Go Back   Cyber Tech Help Support Forums > Software > Malware Removal
Reload this Page malware?
Register FAQ Calendar Today's Active Topics Search

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
Page 1 of 2 1 2
 
Topic Tools
  #1  
Old June 9th, 2015, 01:45 PM
unforgiven1977 unforgiven1977 is offline
Senior Member
  
Join Date: Feb 2006
Posts: 118
malware?
I'm posting this from my daughter's laptop. She believes there's a virus on this. She claims it recently and suddenly began running slow after a toolbar was installed. I uninstalled the toolbar in question which was called "Mybar". Since I don't normally use it I can't be sure as to how it's performance has changed. I don't seem to notice any issues and Avast doesn't pick anything up either. Is there a good way to be sure something isn't amiss? I appreciate any help you can offer me on this.
Reply With Quote
  #2  
Old June 9th, 2015, 07:45 PM
schrauber's Avatar
schrauber schrauber is offline
CTH Subscriber
  
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 42
Posts: 5,017
Hello, unforgiven1977
Welcome to the CyberTechHelp Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.



Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.



For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to the desktop.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to the desktop.

Please run it and click Scan, post back with the 2 logfiles.
Reply With Quote
  #3  
Old June 10th, 2015, 01:57 PM
unforgiven1977 unforgiven1977 is offline
Senior Member
  
Join Date: Feb 2006
Posts: 118
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by b (administrator) on HPPC on 10-06-2015 08:50:19
Running from C:\Users\b\Desktop
Loaded Profiles: b (Available Profiles: b)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
() C:\Windows\Temp\isdkH0oB6PqI\ISightHost.exe
(AMD) C:\Windows\System32\atieclxx.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Google Inc.) C:\Users\b\AppData\Local\Temp\Google Toolbar\inu1C8A.tmp
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.ex e
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ng en.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ms corsvw.exe
(Microsoft Corporation) C:\Windows\System32\AutoUpdate.exe
(Microsoft Corporation) C:\Windows\System32\AutoUpdate.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\Pres entationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.439 6.311_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\PasswordOnWakeSettingFlyout.ex e
(Microsoft Corporation) C:\Windows\System32\PasswordOnWakeSettingFlyout.ex e


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-02-25] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-06] (Avast Software s.r.o.)
HKU\S-1-5-21-229845758-2511943213-1912753457-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632472 2015-06-06] (Electronic Arts)
HKU\S-1-5-21-229845758-2511943213-1912753457-1002\...\MountPoints2: {b637bb8c-75f2-11e4-be72-806e6f6e6963} - "E:\Autorun.exe"
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-06] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKU\S-1-5-21-229845758-2511943213-1912753457-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D {searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D {searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-229845758-2511943213-1912753457-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D {searchTerms}&keyword={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-06] (Avast Software s.r.o.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-06] (Avast Software s.r.o.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckP lugin.dll [2012-07-09] (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-229845758-2511943213-1912753457-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-229845758-2511943213-1912753457-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 209.18.47.61 209.18.47.62

FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636 .dll [2012-08-08] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp .dll [2014-11-14] ()
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-06-06]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-14] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-06] (Avast Software s.r.o.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2014-12-17] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-02-01] (Hewlett-Packard Development Company, L.P.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-06] (Electronic Arts)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-03-04] (Realtek Semiconductor)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-06] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-06] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-06] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-06] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-06] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-06] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288328 2013-01-23] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-05-07] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [33008 2013-05-07] (Synaptics Incorporated)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64 .sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
R4 ccSet_NIS; \SystemRoot\system32\drivers\NISx64\1406000.01B\cc Setx64.sys [X]
R4 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\2 0150213.001\IDSvia64.sys [X]
R4 SRTSPX; \SystemRoot\system32\drivers\NISx64\1406000.01B\SR TSPX64.SYS [X]
R4 SymDS; \SystemRoot\system32\drivers\NISx64\1406000.01B\SY MDS64.SYS [X]
R4 SymEFA; \SystemRoot\system32\drivers\NISx64\1406000.01B\SY MEFA64.SYS [X]
R4 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-10 08:50 - 2015-06-10 08:51 - 00012309 _____ C:\Users\b\Desktop\FRST.txt
2015-06-10 08:50 - 2015-06-10 08:50 - 00000000 ____D C:\FRST
2015-06-10 08:49 - 2015-06-10 08:49 - 02108928 _____ (Farbar) C:\Users\b\Desktop\FRST64.exe
2015-06-09 08:16 - 2015-06-09 08:16 - 00000000 ____D C:\ProgramData\Browser
2015-06-07 00:10 - 2015-02-18 03:39 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-06-07 00:10 - 2015-02-18 03:38 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2015-06-06 23:57 - 2015-06-07 00:12 - 00000000 ____D C:\Users\b\AppData\Roaming\Google
2015-06-06 23:07 - 2015-06-06 23:07 - 00281624 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-06 22:50 - 2015-06-06 22:50 - 00001929 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-06-06 22:50 - 2015-06-06 22:50 - 00000000 ____D C:\Users\b\AppData\Roaming\AVAST Software
2015-06-06 22:50 - 2015-06-06 22:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-06-06 22:48 - 2015-06-06 22:48 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-06-06 22:48 - 2015-06-06 22:48 - 00000000 ____D C:\Program Files\Google
2015-06-06 22:32 - 2015-06-09 08:29 - 00000000 ____D C:\Users\b\AppData\Local\Google
2015-06-06 22:32 - 2015-06-09 08:29 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-06 22:32 - 2015-06-06 22:31 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-06-06 22:32 - 2015-06-06 22:31 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-06-06 22:32 - 2015-06-06 22:31 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-06-06 22:32 - 2015-06-06 22:31 - 00272248 _____ C:\Windows\system32\Drivers\aswVmm.sys
2015-06-06 22:32 - 2015-06-06 22:31 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-06-06 22:32 - 2015-06-06 22:31 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-06-06 22:32 - 2015-06-06 22:31 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-06-06 22:32 - 2015-06-06 22:31 - 00065736 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2015-06-06 22:32 - 2015-06-06 22:31 - 00029168 _____ C:\Windows\system32\Drivers\aswHwid.sys
2015-06-06 22:31 - 2015-06-06 22:31 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-06-06 21:56 - 2015-06-06 21:56 - 00000000 ____D C:\Program Files\AVAST Software
2015-06-06 21:54 - 2015-06-06 21:54 - 00000000 ____D C:\ProgramData\AVAST Software
2015-06-06 21:47 - 2015-06-06 21:47 - 00187597 _____ C:\Users\b\AppData\Local\census.cache
2015-06-06 21:47 - 2015-06-06 21:47 - 00074925 _____ C:\Users\b\AppData\Local\ars.cache
2015-06-06 21:44 - 2015-06-06 21:44 - 00000010 _____ C:\Users\b\AppData\Local\sponge.last.runtime.cache
2015-06-06 21:40 - 2015-03-23 01:19 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-06 21:40 - 2015-03-23 01:17 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-06 21:40 - 2015-03-23 01:17 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-06 21:40 - 2015-03-23 01:17 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-06 21:40 - 2015-03-23 01:17 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-06 21:40 - 2015-03-23 01:17 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-06 21:40 - 2015-03-22 18:04 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-06 21:32 - 2015-01-09 02:43 - 00951808 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-06-06 21:32 - 2015-01-09 01:03 - 00601088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-06-06 21:32 - 2015-01-08 19:52 - 00478296 _____ C:\Windows\SysWOW64\locale.nls
2015-06-06 21:32 - 2015-01-08 19:52 - 00478296 _____ C:\Windows\system32\locale.nls
2015-06-06 21:25 - 2015-06-06 21:25 - 00000036 _____ C:\Users\b\AppData\Local\housecall.guid.cache
2015-06-06 20:59 - 2015-03-17 03:00 - 06971712 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-06 20:59 - 2015-03-17 02:52 - 01822696 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-06 20:59 - 2015-03-17 00:45 - 01409496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-06 20:54 - 2015-03-14 04:07 - 01120256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-06-06 20:54 - 2015-03-14 02:33 - 00891904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-06-06 20:49 - 2015-03-10 01:28 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-06 20:49 - 2015-03-10 01:28 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-06 20:49 - 2015-03-10 01:28 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-06 20:49 - 2015-03-10 01:27 - 19292672 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-06 20:49 - 2015-03-10 01:27 - 15409152 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-06 20:49 - 2015-03-10 01:27 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-06 20:49 - 2015-03-10 01:27 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-06-06 20:49 - 2015-03-10 01:27 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-06 20:49 - 2015-03-10 01:27 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-06 20:49 - 2015-03-09 23:49 - 14373376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-06 20:49 - 2015-03-09 23:49 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-06 20:49 - 2015-03-09 23:49 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-06 20:49 - 2015-03-09 23:49 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-06 20:49 - 2015-03-09 23:49 - 00737280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-06-06 20:49 - 2015-03-09 23:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-06 20:49 - 2015-03-09 23:49 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-06 20:49 - 2015-03-09 23:49 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-06 20:49 - 2015-03-09 23:48 - 13767680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-06 20:36 - 2015-06-06 20:37 - 00000000 ____D C:\ProgramData\Iuisosmaame
2015-06-06 20:33 - 2015-06-06 20:33 - 00000000 ____D C:\Users\b\AppData\Roaming\CompuClever
2015-06-06 20:32 - 2015-02-24 03:58 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-06-06 20:31 - 2015-03-04 03:29 - 00361280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2015-06-06 20:31 - 2015-03-04 02:39 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-06-06 20:31 - 2015-03-04 00:52 - 00057856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-10 08:39 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\system32\sru
2015-06-09 09:37 - 2014-12-13 22:19 - 01675312 _____ C:\Windows\WindowsUpdate.log
2015-06-09 09:29 - 2014-12-24 19:11 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-229845758-2511943213-1912753457-1002
2015-06-09 08:34 - 2012-07-26 03:59 - 00000000 ____D C:\Windows\CbsTemp
2015-06-09 08:33 - 2013-11-08 19:13 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2015-06-09 08:32 - 2012-07-26 04:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-06-09 08:32 - 2012-07-26 01:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-06-09 08:22 - 2014-12-13 22:21 - 00003894 _____ C:\Windows\System32\Tasks\User_Feed_Synchronizatio n-{95ABC837-D56B-426B-9429-00D2D006C8BB}
2015-06-06 23:38 - 2014-12-24 19:13 - 00000000 ____D C:\ProgramData\Origin
2015-06-06 23:37 - 2014-12-24 19:12 - 00000000 ____D C:\Program Files (x86)\Origin
2015-06-06 23:13 - 2012-07-26 03:28 - 00941114 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-06 23:08 - 2012-07-26 03:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-06 23:07 - 2012-08-03 18:23 - 00017218 _____ C:\Windows\PFRO.log
2015-06-06 23:06 - 2012-07-26 01:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-06-06 23:03 - 2015-01-31 11:36 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-06 23:03 - 2015-01-31 11:36 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-06 23:03 - 2012-07-26 04:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\System Tools
2015-06-06 23:03 - 2012-07-26 04:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-06-06 23:03 - 2012-07-26 04:12 - 00000000 ____D C:\Program Files\Windows Defender
2015-06-06 23:03 - 2012-07-26 04:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-06-06 21:31 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\WinStore

