044139-4259763531-500 - Administrator - Disabled)
    Barry (S-1-5-21-1877587483-2284044139-4259763531-1000 - Administrator - Enabled) => C:\Users\Barry
    Guest (S-1-5-21-1877587483-2284044139-4259763531-501 - Limited - Enabled)
    HomeGroupUser$ (S-1-5-21-1877587483-2284044139-4259763531-1004 - Limited - Enabled)

    ==================== Faulty Device Manager Devices =============

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/19/2014 10:48:23 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 11.0.9600.17420, time stamp: 0x545ad233
    Faulting module name: Kh7DRtRYpARS5K.dll, version: 1.8.0.0, time stamp: 0x546b0beb
    Exception code: 0xc0000005
    Fault offset: 0x00064d95
    Faulting process id: 0x88c
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3

    Error: (10/28/2014 07:49:35 AM) (Source: MsiInstaller) (EventID: 11316) (User: Barry-PC)
    Description: Product: Consumer Input Update Helper -- Error 1316. The specified account already exists.

    Error: (10/19/2014 11:48:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 223c

    Start Time: 01cfebc4790e7b23

    Termination Time: 32

    Application Path: C:\Program Files\Internet Explorer\iexplore.exe

    Report Id:

    Error: (10/19/2014 11:45:29 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1ca0

    Start Time: 01cfebc3e598694e

    Termination Time: 70

    Application Path: C:\Program Files\Internet Explorer\iexplore.exe

    Report Id:

    Error: (10/01/2014 07:32:08 AM) (Source: Application Error) (EventID: 1005) (User: )
    Description: Windows cannot access the file for one of the following reasons:
    there is a problem with the network connection, the disk that the file is stored on, or the storage
    drivers installed on this computer; or the disk is missing.
    Windows closed the program Java(TM) Update Scheduler because of this error.

    Program: Java(TM) Update Scheduler
    File:

    The error value is listed in the Additional Data section.
    User Action
    1. Open the file again.
    This situation might be a temporary problem that corrects itself when the program runs again.
    2.
    If the file still cannot be accessed and
    - It is on the network,
    your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
    3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
    4. If the problem persists, restore the file from a backup copy.
    5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
    further assistance.

    Additional Data
    Error value: 00000000
    Disk type: 0

    Error: (10/01/2014 07:32:08 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: jusched.exe, version: 2.1.9.8, time stamp: 0x51d2fcd3
    Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
    Exception code: 0xc0000096
    Fault offset: 0x00048665
    Faulting process id: 0x9e8
    Faulting application start time: 0xjusched.exe0
    Faulting application path: jusched.exe1
    Faulting module path: jusched.exe2
    Report Id: jusched.exe3

    Error: (09/21/2014 08:56:38 AM) (Source: MsiInstaller) (EventID: 1024) (User: Barry-PC)
    Description: Product: Adobe Reader XI (11.0.08) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

    Error: (09/05/2014 01:50:50 PM) (Source: MsiInstaller) (EventID: 1024) (User: Barry-PC)
    Description: Product: Adobe Reader XI (11.0.07) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011008}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

    Error: (09/03/2014 05:20:30 PM) (Source: MsiInstaller) (EventID: 1024) (User: Barry-PC)
    Description: Product: Adobe Reader XI (11.0.07) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011008}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

    Error: (09/01/2014 02:18:05 AM) (Source: MsiInstaller) (EventID: 1024) (User: Barry-PC)
    Description: Product: Adobe Reader XI (11.0.07) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011008}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127


    System errors:
    =============
    Error: (12/03/2014 04:21:16 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR3.

    Error: (12/03/2014 02:03:50 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.

    Error: (12/03/2014 02:03:49 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.

    Error: (12/03/2014 02:03:49 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.

    Error: (12/03/2014 02:03:48 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.

    Error: (12/03/2014 02:03:48 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.

