Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #1  
Old June 21st, 2016, 03:24 PM
Santan Santan is offline
Registered User
 
Join Date: Aug 2015
Posts: 55
CRITICAL_PROCESS_DIED Crash Error

Hello! A user here on the forums suggested that I should post my problem here in the Malware Removal forums since they alerted me that PC Performer is malware.

My friend has been having troubles with his computer recently. Here is what he told me:

“I have a Dell desktop computer that runs Windows 8.1. My computer has been crashing a lot recently which started during the beginning of June. I never used to experience these crashes before in previous months and my computer used to work fine until now. Whenever my computer crashes, it tells me that it ran into a problem and needs to restart. It usually tells me to look up this error message online later: CRITICAL_PROCESS_DIED. I am unable to refresh or factory reset my computer in an attempt to solve the issue because it gives me this error message: “Could not find the recovery environment: Insert your Windows installation or recovery media, and restart your PC with the media.” My computer tends to freeze for a few moments before crashing. It crashes most often when I have too many tabs open in Internet Explorer or whenever I’m playing the MMORPG game Elsword.

I used to have 164 registry errors before. However, my computer still worked fine. At one point, I tried to download the game Maplestory for my younger sisters to play. Unfortunately, I could not finish the download which was at 39% and unplugged my computer while the download continued. When I turned on my computer again, the registry errors jumped from 164 to 187. I used to have the old Maplestory launcher called MSSetupv139, which would automatically open everyday asking me to sign in to my Nexon account. I planned on uninstalling this old launcher. I told a friend about my computer troubles and they suggested that I download and install Avast! Antivirus for free to check if the cause of my crashes could be because of a virus. When I scanned my computer, it did find malware, corrupted files, etc and uninstalled the old Maplestory launcher for me, however it did not find any viruses when I scanned a second time. The only problem that my computer had was performance issues which I could not fix because I would need to pay for the software to fix those issues. I mention this because the crashes started to occur days after I did not let the Maplestory download finish.

Today, I had 7 tabs open in Internet Explorer and I was also playing Elsword. My computer suddenly froze for 2 minutes and I also heard the music I was playing in the background stop on the same note before it crashed. Afterwards, my computer restarted and I managed to write down the error code. I then started Internet Explorer again and reopened the previous tabs that I had accidentally, which I tried to delete as quickly as possible. However, my computer froze again for 4 minutes and I unplugged my computer. I then plugged it in and started it up again. I opened Internet Explorer and only had Facebook open and Elsword open. Then an error message popped up saying “client terminated” and Elsword closed suddenly. PC Performer then opened and alerted me that something had crashed. Next, my entire computer crashed again.

I’m not sure if this will be any help, but according to PC Performer my computer has:
187 registry errors
15 system related errors
148 Com and ActiveX errors
0 user related errors
24 startup and uninstall errors

I also tend to unplug my computer to turn it off instead of shutting it down properly. I really need help because I use this computer a lot for homework and studying when my sisters or I are not playing games.”

If you could help him with his computer troubles, he and I would be very grateful! Thank you very much for your time and we hope you have a nice day!
Reply With Quote
  #2  
Old June 22nd, 2016, 01:05 AM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,066
Hello Santan and Welcome to the CyberTechHelp Forums. .
I will be helping you fixing your problems.

Please take note of some guidelines for this fix:

1- My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Keep your sentences short. Thanks for your understanding.
2- Perform everything in the correct order. Sometimes one step requires the previous one.
3- Please open as administrator the computer. How is open as administrator the computer?
4- Disable your AntiVirus and AntiSpyware applications, as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to get help here
How to disable your security applications.
5- To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"
6- Back up all your private data / important files on another (external) drive before using our tools (if possible).
7- Please subscribe to this thread if you have not done so already, and please don't do any other scans on your own and don't install or remove software.
8- Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal.

Thanks

************************************************** *******************************************
Let's check.

I Would like you to do the following

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Have a nice day.

Reply With Quote
  #3  
Old June 22nd, 2016, 04:40 PM
Santan Santan is offline
Registered User
 
Join Date: Aug 2015
Posts: 55
FRST.txt Part 1

Hello! How are you doing? I am very sorry to keep you waiting. Here are the logs that my friend sent me.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-06-2016 01
Ran by Owner (administrator) on LAPTOP (21-06-2016 22:35:03)
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
(DELL INC.) C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Users\Owner\AppData\Roaming\SettingsGuard\updat er.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(DELL INC.) C:\Program Files (x86)\DELL\DELLOSD\DELLOSD.exe
(PerformerSoft LLC) C:\Program Files (x86)\PC Performer\PCPerformer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\Pres entationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_Activ eX.exe

==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548624 2012-07-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe [763520 2012-07-31] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [127616 2012-07-31] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-20] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-1090512921-404721342-1545087169-1001\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4287536 2013-07-29] ()
HKU\S-1-5-21-1090512921-404721342-1545087169-1001\...\Run: [QuickTime Task] => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372408 2014-11-08] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4CC67C63-1A91-4E3B-A89B-89F1060EE5D1}: [DhcpNameServer] 168.94.0.14 168.94.0.15
Tcpip\..\Interfaces\{DF494430-7735-45D7-8CCF-2C700F848F21}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-1090512921-404721342-1545087169-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-1090512921-404721342-1545087169-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
SearchScopes: HKLM -> DefaultScope {BD389C14-C510-4407-9570-33BB75EF22E0} URL =
SearchScopes: HKLM-x32 -> DefaultScope {BD389C14-C510-4407-9570-33BB75EF22E0} URL =
SearchScopes: HKU\S-1-5-21-1090512921-404721342-1545087169-1001 -> DefaultScope {a8177b71-ee19-4e0f-b2f9-02d533eb946D} URL = hxxp://www.searchalgo.com/search.html?q={searchTerms}&cid=5077
SearchScopes: HKU\S-1-5-21-1090512921-404721342-1545087169-1001 -> {a8177b71-ee19-4e0f-b2f9-02d533eb946D} URL = hxxp://www.searchalgo.com/search.html?q={searchTerms}&cid=5077
SearchScopes: HKU\S-1-5-21-1090512921-404721342-1545087169-1001 -> {BD389C14-C510-4407-9570-33BB75EF22E0} URL =
SearchScopes: HKU\S-1-5-21-1090512921-404721342-1545087169-1001 -> {CBCBA567-B9F5-440F-9597-728857064E19} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:{language}:{referrer:source}&ie={inputEncoding ?}&oe={outputEncoding?}
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20013\1.0.1221\1.0.1221\TmopIEPl g.dll => No File
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-07-31] (Qualcomm Atheros Commnucations)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-06-19] (Google Inc.)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64 .dll => No File
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20013\1.0.1221\1.0.1221\TmopIEPl g32.dll => No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-06-19] (Google Inc.)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32 .dll => No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-06-19] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-06-19] (Google Inc.)
IE Session Restore: HKU\S-1-5-21-1090512921-404721342-1545087169-1001 -> is enabled.
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32 .dll No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20013\1.0.1221\1.0.1221\TmopIEPl g32.dll No File
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2015-07-09] (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-07-29] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-1090512921-404721342-1545087169-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-07-29] (Pando Networks)
FF HKLM\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxe xtension => not found
FF HKLM-x32\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxe xtension => not found
FF HKLM-x32\...\Firefox\Extensions: [{21541D23-FDA1-4bf3-8AF2-8F623BF70B07}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension => not found
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2016-06-19]
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2016-06-19]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2016-06-19]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2016-06-19]
CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2016-06-19]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2016-06-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2016-06-19]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2016-06-19]
Reply With Quote
  #4  
Old June 22nd, 2016, 04:42 PM
Santan Santan is offline
Registered User
 