==================== Files in the root of some directories =======

2015-06-06 21:47 - 2015-06-06 21:47 - 0074925 _____ () C:\Users\b\AppData\Local\ars.cache
2015-06-06 21:47 - 2015-06-06 21:47 - 0187597 _____ () C:\Users\b\AppData\Local\census.cache
2015-06-06 21:25 - 2015-06-06 21:25 - 0000036 _____ () C:\Users\b\AppData\Local\housecall.guid.cache
2015-06-06 21:44 - 2015-06-06 21:44 - 0000010 _____ () C:\Users\b\AppData\Local\sponge.last.runtime.cache

Some files in TEMP:
====================
C:\Users\b\AppData\Local\Temp\COMAP.EXE
C:\Users\b\AppData\Local\Temp\SEVINST64x86.EXE
C:\Users\b\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_10819.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-06 21:28

==================== End of log ============================
Reply With Quote
  #4  
Old June 10th, 2015, 01:57 PM
unforgiven1977 unforgiven1977 is offline
Senior Member
  
Join Date: Feb 2006
Posts: 118
Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by b at 2015-06-10 08:53:17
Running from C:\Users\b\Desktop
Boot Mode: Normal
================================================== ========


==================== Accounts: =============================

Administrator (S-1-5-21-229845758-2511943213-1912753457-500 - Administrator - Disabled)
b (S-1-5-21-229845758-2511943213-1912753457-1002 - Administrator - Enabled) => C:\Users\b
Guest (S-1-5-21-229845758-2511943213-1912753457-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-229845758-2511943213-1912753457-1005 - Limited - Enabled)
miaja_000 (S-1-5-21-229845758-2511943213-1912753457-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{CB4C08E3-800F-65F6-9C00-06814A6B7CE7}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.5901 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2608 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2527 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.5108 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6119 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Diner Dash - Flo on the Go (x32 Version: 2.2.0.95 - WildTangent) Hidden
Diner Dash (x32 Version: 2.2.0.97 - WildTangent) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP Documentation (HKLM-x32\...\{8C1ADF61-4F87-44BC-804C-C20FC70D98BB}) (Version: 1.4.0.0 - Hewlett-Packard)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6317.4309 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{B2F0406F-1609-489A-8626-7DB46776AB57}) (Version: 1.0.5 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{73237EBB-B26F-4628-8754-4EFE563D72E9}) (Version: 2.1.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
OEM Application Profile (HKLM-x32\...\{C89A97B6-F991-EBB5-77B7-927BCF420EBE}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Origin (HKLM-x32\...\Origin) (Version: 9.0.14.2148 - Electronic Arts, Inc.)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6849 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.29053 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.42.130 - Electronic Arts)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

26-04-2015 00:21:24 LavasoftWeCompanion
06-06-2015 21:28:12 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 01:26 - 2012-07-26 01:26 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {12645AD4-A630-492F-A1EA-1347C8E9AC62} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {39FE8CBC-FFF1-4C62-B01F-B7EE9AB1CBFC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {3FC64E68-AD4F-4647-BBDE-B5385E155786} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2013-03-04] (Realtek Semiconductor)
Task: {477080D0-38AB-4D6E-B708-E295986829AF} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-07] (Synaptics Incorporated)
Task: {5261FA65-93E0-4628-9263-58C37CEA9630} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {9E963442-15B9-48D4-A077-555691920FE1} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {D14BF10E-7F36-4576-8875-EB226071EB6B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-06] (Avast Software s.r.o.)
Task: {D3FF85DE-4121-4842-86A4-8F5037258674} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
Task: {D4871636-B12A-4FC5-97CB-DE0C2C0CD529} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)

==================== Loaded Modules (Whitelisted) ==============

2013-03-14 03:41 - 2013-03-14 03:41 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-06-06 23:08 - 2015-06-06 23:08 - 00003072 _____ () C:\Windows\TEMP\isdkH0oB6PqI\ISightHost.exe
2015-06-06 23:08 - 2014-08-25 14:46 - 00813568 _____ () C:\Windows\TEMP\isdkH0oB6PqI\ISightSDK.DLL
2015-02-01 13:41 - 2015-02-01 13:42 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ ErrorReporting\ErrorReporting.dll
2013-03-14 03:41 - 2013-03-14 03:41 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-01-29 15:24 - 2015-01-29 15:24 - 00175120 _____ () C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.439 6.311_x64__8wekyb3d8bbwe\ModernShared\ErrorReporti ng\ErrorReporting.dll
2015-06-06 22:31 - 2015-06-06 22:31 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-06-06 22:31 - 2015-06-06 22:31 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-06 22:32 - 2015-06-06 22:32 - 02952192 _____ () C:\Program Files\AVAST Software\Avast\defs\15060601\algo.dll
2015-06-10 08:52 - 2015-06-10 08:52 - 02953216 _____ () C:\Program Files\AVAST Software\Avast\defs\15061000\algo.dll
2013-11-08 19:01 - 2012-06-07 23:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 15:34 - 2012-06-08 15:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-06-06 22:31 - 2015-06-06 22:31 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-229845758-2511943213-1912753457-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.1.1 - 209.18.47.61