    Error: (12/02/2014 05:04:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

    Error: (12/02/2014 01:34:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

    Error: (12/02/2014 01:19:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

    Error: (12/02/2014 01:18:31 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    ttnfd


    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
    Percentage of memory in use: 39%
    Total physical RAM: 2037.61 MB
    Available physical RAM: 1237.82 MB
    Total Pagefile: 4075.23 MB
    Available Pagefile: 3007.14 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1905.98 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:931.41 GB) (Free:856.68 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 3AFCD413)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  4. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    edstl,
    ------------------------------------------------
    Remove Programs Using Control Panel
    From Start, Control Panel, click on Programs and Features
    Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

    Java 7 Update 71
    Interenet Optimizer
    Microsoft Security Essentials
    HiJackThis
    Google Update Helper

    Take extra care in answering questions posed by any Uninstaller.
    -----------------------------------------------------------
    REBOOT (RESTART) Your Machine

    --------------------------------------------------------
    Run A Fix With FRST
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both the program (either FRST.exe or FRST64.exe) and Fixlist.txt be in the same location, or the fix will not work.
    (Both on the Desktop is OK, or both in the same folder elsewhere)

    Run FRST and press the Fix button just once and wait. DO NOT PRESS THE SCAN BUTTON.
    If for some reason the tool needs a restart, please make sure you let the system restart normally.
    The tool may start automatically and complete its work after the system restart. Let the tool complete its run.
    When finished, FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents in your reply.

    askey127
     

    Attached Files:

  5. edstl

    edstl Thread Starter

    Joined:
    Jul 4, 2014
    Messages:
    33
    Interenet Optimizer would not uninstall and Google Update Helper wasn't there

    will re start and do the rest and repost
     
  6. edstl

    edstl Thread Starter

    Joined:
    Jul 4, 2014
    Messages:
    33
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-12-2014
    Ran by Barry at 2014-12-03 21:48:36 Run:1
    Running from C:\Users\Barry\Desktop
    Loaded Profile: Barry (Available profiles: Barry)
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    Task: {3142AD21-7112-4149-8422-7D14D8B3790E} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files\Pro PC Cleaner\Splash.exe
    Task: {36F3B172-D6C1-4423-8994-B2ACCE82B740} - System32\Tasks\APSnotifierPP3 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: {3C251CA1-EAAC-4C28-BD8A-FC9573C40CE0} - System32\Tasks\ProPCCleaner_Start => C:\Program Files\Pro PC Cleaner\ProPCCleaner.exe
    Task: {938CC776-99A0-4155-AF60-6526E1FF5B65} - System32\Tasks\APSnotifierPP2 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: {FBEC3227-67B8-46DF-A86F-60E47BA8B1DE} - System32\Tasks\APSnotifierPP1 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKU\S-1-5-21-1877587483-2284044139-4259763531-1000 -> {8EAE2A8B-0FA0-4BDB-BAC9-041C908414F7} URL = https://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1877587483-2284044139-4259763531-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =

    *****************

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3142AD21-7112-4149-8422-7D14D8B3790E}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3142AD21-7112-4149-8422-7D14D8B3790E}" => Key deleted successfully.
    C:\Windows\System32\Tasks\ProPCCleaner_Popup => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Popup" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{36F3B172-D6C1-4423-8994-B2ACCE82B740}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36F3B172-D6C1-4423-8994-B2ACCE82B740}" => Key deleted successfully.
    C:\Windows\System32\Tasks\APSnotifierPP3 => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3C251CA1-EAAC-4C28-BD8A-FC9573C40CE0}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C251CA1-EAAC-4C28-BD8A-FC9573C40CE0}" => Key deleted successfully.
    C:\Windows\System32\Tasks\ProPCCleaner_Start => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{938CC776-99A0-4155-AF60-6526E1FF5B65}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{938CC776-99A0-4155-AF60-6526E1FF5B65}" => Key deleted successfully.
    C:\Windows\System32\Tasks\APSnotifierPP2 => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FBEC3227-67B8-46DF-A86F-60E47BA8B1DE}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FBEC3227-67B8-46DF-A86F-60E47BA8B1DE}" => Key deleted successfully.
    C:\Windows\System32\Tasks\APSnotifierPP1 => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1" => Key deleted successfully.
    C:\Windows\Tasks\APSnotifierPP1.job => Moved successfully.
    C:\Windows\Tasks\APSnotifierPP2.job => Moved successfully.
    C:\Windows\Tasks\APSnotifierPP3.job => Moved successfully.
    C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
    C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    "HKU\S-1-5-21-1877587483-2284044139-4259763531-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8EAE2A8B-0FA0-4BDB-BAC9-041C908414F7}" => Key deleted successfully.
    "HKCR\CLSID\{8EAE2A8B-0FA0-4BDB-BAC9-041C908414F7}" => Key not found.
    HKU\S-1-5-21-1877587483-2284044139-4259763531-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.