Join Date: Aug 2015
Posts: 55
FRST.txt Part 2

==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [207488 2012-07-31] (Qualcomm Atheros Commnucations) [File not signed]
R2 Dell WMI Service; C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe [73728 2012-08-01] () [File not signed]
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-20] (Intel Corporation)
S3 npggsvc; C:\windows\SysWOW64\GameMon.des [3534784 2015-04-01] (INCA Internet Co., Ltd.)
R2 SettingsGuard; C:\Users\Owner\AppData\Roaming\SettingsGuard\updat er.exe [868352 2015-03-31] () [File not signed]
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-09-12] (SoftThinks SAS)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-07-22] (Atheros) [File not signed]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 BrSerIf; C:\Windows\system32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 FintekCIR; C:\Windows\system32\DRIVERS\FintekCIR.sys [33128 2012-06-07] (Fintek)
S3 lehidmini; C:\Windows\System32\drivers\leath_hid.sys [39704 2012-07-31] (Atheros)
S3 qca_shb; C:\Windows\System32\drivers\qca_shb.sys [99328 2012-07-31] (Qualcomm Atheros Communications Inc.) [File not signed]
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [46392 2012-08-23] (Trend Micro Inc.)
S0 tmel; C:\Windows\System32\DRIVERS\tmel.sys [34224 2012-07-27] (Trend Micro Inc.)
R2 tmusa; C:\Windows\system32\DRIVERS\tmusa.sys [92456 2012-12-24] (Trend Micro Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 X6va027; \??\C:\WINDOWS\SysWOW64\Drivers\X6va027 [X]
S3 X6va028; \??\C:\WINDOWS\SysWOW64\Drivers\X6va028 [X]
S3 X6va029; \??\C:\WINDOWS\SysWOW64\Drivers\X6va029 [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-06-21 22:35 - 2016-06-21 22:35 - 00016762 _____ C:\Users\Owner\Downloads\FRST.txt
2016-06-21 22:33 - 2016-06-21 22:35 - 00000000 ____D C:\FRST
2016-06-21 22:33 - 2016-06-21 22:33 - 02387456 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2016-06-21 22:32 - 2016-06-21 22:32 - 01738240 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe
2016-06-21 22:21 - 2016-06-19 13:02 - 00037144 _____ (AVAST Software) C:\windows\system32\Drivers\asw89B3.tmp
2016-06-21 22:21 - 2016-06-19 12:49 - 01070904 _____ (AVAST Software) C:\windows\system32\Drivers\asw89C4.tmp
2016-06-21 22:21 - 2016-06-19 12:49 - 00465792 _____ (AVAST Software) C:\windows\system32\Drivers\asw8A36.tmp
2016-06-21 22:21 - 2016-06-19 12:49 - 00287528 _____ (AVAST Software) C:\windows\system32\Drivers\asw8A47.tmp
2016-06-21 22:21 - 2016-06-19 12:49 - 00166432 _____ (AVAST Software) C:\windows\system32\Drivers\asw8A86.tmp
2016-06-21 22:21 - 2016-06-19 12:49 - 00107792 _____ (AVAST Software) C:\windows\system32\Drivers\asw8A24.tmp
2016-06-21 22:21 - 2016-06-19 12:49 - 00103064 _____ (AVAST Software) C:\windows\system32\Drivers\asw89E4.tmp
2016-06-21 22:21 - 2016-06-19 12:49 - 00074544 _____ (AVAST Software) C:\windows\system32\Drivers\asw8A25.tmp
2016-06-21 22:21 - 2016-06-19 12:49 - 00037656 _____ (AVAST Software) C:\windows\system32\Drivers\asw8A14.tmp
2016-06-21 22:19 - 2016-06-21 22:19 - 00000000 ___RD C:\Users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\BT Devices
2016-06-21 18:21 - 2016-06-21 18:21 - 00284616 _____ C:\windows\Minidump\062116-22062-01.dmp
2016-06-21 00:05 - 2016-06-21 00:06 - 00284616 _____ C:\windows\Minidump\062116-17718-01.dmp
2016-06-20 23:15 - 2016-06-20 23:15 - 00284616 _____ C:\windows\Minidump\062016-18515-01.dmp
2016-06-20 22:21 - 2016-06-20 22:21 - 00284616 _____ C:\windows\Minidump\062016-19484-01.dmp
2016-06-20 20:34 - 2016-06-20 20:34 - 00284616 _____ C:\windows\Minidump\062016-20390-01.dmp
2016-06-20 20:29 - 2016-06-20 20:29 - 00000000 _____ C:\windows\SysWOW64\last.dump
2016-06-20 19:02 - 2016-06-20 19:02 - 00284616 _____ C:\windows\Minidump\062016-20968-01.dmp
2016-06-20 18:59 - 2016-06-21 22:22 - 00003250 _____ C:\windows\System32\Tasks\PC Performer Logon Scan
2016-06-20 14:14 - 2016-06-20 14:14 - 00284616 _____ C:\windows\Minidump\062016-19562-01.dmp
2016-06-19 21:05 - 2016-06-19 21:05 - 00284616 _____ C:\windows\Minidump\061916-25015-01.dmp
2016-06-19 19:35 - 2016-06-19 19:35 - 00003356 _____ C:\windows\System32\Tasks\PC Performer Daily Check
2016-06-19 19:01 - 2016-06-19 19:01 - 00284616 _____ C:\windows\Minidump\061916-17171-01.dmp
2016-06-19 18:01 - 2016-06-19 18:01 - 00001767 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-06-19 18:01 - 2016-06-19 18:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-06-19 18:01 - 2016-06-19 18:01 - 00000000 ____D C:\Program Files\iTunes
2016-06-19 18:01 - 2016-06-19 18:01 - 00000000 ____D C:\Program Files\iPod
2016-06-19 18:01 - 2016-06-19 18:01 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-06-19 17:58 - 2016-06-19 17:58 - 00000000 ____D C:\windows\System32\Tasks\Apple
2016-06-19 17:58 - 2016-06-19 17:58 - 00000000 ____D C:\Program Files\Bonjour
2016-06-19 17:58 - 2016-06-19 17:58 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-06-19 17:58 - 2016-06-19 17:58 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-06-19 17:42 - 2016-06-19 17:42 - 00001859 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2016-06-19 17:42 - 2016-06-19 17:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-06-19 17:42 - 2016-06-19 17:42 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-06-19 15:14 - 2016-06-19 15:14 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
2016-06-19 14:26 - 2016-06-19 14:26 - 00000000 ____D C:\Program Files\Google
2016-06-19 14:25 - 2016-06-19 14:25 - 00002217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-19 14:25 - 2016-06-19 14:25 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-19 14:25 - 2016-06-19 14:25 - 00000000 ____D C:\ProgramData\Google
2016-06-19 13:09 - 2016-06-19 13:09 - 50063360 _____ C:\Program Files (x86)\GUTA05E.tmp
2016-06-19 13:09 - 2016-06-19 13:09 - 00000000 ____D C:\Program Files (x86)\GUMA05D.tmp
2016-06-19 13:06 - 2016-06-19 13:07 - 00284616 _____ C:\windows\Minidump\061916-19015-01.dmp
2016-06-19 13:02 - 2016-06-21 22:19 - 00000916 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-19 13:02 - 2016-06-21 00:12 - 00000920 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-19 13:02 - 2016-06-19 15:07 - 00003892 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineU A
2016-06-19 13:02 - 2016-06-19 15:07 - 00003656 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineC ore
2016-06-19 13:02 - 2016-06-19 14:26 - 00000000 ____D C:\Program Files (x86)\Google
2016-06-19 13:02 - 2016-06-19 13:02 - 50063360 _____ C:\Program Files (x86)\GUT90CB.tmp
2016-06-19 13:02 - 2016-06-19 13:02 - 00000000 ____D C:\Program Files (x86)\GUM90CA.tmp
2016-06-19 12:51 - 2016-06-19 12:51 - 00000000 ____D C:\Users\Owner\AppData\Roaming\AVAST Software
2016-06-19 12:50 - 2016-06-19 12:50 - 00000000 ____D C:\windows\System32\Tasks\AVAST Software
2016-06-19 12:50 - 2016-06-19 12:50 - 00000000 ____D C:\Program Files\Common Files\AV
2016-06-19 12:49 - 2016-06-19 12:49 - 00052184 _____ (AVAST Software) C:\windows\avastSS.scr
2016-06-19 12:45 - 2016-06-19 13:02 - 00000000 ____D C:\Program Files\AVAST Software
2016-06-19 12:44 - 2016-06-21 22:22 - 00000000 ____D C:\ProgramData\AVAST Software
2016-06-18 14:05 - 2016-06-18 14:05 - 00284560 _____ C:\windows\Minidump\061816-15062-01.dmp
2016-06-18 11:10 - 2016-06-18 11:10 - 00284560 _____ C:\windows\Minidump\061816-16593-01.dmp
2016-06-16 23:28 - 2016-06-16 23:28 - 00284560 _____ C:\windows\Minidump\061616-14859-01.dmp
2016-06-16 15:29 - 2016-06-16 15:29 - 00284560 _____ C:\windows\Minidump\061616-18734-01.dmp
2016-06-16 11:57 - 2016-06-16 11:57 - 00284560 _____ C:\windows\Minidump\061616-16156-01.dmp
2016-06-15 21:10 - 2016-06-03 13:11 - 00472576 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2016-06-15 21:10 - 2016-06-03 09:38 - 01413120 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-06-15 21:10 - 2016-06-02 13:51 - 00050352 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-06-15 21:10 - 2016-05-29 11:04 - 01204224 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-06-15 21:10 - 2016-05-29 11:04 - 00569856 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-06-15 21:10 - 2016-05-29 11:04 - 00544256 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-06-15 21:10 - 2016-05-29 11:04 - 00276480 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-06-15 21:10 - 2016-05-29 11:04 - 00265216 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2016-06-15 21:10 - 2016-05-29 11:04 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-06-15 21:10 - 2016-05-12 14:38 - 00135336 _____ (Microsoft Corporation) C:\windows\system32\gpapi.dll