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{24045D66-6AE0-4638-B7FA-1648E2209737}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\Sky Drive\SkyDrive.exe
FirewallRules: [{AA213117-DCC7-4927-9E97-D8D1AC1D2E5A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{CBE3E77D-88FC-4F91-BF1E-610B4196FBA8}] => (Allow) LPort=2869
FirewallRules: [{A3D2BFA3-9BD9-474F-853C-E604963C89E5}] => (Allow) LPort=1900
FirewallRules: [{70762B2A-4AC0-4C28-AE34-B20AFA95FCBC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2695896B-E1FA-45FD-ADFF-6C573D41DF02}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{670FE5F3-3417-4698-BC90-95DD61ACDD97}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{789F1281-F552-4565-9C73-B2923ED43713}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{74A4C22C-09AA-48AE-9A7D-C1635E4E9BC3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/10/2015 08:43:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Map.exe version 1.6.1821.2624 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 5f8

Start Time: 01d0a37ae8bef9e7

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.BingMaps_1.6.1821.2624 _x64__8wekyb3d8bbwe\Map.exe

Report Id: 40072545-0f6e-11e5-be84-a0d3c19851bd

Faulting package full name: Microsoft.BingMaps_1.6.1821.2624_x64__8wekyb3d8bbw e

Faulting package-relative application ID: AppexMaps

Error: (06/10/2015 08:43:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HPPC)
Description: Activation of app Microsoft.BingMaps_8wekyb3d8bbwe!AppexMaps failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/10/2015 08:43:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Map.exe version 1.6.1821.2624 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 5f8

Start Time: 01d0a37ae8bef9e7

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.BingMaps_1.6.1821.2624 _x64__8wekyb3d8bbwe\Map.exe

Report Id: 2fd47cf5-0f6e-11e5-be84-a0d3c19851bd

Faulting package full name: Microsoft.BingMaps_1.6.1821.2624_x64__8wekyb3d8bbw e

Faulting package-relative application ID: AppexMaps

Error: (06/09/2015 09:31:30 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.17267 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 724

Start Time: 01d0a2b3043bfc3a

Termination Time: 219

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: d1605ee0-0eab-11e5-be84-a0d3c19851bd

Faulting package full name:

Faulting package-relative application ID:

Error: (06/09/2015 08:54:52 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (06/09/2015 08:15:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 198541303

Error: (06/09/2015 08:15:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 198541303

Error: (06/09/2015 08:15:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/06/2015 11:17:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.17267 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1344

Start Time: 01d0a0d059f1980b

Termination Time: 0

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: a0fc3fd8-0cc3-11e5-be84-a0d3c19851bd

Faulting package full name:

Faulting package-relative application ID:

Error: (06/06/2015 08:31:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17267, time stamp: 0x54e7f156
Faulting module name: ntdll.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
Exception code: 0xc0000022
Fault offset: 0x00078c9e
Faulting process id: 0x1bd0
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5


System errors:
=============
Error: (06/09/2015 08:26:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The dyEuGnZrMm service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (06/06/2015 11:07:00 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (04/25/2015 11:39:01 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:20:24 PM on ‎4/‎25/‎2015 was unexpected.

Error: (04/10/2015 11:10:37 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Software Protection service hung on starting.

Error: (04/10/2015 11:08:04 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The HP Support Assistant Service service hung on starting.

Error: (04/10/2015 11:00:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80248007: Security Update for Windows 8 for x64-based Systems (KB3046049).

Error: (04/10/2015 11:00:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80248007: Security Update for Windows 8 for x64-based Systems (KB3034344).

Error: (04/10/2015 11:00:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80248007: Security Update for Windows 8 for x64-based Systems (KB3032323).

Error: (04/10/2015 11:00:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80248007: Security Update for Windows 8 for x64-based Systems (KB3035132).

Error: (04/10/2015 11:00:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80248007: Security Update for Windows 8 for x64-based Systems (KB3033889).


Microsoft Office:
=========================
Error: (06/10/2015 08:43:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Map.exe1.6.1821.26245f801d0a37ae8bef9e74294967295C :\Program Files\WindowsApps\Microsoft.BingMaps_1.6.1821.2624 _x64__8wekyb3d8bbwe\Map.exe40072545-0f6e-11e5-be84-a0d3c19851bdMicrosoft.BingMaps_1.6.1821.2624_x64__ 8wekyb3d8bbweAppexMaps

Error: (06/10/2015 08:43:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HPPC)
Description: Microsoft.BingMaps_8wekyb3d8bbwe!AppexMaps-2144927142

Error: (06/10/2015 08:43:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Map.exe1.6.1821.26245f801d0a37ae8bef9e74294967295C :\Program Files\WindowsApps\Microsoft.BingMaps_1.6.1821.2624 _x64__8wekyb3d8bbwe\Map.exe2fd47cf5-0f6e-11e5-be84-a0d3c19851bdMicrosoft.BingMaps_1.6.1821.2624_x64__ 8wekyb3d8bbweAppexMaps

Error: (06/09/2015 09:31:30 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE10.0.9200.1726772401d0a2b3043bfc3a219C :\Program Files (x86)\Internet Explorer\IEXPLORE.EXEd1605ee0-0eab-11e5-be84-a0d3c19851bd

Error: (06/09/2015 08:54:52 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (06/09/2015 08:15:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 198541303

Error: (06/09/2015 08:15:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 198541303

