|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
|||
|
|||
malware?
I'm posting this from my daughter's laptop. She believes there's a virus on this. She claims it recently and suddenly began running slow after a toolbar was installed. I uninstalled the toolbar in question which was called "Mybar". Since I don't normally use it I can't be sure as to how it's performance has changed. I don't seem to notice any issues and Avast doesn't pick anything up either. Is there a good way to be sure something isn't amiss? I appreciate any help you can offer me on this.
|
#2
|
||||
|
||||
Hello, unforgiven1977
Welcome to the CyberTechHelp Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems. Please take note of some guidelines for this fix:
For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to the desktop. For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to the desktop. Please run it and click Scan, post back with the 2 logfiles. |
#3
|
|||
|
|||
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by b (administrator) on HPPC on 10-06-2015 08:50:19 Running from C:\Users\b\Desktop Loaded Profiles: b (Available Profiles: b) Platform: Windows 8 (X64) OS Language: English (United States) Internet Explorer Version 10 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe () C:\Windows\Temp\isdkH0oB6PqI\ISightHost.exe (AMD) C:\Windows\System32\atieclxx.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Google Inc.) C:\Users\b\AppData\Local\Temp\Google Toolbar\inu1C8A.tmp (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.ex e (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ng en.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ms corsvw.exe (Microsoft Corporation) C:\Windows\System32\AutoUpdate.exe (Microsoft Corporation) C:\Windows\System32\AutoUpdate.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\Pres entationFontCache.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.439 6.311_x64__8wekyb3d8bbwe\LiveComm.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Microsoft Corporation) C:\Windows\System32\PasswordOnWakeSettingFlyout.ex e (Microsoft Corporation) C:\Windows\System32\PasswordOnWakeSettingFlyout.ex e ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-14] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-02-25] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-06] (Avast Software s.r.o.) HKU\S-1-5-21-229845758-2511943213-1912753457-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632472 2015-06-06] (Electronic Arts) HKU\S-1-5-21-229845758-2511943213-1912753457-1002\...\MountPoints2: {b637bb8c-75f2-11e4-be72-806e6f6e6963} - "E:\Autorun.exe" ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-06] (Avast Software s.r.o.) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1 HKU\S-1-5-21-229845758-2511943213-1912753457-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1 SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D {searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D {searchTerms}&keyword={searchTerms} SearchScopes: HKU\S-1-5-21-229845758-2511943213-1912753457-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D {searchTerms}&keyword={searchTerms} BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-06] (Avast Software s.r.o.) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-06] (Avast Software s.r.o.) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckP lugin.dll [2012-07-09] (Hewlett-Packard) Toolbar: HKU\S-1-5-21-229845758-2511943213-1912753457-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-229845758-2511943213-1912753457-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 209.18.47.61 209.18.47.62 FireFox: ======== FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636 .dll [2012-08-08] (Adobe Systems, Inc.) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp .dll [2014-11-14] () FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-06-06] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-06] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-14] (Advanced Micro Devices, Inc.) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-06] (Avast Software s.r.o.) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2014-12-17] (WildTangent) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed] R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-02-01] (Hewlett-Packard Development Company, L.P.) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-06] (Electronic Arts) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-03-04] (Realtek Semiconductor) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-06] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-06] (Avast Software s.r.o.) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-06] (Avast Software s.r.o.) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-06] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-06] (Avast Software s.r.o.) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-06] (Avast Software s.r.o.) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-06] (Avast Software s.r.o.) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-06] () R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288328 2013-01-23] (Realtek Semiconductor Corp.) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-05-07] (Synaptics Incorporated) S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [33008 2013-05-07] (Synaptics Incorporated) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64 .sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.) R4 ccSet_NIS; \SystemRoot\system32\drivers\NISx64\1406000.01B\cc Setx64.sys [X] R4 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\2 0150213.001\IDSvia64.sys [X] R4 SRTSPX; \SystemRoot\system32\drivers\NISx64\1406000.01B\SR TSPX64.SYS [X] R4 SymDS; \SystemRoot\system32\drivers\NISx64\1406000.01B\SY MDS64.SYS [X] R4 SymEFA; \SystemRoot\system32\drivers\NISx64\1406000.01B\SY MEFA64.SYS [X] R4 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-10 08:50 - 2015-06-10 08:51 - 00012309 _____ C:\Users\b\Desktop\FRST.txt 2015-06-10 08:50 - 2015-06-10 08:50 - 00000000 ____D C:\FRST 2015-06-10 08:49 - 2015-06-10 08:49 - 02108928 _____ (Farbar) C:\Users\b\Desktop\FRST64.exe 2015-06-09 08:16 - 2015-06-09 08:16 - 00000000 ____D C:\ProgramData\Browser 2015-06-07 00:10 - 2015-02-18 