2016-06-15 21:10 - 2016-05-12 13:43 - 00115704 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpapi.dll
2016-06-15 21:10 - 2016-05-12 12:17 - 00331776 _____ (Microsoft Corporation) C:\windows\system32\polstore.dll
2016-06-15 21:10 - 2016-05-12 12:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\FwRemoteSvr.dll
2016-06-15 21:10 - 2016-05-12 12:07 - 01360896 _____ (Microsoft Corporation) C:\windows\system32\gpsvc.dll
2016-06-15 21:10 - 2016-05-12 11:59 - 00398848 _____ (Microsoft Corporation) C:\windows\system32\IPSECSVC.DLL
2016-06-15 21:10 - 2016-05-12 11:43 - 00291328 _____ (Microsoft Corporation) C:\windows\SysWOW64\polstore.dll
2016-06-15 21:10 - 2016-05-12 11:37 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\FwRemoteSvr.dll
2016-06-15 21:10 - 2016-05-06 11:45 - 00748544 _____ (Microsoft Corporation) C:\windows\system32\StructuredQuery.dll
2016-06-15 21:10 - 2016-05-06 11:23 - 00503808 _____ (Microsoft Corporation) C:\windows\SysWOW64\StructuredQuery.dll
2016-06-15 21:10 - 2016-04-12 11:46 - 14467584 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2016-06-15 21:10 - 2016-04-12 11:30 - 12879872 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2016-06-15 21:09 - 2016-05-21 13:28 - 25802752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-06-15 21:09 - 2016-05-21 12:57 - 20341248 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-06-15 21:09 - 2016-05-20 18:09 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-06-15 21:09 - 2016-05-20 18:08 - 02895360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-06-15 21:09 - 2016-05-20 18:02 - 06051328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-06-15 21:09 - 2016-05-20 17:57 - 00497664 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-06-15 21:09 - 2016-05-20 17:55 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-06-15 21:09 - 2016-05-20 17:54 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-06-15 21:09 - 2016-05-20 17:50 - 02287104 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-06-15 21:09 - 2016-05-20 17:44 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-06-15 21:09 - 2016-05-20 17:29 - 13815808 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-06-15 21:09 - 2016-05-20 17:27 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-06-15 21:09 - 2016-05-20 17:25 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-06-15 21:09 - 2016-05-20 17:25 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2016-06-15 21:09 - 2016-05-20 17:21 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-06-15 21:09 - 2016-05-20 17:21 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2016-06-15 21:09 - 2016-05-20 17:19 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2016-06-15 21:09 - 2016-05-20 17:16 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2016-06-15 21:09 - 2016-05-20 17:14 - 04610048 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-06-15 21:09 - 2016-05-20 17:12 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-06-15 21:09 - 2016-05-20 17:11 - 15420928 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-06-15 21:09 - 2016-05-20 17:11 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-06-15 21:09 - 2016-05-20 17:09 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-06-15 21:09 - 2016-05-20 17:09 - 00379392 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-06-15 21:09 - 2016-05-20 17:08 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-06-15 21:09 - 2016-05-20 17:08 - 00806400 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-06-15 21:09 - 2016-05-20 17:06 - 02131968 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-06-15 21:09 - 2016-05-20 16:46 - 02597888 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-06-15 21:09 - 2016-05-20 16:42 - 02121216 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-06-15 21:09 - 2016-05-20 16:38 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-06-15 21:09 - 2016-05-20 16:38 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-06-15 21:09 - 2016-05-20 16:34 - 01544192 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-06-15 21:09 - 2016-05-20 16:23 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-06-15 21:09 - 2016-05-18 19:15 - 01379040 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-06-15 21:09 - 2016-05-18 16:35 - 01097216 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2016-06-15 21:09 - 2016-05-18 01:31 - 00372568 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2016-06-15 21:09 - 2016-05-18 01:31 - 00315224 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2016-06-15 21:09 - 2016-05-16 17:13 - 00563016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2016-06-15 21:09 - 2016-05-16 17:13 - 00397224 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2016-06-15 21:09 - 2016-05-16 17:13 - 00340872 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2016-06-15 21:09 - 2016-05-16 17:13 - 00178008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-06-15 21:09 - 2016-05-14 16:01 - 00363104 _____ (Microsoft Corporation) C:\windows\system32\ws2_32.dll
2016-06-15 21:09 - 2016-05-14 16:01 - 00320720 _____ (Microsoft Corporation) C:\windows\SysWOW64\ws2_32.dll
2016-06-15 21:09 - 2016-05-13 19:09 - 04169216 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-06-15 21:09 - 2016-05-13 19:07 - 00675328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2016-06-15 21:09 - 2016-05-13 19:07 - 00416768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2016-06-15 21:09 - 2016-05-13 19:07 - 00281088 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netbt.sys
2016-06-15 21:09 - 2016-05-13 19:06 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2016-06-15 21:09 - 2016-05-13 19:04 - 00044032 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2016-06-15 21:09 - 2016-05-13 18:34 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-06-15 21:09 - 2016-05-13 18:19 - 00035840 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2016-06-15 21:09 - 2016-05-13 17:58 - 00339456 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2016-06-15 21:09 - 2016-05-13 17:58 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-06-15 21:09 - 2016-05-13 17:45 - 00802816 _____ (Microsoft Corporation) C:\windows\system32\winhttp.dll
2016-06-15 21:09 - 2016-05-13 17:35 - 00286208 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
2016-06-15 21:09 - 2016-05-13 17:26 - 00631808 _____ (Microsoft Corporation) C:\windows\SysWOW64\winhttp.dll
2016-06-15 21:09 - 2016-05-09 17:35 - 07075328 _____ (Microsoft Corporation) C:\windows\system32\glcndFilter.dll
2016-06-15 21:09 - 2016-05-09 16:56 - 05270016 _____ (Microsoft Corporation) C:\windows\SysWOW64\glcndFilter.dll
2016-06-15 21:09 - 2016-05-09 16:45 - 07793152 _____ (Microsoft Corporation) C:\windows\system32\Windows.Data.Pdf.dll
2016-06-15 21:09 - 2016-05-09 16:23 - 05265920 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Data.Pdf.dll
2016-06-15 21:09 - 2016-04-14 11:25 - 02778624 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2016-06-15 21:09 - 2016-04-14 11:11 - 02464768 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2016-06-15 21:09 - 2016-01-31 15:17 - 00118624 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2016-06-15 21:09 - 2016-01-31 14:07 - 00110080 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2016-06-15 21:09 - 2016-01-31 13:42 - 03320832 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2016-06-15 21:09 - 2016-01-31 13:14 - 03607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2016-05-29 16:17 - 2016-06-16 14:18 - 00000000 ____D C:\Users\Owner\AppData\Local\NexonLauncher
2016-05-29 16:10 - 2016-06-16 14:19 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Nexon
Reply With Quote
  #5  
Old June 22nd, 2016, 04:43 PM
Santan Santan is offline
Registered User
 