    The system needed a reboot.

    ==== End of Fixlog ====
     
  7. edstl

    edstl Thread Starter

    Joined:
    Jul 4, 2014
    Messages:
    33
    It saved the txt before it restarted. still getting tabs opening
     
  8. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    edstl,
    If you ever get any kind of objection from your antivirus program, please make a note of exactly what is reported in the popup.

    You're doing fine.
    We need to scan again to see what we missed with the first Fix, and also see what needs to be removed manually.
    -----------------------------------------------------------
    Run a New Scan With the Farbar Scan Tool
    • Double click FRST.exe on your desktop to launch it.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning, a new version of the log FRST.txt will be saved on your Desktop and opened in Notepad.
    • Please post the contents in your next reply.

    askey127
     
  9. edstl

    edstl Thread Starter

    Joined:
    Jul 4, 2014
    Messages:
    33
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-12-2014
    Ran by Barry (administrator) on BARRY-PC on 04-12-2014 07:38:49
    Running from C:\Users\Barry\Desktop
    Loaded Profile: Barry (Available profiles: Barry)
    Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-12-02] (AVAST Software)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x73D4DAB99DF7CF01
    HKU\S-1-5-21-1877587483-2284044139-4259763531-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    HKU\S-1-5-21-1877587483-2284044139-4259763531-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    HKU\S-1-5-21-1877587483-2284044139-4259763531-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xACBD98A7C35DCF01
    HKU\S-1-5-21-1877587483-2284044139-4259763531-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

    FireFox:
    ========
    FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-02]

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR DefaultSearchKeyword: Default -> D7A67ADE0B8DC76F7C332BE6FE21F10A6DC04C0862076D86A610D6ECC0E5CCCD
    CHR DefaultSearchURL: Default -> CA49D21FDA37B5A62B0EF4B22923276F8E21663835905C63ADC23C475C609AA6
    CHR Profile: C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Simple Select Search) - C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aagminaekdpcfimcbhknlgjmpnnnmooo [2014-11-19]
    CHR Extension: (Avast Online Security) - C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-02]
    CHR Extension: (Wikipedia search) - C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmmlmagkbjnbhonjmeihmahmeabaafc [2014-12-01]
    CHR Extension: (WowCoupon) - C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipfpakopljegjlefiklhjddokdchcpik [2014-11-19]
    CHR Extension: (AVIM Vietnamese Input Method) - C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\opgbbffpdglhkpglnlkiclakjlpiedoh [2014-11-18]
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-02]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-02] (AVAST Software)
    R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-12-02] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-12-02] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-12-02] (AVAST Software)
    R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-12-02] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-12-02] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-12-02] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-12-02] (AVAST Software)
    R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-12-02] ()
    R1 netfilter; C:\Windows\System32\drivers\netfilter.sys [31744 2014-09-29] (NetFilterSDK.com) [File not signed]