03:39 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2015-06-07 00:10 - 2015-02-18 03:38 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll 2015-06-06 23:57 - 2015-06-07 00:12 - 00000000 ____D C:\Users\b\AppData\Roaming\Google 2015-06-06 23:07 - 2015-06-06 23:07 - 00281624 _____ C:\Windows\system32\FNTCACHE.DAT 2015-06-06 22:50 - 2015-06-06 22:50 - 00001929 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2015-06-06 22:50 - 2015-06-06 22:50 - 00000000 ____D C:\Users\b\AppData\Roaming\AVAST Software 2015-06-06 22:50 - 2015-06-06 22:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-06-06 22:48 - 2015-06-06 22:48 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2015-06-06 22:48 - 2015-06-06 22:48 - 00000000 ____D C:\Program Files\Google 2015-06-06 22:32 - 2015-06-09 08:29 - 00000000 ____D C:\Users\b\AppData\Local\Google 2015-06-06 22:32 - 2015-06-09 08:29 - 00000000 ____D C:\Program Files (x86)\Google 2015-06-06 22:32 - 2015-06-06 22:31 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys 2015-06-06 22:32 - 2015-06-06 22:31 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys 2015-06-06 22:32 - 2015-06-06 22:31 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe 2015-06-06 22:32 - 2015-06-06 22:31 - 00272248 _____ C:\Windows\system32\Drivers\aswVmm.sys 2015-06-06 22:32 - 2015-06-06 22:31 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys 2015-06-06 22:32 - 2015-06-06 22:31 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys 2015-06-06 22:32 - 2015-06-06 22:31 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-06-06 22:32 - 2015-06-06 22:31 - 00065736 _____ C:\Windows\system32\Drivers\aswRvrt.sys 2015-06-06 22:32 - 2015-06-06 22:31 - 00029168 _____ C:\Windows\system32\Drivers\aswHwid.sys 2015-06-06 22:31 - 2015-06-06 22:31 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr 2015-06-06 21:56 - 2015-06-06 21:56 - 00000000 ____D C:\Program Files\AVAST Software 2015-06-06 21:54 - 2015-06-06 21:54 - 00000000 ____D C:\ProgramData\AVAST Software 2015-06-06 21:47 - 2015-06-06 21:47 - 00187597 _____ C:\Users\b\AppData\Local\census.cache 2015-06-06 21:47 - 2015-06-06 21:47 - 00074925 _____ C:\Users\b\AppData\Local\ars.cache 2015-06-06 21:44 - 2015-06-06 21:44 - 00000010 _____ C:\Users\b\AppData\Local\sponge.last.runtime.cache 2015-06-06 21:40 - 2015-03-23 01:19 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-06-06 21:40 - 2015-03-23 01:17 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-06-06 21:40 - 2015-03-23 01:17 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-06-06 21:40 - 2015-03-23 01:17 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-06-06 21:40 - 2015-03-23 01:17 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-06-06 21:40 - 2015-03-23 01:17 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-06-06 21:40 - 2015-03-22 18:04 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-06-06 21:32 - 2015-01-09 02:43 - 00951808 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll 2015-06-06 21:32 - 2015-01-09 01:03 - 00601088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll 2015-06-06 21:32 - 2015-01-08 19:52 - 00478296 _____ C:\Windows\SysWOW64\locale.nls 2015-06-06 21:32 - 2015-01-08 19:52 - 00478296 _____ C:\Windows\system32\locale.nls 2015-06-06 21:25 - 2015-06-06 21:25 - 00000036 _____ C:\Users\b\AppData\Local\housecall.guid.cache 2015-06-06 20:59 - 2015-03-17 03:00 - 06971712 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-06-06 20:59 - 2015-03-17 02:52 - 01822696 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-06-06 20:59 - 2015-03-17 00:45 - 01409496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-06-06 20:54 - 2015-03-14 04:07 - 01120256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-06-06 20:54 - 2015-03-14 02:33 - 00891904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2015-06-06 20:49 - 2015-03-10 01:28 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-06-06 20:49 - 2015-03-10 01:28 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-06-06 20:49 - 2015-03-10 01:28 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-06-06 20:49 - 2015-03-10 01:27 - 19292672 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-06-06 20:49 - 2015-03-10 01:27 - 15409152 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-06-06 20:49 - 2015-03-10 01:27 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-06-06 20:49 - 2015-03-10 01:27 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-06-06 20:49 - 2015-03-10 01:27 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-06-06 20:49 - 2015-03-10 01:27 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-06-06 20:49 - 2015-03-09 23:49 - 14373376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-06-06 20:49 - 2015-03-09 23:49 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-06-06 20:49 - 2015-03-09 23:49 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-06-06 20:49 - 2015-03-09 23:49 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-06-06 20:49 - 2015-03-09 23:49 - 00737280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-06-06 20:49 - 2015-03-09 23:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-06-06 20:49 - 2015-03-09 23:49 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-06-06 20:49 - 2015-03-09 23:49 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-06-06 20:49 - 2015-03-09 23:48 - 13767680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-06-06 20:36 - 2015-06-06 20:37 - 00000000 ____D C:\ProgramData\Iuisosmaame 2015-06-06 20:33 - 2015-06-06 20:33 - 00000000 ____D C:\Users\b\AppData\Roaming\CompuClever 2015-06-06 20:32 - 2015-02-24 03:58 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys 2015-06-06 20:31 - 2015-03-04 03:29 - 00361280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys 2015-06-06 20:31 - 2015-03-04 02:39 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll 2015-06-06 20:31 - 2015-03-04 00:52 - 00057856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-10 08:39 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\system32\sru 2015-06-09 09:37 - 2014-12-13 22:19 - 01675312 _____ C:\Windows\WindowsUpdate.log 2015-06-09 09:29 - 2014-12-24 19:11 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-229845758-2511943213-1912753457-1002 2015-06-09 08:34 - 2012-07-26 