Join Date: Aug 2015
Posts: 55
FRST.txt Part 3

2016-05-29 16:10 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_7.dll
2016-05-29 16:10 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_7.dll
2016-05-29 16:10 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_43.dll
2016-05-29 16:10 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_43.dll
2016-05-29 16:10 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\windows\system32\d3dcsx_43.dll
2016-05-29 16:10 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dcsx_43.dll
2016-05-29 16:10 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_43.dll
2016-05-29 16:10 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_43.dll
2016-05-29 16:10 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_6.dll
2016-05-29 16:10 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_6.dll
2016-05-29 16:10 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_6.dll
2016-05-29 16:10 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_6.dll
2016-05-29 16:10 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_4.dll
2016-05-29 16:10 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_4.dll
2016-05-29 16:10 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_7.dll
2016-05-29 16:10 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_7.dll
2016-05-29 16:10 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_5.dll
2016-05-29 16:10 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_5.dll
2016-05-29 16:10 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_5.dll
2016-05-29 16:10 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_5.dll
2016-05-29 16:10 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_3.dll
2016-05-29 16:10 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_3.dll
2016-05-29 16:10 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\windows\system32\d3dcsx_42.dll
2016-05-29 16:10 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dcsx_42.dll
2016-05-29 16:10 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_42.dll
2016-05-29 16:10 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_42.dll
2016-05-29 16:10 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_42.dll
2016-05-29 16:10 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_42.dll
2016-05-29 16:10 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\windows\system32\d3dx11_42.dll
2016-05-29 16:10 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx11_42.dll
2016-05-29 16:10 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_4.dll
2016-05-29 16:10 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_4.dll
2016-05-29 16:10 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_4.dll
2016-05-29 16:10 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_4.dll
2016-05-29 16:10 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_6.dll
2016-05-29 16:10 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_6.dll
2016-05-29 16:10 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_41.dll
2016-05-29 16:10 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_41.dll
2016-05-29 16:10 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_41.dll
2016-05-29 16:10 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_41.dll
2016-05-29 16:10 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_40.dll
2016-05-29 16:10 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_40.dll
2016-05-29 16:10 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_40.dll
2016-05-29 16:10 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_40.dll
2016-05-29 16:10 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_40.dll
2016-05-29 16:10 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_40.dll
2016-05-29 16:09 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_3.dll
2016-05-29 16:09 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_3.dll
2016-05-29 16:09 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_3.dll
2016-05-29 16:09 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_3.dll
2016-05-29 16:09 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_2.dll
2016-05-29 16:09 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_2.dll
2016-05-29 16:09 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_5.dll
2016-05-29 16:09 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_5.dll
2016-05-29 16:09 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_2.dll
2016-05-29 16:09 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_2.dll
2016-05-29 16:09 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_1.dll
2016-05-29 16:09 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_1.dll
2016-05-29 16:09 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_2.dll
2016-05-29 16:09 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_2.dll
2016-05-29 16:09 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_39.dll
2016-05-29 16:09 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_39.dll
2016-05-29 16:09 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_39.dll
2016-05-29 16:09 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_39.dll
2016-05-29 16:09 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_39.dll
2016-05-29 16:09 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_39.dll
2016-05-29 16:09 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_1.dll
2016-05-29 16:09 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_1.dll
2016-05-29 16:09 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_1.dll
2016-05-29 16:09 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_1.dll
2016-05-29 16:09 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_0.dll
2016-05-29 16:09 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_0.dll
2016-05-29 16:09 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_4.dll
2016-05-29 16:09 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_4.dll
2016-05-29 16:09 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_38.dll
2016-05-29 16:09 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_38.dll
2016-05-29 16:09 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_38.dll
2016-05-29 16:09 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_38.dll
2016-05-29 16:09 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_38.dll
2016-05-29 16:09 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_38.dll
2016-05-29 16:09 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_0.dll
2016-05-29 16:09 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_0.dll
2016-05-29 16:09 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_0.dll
2016-05-29 16:09 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_0.dll
2016-05-29 16:09 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_3.dll
2016-05-29 16:09 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_3.dll
2016-05-29 16:09 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_37.dll
2016-05-29 16:09 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_37.dll
2016-05-29 16:09 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_37.dll
2016-05-29 16:09 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_37.dll
2016-05-29 16:09 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_37.dll
2016-05-29 16:09 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_37.dll
2016-05-29 16:09 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_10.dll
2016-05-29 16:09 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_10.dll
2016-05-29 16:09 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_2.dll
2016-05-29 16:09 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_2.dll
2016-05-29 16:09 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_36.dll
2016-05-29 16:09 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_36.dll
2016-05-29 16:09 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_36.dll
2016-05-29 16:09 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_36.dll
2016-05-29 16:09 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_36.dll
2016-05-29 16:09 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_36.dll
2016-05-29 16:09 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_9.dll
2016-05-29 16:09 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_9.dll
2016-05-29 16:09 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_35.dll
2016-05-29 16:09 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_35.dll
2016-05-29 16:09 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_35.dll
2016-05-29 16:09 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_35.dll
2016-05-29 16:09 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_35.dll
2016-05-29 16:09 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_35.dll
2016-05-29 16:09 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_8.dll
2016-05-29 16:09 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_8.dll
2016-05-29 16:09 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_34.dll
2016-05-29 16:09 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_34.dll
2016-05-29 16:09 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_34.dll
2016-05-29 16:09 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_34.dll
2016-05-29 16:09 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_34.dll
2016-05-29 16:09 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_34.dll
2016-05-29 16:09 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_7.dll
2016-05-29 16:09 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_7.dll
2016-05-29 16:09 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\windows\system32\xinput1_3.dll
2016-05-29 16:09 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\windows\SysWOW64\xinput1_3.dll
2016-05-29 16:09 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_33.dll
2016-05-29 16:09 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_33.dll
2016-05-29 16:09 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_33.dll
2016-05-29 16:09 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_33.dll
2016-05-29 16:09 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_33.dll
2016-05-29 16:09 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_33.dll
2016-05-29 16:09 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\windows\system32\x3daudio1_1.dll
2016-05-29 16:09 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\windows\SysWOW64\x3daudio1_1.dll
2016-05-29 16:09 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_6.dll
2016-05-29 16:09 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_6.dll
2016-05-29 16:09 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_5.dll
2016-05-29 16:09 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_5.dll
2016-05-29 16:09 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\windows\system32\d3dx10.dll
2016-05-29 16:09 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10.dll
2016-05-29 16:09 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_31.dll
2016-05-29 16:09 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_31.dll
2016-05-29 16:09 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_4.dll
2016-05-29 16:09 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_4.dll
2016-05-29 16:09 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\windows\system32\xinput1_2.dll
2016-05-29 16:09 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_3.dll
2016-05-29 16:09 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_3.dll
2016-05-29 16:09 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\windows\SysWOW64\xinput1_2.dll
2016-05-29 16:09 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_2.dll
2016-05-29 16:09 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_2.dll
2016-05-29 16:09 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_30.dll
2016-05-29 16:09 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_30.dll
2016-05-29 16:09 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_1.dll
2016-05-29 16:09 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_1.dll
2016-05-29 16:09 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\windows\system32\xinput1_1.dll
2016-05-29 16:09 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\windows\SysWOW64\xinput1_1.dll
2016-05-29 16:09 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_29.dll
2016-05-29 16:09 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_29.dll
2016-05-29 16:09 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_0.dll
2016-05-29 16:09 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_0.dll
2016-05-29 16:09 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\windows\system32\x3daudio1_0.dll
2016-05-29 16:09 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\windows\SysWOW64\x3daudio1_0.dll
2016-05-29 16:09 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_28.dll
2016-05-29 16:09 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_28.dll
2016-05-29 16:09 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_27.dll
2016-05-29 16:09 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_27.dll
2016-05-29 16:09 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_26.dll
2016-05-29 16:09 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_26.dll
2016-05-29 16:09 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_25.dll
2016-05-29 16:09 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_25.dll
2016-05-29 16:09 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_24.dll
2016-05-29 16:09 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_24.dll
2016-05-29 16:01 - 2016-06-16 14:19 - 00000000 ____D C:\Program Files (x86)\Nexon
2016-05-29 16:01 - 2016-05-29 16:10 - 00000000 ____D C:\windows\SysWOW64\directx
2016-05-29 16:01 - 2016-05-29 16:08 - 00000000 ___HD C:\windows\msdownld.tmp
2016-05-23 16:58 - 2016-05-23 16:58 - 00011509 _____ C:\Users\Owner\Documents\Science fair kim.odt
2016-05-23 16:36 - 2016-05-23 16:44 - 00018112 _____ C:\Users\Owner\Documents\Procedure [science fair Kim].odt
Reply With Quote
  #6  
Old June 22nd, 2016, 04:44 PM
Santan Santan is offline
Registered User
 