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-04 07:38 - 2014-12-04 07:39 - 00007796 _____ () C:\Users\Barry\Desktop\FRST.txt
    2014-12-03 21:39 - 2014-12-03 21:40 - 00000000 ____D () C:\Users\Barry\Desktop\old txt
    2014-12-03 16:22 - 2014-12-04 07:38 - 00000000 ____D () C:\FRST
    2014-12-03 16:21 - 2014-12-03 16:17 - 01110016 _____ (Farbar) C:\Users\Barry\Desktop\FRST.exe
    2014-12-03 14:04 - 2014-12-03 14:05 - 00002040 _____ () C:\Users\Barry\Desktop\Rkill.txt
    2014-12-02 17:17 - 2014-12-02 17:18 - 00509440 _____ (Tech Support Guy System) C:\Users\Barry\Downloads\SysInfo.exe
    2014-12-02 11:50 - 2014-12-02 13:20 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-12-02 11:49 - 2014-12-02 11:49 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-12-02 11:49 - 2014-12-02 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-12-02 11:49 - 2014-12-02 11:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-12-02 11:49 - 2014-12-02 11:49 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-12-02 11:49 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-12-02 11:49 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-12-02 11:49 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-12-02 11:46 - 2014-12-02 11:46 - 00000000 ____D () C:\Users\Barry\AppData\Roaming\AVAST Software
    2014-12-02 11:45 - 2014-12-02 11:45 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
    2014-12-02 11:45 - 2014-12-02 11:45 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
    2014-12-02 11:45 - 2014-12-02 11:45 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2014-12-02 11:45 - 2014-12-02 11:45 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2014-12-02 11:45 - 2014-12-02 11:45 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2014-12-02 11:45 - 2014-12-02 11:45 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2014-12-02 11:45 - 2014-12-02 11:45 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2014-12-02 11:45 - 2014-12-02 11:45 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2014-12-02 11:45 - 2014-12-02 11:45 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-12-02 11:45 - 2014-12-02 11:45 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2014-12-02 11:45 - 2014-12-02 11:45 - 00002121 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2014-12-02 11:45 - 2014-12-02 11:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2014-12-02 11:44 - 2014-12-02 11:44 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-12-02 11:43 - 2014-12-02 11:44 - 00000000 ____D () C:\ProgramData\AVAST Software
    2014-12-02 11:42 - 2014-12-02 11:42 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Barry\Downloads\mbam-setup-2.0.3.1025.exe
    2014-12-02 11:41 - 2014-12-02 11:41 - 05006864 _____ (AVAST Software) C:\Users\Barry\Downloads\avast_free_antivirus_setup_online.exe
    2014-11-30 13:59 - 2014-11-30 13:59 - 00000000 ____D () C:\Users\Barry\AppData\Local\Apps\2.0
    2014-11-29 16:10 - 2014-12-02 13:31 - 00000000 ____D () C:\ProgramData\LizardSales
    2014-11-19 10:36 - 2014-11-19 10:57 - 00000000 ____D () C:\ProgramData\saveron
    2014-11-19 10:27 - 2014-11-10 20:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-11-19 10:27 - 2014-11-10 20:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
    2014-11-18 18:10 - 2014-12-01 21:37 - 00000000 ____D () C:\ProgramData\9f81e61241ab5dd3
    2014-11-18 18:10 - 2014-11-19 10:58 - 00000000 ____D () C:\ProgramData\dealpeak
    2014-11-17 08:55 - 2014-11-17 08:55 - 00000000 __SHD () C:\Users\Barry\AppData\Local\EmieBrowserModeList
    2014-11-12 11:29 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2014-11-12 11:29 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2014-11-12 11:29 - 2014-10-09 18:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-11-12 11:29 - 2014-10-02 19:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2014-11-12 11:29 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2014-11-12 11:29 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2014-11-12 11:29 - 2014-10-02 19:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2014-11-12 11:29 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2014-11-12 11:29 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2014-11-12 11:29 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-11-12 11:29 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2014-11-12 11:29 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2014-11-12 11:29 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-11-12 11:29 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-11-12 11:29 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2014-11-12 11:29 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2014-11-12 11:29 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
    2014-11-12 11:28 - 2014-11-07 13:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-11-12 11:28 - 2014-11-05 21:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-11-12 11:28 - 2014-11-05 21:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-11-12 11:28 - 2014-11-05 21:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-11-12 11:28 - 2014-11-05 21:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-11-12 11:28 - 2014-11-05 21:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-11-12 11:28 - 2014-11-05 21:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-11-12 11:28 - 2014-11-05 21:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-11-12 11:28 - 2014-11-05 21:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-11-12 11:28 - 2014-11-05 21:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-11-12 11:28 - 2014-11-05 21:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-11-12 11:28 - 2014-11-05 21:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-11-12 11:28 - 2014-11-05 20:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-11-12 11:28 - 2014-11-05 20:59 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-11-12 11:28 - 2014-11-05 20:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-11-12 11:28 - 2014-11-05 20:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-11-12 11:28 - 2014-11-05 20:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-11-12 11:28 - 2014-11-05 20:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-11-12 11:28 - 2014-11-05 20:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-11-12 11:28 - 2014-11-05 20:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-11-12 11:28 - 2014-11-05 20:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-11-12 11:28 - 2014-11-05 20:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-11-12 11:28 - 2014-11-05 20:22 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-11-12 11:28 - 2014-11-05 20:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-11-12 11:28 - 2014-11-05 20:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-11-12 11:28 - 2014-11-05 20:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-11-12 11:28 - 2014-11-05 20:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-11-12 11:28 - 2014-11-05 19:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-11-12 11:28 - 2014-11-05 19:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-11-12 11:28 - 2014-11-05 19:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-11-12 11:28 - 2014-11-05 11:50 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2014-11-12 11:28 - 2014-11-05 11:50 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-11-12 11:28 - 2014-11-05 11:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-11-12 11:28 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
    2014-11-12 11:28 - 2014-10-13 19:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2014-11-12 11:28 - 2014-10-13 19:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-11-12 11:28 - 2014-10-13 19:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
    2014-11-12 11:28 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2014-11-12 11:28 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2014-11-09 21:19 - 2014-11-09 21:20 - 00016384 ___SH () C:\Users\Barry\Documents\Thumbs.db