Error: (06/09/2015 08:15:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/06/2015 11:17:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE10.0.9200.17267134401d0a0d059f1980b0C: \Program Files (x86)\Internet Explorer\IEXPLORE.EXEa0fc3fd8-0cc3-11e5-be84-a0d3c19851bd

Error: (06/06/2015 08:31:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1726754e7f156ntdll.dll6.2.92 00.1704653b485c4c000002200078c9e1bd001d0a0b95a61e7 c2C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SYSTEM32\ntdll.dll 99d7309c-0cac-11e5-be83-a0d3c19851bd


==================== Memory info ===========================

Processor: AMD E2-1800 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 41%
Total physical RAM: 3682.26 MB
Available physical RAM: 2147.53 MB
Total Pagefile: 4642.26 MB
Available Pagefile: 2827.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:443.04 GB) (Free:383.51 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:21.96 GB) (Free:2.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Sims3) (CDROM) (Total:6.93 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (Size: 465.8 GB) (Disk ID: 1E1F4777)

Partition: GPT Partition Type.

==================== End of log ============================
Reply With Quote
  #5  
Old June 10th, 2015, 03:36 PM
schrauber's Avatar
schrauber schrauber is offline
CTH Subscriber
  
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 42
Posts: 5,017
Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.
Reply With Quote
  #6  
Old June 10th, 2015, 10:16 PM
unforgiven1977 unforgiven1977 is offline
Senior Member
  
Join Date: Feb 2006
Posts: 118
# AdwCleaner v4.206 - Logfile created 10/06/2015 at 17:08:03
# Updated 01/06/2015 by Xplode
# Database : 2015-06-09.1 [Server]
# Operating system : Windows 8 (x64)
# Username : b - HPPC
# Running from : C:\Users\b\Desktop\adwcleaner_4.206.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\ProgramData\Browser

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Boost
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Found : [x64] HKCU\Software\Boost
Key Found : HKLM\SOFTWARE\Boost
Key Found : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
Key Found : [x64] HKLM\SOFTWARE\WebBar

***** [ Web browsers ] *****

-\\ Internet Explorer v10.0.9200.17267


*************************

AdwCleaner[R0].txt - [1125 bytes] - [10/06/2015 17:08:03]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1184 bytes] ##########
Reply With Quote
  #7  
Old June 20th, 2015, 10:01 PM
unforgiven1977 unforgiven1977 is offline
Senior Member
  
Join Date: Feb 2006
Posts: 118
So...Is there nothing more for me to do with this machine?
Reply With Quote
  #8  
Old June 21st, 2015, 07:24 AM
schrauber's Avatar
schrauber schrauber is offline
CTH Subscriber
  
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 42
Posts: 5,017
Sorry for the late reply. I missed your answer.

PLease re-run AdwCleaner and click on the Clean button, then please post back with a fresh FRST logfile.
Reply With Quote
  #9  
Old June 23rd, 2015, 02:56 PM
unforgiven1977 unforgiven1977 is offline
Senior Member
  
Join Date: Feb 2006
Posts: 118
# AdwCleaner v4.207 - Logfile created 23/06/2015 at 09:47:59
# Updated 21/06/2015 by Xplode
# Database : 2015-06-21.2 [Server]
# Operating system : Windows 8 (x64)
# Username : b - HPPC
# Running from : C:\Users\b\Desktop\adwcleaner_4.207.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Browser

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
Key Deleted : HKCU\Software\Boost
Key Deleted : HKLM\SOFTWARE\Boost
Key Deleted : [x64] HKLM\SOFTWARE\WebBar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com

***** [ Web browsers ] *****

-\\ Internet Explorer v10.0.9200.17377


*************************

AdwCleaner[R0].txt - [1279 bytes] - [10/06/2015 17:08:03]
AdwCleaner[R1].txt - [1338 bytes] - [23/06/2015 09:45:54]
AdwCleaner[S0].txt - [1230 bytes] - [23/06/2015 09:47:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1289 bytes] ##########
Reply With Quote
  #10  
Old June 24th, 2015, 05:47 AM
schrauber's Avatar
schrauber schrauber is offline
CTH Subscriber
  
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 42
Posts: 5,017
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt


Also please post back with a fresh FRST logfile and tell me how the system is running.
Reply With Quote
  #11  
Old June 29th, 2015, 10:36 PM
unforgiven1977 unforgiven1977 is offline
Senior Member
  
Join Date: Feb 2006
Posts: 118
I'm having considerable trouble running the ESET online scanner. The add-on does not seem to want to install for me. This machine is running Windows 8 and IE10. No matter what I try I continue to get the message "This website wants to install the following add-on: 'OnlineSacanner.cab' from 'ESET, spol. s r.o.'." So I click the install button and get the following response "An add-on for this website failed to run."
Reply With Quote
  #12  
Old June 30th, 2015, 06:03 AM
schrauber's Avatar
schrauber schrauber is offline
CTH Subscriber
  
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 42
Posts: 5,017
Please skip ESET and run a full system scan with your av program.
Reply With Quote
  #13  
Old June 30th, 2015, 09:33 PM
unforgiven1977 unforgiven1977 is offline
Senior Member
  
Join Date: Feb 2006
Posts: 118
C:\ProgramData\Microsoft\Diagnosis\events01.rbs
C:\Users\b\Downloads\adwcleaner_4.207.exe
C:\Users\b\adwcleaner_4.207.exe
C:\Users\b\adwcleaner_4.207.exe

These were the only items detected in the Avast scan.
Reply With Quote
  #14  
Old July 1st, 2015, 05:27 AM
schrauber's Avatar
schrauber schrauber is offline
CTH Subscriber
  