03:59 - 00000000 ____D C:\Windows\CbsTemp 2015-06-09 08:33 - 2013-11-08 19:13 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security 2015-06-09 08:32 - 2012-07-26 04:12 - 00000000 ___HD C:\Windows\ELAMBKUP 2015-06-09 08:32 - 2012-07-26 01:26 - 00262144 ___SH C:\Windows\system32\config\ELAM 2015-06-09 08:22 - 2014-12-13 22:21 - 00003894 _____ C:\Windows\System32\Tasks\User_Feed_Synchronizatio n-{95ABC837-D56B-426B-9429-00D2D006C8BB} 2015-06-06 23:38 - 2014-12-24 19:13 - 00000000 ____D C:\ProgramData\Origin 2015-06-06 23:37 - 2014-12-24 19:12 - 00000000 ____D C:\Program Files (x86)\Origin 2015-06-06 23:13 - 2012-07-26 03:28 - 00941114 _____ C:\Windows\system32\PerfStringBackup.INI 2015-06-06 23:08 - 2012-07-26 03:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-06 23:07 - 2012-08-03 18:23 - 00017218 _____ C:\Windows\PFRO.log 2015-06-06 23:06 - 2012-07-26 01:26 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-06-06 23:03 - 2015-01-31 11:36 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-06-06 23:03 - 2015-01-31 11:36 - 00000000 ____D C:\Windows\system32\appraiser 2015-06-06 23:03 - 2012-07-26 04:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\System Tools 2015-06-06 23:03 - 2012-07-26 04:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-06-06 23:03 - 2012-07-26 04:12 - 00000000 ____D C:\Program Files\Windows Defender 2015-06-06 23:03 - 2012-07-26 04:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2015-06-06 21:31 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\WinStore ==================== Files in the root of some directories ======= 2015-06-06 21:47 - 2015-06-06 21:47 - 0074925 _____ () C:\Users\b\AppData\Local\ars.cache 2015-06-06 21:47 - 2015-06-06 21:47 - 0187597 _____ () C:\Users\b\AppData\Local\census.cache 2015-06-06 21:25 - 2015-06-06 21:25 - 0000036 _____ () C:\Users\b\AppData\Local\housecall.guid.cache 2015-06-06 21:44 - 2015-06-06 21:44 - 0000010 _____ () C:\Users\b\AppData\Local\sponge.last.runtime.cache Some files in TEMP: ==================== C:\Users\b\AppData\Local\Temp\COMAP.EXE C:\Users\b\AppData\Local\Temp\SEVINST64x86.EXE C:\Users\b\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_10819.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-06 21:28 ==================== End of log ============================ |
#4
|
|||
|
|||
Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by b at 2015-06-10 08:53:17 Running from C:\Users\b\Desktop Boot Mode: Normal ================================================== ======== ==================== Accounts: ============================= Administrator (S-1-5-21-229845758-2511943213-1912753457-500 - Administrator - Disabled) b (S-1-5-21-229845758-2511943213-1912753457-1002 - Administrator - Enabled) => C:\Users\b Guest (S-1-5-21-229845758-2511943213-1912753457-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-229845758-2511943213-1912753457-1005 - Limited - Enabled) miaja_000 (S-1-5-21-229845758-2511943213-1912753457-1003 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.) Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden AMD Catalyst Install Manager (HKLM\...\{CB4C08E3-800F-65F6-9C00-06814A6B7CE7}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software) Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.5901 - CyberLink Corp.) CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2608 - CyberLink Corp.) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2527 - CyberLink Corp.) CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.5108 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6119 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden Diner Dash - Flo on the Go (x32 Version: 2.2.0.95 - WildTangent) Hidden Diner Dash (x32 Version: 2.2.0.97 - WildTangent) Hidden Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company) Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden HP Documentation (HKLM-x32\...\{8C1ADF61-4F87-44BC-804C-C20FC70D98BB}) (Version: 1.4.0.0 - Hewlett-Packard) HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company) HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard) HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6317.4309 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company) HP System Event Utility (HKLM-x32\...\{B2F0406F-1609-489A-8626-7DB46776AB57}) (Version: 1.0.5 - Hewlett-Packard Company) HP Utility Center (HKLM\...\{73237EBB-B26F-4628-8754-4EFE563D72E9}) (Version: 2.1.5 - Hewlett-Packard Company) HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company) Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden OEM Application Profile (HKLM-x32\...\{C89A97B6-F991-EBB5-77B7-927BCF420EBE}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Origin (HKLM-x32\...\Origin) (Version: 9.0.14.2148 - Electronic Arts, Inc.) Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6849 - Realtek Semiconductor Corp.) Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.29053 - Realtek Semiconductor Corp.) Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated) Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.42.130 - Electronic Arts) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 26-04-2015 00:21:24 LavasoftWeCompanion 06-06-2015 21:28:12 Windows Update ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-26 01:26 - 2012-07-26 01:26 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {12645AD4-A630-492F-A1EA-1347C8E9AC62} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {39FE8CBC-FFF1-4C62-B01F-B7EE9AB1CBFC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {3FC64E68-AD4F-4647-BBDE-B5385E155786} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2013-03-04] (Realtek Semiconductor) Task: {477080D0-38AB-4D6E-B708-E295986829AF} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-07] (Synaptics Incorporated) Task: {5261FA65-93E0-4628-9263-58C37CEA9630} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.) Task: {9E963442-15B9-48D4-A077-555691920FE1} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink) Task: {D14BF10E-7F36-4576-8875-EB226071EB6B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-06] (Avast Software s.r.o.) Task: {D3FF85DE-4121-4842-86A4-8F5037258674} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe Task: {D4871636-B12A-4FC5-97CB-DE0C2C0CD529} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company) ==================== Loaded Modules (Whitelisted) ============== 2013-03-14 03:41 - 2013-03-14 03:41 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2015-06-06 23:08 - 2015-06-06 23:08 - 00003072 _____ () C:\Windows\TEMP\isdkH0oB6PqI\ISightHost.exe 2015-06-06 23:08 - 2014-08-25 14:46 - 00813568 _____ () C:\Windows\TEMP\isdkH0oB6PqI\ISightSDK.DLL 2015-02-01 13:41 - 2015-02-01 13:42 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ ErrorReporting\ErrorReporting.dll 2013-03-14 03:41 - 2013-03-14 03:41 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2015-01-29 15:24 - 2015-01-29 15:24 - 00175120 _____ () C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.439 6.311_x64__8wekyb3d8bbwe\ModernShared\ErrorReporti ng\ErrorReporting.dll 2015-06-06 22:31 - 2015-06-06 22:31 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-06-06 22:31 - 2015-06-06 22:31 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-06-06 22:32 - 2015-06-06 22:32 - 02952192 _____ () C:\Program Files\AVAST Software\Avast\defs\15060601\algo.dll 2015-06-10 08:52 - 2015-06-10 08:52 - 02953216 _____ () C:\Program Files\AVAST Software\Avast\defs\15061000\algo.dll 2013-11-08 19:01 - 2012-06-07 23:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2012-06-08 15:34 - 2012-06-08 15:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2015-06-06 22:31 - 2015-06-06 22:31 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-229845758-2511943213-1912753457-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp DNS Servers: 192.168.1.1 - 209.18.47.61 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{24045D66-6AE0-4638-B7FA-1648E2209737}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\Sky Drive\SkyDrive.exe FirewallRules: [{AA213117-DCC7-4927-9E97-D8D1AC1D2E5A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{CBE3E77D-88FC-4F91-BF1E-610B4196FBA8}] => (Allow) LPort=2869 FirewallRules: [{A3D2BFA3-9BD9-474F-853C-E604963C89E5}] => (Allow) LPort=1900 FirewallRules: [{70762B2A-4AC0-4C28-AE34-B20AFA95FCBC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{2695896B-E1FA-45FD-ADFF-6C573D41DF02}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{670FE5F3-3417-4698-BC90-95DD61ACDD97}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{789F1281-F552-4565-9C73-B2923ED43713}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{74A4C22C-09AA-48AE-9A7D-C1635E4E9BC3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/10/2015 08:43:14 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Map.exe version 1.6.1821.2624 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 5f8 Start Time: 01d0a37ae8bef9e7 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\Microsoft.BingMaps_1.6.1821.2624 _x64__8wekyb3d8bbwe\Map.exe Report Id: 40072545-0f6e-11e5-be84-a0d3c19851bd Faulting package full name: Microsoft.BingMaps_1.6.1821.2624_x64__8wekyb3d8bbw e Faulting package-relative application ID: AppexMaps Error: (06/10/2015 08:43:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HPPC) Description: Activation of app Microsoft.BingMaps_8wekyb3d8bbwe!AppexMaps failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (06/10/2015 08:43:10 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Map.exe version 1.6.1821.2624 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 5f8 Start Time: 01d0a37ae8bef9e7 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\Microsoft.BingMaps_1.6.1821.2624 _x64__8wekyb3d8bbwe\Map.exe Report Id: 2fd47cf5-0f6e-11e5-be84-a0d3c19851bd Faulting package full name: Microsoft.BingMaps_1.6.1821.2624_x64__8wekyb3d8bbw e Faulting package-relative application ID: AppexMaps Error: (06/09/2015 09:31:30 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program IEXPLORE.EXE version 10.0.9200.17267 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 724 Start Time: 01d0a2b3043bfc3a Termination Time: 219 Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Report Id: d1605ee0-0eab-11e5-be84-a0d3c19851bd Faulting package full name: Faulting package-relative application ID: Error: (06/09/2015 08:54:52 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (06/09/2015 08:15:59 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 198541303 Error: (06/09/2015 08:15:59 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 198541303 Error: (06/09/2015 08:15:59 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/06/2015 11:17:00 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program IEXPLORE.EXE version 10.0.9200.17267 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1344 Start Time: 01d0a0d059f1980b Termination Time: 0 Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Report Id: a0fc3fd8-0cc3-11e5-be84-a0d3c19851bd Faulting package full name: Faulting package-relative application ID: Error: (06/06/2015 08:31:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17267, time stamp: 0x54e7f156 Faulting module name: ntdll.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4 Exception code: 0xc0000022 Fault offset: 0x00078c9e Faulting process id: 0x1bd0 Faulting application start time: 0xIEXPLORE.EXE0 Faulting application path: IEXPLORE.EXE1 Faulting module path: IEXPLORE.EXE2 Report Id: IEXPLORE.EXE3 Faulting package full name: IEXPLORE.EXE4 Faulting package-relative application ID: IEXPLORE.EXE5 System errors: ============= Error: (06/09/2015 08:26:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The dyEuGnZrMm service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (06/06/2015 11:07:00 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY) Description: 0xc000014d0 Error: (04/25/2015 11:39:01 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 11:20:24 PM on 4/25/2015 was unexpected. Error: (04/10/2015 11:10:37 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Software Protection service hung on starting. Error: (04/10/2015 11:08:04 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The HP Support Assistant Service service hung on starting. Error: (04/10/2015 11:00:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80248007: Security Update for Windows 8 for x64-based Systems (KB3046049). Error: (04/10/2015 11:00:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80248007: Security Update for Windows 8 for x64-based Systems (KB3034344). Error: (04/10/2015 11:00:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80248007: Security Update for Windows 8 for x64-based Systems (KB3032323). Error: (04/10/2015 11:00:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80248007: Security Update for Windows 8 for x64-based Systems (KB3035132). Error: (04/10/2015 11:00:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80248007: Security Update for Windows 8 for x64-based Systems (KB3033889). Microsoft Office: ========================= Error: (06/10/2015 08:43:14 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Map.exe1.6.1821.26245f801d0a37ae8bef9e74294967295C :\Program Files\WindowsApps\Microsoft.BingMaps_1.6.1821.2624 _x64__8wekyb3d8bbwe\Map.exe40072545-0f6e-11e5-be84-a0d3c19851bdMicrosoft.BingMaps_1.6.1821.2624_x64__ 8wekyb3d8bbweAppexMaps Error: (06/10/2015 08:43:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HPPC) Description: Microsoft.BingMaps_8wekyb3d8bbwe!AppexMaps-2144927142 Error: (06/10/2015 08:43:10 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Map.exe1.6.1821.26245f801d0a37ae8bef9e74294967295C :\Program Files\WindowsApps\Microsoft.BingMaps_1.6.1821.2624 _x64__8wekyb3d8bbwe\Map.exe2fd47cf5-0f6e-11e5-be84-a0d3c19851bdMicrosoft.BingMaps_1.6.1821.2624_x64__ 8wekyb3d8bbweAppexMaps Error: (06/09/2015 09:31:30 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: IEXPLORE.EXE10.0.9200.1726772401d0a2b3043bfc3a219C :\Program Files (x86)\Internet Explorer\IEXPLORE.EXEd1605ee0-0eab-11e5-be84-a0d3c19851bd Error: (06/09/2015 08:54:52 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (06/09/2015 08:15:59 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 198541303 Error: (06/09/2015 08:15:59 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 198541303 Error: (06/09/2015 08:15:59 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/06/2015 11:17:00 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: IEXPLORE.EXE10.0.9200.17267134401d0a0d059f1980b0C: \Program Files (x86)\Internet Explorer\IEXPLORE.EXEa0fc3fd8-0cc3-11e5-be84-a0d3c19851bd Error: (06/06/2015 08:31:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: IEXPLORE.EXE10.0.9200.1726754e7f156ntdll.dll6.2.92 00.1704653b485c4c000002200078c9e1bd001d0a0b95a61e7 c2C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SYSTEM32\ntdll.dll 99d7309c-0cac-11e5-be83-a0d3c19851bd ==================== Memory info =========================== Processor: AMD E2-1800 APU with Radeon(tm) HD Graphics Percentage of memory in use: 41% Total physical RAM: 3682.26 MB Available physical RAM: 2147.53 MB Total Pagefile: 4642.26 MB Available Pagefile: 2827.73 MB Total Virtual: 8192 MB Available Virtual: 8191.79 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:443.04 GB) (Free:383.51 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (RECOVERY) (Fixed) (Total:21.96 GB) (Free:2.23 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive e: (Sims3) (CDROM) (Total:6.93 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ================================================== ====== Disk: 0 (Size: 465.8 GB) (Disk ID: 1E1F4777) Partition: GPT Partition Type. ==================== End of log ============================ |
#5
|
||||
|
||||
Please download AdwCleaner by Xplode onto your desktop.
|
#6
|
|||
|
|||
# AdwCleaner v4.206 - Logfile created 10/06/2015 at 17:08:03
# Updated 01/06/2015 by Xplode # Database : 2015-06-09.1 [Server] # Operating system : Windows 8 (x64) # Username : b - HPPC # Running from : C:\Users\b\Desktop\adwcleaner_4.206.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Found : C:\ProgramData\Browser ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\Boost Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com Key Found : [x64] HKCU\Software\Boost Key Found : HKLM\SOFTWARE\Boost Key Found : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C} Key Found : [x64] HKLM\SOFTWARE\WebBar ***** [ Web browsers ] ***** -\\ Internet Explorer v10.0.9200.17267 ************************* AdwCleaner[R0].txt - [1125 bytes] - [10/06/2015 17:08:03] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1184 bytes] ########## |
#7
|
|||
|
|||
So...Is there nothing more for me to do with this machine?
|
#8
|
||||
|
||||
Sorry for the late reply. I missed your answer.
PLease re-run AdwCleaner and click on the Clean button, then please post back with a fresh FRST logfile. |
#9
|
|||
|
|||
# AdwCleaner v4.207 - Logfile created 23/06/2015 at 09:47:59
# Updated 21/06/2015 by Xplode # Database : 2015-06-21.2 [Server] # Operating system : Windows 8 (x64) # Username : b - HPPC # Running from : C:\Users\b\Desktop\adwcleaner_4.207.exe # Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Browser ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C} Key Deleted : HKCU\Software\Boost Key Deleted : HKLM\SOFTWARE\Boost Key Deleted : [x64] HKLM\SOFTWARE\WebBar Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com ***** [ Web browsers ] ***** -\\ Internet Explorer v10.0.9200.17377 ************************* AdwCleaner[R0].txt - [1279 bytes] - [10/06/2015 17:08:03] AdwCleaner[R1].txt - [1338 bytes] - [23/06/2015 09:45:54] AdwCleaner[S0].txt - [1230 bytes] - [23/06/2015 09:47:59] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1289 bytes] ########## |
#10
|
||||
|
||||
I'd like us to scan your machine with ESET OnlineScan
Also please post back with a fresh FRST logfile and tell me how the system is running. |
#11
|
|||
|
|||
I'm having considerable trouble running the ESET online scanner. The add-on does not seem to want to install for me. This machine is running Windows 8 and IE10. No matter what I try I continue to get the message "This website wants to install the following add-on: 'OnlineSacanner.cab' from 'ESET, spol. s r.o.'." So I click the install button and get the following response "An add-on for this website failed to run."
|
#12
|
||||
|
||||
Please skip ESET and run a full system scan with your av program.
|
#13
|
|||
|
|||
C:\ProgramData\Microsoft\Diagnosis\events01.rbs
C:\Users\b\Downloads\adwcleaner_4.207.exe C:\Users\b\adwcleaner_4.207.exe C:\Users\b\adwcleaner_4.207.exe These were the only items detected in the Avast scan. |
#14
|
||||
|
||||
Ok, nothing really bad. Please post back with a fresh FRST logfile and tell me how the system is running.