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-04 07:39 - 2014-06-15 07:54 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-12-04 07:38 - 2014-04-08 16:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-12-04 07:38 - 2014-04-08 12:34 - 01444005 _____ () C:\Windows\WindowsUpdate.log
    2014-12-03 22:03 - 2014-06-15 07:54 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-12-03 21:57 - 2009-07-13 22:34 - 00032256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-12-03 21:57 - 2009-07-13 22:34 - 00032256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-12-03 21:56 - 2014-04-08 11:02 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-12-03 21:54 - 2014-06-15 07:55 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-12-03 21:50 - 2014-10-28 07:48 - 00000008 __RSH () C:\ProgramData\ntuser.pol
    2014-12-03 21:50 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-12-03 21:50 - 2009-07-13 22:39 - 00114228 _____ () C:\Windows\setupact.log
    2014-12-03 21:48 - 2009-07-13 20:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
    2014-12-03 21:10 - 2014-04-09 14:50 - 00001945 _____ () C:\Windows\epplauncher.mif
    2014-12-02 17:03 - 2014-04-09 07:42 - 00079058 _____ () C:\Windows\PFRO.log
    2014-12-02 13:31 - 2014-10-28 07:48 - 00000000 ____D () C:\Program Files\Bench
    2014-12-02 13:18 - 2014-06-15 07:54 - 00000000 ____D () C:\Program Files\Google
    2014-12-02 11:39 - 2014-06-15 07:54 - 00000000 ____D () C:\Users\Barry\AppData\Local\Google
    2014-11-30 13:51 - 2014-04-09 14:58 - 00000000 ____D () C:\Users\Barry\AppData\Roaming\Adobe
    2014-11-29 15:51 - 2014-04-08 16:54 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2014-11-29 15:51 - 2014-04-08 16:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2014-11-13 07:21 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\rescache
    2014-11-13 03:34 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\Microsoft.NET
    2014-11-13 03:27 - 2009-07-13 22:33 - 00407384 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-11-13 03:26 - 2014-05-07 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-11-13 03:10 - 2014-04-08 15:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-11-13 03:05 - 2014-04-08 15:25 - 00000000 ____D () C:\Windows\system32\MRT
    2014-11-13 03:02 - 2014-04-08 15:25 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

    Some content of TEMP:
    ====================
    C:\Users\Barry\AppData\Local\Temp\9BE0613B-DD9E-F4AE-7A61-828D425438B1.dll
    C:\Users\Barry\AppData\Local\Temp\9BE0613B-DD9E-F4AE-7A61-828D425438B1.exe
    C:\Users\Barry\AppData\Local\Temp\APNSetup.exe
    C:\Users\Barry\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
    C:\Users\Barry\AppData\Local\Temp\Media Player Zdck_cleaner.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-11-25 09:51

    ==================== End Of Log ============================

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-12-2014
    Ran by Barry at 2014-12-04 07:39:32
    Running from C:\Users\Barry\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
    Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
    Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
    Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
    Interenet Optimizer (HKLM\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{c632643}) (Version: - BullPoint) <==== ATTENTION
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    02-11-2014 14:33:15 Windows Update
    06-11-2014 00:46:11 Windows Update
    09-11-2014 15:00:53 Windows Update
    12-11-2014 23:12:32 Windows Update
    13-11-2014 09:00:30 Windows Update
    17-11-2014 14:16:45 Windows Update
    20-11-2014 09:00:26 Windows Update
    23-11-2014 17:04:01 Windows Update
    29-11-2014 22:01:47 Windows Update
    02-12-2014 17:44:05 avast! antivirus system restore point
    02-12-2014 23:14:27 Windows Update
    03-12-2014 22:07:19 Installed HiJackThis
    04-12-2014 02:35:54 Removed Java 7 Update 71
    04-12-2014 03:07:32 Removed Java 7 Update 71
    04-12-2014 03:10:49 Removed HiJackThis