Join Date: Aug 2015
Posts: 55
FRST.txt Part 4

==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-06-21 22:35 - 2013-07-29 10:32 - 00000000 ____D C:\Users\Owner\AppData\Local\PMB Files
2016-06-21 22:27 - 2013-07-14 18:33 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1090512921-404721342-1545087169-1001
2016-06-21 22:26 - 2013-01-05 12:02 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2016-06-21 22:24 - 2014-09-24 03:15 - 00865408 _____ C:\windows\system32\PerfStringBackup.INI
2016-06-21 22:23 - 2013-08-22 09:36 - 00000000 ____D C:\windows\Inf
2016-06-21 22:22 - 2012-07-26 01:26 - 00000187 _____ C:\windows\win.ini
2016-06-21 22:18 - 2013-08-22 10:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-06-21 18:21 - 2015-04-21 23:20 - 489118944 _____ C:\windows\MEMORY.DMP
2016-06-21 18:21 - 2015-04-21 23:20 - 00000000 ____D C:\windows\Minidump
2016-06-20 21:17 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-20 21:17 - 2013-08-22 11:36 - 00000000 ____D C:\windows\AppReadiness
2016-06-20 19:00 - 2015-04-25 19:35 - 00000000 ____D C:\Program Files (x86)\PC Performer
2016-06-19 21:41 - 2012-07-26 03:59 - 00000000 ____D C:\windows\CbsTemp
2016-06-19 18:01 - 2015-06-22 15:13 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2016-06-19 18:01 - 2013-07-22 11:58 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-06-19 17:58 - 2013-07-22 11:58 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-06-19 17:36 - 2014-06-25 18:04 - 00000000 ____D C:\ProgramData\Trend Micro
2016-06-19 13:13 - 2015-04-25 19:35 - 00000000 ____D C:\Program Files (x86)\OLBPre
2016-06-16 19:15 - 2014-10-12 16:07 - 00003918 _____ C:\windows\System32\Tasks\User_Feed_Synchronizatio n-{9F2002D1-9299-46CC-BE8A-3232A197BD87}
2016-06-16 15:41 - 2013-08-22 11:36 - 00000000 ____D C:\windows\rescache
2016-06-15 22:06 - 2013-08-22 10:44 - 00371368 _____ C:\windows\system32\FNTCACHE.DAT
2016-06-15 22:03 - 2014-12-11 20:22 - 00000000 ____D C:\windows\system32\appraiser
2016-06-15 22:03 - 2013-08-22 11:36 - 00000000 ___RD C:\windows\ToastData
2016-06-15 21:52 - 2013-07-15 19:25 - 00000000 ____D C:\windows\system32\MRT
2016-06-15 21:49 - 2013-07-15 19:25 - 142482544 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-06-15 16:40 - 2013-12-10 21:58 - 00484008 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2016-06-14 19:58 - 2015-01-28 14:24 - 00032768 ___SH C:\Users\Owner\Desktop\Thumbs.db
2016-06-14 13:13 - 2015-08-13 18:41 - 00828408 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-06-14 13:13 - 2015-08-13 18:41 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-29 16:51 - 2013-08-18 13:30 - 00000000 ____D C:\Nexon
2016-05-29 16:00 - 2014-12-07 21:20 - 00209920 ___SH C:\Users\Owner\Downloads\Thumbs.db
2016-05-26 03:29 - 2015-04-05 03:31 - 00000000 ___SD C:\windows\SysWOW64\GWX
2016-05-26 03:29 - 2015-04-05 03:31 - 00000000 ___SD C:\windows\system32\GWX
2016-05-22 20:52 - 2013-09-13 03:32 - 00000157 _____ C:\windows\SysWOW64\SystemPreferences.xml
==================== Files in the root of some directories =======
2013-09-12 10:30 - 2013-09-12 10:30 - 0000000 _____ () C:\Program Files (x86)\error.dat
2016-06-19 13:02 - 2016-06-19 13:02 - 50063360 _____ () C:\Program Files (x86)\GUT90CB.tmp
2016-06-19 13:09 - 2016-06-19 13:09 - 50063360 _____ () C:\Program Files (x86)\GUTA05E.tmp
2014-04-06 18:16 - 2014-04-06 18:44 - 0006998 _____ () C:\Users\Owner\AppData\Roaming\data.sec
2014-11-09 19:08 - 2014-11-09 19:08 - 0000064 _____ () C:\Users\Owner\AppData\Local\0df296065d8b7004eef1f d7c1e1c4f9c
2014-06-25 17:47 - 2014-06-25 17:47 - 0000036 _____ () C:\Users\Owner\AppData\Local\housecall.guid.cache
2014-04-06 18:21 - 2014-05-25 15:08 - 0002763 _____ () C:\ProgramData\connector.swf
2013-01-05 12:00 - 2013-01-05 12:00 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-01-05 11:57 - 2013-01-05 11:58 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-01-05 11:58 - 2013-01-05 11:59 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-01-05 11:57 - 2013-01-05 11:57 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-01-05 11:59 - 2013-01-05 12:00 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
Some files in TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\NGMDll.dll
C:\Users\Owner\AppData\Local\Temp\NGMResource.dll
C:\Users\Owner\AppData\Local\Temp\NGMSetup.exe
C:\Users\Owner\AppData\Local\Temp\unicows.dll
C:\Users\Owner\AppData\Local\Temp\{4685A3D7-44E6-4109-B203-F473D5736B1B}-51.0.2704.103_chrome_installer.exe
C:\Users\Owner\AppData\Local\Temp\{C1462E13-D857-492C-9C19-CB5F095E7F5E}-51.0.2704.103_chrome_installer.exe