|
#15
|
|||
|
|||
Seems to be running fine.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01 Ran by b (administrator) on HPPC on 02-07-2015 10:02:32 Running from C:\Users\b\Desktop Loaded Profiles: b (Available Profiles: b) Platform: Windows 8 (X64) OS Language: English (United States) Internet Explorer Version 10 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\Pres entationFontCache.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen task.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen task.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-14] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-02-25] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-06] (Avast Software s.r.o.) HKLM\...\RunOnce: [RollbackOnline] => C:\$Windows.~BT\Sources\SetupPlatform.exe [6620824 2015-01-22] (Microsoft Corporation) HKU\S-1-5-21-229845758-2511943213-1912753457-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632112 2015-06-30] (Electronic Arts) HKU\S-1-5-21-229845758-2511943213-1912753457-1002\...\MountPoints2: {b637bb8c-75f2-11e4-be72-806e6f6e6963} - "E:\Autorun.exe" ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-06] (Avast Software s.r.o.) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File BootExecute: autocheck autochk * aswBoot.exe /A:"* " /L:"1033" /heur:80 /RA:ask /pup /archives /IA:0 /KBD:1 /wow /dir:"C:\Program Files\AVAST Software\Avast" ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1 HKU\S-1-5-21-229845758-2511943213-1912753457-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1 SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D {searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D {searchTerms}&keyword={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-229845758-2511943213-1912753457-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D {searchTerms}&keyword={searchTerms} BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-06] (Avast Software s.r.o.) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-06] (Avast Software s.r.o.) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckP lugin.dll [2012-07-09] (Hewlett-Packard) Toolbar: HKU\S-1-5-21-229845758-2511943213-1912753457-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-229845758-2511943213-1912753457-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 209.18.47.61 209.18.47.62 Tcpip\..\Interfaces\{2611DE54-A7B3-44AA-98DF-C150FAF80C7E}: [DhcpNameServer] 192.168.1.1 209.18.47.61 209.18.47.62 FireFox: ======== FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636 .dll [2012-08-08] (Adobe Systems, Inc.) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp .dll [2014-11-14] () FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-06-06] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-06-06] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-06] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-14] (Advanced Micro Devices, Inc.) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-06] (Avast Software s.r.o.) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2014-12-17] (WildTangent) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed] R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-02-01] (Hewlett-Packard Development Company, L.P.) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-06-30] (Electronic Arts) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-03-04] (Realtek Semiconductor) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-06] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-06] (Avast Software s.r.o.) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-06] (Avast Software s.r.o.) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-06] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-06] (Avast Software s.r.o.) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-30] (Avast Software s.r.o.) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-06] (Avast Software s.r.o.) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-06] () R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288328 2013-01-23] (Realtek Semiconductor Corp.) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-05-07] (Synaptics Incorporated) S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [33008 2013-05-07] (Synaptics Incorporated) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64 .sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-02 10:02 - 2015-07-02 10:02 - 02112512 _____ (Farbar) C:\Users\b\Desktop\FRST64.exe 2015-06-29 17:11 - 2015-06-29 17:11 - 00001564 _____ C:\Windows\comsetup.log 2015-06-28 00:10 - 2015-06-29 17:18 - 00022863 _____ C:\Windows\diagwrn.xml 2015-06-28 00:10 - 2015-06-29 17:18 - 00022863 _____ C:\Windows\diagerr.xml 2015-06-23 09:45 - 2015-06-23 09:45 - 02244096 _____ C:\Users\b\Downloads\adwcleaner_4.207.exe 2015-06-23 09:45 - 2015-06-23 09:45 - 02244096 _____ C:\Users\b\Desktop\adwcleaner_4.207.exe 2015-06-20 17:11 - 2015-05-27 22:02 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-06-20 17:10 - 2015-05-27 22:04 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-06-20 17:10 - 2015-05-27 22:03 - 02237440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-06-20 17:10 - 2015-05-27 22:03 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-06-20 17:10 - 2015-05-27 22:03 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll 2015-06-20 17:10 - 2015-05-27 22:03 - 00601600 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-06-20 17:10 - 2015-05-27 22:03 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll 2015-06-20 17:10 - 2015-05-27 22:02 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-06-20 17:10 - 2015-05-27 22:02 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-06-20 17:10 - 2015-05-27 22:02 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-06-20 17:10 - 2015-05-27 22:01 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-06-20 17:10 - 2015-05-27 22:01 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-06-20 17:10 - 2015-05-27 22:01 - 02656768 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-06-20 17:10 - 2015-05-27 22:01 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-06-20 17:10 - 2015-05-27 22:01 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-06-20 17:10 - 2015-05-27 22:01 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-06-20 17:10 - 2015-05-27 22:01 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-06-20 17:10 - 2015-05-27 22:01 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-06-20 17:10 - 2015-05-27 22:01 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2015-06-20 17:10 - 2015-05-27 22:01 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-06-20 17:10 - 2015-05-27 22:01 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-06-20 17:10 - 2015-05-27 22:01 