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 20:04 - 2014-10-28 09:37 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {3ED3A15C-9003-42E9-BD75-15B1A5921584} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-02] (AVAST Software)
    Task: {40A81679-E229-4D06-833B-9CE8EAA7D10C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-29] (Adobe Systems Incorporated)
    Task: {CAAB7C8B-A909-457B-9589-6BF94B6D5234} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-06-15] (Google Inc.)
    Task: {EA2677C4-E946-4C6A-B755-258B673ED72B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-06-15] (Google Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-12-03 13:06 - 2014-12-03 13:06 - 02904576 _____ () C:\Program Files\AVAST Software\Avast\defs\14120301\algo.dll
    2014-12-04 07:38 - 2014-12-04 07:38 - 02905088 _____ () C:\Program Files\AVAST Software\Avast\defs\14120400\algo.dll
    2014-12-02 11:45 - 2014-12-02 11:45 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-10-27 14:17 - 2014-10-21 22:04 - 01042760 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
    2014-10-27 14:17 - 2014-10-21 22:04 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\libegl.dll
    2014-10-27 14:17 - 2014-10-21 22:04 - 08910664 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll
    2014-10-27 14:17 - 2014-10-21 22:04 - 01681224 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
    2014-10-27 14:17 - 2014-10-21 22:05 - 14902600 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\Barry\Desktop\photos:Roxio EMC Stream
    AlternateDataStreams: C:\Users\Barry\Documents\.DS_Store:AFP_AfpInfo
    AlternateDataStreams: C:\Users\Barry\Documents\Downloads:Roxio EMC Stream
    AlternateDataStreams: C:\Users\Barry\Documents\My Scans:Roxio EMC Stream

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ========================= Accounts: ==========================

    Administrator (S-1-5-21-1877587483-2284044139-4259763531-500 - Administrator - Disabled)
    Barry (S-1-5-21-1877587483-2284044139-4259763531-1000 - Administrator - Enabled) => C:\Users\Barry
    Guest (S-1-5-21-1877587483-2284044139-4259763531-501 - Limited - Enabled)
    HomeGroupUser$ (S-1-5-21-1877587483-2284044139-4259763531-1004 - Limited - Enabled)

    ==================== Faulty Device Manager Devices =============

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/19/2014 10:48:23 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 11.0.9600.17420, time stamp: 0x545ad233
    Faulting module name: Kh7DRtRYpARS5K.dll, version: 1.8.0.0, time stamp: 0x546b0beb
    Exception code: 0xc0000005
    Fault offset: 0x00064d95
    Faulting process id: 0x88c
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3

    Error: (10/28/2014 07:49:35 AM) (Source: MsiInstaller) (EventID: 11316) (User: Barry-PC)
    Description: Product: Consumer Input Update Helper -- Error 1316. The specified account already exists.

    Error: (10/19/2014 11:48:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 223c

    Start Time: 01cfebc4790e7b23

    Termination Time: 32

    Application Path: C:\Program Files\Internet Explorer\iexplore.exe

    Report Id:

    Error: (10/19/2014 11:45:29 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1ca0

    Start Time: 01cfebc3e598694e

    Termination Time: 70

    Application Path: C:\Program Files\Internet Explorer\iexplore.exe

    Report Id:

    Error: (10/01/2014 07:32:08 AM) (Source: Application Error) (EventID: 1005) (User: )
    Description: Windows cannot access the file for one of the following reasons:
    there is a problem with the network connection, the disk that the file is stored on, or the storage
    drivers installed on this computer; or the disk is missing.
    Windows closed the program Java(TM) Update Scheduler because of this error.