==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-06-16 15:42
==================== End of FRST.txt ============================
Reply With Quote
  #7  
Old June 22nd, 2016, 04:46 PM
Santan Santan is offline
Registered User
 
Join Date: Aug 2015
Posts: 55
Addition.txt Part 1

Here is the additional log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-06-2016 01
Ran by Owner (2016-06-21 22:35:51)
Running from C:\Users\Owner\Downloads
Windows 8.1 (Update) (X64) (2014-10-12 20:01:09)
Boot Mode: Normal
================================================== ========

==================== Accounts: =============================
Administrator (S-1-5-21-1090512921-404721342-1545087169-500 - Administrator - Disabled)
Guest (S-1-5-21-1090512921-404721342-1545087169-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1090512921-404721342-1545087169-1003 - Limited - Enabled)
Owner (S-1-5-21-1090512921-404721342-1545087169-1001 - Administrator - Enabled) => C:\Users\Owner
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version: - )
PC Performer (HKLM-x32\...\PC Performer_is1) (Version: - PerformerSoft, LLC.) <==== ATTENTION
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.204 - Qualcomm Atheros Communications)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
SettingsGuard (HKLM-x32\...\SettingsGuardService) (Version: 2.0.2.3 - SmartCyberTechnology)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
UnknownFile (HKU\S-1-5-21-1090512921-404721342-1545087169-1001\...\UnknownFile) (Version: 1.0.0.0 - UnknownFile) <==== ATTENTION
Video Performer (HKU\S-1-5-21-1090512921-404721342-1545087169-1001\...\Video Performer) (Version: - PerformerSoft LLC) <==== ATTENTION
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1090512921-404721342-1545087169-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {11AF2A11-118E-4D74-9E4D-E20F0DFFBC0A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-19] (Google Inc.)
Task: {1E17A28E-D42B-4722-9FBA-ADC6D9215633} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-19] (Google Inc.)
Task: {2261CBFA-D12E-4239-8A2A-D10BD3B10053} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {3633ABD4-BC51-4E52-87BC-507EE227043D} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {52D5706E-70B7-4A16-AE13-4A2122B4B3E0} - System32\Tasks\PC Performer Scheduled Scan => C:\Program Files (x86)\PC Performer\PCPerformer.exe [2015-01-24] (PerformerSoft LLC) <==== ATTENTION
Task: {5D812695-9858-4D43-9266-F34E948D2172} - System32\Tasks\PC Performer Logon Scan => C:\Program Files (x86)\PC Performer\PCPerformer.exe [2015-01-24] (PerformerSoft LLC) <==== ATTENTION
Task: {657D8B86-9EBA-4EE0-97CD-07C3F98B849F} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {6A47A2DD-E1E3-4359-ACDD-9D1D5E4AF8A0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ HB => C:\windows\system32\MRT.exe [2016-06-15] (Microsoft Corporation)
Task: {AF4D97EB-5650-4A48-9DA6-40EC8D27F1ED} - System32\Tasks\PC Performer Daily Check => C:\Program Files (x86)\PC Performer\PSCheckUp.exe <==== ATTENTION
Task: {B1E4B0E2-C060-4EB3-B4FC-4F09AC41A5E6} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-19] (AVAST Software)
Task: {DC526B82-1EE8-4F15-B8BA-83A6377474DB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Reply With Quote
  #8  
Old June 22nd, 2016, 04:48 PM
Santan Santan is offline
Registered User
 
Join Date: Aug 2015
Posts: 55
Addition.txt Part 2

==================== Loaded Modules (Whitelisted) ==============
2016-04-22 01:07 - 2016-04-22 01:07 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-01-05 11:53 - 2012-08-01 14:03 - 00073728 _____ () C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
2015-03-31 08:09 - 2015-03-31 08:09 - 00868352 _____ () C:\Users\Owner\AppData\Roaming\SettingsGuard\updat er.exe
2012-07-31 21:10 - 2012-07-31 21:10 - 00384128 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ContactsApi.dll
2013-07-29 10:30 - 2013-07-29 10:31 - 04287536 _____ () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
2016-06-03 17:43 - 2016-06-03 17:43 - 01459712 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Win dows.UI\5062f8f84e45fee3a39c25e1f72b3461\Windows.U I.ni.dll
2015-04-25 19:35 - 2015-01-24 15:27 - 00506711 _____ () C:\Program Files (x86)\PC Performer\sqlite3.dll
2013-01-05 11:58 - 2012-06-07 23:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2016-05-11 04:10 - 2016-05-11 04:10 - 00016384 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\PSI Client\ca22e9a6d25fbd8599c0141e1dc1f1dd\PSIClient. ni.dll
2013-01-05 11:52 - 2012-07-19 06:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-01-05 12:02 - 2012-09-12 23:18 - 02003304 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2013-01-05 12:02 - 2012-08-06 12:59 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2013-01-05 12:02 - 2012-08-06 12:59 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1090512921-404721342-1545087169-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 0) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{E9671ECC-20C0-4E08-A025-B3F78711AEDC}] => (Allow) C:\KOGGAMES\Elsword\data\x2.exe
FirewallRules: [{8A3F43C5-ACBC-4BAB-A4B1-FE9CD998C917}] => (Allow) C:\KOGGAMES\Elsword\data\x2.exe
FirewallRules: [{D893B603-FF81-41FF-BC2E-AADF636C7196}] => (Allow) C:\KOGGAMES\Elsword\data\x2.exe
FirewallRules: [{5AB29306-2202-4E0A-BC2A-01D8002EF374}] => (Allow) C:\KOGGAMES\Elsword\data\x2.exe
FirewallRules: [UDP Query User{39FDEEAC-33AB-4AE1-B606-DB4A7BDD8489}C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe] => (Block) C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe
FirewallRules: [TCP Query User{94F4E01C-2680-47BD-88CF-ED4286FA2D06}C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe] => (Block) C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe
FirewallRules: [UDP Query User{303E4020-159F-4E50-821B-68D68C626ACE}C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe] => (Block) C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe
FirewallRules: [TCP Query User{A8AC88BB-D97A-4D6A-8AA1-7CF6B1D22F27}C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe] => (Block) C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe
FirewallRules: [{5C235F68-DD61-4D83-B687-86FBF008A323}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{B4FF2A0E-6E63-4F55-988D-EC130579877A}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{FCF867EC-ED19-4733-AD29-3A01DBF824C5}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{0143F807-E61C-4ECE-B0BC-818E797B9779}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{922CD117-3736-4FAD-8FF0-1FE608835173}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{99FD1610-BD15-41CA-BDCD-75E105AA1E68}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{A22E1178-9C9E-4A3B-A0AD-066F849178F0}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{F8CEEBCA-17DF-4E0B-A893-6C0BDFD091AB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F8AC1BD3-5896-478F-98FC-17932486F87C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{312175D0-6B84-4581-A291-09D5C733BCA2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F58A806B-34DF-430D-8034-B4A724CCA9C0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BFC6B401-178B-45DC-B021-04094F6AF711}] => (Allow) LPort=1900
FirewallRules: [{9A4BC6BC-04A9-4527-9034-F6A1AD9EC8E6}] => (Allow) LPort=2869
FirewallRules: [{7ED9E19A-9F1C-4BAF-80EA-6B8C5D56ADD9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D2DD87DF-19C0-4C39-B5D6-A548E9EEE30B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{62ABB91F-42C4-4CE7-92B6-F87E8ABA5F9E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{B8BDB598-67D8-4648-88AF-B204F170B187}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{843E2850-8A63-4DDB-A7A1-10606B511896}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Win7Ui.exe
FirewallRules: [{46907862-6E0A-4E9F-9B7D-DAF3098A484E}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
FirewallRules: [{5A27BC1D-B419-4D70-B651-967F1F1D8771}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
FirewallRules: [{4D77BDB4-2CDB-49B1-948F-89CB199864B9}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Btvstack.exe
FirewallRules: [{59E697DD-CD07-4F69-8DBB-5E83607B754D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{7734336F-C7C1-43E2-8368-DA580EA3CD87}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D0CE33D3-D85A-46EA-90AB-09BDF6001D2A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8B438F11-23C1-470A-B41F-1306DFAA8EB4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{394B8199-8684-4F8B-9F3E-D6EBE53CDBBA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{91EB7911-1329-42F2-BCAA-836F0ECCF7DD}] => (Allow) C:\Program Files\iTunes\iTunes.exe
==================== Restore Points =========================
14-06-2016 15:46:05 Scheduled Checkpoint
19-06-2016 17:56:34 ASU_MSI_TRAN
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (06/21/2016 10:21:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AvastSvc.exe, version: 11.2.2738.0, time stamp: 0x571e0372
Faulting module name: bcuengine.dll_unloaded, version: 9.0.0.922, time stamp: 0x575ac535
Exception code: 0xc00001a5
Reply With Quote
  #9  
Old June 22nd, 2016, 04:49 PM
Santan Santan is offline
Registered User
 