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 42
Posts: 5,017
Ok, nothing really bad. Please post back with a fresh FRST logfile and tell me how the system is running.
Reply With Quote
  #15  
Old July 2nd, 2015, 03:07 PM
unforgiven1977 unforgiven1977 is offline
Senior Member
  
Join Date: Feb 2006
Posts: 118
Seems to be running fine.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by b (administrator) on HPPC on 02-07-2015 10:02:32
Running from C:\Users\b\Desktop
Loaded Profiles: b (Available Profiles: b)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\Pres entationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen task.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen task.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-02-25] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-06] (Avast Software s.r.o.)
HKLM\...\RunOnce: [RollbackOnline] => C:\$Windows.~BT\Sources\SetupPlatform.exe [6620824 2015-01-22] (Microsoft Corporation)
HKU\S-1-5-21-229845758-2511943213-1912753457-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632112 2015-06-30] (Electronic Arts)
HKU\S-1-5-21-229845758-2511943213-1912753457-1002\...\MountPoints2: {b637bb8c-75f2-11e4-be72-806e6f6e6963} - "E:\Autorun.exe"
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-06] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
BootExecute: autocheck autochk * aswBoot.exe /A:"* " /L:"1033" /heur:80 /RA:ask /pup /archives /IA:0 /KBD:1 /wow /dir:"C:\Program Files\AVAST Software\Avast"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKU\S-1-5-21-229845758-2511943213-1912753457-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D {searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D {searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-229845758-2511943213-1912753457-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D {searchTerms}&keyword={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-06] (Avast Software s.r.o.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-06] (Avast Software s.r.o.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckP lugin.dll [2012-07-09] (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-229845758-2511943213-1912753457-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-229845758-2511943213-1912753457-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{2611DE54-A7B3-44AA-98DF-C150FAF80C7E}: [DhcpNameServer] 192.168.1.1 209.18.47.61 209.18.47.62

FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636 .dll [2012-08-08] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp .dll [2014-11-14] ()
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-06-06]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-06-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-14] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-06] (Avast Software s.r.o.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2014-12-17] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-02-01] (Hewlett-Packard Development Company, L.P.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-06-30] (Electronic Arts)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-03-04] (Realtek Semiconductor)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-06] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-06] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-06] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-30] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-06] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-06] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288328 2013-01-23] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-05-07] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [33008 2013-05-07] (Synaptics Incorporated)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64 .sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-02 10:02 - 2015-07-02 10:02 - 02112512 _____ (Farbar) C:\Users\b\Desktop\FRST64.exe
2015-06-29 17:11 - 2015-06-29 17:11 - 00001564 _____ C:\Windows\comsetup.log
2015-06-28 00:10 - 2015-06-29 17:18 - 00022863 _____ C:\Windows\diagwrn.xml
2015-06-28 00:10 - 2015-06-29 17:18 - 00022863 _____ C:\Windows\diagerr.xml
2015-06-23 09:45 - 2015-06-23 09:45 - 02244096 _____ C:\Users\b\Downloads\adwcleaner_4.207.exe
2015-06-23 09:45 - 2015-06-23 09:45 - 02244096 _____ C:\Users\b\Desktop\adwcleaner_4.207.exe
2015-06-20 17:11 - 2015-05-27 22:02 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-20 17:10 - 2015-05-27 22:04 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-20 17:10 - 2015-05-27 22:03 - 02237440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-20 17:10 - 2015-05-27 22:03 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-20 17:10 - 2015-05-27 22:03 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2015-06-20 17:10 - 2015-05-27 22:03 - 00601600 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-20 17:10 - 2015-05-27 22:03 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2015-06-20 17:10 - 2015-05-27 22:02 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-20 17:10 - 2015-05-27 22:02 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-20 17:10 - 2015-05-27 22:02 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-20 17:10 - 2015-05-27 22:01 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-20 17:10 - 2015-05-27 22:01 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-20 17:10 - 2015-05-27 22:01 - 02656768 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-20 17:10 - 2015-05-27 22:01 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-06-20 17:10 - 2015-05-27 22:01 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-20 17:10 - 2015-05-27 22:01 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-20 17:10 - 2015-05-27 22:01 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-20 17:10 - 2015-05-27 22:01 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-20 17:10 - 2015-05-27 22:01 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-06-20 17:10 - 2015-05-27 22:01 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-20 17:10 - 2015-05-27 22:01 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-20 17:10 - 2015-05-27 22:01 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-20 17:10 - 2015-05-27 22:00 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-20 17:10 - 2015-05-27 20:45 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-20 17:10 - 2015-05-27 20:45 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-20 17:10 - 2015-05-27 20:45 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-20 17:10 - 2015-05-27 20:45 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2015-06-20 17:10 - 2015-05-27 20:44 - 14383104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-20 17:10 - 2015-05-27 20:44 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-20 17:10 - 2015-05-27 20:44 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-20 17:10 - 2015-05-27 20:44 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-20 17:10 - 2015-05-27 20:43 - 13771776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-20 17:10 - 2015-05-27 20:43 - 02865152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-20 17:10 - 2015-05-27 20:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-20 17:10 - 2015-05-27 20:43 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-20 17:10 - 2015-05-27 20:43 - 00737280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-06-20 17:10 - 2015-05-27 20:43 - 00690176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-20 17:10 - 2015-05-27 20:43 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-20 17:10 - 2015-05-27 20:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-20 17:10 - 2015-05-27 20:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-20 17:10 - 2015-05-27 20:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-06-20 17:10 - 2015-05-27 20:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-20 17:10 - 2015-05-27 20:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-20 17:10 - 2015-05-27 20:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-20 17:10 - 2015-05-27 20:24 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-20 17:10 - 2015-05-27 20:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-20 17:10 - 2015-05-27 20:22 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2015-06-20 17:10 - 2015-05-27 20:20 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2015-06-20 17:10 - 2015-05-27 20:00 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-20 17:10 - 2015-05-27 19:55 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-20 17:10 - 2015-05-27 18:14 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2015-06-20 17:10 - 2015-04-24 23:41 - 00541696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-20 17:10 - 2015-04-24 19:13 - 00652288 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-20 17:10 - 2015-04-08 18:05 - 00410336 _____ C:\Windows\system32\ApnDatabase.xml
2015-06-20 17:09 - 2015-05-21 14:07 - 04067840 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 17:07 - 2015-06-23 09:48 - 00000000 ____D C:\AdwCleaner
2015-06-10 08:53 - 2015-06-10 08:55 - 00025248 _____ C:\Users\b\Desktop\Addition.txt
2015-06-10 08:50 - 2015-07-02 10:02 - 00011294 _____ C:\Users\b\Desktop\FRST.txt
2015-06-10 08:50 - 2015-07-02 10:02 - 00000000 ____D C:\FRST
2015-06-09 08:23 - 2015-04-30 09:07 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNativ e_v0300.dll
2015-06-09 08:23 - 2015-04-30 09:07 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNativ e_v0300.dll
2015-06-07 00:21 - 2015-04-13 01:32 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-06-07 00:21 - 2015-04-13 01:30 - 01839616 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-06-07 00:21 - 2015-04-13 01:30 - 01280512 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-06-07 00:21 - 2015-04-13 00:05 - 01416192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-06-07 00:11 - 2015-03-12 01:31 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-06-07 00:11 - 2015-03-12 01:31 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll
2015-06-07 00:11 - 2015-03-11 23:52 - 01933312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-06-07 00:11 - 2015-03-04 02:41 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-06-07 00:11 - 2015-03-04 02:39 - 00632832 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-06-07 00:11 - 2015-03-04 02:39 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-06-07 00:11 - 2015-03-04 00:53 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-06-07 00:11 - 2015-03-04 00:52 - 00676864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-06-07 00:10 - 2015-05-02 02:28 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-07 00:10 - 2015-05-01 23:59 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-07 00:10 - 2015-05-01 23:36 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-07 00:10 - 2015-04-13 18:09 - 00570248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-06-07 00:10 - 2015-04-06 01:36 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2015-06-07 00:10 - 2015-04-06 00:08 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2015-06-07 00:10 - 2015-02-18 03:39 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-06-07 00:10 - 2015-02-18 03:38 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2015-06-06 23:57 - 2015-06-07 00:12 - 00000000 ____D C:\Users\b\AppData\Roaming\Google
2015-06-06 23:07 - 2015-06-23 09:38 - 00281624 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-06 22:50 - 2015-06-06 22:50 - 00001929 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-06-06 22:50 - 2015-06-06 22:50 - 00000000 ____D C:\Users\b\AppData\Roaming\AVAST Software
2015-06-06 22:50 - 2015-06-06 22:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-06-06 22:48 - 2015-06-23 09:41 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-06-06 22:48 - 2015-06-23 09:36 - 00000000 ____D C:\Program Files\Google
2015-06-06 22:32 - 2015-06-30 09:29 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-06-06 22:32 - 2015-06-23 09:36 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-06 22:32 - 2015-06-09 08:29 - 00000000 ____D C:\Users\b\AppData\Local\Google
2015-06-06 22:32 - 2015-06-06 22:31 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-06-06 22:32 - 2015-06-06 22:31 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys.143567095116 2
2015-06-06 22:32 - 2015-06-06 22:31 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-06-06 22:32 - 2015-06-06 22:31 - 00272248 _____ C:\Windows\system32\Drivers\aswVmm.sys
2015-06-06 22:32 - 2015-06-06 22:31 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-06-06 22:32 - 2015-06-06 22:31 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-06-06 22:32 - 2015-06-06 22:31 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-06-06 22:32 - 2015-06-06 22:31 - 00065736 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2015-06-06 22:32 - 2015-06-06 22:31 - 00029168 _____ C:\Windows\system32\Drivers\aswHwid.sys
2015-06-06 22:31 - 2015-06-06 22:31 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-06-06 21:56 - 2015-06-06 21:56 - 00000000 ____D C:\Program Files\AVAST Software
2015-06-06 21:54 - 2015-06-06 21:54 - 00000000 ____D C:\ProgramData\AVAST Software
2015-06-06 21:47 - 2015-06-06 21:47 - 00187597 _____ C:\Users\b\AppData\Local\census.cache
2015-06-06 21:47 - 2015-06-06 21:47 - 00074925 _____ C:\Users\b\AppData\Local\ars.cache
2015-06-06 21:44 - 2015-06-06 21:44 - 00000010 _____ C:\Users\b\AppData\Local\sponge.last.runtime.cache
2015-06-06 21:40 - 2015-03-23 01:19 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-06 21:40 - 2015-03-23 01:17 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-06 21:40 - 2015-03-23 01:17 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-06 21:40 - 2015-03-23 01:17 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-06 21:40 - 2015-03-23 01:17 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-06 21:40 - 2015-03-23 01:17 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-06 21:40 - 2015-03-22 18:04 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-06 21:32 - 2015-01-09 02:43 - 00951808 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-06-06 21:32 - 2015-01-09 01:03 - 00601088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-06-06 21:32 - 2015-01-08 19:52 - 00478296 _____ C:\Windows\SysWOW64\locale.nls
2015-06-06 21:32 - 2015-01-08 19:52 - 00478296 _____ C:\Windows\system32\locale.nls
2015-06-06 21:25 - 2015-06-06 21:25 - 00000036 _____ C:\Users\b\AppData\Local\housecall.guid.cache
2015-06-06 20:59 - 2015-03-17 03:00 - 06971712 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-06 20:59 - 2015-03-17 02:52 - 01822696 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-06 20:59 - 2015-03-17 00:45 - 01409496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-06 20:54 - 2015-03-14 04:07 - 01120256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-06-06 20:54 - 2015-03-14 02:33 - 00891904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-06-06 20:36 - 2015-06-06 20:37 - 00000000 ____D C:\ProgramData\Iuisosmaame
2015-06-06 20:33 - 2015-06-06 20:33 - 00000000 ____D C:\Users\b\AppData\Roaming\CompuClever
2015-06-06 20:32 - 2015-02-24 03:58 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-06-06 20:31 - 2015-03-04 03:29 - 00361280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2015-06-06 20:31 - 2015-03-04 02:39 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-06-06 20:31 - 2015-03-04 00:52 - 00057856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-02 10:02 - 2014-12-13 22:21 - 00003894 _____ C:\Windows\System32\Tasks\User_Feed_Synchronizatio n-{95ABC837-D56B-426B-9429-00D2D006C8BB}
2015-07-02 10:00 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\system32\sru
2015-06-30 14:27 - 2012-07-26 03:59 - 00000000 ____D C:\Windows\CbsTemp
2015-06-30 11:17 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\rescache
2015-06-30 09:27 - 2014-12-24 19:13 - 00000000 ____D C:\ProgramData\Origin
2015-06-30 09:27 - 2014-12-24 19:12 - 00000000 ____D C:\Program Files (x86)\Origin
2015-06-29 17:38 - 2014-12-13 22:19 - 01276309 _____ C:\Windows\WindowsUpdate.log
2015-06-29 17:18 - 2012-07-26 03:21 - 00427124 _____ C:\Windows\setupact.log
2015-06-29 17:18 - 2012-07-26 01:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-06-29 17:17 - 2012-08-03 18:40 - 00012507 _____ C:\Windows\iis.log
2015-06-29 17:17 - 2012-07-26 04:13 - 00005264 _____ C:\Windows\DtcInstall.log
2015-06-29 17:11 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\Registration
2015-06-29 17:06 - 2014-11-21 18:09 - 00000000 ___HD C:\$Windows.~BT
2015-06-29 17:02 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\AUInstallAgent
2015-06-23 09:50 - 2012-07-26 03:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-23 09:49 - 2012-07-26 01:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-06-23 09:46 - 2012-07-26 03:28 - 00941114 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-23 09:37 - 2013-11-08 19:13 - 00000000 ____D C:\ProgramData\Norton
2015-06-23 09:37 - 2012-08-03 18:23 - 00692364 _____ C:\Windows\PFRO.log
2015-06-20 17:25 - 2015-01-29 16:11 - 00000000 ____D C:\Windows\system32\MRT
2015-06-20 17:25 - 2012-07-26 03:52 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-09 09:29 - 2014-12-24 19:11 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-229845758-2511943213-1912753457-1002
2015-06-09 08:32 - 2012-07-26 04:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-06-06 23:03 - 2015-01-31 11:36 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-06 23:03 - 2015-01-31 11:36 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-06 23:03 - 2012-07-26 04:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\System Tools
2015-06-06 23:03 - 2012-07-26 04:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-06-06 23:03 - 2012-07-26 04:12 - 00000000 ____D C:\Program Files\Windows Defender
2015-06-06 23:03 - 2012-07-26 04:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-06-06 21:31 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\WinStore

==================== Files in the root of some directories =======

2015-06-06 21:47 - 2015-06-06 21:47 - 0074925 _____ () C:\Users\b\AppData\Local\ars.cache
2015-06-06 21:47 - 2015-06-06 21:47 - 0187597 _____ () C:\Users\b\AppData\Local\census.cache
2015-06-06 21:25 - 2015-06-06 21:25 - 0000036 _____ () C:\Users\b\AppData\Local\housecall.guid.cache
2015-06-06 21:44 - 2015-06-06 21:44 - 0000010 _____ () C:\Users\b\AppData\Local\sponge.last.runtime.cache

Some files in TEMP:
====================
C:\Users\b\AppData\Local\Temp\COMAP.EXE
C:\Users\b\AppData\Local\Temp\Quarantine.exe
C:\Users\b\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-06 21:28

==================== End of log ============================
Reply With Quote
Reply
Page 1 of 2 1 2

Bookmarks

« Previous Topic | Next Topic »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
Can Malwarebytes Anti Malware actually get rid of malware such as Windows System? dwilliams1578 Malware Removal 2 June 4th, 2011 09:39 AM
AVG keeps blocking "UK9.exe" malware, Firefox keeps redirecting to malware. Vulpix Malware Removal 5 March 2nd, 2010 03:00 AM
Malware? Bremang Malware Removal 1 October 16th, 2008 08:12 PM
Possible Malware bkbigshow Malware Removal 21 October 5th, 2008 04:15 AM
new malware j Bmxrider Malware Removal 1 May 28th, 2008 01:09 PM


All times are GMT +1. The time now is 11:18 AM.