    Program: Java(TM) Update Scheduler
    File:

    The error value is listed in the Additional Data section.
    User Action
    1. Open the file again.
    This situation might be a temporary problem that corrects itself when the program runs again.
    2.
    If the file still cannot be accessed and
    - It is on the network,
    your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
    3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
    4. If the problem persists, restore the file from a backup copy.
    5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
    further assistance.

    Additional Data
    Error value: 00000000
    Disk type: 0

    Error: (10/01/2014 07:32:08 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: jusched.exe, version: 2.1.9.8, time stamp: 0x51d2fcd3
    Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
    Exception code: 0xc0000096
    Fault offset: 0x00048665
    Faulting process id: 0x9e8
    Faulting application start time: 0xjusched.exe0
    Faulting application path: jusched.exe1
    Faulting module path: jusched.exe2
    Report Id: jusched.exe3

    Error: (09/21/2014 08:56:38 AM) (Source: MsiInstaller) (EventID: 1024) (User: Barry-PC)
    Description: Product: Adobe Reader XI (11.0.08) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

    Error: (09/05/2014 01:50:50 PM) (Source: MsiInstaller) (EventID: 1024) (User: Barry-PC)
    Description: Product: Adobe Reader XI (11.0.07) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011008}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

    Error: (09/03/2014 05:20:30 PM) (Source: MsiInstaller) (EventID: 1024) (User: Barry-PC)
    Description: Product: Adobe Reader XI (11.0.07) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011008}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

    Error: (09/01/2014 02:18:05 AM) (Source: MsiInstaller) (EventID: 1024) (User: Barry-PC)
    Description: Product: Adobe Reader XI (11.0.07) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011008}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127


    System errors:
    =============
    Error: (12/03/2014 09:51:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

    Error: (12/03/2014 09:20:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

    Error: (12/03/2014 04:21:16 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR3.

    Error: (12/03/2014 02:03:50 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.

    Error: (12/03/2014 02:03:49 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.

    Error: (12/03/2014 02:03:49 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.

    Error: (12/03/2014 02:03:48 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.

    Error: (12/03/2014 02:03:48 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.

    Error: (12/02/2014 05:04:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

    Error: (12/02/2014 01:34:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)


    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
    Percentage of memory in use: 41%
    Total physical RAM: 2037.61 MB
    Available physical RAM: 1201.95 MB
    Total Pagefile: 4075.23 MB
    Available Pagefile: 2339.09 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1925.32 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:931.41 GB) (Free:856.41 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 3AFCD413)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================

    I have AVAST in silence mode as too many things popup
     
  10. edstl

    edstl Thread Starter

    Joined:
    Jul 4, 2014
    Messages:
    33
  11. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    edstl,
    Sometimes Avast is persnickety about sites, and not necessarily correct, either.
    That site quoted as malware in the message from your last post is an Amazon site.
    We may end up having to reset Chrome to get good behavior. We will see.

    ---------------------------------------------
    Please download SystemLook from the link below and save it to your Desktop.
    Download Mirror #1 (32-bit)

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield. Do not include "Code:":
      Code:
      :filefind
      *Interenet*
      *Optimizer*
      
      :folderfind 
      *Interenet*
      *Optimizer*
      
      :regfind
      Interenet
      Optimizer
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The results log can also be found on your Desktop, entitled SystemLook.txt

    ====================================================
    Check HD For Errors
    Go to Start, and type cmd
    Then in the popup menu, Right Click cmd.exe at the top, and choose "Run as administrator"
    In the black command window at the cursor, type
    chkdsk c:
    (there's a space after chkdsk)
    hit <Enter>
    Wait for it and note whatever it tells you. If it finishes, note whether it reports any bad sectors in the last ten lines.
    If it doesn't finish, tell me what message it shows.

    askey127
     
  12. edstl

    edstl Thread Starter

    Joined:
    Jul 4, 2014
    Messages:
    33
    can't run, says script required.. running chkdsk
     
  13. edstl

    edstl Thread Starter

    Joined:
    Jul 4, 2014
    Messages:
    33
    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation. All rights reserved.

    C:\Users\Barry>chkdsk c
    Access Denied as you do not have sufficient privileges.
    You have to invoke this utility running in elevated mode.

    C:\Users\Barry>
     
  14. edstl

    edstl Thread Starter

    Joined:
    Jul 4, 2014
    Messages:
    33
    duh... I got it, I put the script you sent in and its working. was I suppose to close CHROME?
     