Join Date: Aug 2015
Posts: 55
Addition.txt Part 3

Fault offset: 0x002532f0
Faulting process id: 0x4a8
Faulting application start time: 0xAvastSvc.exe0
Faulting application path: AvastSvc.exe1
Faulting module path: AvastSvc.exe2
Report Id: AvastSvc.exe3
Faulting package full name: AvastSvc.exe4
Faulting package-relative application ID: AvastSvc.exe5
Error: (06/21/2016 07:02:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (1372) SRUJet: The database page read from the file "C:\windows\system32\SRU\SRUDB.dat" at offset 8306688 (0x00000000007ec000) (database page svchost0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [0009001e52545352] and the computed checksum was [000007eb709122c8]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (06/21/2016 07:01:05 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (1372) SRUJet: The database page read from the file "C:\windows\system32\SRU\SRUDB.dat" at offset 15728640 (0x0000000000f00000) (database page svchost0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [519d519dd2757c1d] and the computed checksum was [519d519dd27572c6]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (06/21/2016 07:01:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (1372) SRUJet: The database page read from the file "C:\windows\system32\SRU\SRUDB.dat" at offset 8306688 (0x00000000007ec000) (database page svchost0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [0009001e52545352] and the computed checksum was [000007eb709122c8]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (06/21/2016 07:00:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (1372) SRUJet: The database page read from the file "C:\windows\system32\SRU\SRUDB.dat" at offset 8306688 (0x00000000007ec000) (database page svchost0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [0009001e52545352] and the computed checksum was [000007eb709122c8]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (06/21/2016 01:08:00 AM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (1364) SRUJet: The database page read from the file "C:\windows\system32\SRU\SRUDB.dat" at offset 8306688 (0x00000000007ec000) (database page svchost0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [0009001e52545352] and the computed checksum was [000007eb709122c8]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (06/21/2016 01:07:00 AM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (1364) SRUJet: The database page read from the file "C:\windows\system32\SRU\SRUDB.dat" at offset 8306688 (0x00000000007ec000) (database page svchost0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [0009001e52545352] and the computed checksum was [000007eb709122c8]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (06/21/2016 01:06:00 AM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (1364) SRUJet: The database page read from the file "C:\windows\system32\SRU\SRUDB.dat" at offset 8306688 (0x00000000007ec000) (database page svchost0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [0009001e52545352] and the computed checksum was [000007eb709122c8]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (06/21/2016 01:05:00 AM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (1364) SRUJet: The database page read from the file "C:\windows\system32\SRU\SRUDB.dat" at offset 8306688 (0x00000000007ec000) (database page svchost0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [0009001e52545352] and the computed checksum was [000007eb709122c8]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (06/21/2016 01:04:00 AM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (1364) SRUJet: The database page read from the file "C:\windows\system32\SRU\SRUDB.dat" at offset 8306688 (0x00000000007ec000) (database page svchost0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [0009001e52545352] and the computed checksum was [000007eb709122c8]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

System errors:
=============
Error: (06/21/2016 10:21:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Avast Antivirus service failed to start due to the following error:
%%3 = The system cannot find the path specified.

Error: (06/21/2016 10:21:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avast Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
Error: (06/21/2016 10:21:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).
Error: (06/21/2016 10:19:23 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.
A corruption was found in a file system index structure. The file reference number is 0x9000000039a1e. The name of the file is "\Windows\System32\LogFiles\Scm". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
Error: (06/21/2016 10:18:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UAC File Virtualization service failed to start due to the following error:
%%1275 = This driver has been blocked from loading

Error: (06/21/2016 10:18:23 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:01:54 PM on ‎6/‎21/‎2016 was unexpected.
Error: (06/21/2016 07:02:10 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (06/21/2016 07:02:08 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (06/21/2016 07:02:05 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (06/21/2016 07:02:02 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

CodeIntegrity:
===================================
Date: 2016-06-20 19:19:16.105
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWi ndows8_1.0.0.35_neutral__htrsf667h5kn2\Dell.Welcom eGuide.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWi ndows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.Mv vmLight.Win8.dll that did not meet the Store signing level requirements.
Date: 2016-06-16 13:14:12.355
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-06-16 13:14:12.042
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-06-16 13:14:11.719
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-06-15 04:10:45.352
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-06-15 04:10:45.139
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-06-15 04:10:44.934
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-06-15 04:10:44.716
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-06-15 04:10:44.512
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-06-15 04:10:44.307
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz
Percentage of memory in use: 51%
Total physical RAM: 3966.61 MB
Available physical RAM: 1911.96 MB
Total Virtual: 7934.61 MB
Available Virtual: 5634.16 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:922.18 GB) (Free:850.6 GB) NTFS
Drive d: (Mrs. Wallace 2014-2015) (CDROM) (Total:0.54 GB) (Free:0 GB) UDF
Drive x: (WINRETOOLS) (Fixed) (Total:0.49 GB) (Free:0.22 GB) NTFS
Drive y: (PBR Image) (Fixed) (Total:7.74 GB) (Free:0.29 GB) NTFS
==================== MBR & Partition Table ==================
================================================== ======
Disk: 0 (Size: 931.5 GB) (Disk ID: 3E40F46F)
Partition: GPT.
==================== End of Addition.txt ============================
Reply With Quote
  #10  
Old June 22nd, 2016, 04:53 PM
Santan Santan is offline
Registered User
 
Join Date: Aug 2015
Posts: 55
Update

My friend told me that his computer has tried to reboot itself twice. It failed to reboot itself both times.
Reply With Quote
  #11  
Old June 22nd, 2016, 09:18 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,066
Hi there,
Trend Micro software which product you did use
Reply With Quote
  #12  
Old June 22nd, 2016, 09:50 PM
Santan Santan is offline
Registered User
 
Join Date: Aug 2015
Posts: 55
Hello!
My friend told me that the disc he has from Trend Micro is called "Titanium" and that it is Internet security for Windows and Mac. He does not remember if the CD was used on his computer however since he shares his computer with other family members.

He also told me that he found the the memory USB and a disc for his computer titled "Dell Inspiron One 2300 Contents: Device drivers, utilities" and that the disc states to "use this disc only to reinstall the software already installed on your computer" if that's any help.
Reply With Quote
  #13  
Old June 22nd, 2016, 10:05 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,066
Hi again,
Okay.
==============================
Please run:
Trend Micro Security 2015 and 10 (2016)+Trend Micro Titanium
https://esupport.trendmicro.com/en-u...t/1105809.aspx

TrendMicro HouseCall
http://support.it-mate.co.uk/?mode=P...caucleaner.zip
================================================== =======
Please uninstall:
Pando Networks
SettingsGuard
PC Performer
UnknownFile
Video Performer
searchalgo.com
C:\Program Files (x86)\Pando Networks
C:\Program Files (x86)\OLBPre

Please PC restart now.
================================================== =======
Step 1:
Run FRST fixlist
  • Please open notepad (Start > All Programs > Accessories > Notepad)
  • Copy the entire contents of the code box below (Do not copy the word 'code') to Notepad.
  • Save it to the Desktop, and name it: fixlist.txt
Code:
CreateRestorePoint:
CloseProcesses:
Task: {52D5706E-70B7-4A16-AE13-4A2122B4B3E0} - System32\Tasks\PC Performer Scheduled Scan => C:\Program Files (x86)\PC Performer\PCPerformer.exe [2015-01-24] (PerformerSoft LLC) <==== ATTENTION
Task: {5D812695-9858-4D43-9266-F34E948D2172} - System32\Tasks\PC Performer Logon Scan => C:\Program Files (x86)\PC Performer\PCPerformer.exe [2015-01-24] (PerformerSoft LLC) <==== ATTENTION
Task: {657D8B86-9EBA-4EE0-97CD-07C3F98B849F} - \SystemToolsDailyTest -> No File <==== ATTENTION
2015-03-31 08:09 - 2015-03-31 08:09 - 00868352 _____ () C:\Users\Owner\AppData\Roaming\SettingsGuard\updat er.exe
C:\Program Files (x86)\PC Performer\sqlite3.dll
C:\Users\Owner\AppData\Roaming\SettingsGuard\updat er.exe
C:\Program Files (x86)\PC Performer\PCPerformer.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKU\S-1-5-21-1090512921-404721342-1545087169-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKU\S-1-5-21-1090512921-404721342-1545087169-1001 -> DefaultScope {a8177b71-ee19-4e0f-b2f9-02d533eb946D} URL = hxxp://www.searchalgo.com/search.html?q={searchTerms}&cid=5077
SearchScopes: HKU\S-1-5-21-1090512921-404721342-1545087169-1001 -> {a8177b71-ee19-4e0f-b2f9-02d533eb946D} URL = hxxp://www.searchalgo.com/search.html?q={searchTerms}&cid=5077
SearchScopes: HKU\S-1-5-21-1090512921-404721342-1545087169-1001 -> {CBCBA567-B9F5-440F-9597-728857064E19} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:{language}:{referrer:source}&ie={inputEncoding ?}&oe={outputEncoding?}
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20013\1.0.1221\1.0.1221\TmopIEPl g.dll => No File
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64 .dll => No File
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20013\1.0.1221\1.0.1221\TmopIEPl g32.dll => No File
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32 .dll => No File
IE Session Restore: HKU\S-1-5-21-1090512921-404721342-1545087169-1001 -> is enabled.
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32 .dll No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20013\1.0.1221\1.0.1221\TmopIEPl g32.dll No File
FF HKLM\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxe xtension => not found
FF HKLM-x32\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxe xtension => not found
FF HKLM-x32\...\Firefox\Extensions: [{21541D23-FDA1-4bf3-8AF2-8F623BF70B07}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension => not found
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF HKLM\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxe xtension => not found
FF HKLM-x32\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxe xtension => not found
FF HKLM-x32\...\Firefox\Extensions: [{21541D23-FDA1-4bf3-8AF2-8F623BF70B07}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension => not found
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [46392 2012-08-23] (Trend Micro Inc.)
S0 tmel; C:\Windows\System32\DRIVERS\tmel.sys [34224 2012-07-27] (Trend Micro Inc.)
R2 tmusa; C:\Windows\system32\DRIVERS\tmusa.sys [92456 2012-12-24] (Trend Micro Inc.)
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 X6va027; \??\C:\WINDOWS\SysWOW64\Drivers\X6va027 [X]
S3 X6va028; \??\C:\WINDOWS\SysWOW64\Drivers\X6va028 [X]
S3 X6va029; \??\C:\WINDOWS\SysWOW64\Drivers\X6va029 [X]
C:\windows\System32\Tasks\PC Performer Logon Scan
C:\windows\System32\Tasks\PC Performer Daily Check
2016-06-19 13:09 - 2016-06-19 13:09 - 50063360 _____ C:\Program Files (x86)\GUTA05E.tmp
2016-06-19 13:09 - 2016-06-19 13:09 - 00000000 ____D C:\Program Files (x86)\GUMA05D.tmp
2016-06-19 13:02 - 2016-06-19 13:02 - 50063360 _____ C:\Program Files (x86)\GUT90CB.tmp
2016-06-19 13:02 - 2016-06-19 13:02 - 00000000 ____D C:\Program Files (x86)\GUM90CA.tmp
C:\Users\Owner\AppData\Local\PMB Files
C:\Program Files (x86)\PC Performer
C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
 C:\ProgramData\Trend Micro
C:\Program Files (x86)\OLBPre
C:\Users\Owner\Desktop\Thumbs.db
C:\Users\Owner\Downloads\Thumbs.db
2013-09-12 10:30 - 2013-09-12 10:30 - 0000000 _____ () C:\Program Files (x86)\error.dat
2016-06-19 13:02 - 2016-06-19 13:02 - 50063360 _____ () C:\Program Files (x86)\GUT90CB.tmp
2016-06-19 13:09 - 2016-06-19 13:09 - 50063360 _____ () C:\Program Files (x86)\GUTA05E.tmp
2014-04-06 18:16 - 2014-04-06 18:44 - 0006998 _____ () C:\Users\Owner\AppData\Roaming\data.sec
2014-11-09 19:08 - 2014-11-09 19:08 - 0000064 _____ () C:\Users\Owner\AppData\Local\0df296065d8b7004eef1f d7c1e1c4f9c
2014-06-25 17:47 - 2014-06-25 17:47 - 0000036 _____ () C:\Users\Owner\AppData\Local\housecall.guid.cache
2013-01-05 12:00 - 2013-01-05 12:00 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-01-05 11:57 - 2013-01-05 11:58 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-01-05 11:58 - 2013-01-05 11:59 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-01-05 11:57 - 2013-01-05 11:57 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-01-05 11:59 - 2013-01-05 12:00 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
C:\Users\Owner\AppData\Local\Temp
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
NOTICE: This script is written specifically for this computer!!!
  • Running this on another computer may cause damage to the Operating System.
  • Now, please run FRST, and press theFix button, just once, and wait.
  • When done, the tool creates a report on the Desktop called: Fixlog.txt
>> Please post the Fixlog.txt in your reply.

Step 2:
Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
If the program is already installed:
  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply
Reply With Quote
  #14  
Old June 22nd, 2016, 11:00 PM
Santan Santan is offline
Registered User
 
Join Date: Aug 2015
Posts: 55
Question

So far, my friend has uninstalled:

SettingsGuard
PC Performer
UnknownFile
Video Performer
C:\Program Files (x86)\OLBPre
Trend Micro Titanium

However, he is having trouble uninstalling these:

Pando Networks
searchalgo.com
C:\Program Files (x86)\Pando Networks

Could you give instructions on how to find those and how to uninstall them please? I'm sorry for the inconvenience.

Thank you very much for your help so far and for being patient! We really appreciate it!
Reply With Quote
  #15  
Old June 22nd, 2016, 11:24 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,066
Please do, step 1 and step 2
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
CRITICAL_PROCESS_DIED Crash Error Santan Windows 8 10 October 13th, 2017 06:26 AM
flash9f.ocx error/crash tthan43 Windows XP 8 July 24th, 2008 02:34 AM
Computer #2 issue - Crash Crash Crash (moved by Murf) echoch Malware Removal 3 March 20th, 2007 10:55 PM
crash stop error code is 0x00000050 rlmarr Windows XP 0 November 27th, 2006 07:34 PM
blue screen crash kernal error Holy Spawn The Anything Else Board 1 March 1st, 2002 03:05 PM


All times are GMT +1. The time now is 12:00 PM.