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-06-20 17:10 - 2015-05-27 22:00 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-06-20 17:10 - 2015-05-27 20:45 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-06-20 17:10 - 2015-05-27 20:45 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-06-20 17:10 - 2015-05-27 20:45 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-06-20 17:10 - 2015-05-27 20:45 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2015-06-20 17:10 - 2015-05-27 20:44 - 14383104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-06-20 17:10 - 2015-05-27 20:44 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-06-20 17:10 - 2015-05-27 20:44 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-06-20 17:10 - 2015-05-27 20:44 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-06-20 17:10 - 2015-05-27 20:43 - 13771776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-06-20 17:10 - 2015-05-27 20:43 - 02865152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-06-20 17:10 - 2015-05-27 20:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-06-20 17:10 - 2015-05-27 20:43 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-06-20 17:10 - 2015-05-27 20:43 - 00737280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-06-20 17:10 - 2015-05-27 20:43 - 00690176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-06-20 17:10 - 2015-05-27 20:43 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-06-20 17:10 - 2015-05-27 20:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-06-20 17:10 - 2015-05-27 20:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-06-20 17:10 - 2015-05-27 20:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2015-06-20 17:10 - 2015-05-27 20:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-06-20 17:10 - 2015-05-27 20:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-06-20 17:10 - 2015-05-27 20:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-06-20 17:10 - 2015-05-27 20:24 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-06-20 17:10 - 2015-05-27 20:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-06-20 17:10 - 2015-05-27 20:22 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll 2015-06-20 17:10 - 2015-05-27 20:20 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll 2015-06-20 17:10 - 2015-05-27 20:00 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-06-20 17:10 - 2015-05-27 19:55 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-06-20 17:10 - 2015-05-27 18:14 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll 2015-06-20 17:10 - 2015-04-24 23:41 - 00541696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2015-06-20 17:10 - 2015-04-24 19:13 - 00652288 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2015-06-20 17:10 - 2015-04-08 18:05 - 00410336 _____ C:\Windows\system32\ApnDatabase.xml 2015-06-20 17:09 - 2015-05-21 14:07 - 04067840 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-06-10 17:07 - 2015-06-23 09:48 - 00000000 ____D C:\AdwCleaner 2015-06-10 08:53 - 2015-06-10 08:55 - 00025248 _____ C:\Users\b\Desktop\Addition.txt 2015-06-10 08:50 - 2015-07-02 10:02 - 00011294 _____ C:\Users\b\Desktop\FRST.txt 2015-06-10 08:50 - 2015-07-02 10:02 - 00000000 ____D C:\FRST 2015-06-09 08:23 - 2015-04-30 09:07 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNativ e_v0300.dll 2015-06-09 08:23 - 2015-04-30 09:07 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNativ e_v0300.dll 2015-06-07 00:21 - 2015-04-13 01:32 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-06-07 00:21 - 2015-04-13 01:30 - 01839616 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-06-07 00:21 - 2015-04-13 01:30 - 01280512 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-06-07 00:21 - 2015-04-13 00:05 - 01416192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-06-07 00:11 - 2015-03-12 01:31 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll 2015-06-07 00:11 - 2015-03-12 01:31 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll 2015-06-07 00:11 - 2015-03-11 23:52 - 01933312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll 2015-06-07 00:11 - 2015-03-04 02:41 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-06-07 00:11 - 2015-03-04 02:39 - 00632832 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-06-07 00:11 - 2015-03-04 02:39 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-06-07 00:11 - 2015-03-04 00:53 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe 2015-06-07 00:11 - 2015-03-04 00:52 - 00676864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2015-06-07 00:10 - 2015-05-02 02:28 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-06-07 00:10 - 2015-05-01 23:59 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-06-07 00:10 - 2015-05-01 23:36 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-06-07 00:10 - 2015-04-13 18:09 - 00570248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-06-07 00:10 - 2015-04-06 01:36 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll 2015-06-07 00:10 - 2015-04-06 00:08 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll 2015-06-07 00:10 - 2015-02-18 03:39 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2015-06-07 00:10 - 2015-02-18 03:38 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll 2015-06-06 23:57 - 2015-06-07 00:12 - 00000000 ____D C:\Users\b\AppData\Roaming\Google 2015-06-06 23:07 - 2015-06-23 09:38 - 00281624 _____ C:\Windows\system32\FNTCACHE.DAT 2015-06-06 22:50 - 2015-06-06 22:50 - 00001929 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2015-06-06 22:50 - 2015-06-06 22:50 - 00000000 ____D C:\Users\b\AppData\Roaming\AVAST Software 2015-06-06 22:50 - 2015-06-06 22:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-06-06 22:48 - 2015-06-23 09:41 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2015-06-06 22:48 - 2015-06-23 09:36 - 00000000 ____D C:\Program Files\Google 2015-06-06 22:32 - 2015-06-30 09:29 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys 2015-06-06 22:32 - 2015-06-23 09:36 - 00000000 ____D C:\Program Files (x86)\Google 2015-06-06 22:32 - 2015-06-09 08:29 - 00000000 ____D C:\Users\b\AppData\Local\Google 2015-06-06 22:32 - 2015-06-06 22:31 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys 2015-06-06 22:32 - 2015-06-06 22:31 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys.143567095116 2 2015-06-06 22:32 - 2015-06-06 22:31 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe 2015-06-06 22:32 - 2015-06-06 22:31 - 00272248 _____ C:\Windows\system32\Drivers\aswVmm.sys 2015-06-06 22:32 - 2015-06-06 22:31 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys 2015-06-06 22:32 - 2015-06-06 22:31 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys 2015-06-06 22:32 - 2015-06-06 22:31 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-06-06 22:32 - 2015-06-06 22:31 - 00065736 _____ C:\Windows\system32\Drivers\aswRvrt.sys 2015-06-06 22:32 - 2015-06-06 22:31 - 00029168 _____ C:\Windows\system32\Drivers\aswHwid.sys 2015-06-06 22:31 - 2015-06-06 22:31 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr 2015-06-06 21:56 - 2015-06-06 21:56 - 00000000 ____D C:\Program Files\AVAST Software 2015-06-06 21:54 - 2015-06-06 21:54 - 00000000 ____D C:\ProgramData\AVAST Software 2015-06-06 21:47 - 2015-06-06 21:47 - 00187597 _____ C:\Users\b\AppData\Local\census.cache 2015-06-06 21:47 - 2015-06-06 21:47 - 00074925 _____ C:\Users\b\AppData\Local\ars.cache 2015-06-06 21:44 - 2015-06-06 21:44 - 00000010 _____ C:\Users\b\AppData\Local\sponge.last.runtime.cache 2015-06-06 21:40 - 2015-03-23 01:19 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-06-06 21:40 - 2015-03-23 01:17 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-06-06 21:40 - 2015-03-23 01:17 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-06-06 21:40 - 2015-03-23 01:17 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-06-06 21:40 - 2015-03-23 01:17 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-06-06 21:40 - 2015-03-23 01:17 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-06-06 21:40 - 2015-03-22 18:04 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-06-06 21:32 - 2015-01-09 02:43 - 00951808 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll 2015-06-06 21:32 - 2015-01-09 01:03 - 00601088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll 2015-06-06 21:32 - 2015-01-08 19:52 - 00478296 _____ C:\Windows\SysWOW64\locale.nls 2015-06-06 21:32 - 2015-01-08 19:52 - 00478296 _____ C:\Windows\system32\locale.nls 2015-06-06 21:25 - 2015-06-06 21:25 - 00000036 _____ C:\Users\b\AppData\Local\housecall.guid.cache 2015-06-06 20:59 - 2015-03-17 03:00 - 06971712 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-06-06 20:59 - 2015-03-17 02:52 - 01822696 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-06-06 20:59 - 2015-03-17 00:45 - 01409496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-06-06 20:54 - 2015-03-14 04:07 - 01120256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-06-06 20:54 - 2015-03-14 02:33 - 00891904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2015-06-06 20:36 - 2015-06-06 20:37 - 00000000 ____D C:\ProgramData\Iuisosmaame 2015-06-06 20:33 - 2015-06-06 20:33 - 00000000 ____D C:\Users\b\AppData\Roaming\CompuClever 2015-06-06 20:32 - 2015-02-24 03:58 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys 2015-06-06 20:31 - 2015-03-04 03:29 - 00361280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys 2015-06-06 20:31 - 2015-03-04 02:39 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll 2015-06-06 20:31 - 2015-03-04 00:52 - 00057856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-02 10:02 - 2014-12-13 22:21 - 00003894 _____ C:\Windows\System32\Tasks\User_Feed_Synchronizatio n-{95ABC837-D56B-426B-9429-00D2D006C8BB} 2015-07-02 10:00 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\system32\sru 2015-06-30 14:27 - 2012-07-26 03:59 - 00000000 ____D C:\Windows\CbsTemp 2015-06-30 11:17 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\rescache 2015-06-30 09:27 - 2014-12-24 19:13 - 00000000 ____D C:\ProgramData\Origin 2015-06-30 09:27 - 2014-12-24 19:12 - 00000000 ____D C:\Program Files (x86)\Origin 2015-06-29 17:38 - 2014-12-13 22:19 - 01276309 _____ C:\Windows\WindowsUpdate.log 2015-06-29 17:18 - 2012-07-26 03:21 - 00427124 _____ C:\Windows\setupact.log 2015-06-29 17:18 - 2012-07-26 01:26 - 00262144 ___SH C:\Windows\system32\config\ELAM 2015-06-29 17:17 - 2012-08-03 18:40 - 00012507 _____ C:\Windows\iis.log 2015-06-29 17:17 - 2012-07-26 04:13 - 00005264 _____ C:\Windows\DtcInstall.log 2015-06-29 17:11 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\Registration 2015-06-29 17:06 - 2014-11-21 18:09 - 00000000 ___HD C:\$Windows.~BT 2015-06-29 17:02 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\AUInstallAgent 2015-06-23 09:50 - 2012-07-26 03:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-23 09:49 - 2012-07-26 01:26 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-06-23 09:46 - 2012-07-26 03:28 - 00941114 _____ C:\Windows\system32\PerfStringBackup.INI 2015-06-23 09:37 - 2013-11-08 19:13 - 00000000 ____D C:\ProgramData\Norton 2015-06-23 09:37 - 2012-08-03 18:23 - 00692364 _____ C:\Windows\PFRO.log 2015-06-20 17:25 - 2015-01-29 16:11 - 00000000 ____D C:\Windows\system32\MRT 2015-06-20 17:25 - 2012-07-26 03:52 - 00000000 ____D C:\Program Files\Windows Journal 2015-06-09 09:29 - 2014-12-24 19:11 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-229845758-2511943213-1912753457-1002 2015-06-09 08:32 - 2012-07-26 04:12 - 00000000 ___HD C:\Windows\ELAMBKUP 2015-06-06 23:03 - 2015-01-31 11:36 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-06-06 23:03 - 2015-01-31 11:36 - 00000000 ____D C:\Windows\system32\appraiser 2015-06-06 23:03 - 2012-07-26 04:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\System Tools 2015-06-06 23:03 - 2012-07-26 04:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-06-06 23:03 - 2012-07-26 04:12 - 00000000 ____D C:\Program Files\Windows Defender 2015-06-06 23:03 - 2012-07-26 04:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2015-06-06 21:31 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\WinStore ==================== Files in the root of some directories ======= 2015-06-06 21:47 - 2015-06-06 21:47 - 0074925 _____ () C:\Users\b\AppData\Local\ars.cache 2015-06-06 21:47 - 2015-06-06 21:47 - 0187597 _____ () C:\Users\b\AppData\Local\census.cache 2015-06-06 21:25 - 2015-06-06 21:25 - 0000036 _____ () C:\Users\b\AppData\Local\housecall.guid.cache 2015-06-06 21:44 - 2015-06-06 21:44 - 0000010 _____ () C:\Users\b\AppData\Local\sponge.last.runtime.cache Some files in TEMP: ==================== C:\Users\b\AppData\Local\Temp\COMAP.EXE C:\Users\b\AppData\Local\Temp\Quarantine.exe C:\Users\b\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-06 21:28 ==================== End of log ============================ |
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
Can Malwarebytes Anti Malware actually get rid of malware such as Windows System? | dwilliams1578 | Malware Removal | 2 | June 4th, 2011 09:39 AM |
AVG keeps blocking "UK9.exe" malware, Firefox keeps redirecting to malware. | Vulpix | Malware Removal | 5 | March 2nd, 2010 03:00 AM |
Malware? | Bremang | Malware Removal | 1 | October 16th, 2008 08:12 PM |
Possible Malware | bkbigshow | Malware Removal | 21 | October 5th, 2008 04:15 AM |
new malware j | Bmxrider | Malware Removal | 1 | May 28th, 2008 01:09 PM |
All times are GMT +1. The time now is 10:40 PM.