  15. edstl

    edstl Thread Starter

    Joined:
    Jul 4, 2014
    Messages:
    33
    SystemLook 04.09.10 by jpshortstuff
    Log created at 10:20 on 04/12/2014 by Barry
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "*Interenet*"
    No files found.

    Searching for "*Optimizer*"
    C:\Users\Barry\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\OGT6006S\ag.yieldoptimizer[1].xml --a---- 13 bytes [19:29 03/11/2014] [19:29 03/11/2014] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5

    ========== folderfind ==========

    Searching for "*Interenet*"
    No folders found.

    Searching for "*Optimizer*"
    C:\Users\Barry\Documents\Optimizer Pro d------ [14:14 28/10/2014]

    ========== REGFIND ==========

    Searching for "Interenet"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{c632643}]
    "DisplayName"="Interenet Optimizer"
    [HKEY_LOCAL_MACHINE\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}\_0c632643]
    "svn"="Interenet Optimizer"
    [HKEY_LOCAL_MACHINE\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}\_0c632643]
    "svpath"="c:\progra~2\intere~1\InterenetOptimizerSvc.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}\_0c632643]
    "Install_Dir"="C:\ProgramData\Interenet Optimizer"

    Searching for "Optimizer"
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\yieldoptimizer.com]
    [HKEY_CURRENT_USER\Software\Optimizer Pro]
    [HKEY_CURRENT_USER\Software\Optimizer Pro]
    "SetupName"="C:\Users\Barry\AppData\Local\Temp\IS4563~1\180141_stp\OptimizerPro.exe"
    [HKEY_CURRENT_USER\Software\Optimizer Pro]
    "DisplayName"="Optimizer Pro"
    [HKEY_CURRENT_USER\Software\Optimizer Pro]
    "LogDir"="C:\Users\Barry\AppData\Roaming\Optimizer Pro\Log"
    [HKEY_CURRENT_USER\Software\Optimizer Pro]
    "UndoDir"="C:\Users\Barry\AppData\Roaming\Optimizer Pro\Undo"
    [HKEY_CURRENT_USER\Software\Optimizer Pro]
    "UpgradeID"="BZDV_PCSM_ML_PCUP_OPTIMIZERPRO_RED"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62079164-233b-41f8-a80f-f01705f514a8}]
    @="EVR Graph Optimizer"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{c632643}]
    "DisplayName"="Interenet Optimizer"
    [HKEY_LOCAL_MACHINE\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}\_0c632643]
    "svn"="Interenet Optimizer"
    [HKEY_LOCAL_MACHINE\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}\_0c632643]
    "svpath"="c:\progra~2\intere~1\InterenetOptimizerSvc.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}\_0c632643]
    "Install_Dir"="C:\ProgramData\Interenet Optimizer"
    [HKEY_USERS\S-1-5-21-1877587483-2284044139-4259763531-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\yieldoptimizer.com]
    [HKEY_USERS\S-1-5-21-1877587483-2284044139-4259763531-1000\Software\Optimizer Pro]
    [HKEY_USERS\S-1-5-21-1877587483-2284044139-4259763531-1000\Software\Optimizer Pro]
    "SetupName"="C:\Users\Barry\AppData\Local\Temp\IS4563~1\180141_stp\OptimizerPro.exe"
    [HKEY_USERS\S-1-5-21-1877587483-2284044139-4259763531-1000\Software\Optimizer Pro]
    "DisplayName"="Optimizer Pro"
    [HKEY_USERS\S-1-5-21-1877587483-2284044139-4259763531-1000\Software\Optimizer Pro]
    "LogDir"="C:\Users\Barry\AppData\Roaming\Optimizer Pro\Log"
    [HKEY_USERS\S-1-5-21-1877587483-2284044139-4259763531-1000\Software\Optimizer Pro]
    "UndoDir"="C:\Users\Barry\AppData\Roaming\Optimizer Pro\Undo"
    [HKEY_USERS\S-1-5-21-1877587483-2284044139-4259763531-1000\Software\Optimizer Pro]
    "UpgradeID"="BZDV_PCSM_ML_PCUP_OPTIMIZERPRO_RED"

    -= EOF =-
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1138545

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice