Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91819 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Chrome - Random Downloads? [Closed]


  • This topic is locked This topic is locked
9 replies to this topic

#1 RevenantWolf

RevenantWolf

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 01 August 2014 - 09:22 AM

Hi there, I was hoping I could get some help! :)

 

I'm using a TOSHIBA laptop, Intel® Core ™ i3-3120M CPU @ 2.50GHz, 64-bit Operating System, x64-based processor, with windows 8. 

 

This morning I found my google chrome had started to begin random downloads of files when I try to click on links. These links can be anything, from wikipedia to facebook pages. I have cancelled all of these but am very worried. My touchpad stops working quite often, too. I do not know if this is a malware or not. I have Avast antivirus, and have ran numerous scans this morning only to find no apparent issues, yet the problem is still unresolved. I have cleared all my internet data, have had to reinstall ad blocker. I tried to fix the issue myself by downloading YAC to remove a strange program that had appeared in my list of programs this morning, too. Now that will no longer open.

 

I'm currently freaking out over this whole issue and have no idea what to do! Any help would be absolutely wonderful! 


    Advertisements

Register to Remove


#2 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 01 August 2014 - 12:04 PM

:welcome:

 

Lets run a few scans and see whats going on

 

1QYkxTZ.jpg Please download aswMBR to your desktop.
 
  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
 
I just want to see the report....Please Do Not Fix Anything
 
 
 
============================================================================
 
 

Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
A simple way to check your system: Start --> Computer (right click) --> Properties
 
 
  •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Please make sure All Users is checked
  • Do not check 
*List BCD
*Drivers MD5
*Shortcut txt
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
 
 
 
 

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#3 RevenantWolf

RevenantWolf

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 01 August 2014 - 12:33 PM

Hello there Ken! first of all I'd like to thank you for taking the time to help me :)

 

Here are the logs - 

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-08-01 19:22:53
-----------------------------
19:22:53.497    OS Version: Windows x64 6.2.9200 
19:22:53.497    Number of processors: 4 586 0x3A09
19:22:53.497    ComputerName: NIGHTFALL-PC2  UserName: User
19:23:05.325    Initialize success
19:23:05.325    VM: initialized successfully
19:23:05.334    VM: Intel CPU supported virtualized 
19:23:08.193    VM: disk I/O iaStorA.sys
19:23:11.153    AVAST engine defs: 14080100
19:23:26.153    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000003c
19:23:26.156    Disk 0 Vendor: TOSHIBA_MQ01ABF050 AM003M Size: 476940MB BusType: 11
19:23:26.284    Disk 0 MBR read successfully
19:23:26.289    Disk 0 MBR scan
19:23:26.297    Disk 0 unknown MBR code
19:23:26.303    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
19:23:26.433    Disk 0 scanning C:\windows\system32\drivers
19:23:35.977    Service scanning
19:24:07.075    Modules scanning
19:24:07.090    Disk 0 trace - called modules:
19:24:07.109    ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll iaStorA.sys 
19:24:07.118    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005779060]
19:24:07.126    3 CLASSPNP.SYS[fffff88002013e0a] -> nt!IofCallDriver -> \Device\0000003c[0xfffffa8004cf2450]
19:24:08.331    AVAST engine scan C:\windows
19:24:09.798    AVAST engine scan C:\windows\system32
19:26:39.088    AVAST engine scan C:\windows\system32\drivers
19:26:54.143    AVAST engine scan C:\Users\User
19:27:03.471    Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
19:27:03.475    The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 02
Ran by User (administrator) on NIGHTFALL-PC2 on 01-08-2014 19:29:39
Running from C:\Users\User\Desktop
Platform: Windows 8 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Crawler.com) C:\Program Files (x86)\CStart8\CStart8Tray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft® Corporation) C:\Program Files (x86)\Microsoft Works\WksWP.exe
(Microsoft® Corporation) C:\Program Files (x86)\Microsoft Works\WkDStore.exe
(Microsoft® Corporation) C:\Program Files (x86)\Microsoft Works\wkgdcach.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft® Corporation) C:\Program Files (x86)\Microsoft Works\WksWP.exe
(Microsoft® Corporation) C:\Program Files (x86)\Microsoft Works\WksWP.exe
(Microsoft® Corporation) C:\Program Files (x86)\Microsoft Works\WksWP.exe
(Microsoft® Corporation) C:\Program Files (x86)\Microsoft Works\WksWP.exe
(Microsoft® Corporation) C:\Program Files (x86)\Microsoft Works\WksWP.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Users\User\Desktop\aswMBR.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2717176 2013-01-04] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Intel AppUp® center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-18] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-01] (AVAST Software)
HKLM-x32\...\Run: [CStart8] => C:\Program Files (x86)\CStart8\CStart8Tray64.exe [3138656 2013-10-04] (Crawler.com)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2551212740-1649502207-2926927182-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
HKU\S-1-5-21-2551212740-1649502207-2926927182-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2551212740-1649502207-2926927182-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2551212740-1649502207-2926927182-1001\...\MountPoints2: {605d025a-34dc-11e3-be7e-24fd52c78bf4} - "E:\DMMdSetup.exe" 
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\User\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\User\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\User\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\User\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\User\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\User\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://search.condui...6AB100406&SSPV=
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
SearchScopes: HKLM - {E4968096-FA9A-4460-BC28-E23549DAF8E4} URL = http://start.mysearc...=1913646565&ir=
SearchScopes: HKLM-x32 - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
SearchScopes: HKLM-x32 - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
SearchScopes: HKLM-x32 - {E4968096-FA9A-4460-BC28-E23549DAF8E4} URL = http://www.bing.com/...E10TR&pc=MATMJS
SearchScopes: HKCU - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
SearchScopes: HKCU - {E4968096-FA9A-4460-BC28-E23549DAF8E4} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-01]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR DefaultSearchKeyword: google.co.uk
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-30]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-30]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-30]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-30]
CHR Extension: (Click&Clean) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2014-08-01]
CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-01]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-08-01]
CHR Extension: (Skype Click to Call) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-02-18]
CHR Extension: (Totoro Rainy Day) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmiagjknjjfockcklibjlfdojojaffff [2014-08-01]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-30]
CHR Extension: (Click&Clean App) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2014-08-01]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-30]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\User\AppData\Local\mysearchdial-speeddial.crx [2014-01-30]
CHR HKCU\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\User\AppData\Local\mysearchdial-speeddial.crx [2014-01-30]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-01]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\User\AppData\Local\mysearchdial-speeddial.crx [2014-04-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-01] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-04-10] ()
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
R3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2013-07-18] (Toshiba Europe GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
S2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [X]
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-01] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-01] ()
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2013-10-15] (Disc Soft Ltd)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-03-15] (Synaptics Incorporated)
S3 STHDA; C:\Windows\system32\DRIVERS\stwrt64.sys [546304 2013-03-13] (IDT, Inc.) [File not signed]
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows ® Win 7 DDK provider)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-26] (Microsoft Corporation)
S3 AmUStor; \SystemRoot\system32\drivers\AmUStor.SYS [X]
S3 L1C; \SystemRoot\system32\DRIVERS\L1C63x64.sys [X]
U3 aswMBR; \??\C:\Users\User\AppData\Local\Temp\aswMBR.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-01 19:29 - 2014-08-01 19:30 - 00019566 _____ () C:\Users\User\Desktop\FRST.txt
2014-08-01 19:29 - 2014-08-01 19:29 - 00000000 ____D () C:\FRST
2014-08-01 19:28 - 2014-08-01 19:28 - 02094080 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-08-01 19:27 - 2014-08-01 19:27 - 01084928 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2014-08-01 19:27 - 2014-08-01 19:27 - 00001733 _____ () C:\Users\User\Desktop\aswMBR.txt
2014-08-01 19:27 - 2014-08-01 19:27 - 00000512 _____ () C:\Users\User\Desktop\MBR.dat
2014-08-01 19:22 - 2014-08-01 19:22 - 05185536 _____ (AVAST Software) C:\Users\User\Desktop\aswMBR.exe
2014-08-01 16:32 - 2014-08-01 16:32 - 01016261 _____ (Thisisu) C:\Users\User\Downloads\JRT.exe
2014-08-01 15:45 - 2014-08-01 19:21 - 01169408 _____ () C:\Users\User\Documents\Lahaina.wps
2014-08-01 13:51 - 2014-08-01 13:51 - 00001977 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-01 13:50 - 2014-08-01 13:50 - 00092008 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-08-01 13:50 - 2014-08-01 13:50 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-08-01 13:50 - 2014-08-01 13:50 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-08-01 11:25 - 2014-08-01 11:25 - 00000000 ____D () C:\windows\system32\log
2014-08-01 11:25 - 2014-08-01 11:25 - 00000000 ____D () C:\Users\User\AppData\Roaming\eCyber
2014-08-01 11:25 - 2014-07-25 11:13 - 00045248 _____ (Elex do Brasil Participações Ltda) C:\windows\system32\Drivers\iSafeKrnlBoot.sys
2014-08-01 11:24 - 2014-08-01 16:28 - 00000000 ____D () C:\Users\User\AppData\Roaming\iSafe
2014-07-29 23:17 - 2014-07-29 23:17 - 00000000 ____D () C:\Users\User\AppData\Local\Microsoft Help
2014-07-29 19:52 - 2014-07-29 19:52 - 00226304 _____ () C:\Users\User\Downloads\Minecraft Wolf-Dog PaperCraft 2.ppt
2014-07-29 17:31 - 2014-08-01 15:37 - 01245184 _____ () C:\Users\User\Desktop\Inoke.wps
2014-07-25 15:21 - 2014-07-25 15:21 - 00000000 ____D () C:\Users\User\AppData\Roaming\IDT
2014-07-23 19:49 - 2014-07-23 19:49 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-07-14 10:00 - 2014-07-14 10:01 - 05127088 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-13 00:20 - 2014-07-13 00:20 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-11 19:19 - 2014-06-18 00:27 - 01440256 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-07-11 19:19 - 2014-06-18 00:24 - 01557504 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-11 19:19 - 2014-06-11 05:18 - 04038144 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-11 19:19 - 2014-05-03 07:34 - 06974808 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-07-11 19:19 - 2014-05-03 07:33 - 01824808 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2014-07-11 19:19 - 2014-05-03 05:51 - 01408976 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2014-07-11 19:19 - 2014-05-01 23:37 - 01023488 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2014-07-11 19:19 - 2014-04-29 23:32 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\Robocopy.exe
2014-07-11 19:19 - 2014-04-29 23:32 - 00106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\Robocopy.exe
2014-07-11 19:19 - 2014-04-24 00:51 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-07-11 19:19 - 2014-04-24 00:51 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-11 19:19 - 2014-04-24 00:38 - 00693760 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-07-11 19:19 - 2014-04-24 00:38 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-11 19:19 - 2014-02-08 05:34 - 00071168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hdaudbus.sys
2014-07-11 19:18 - 2014-06-30 23:42 - 00702464 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-07-11 19:18 - 2014-06-30 23:42 - 00394240 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-07-11 19:18 - 2014-06-30 23:42 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-07-11 19:18 - 2014-06-28 04:35 - 00556544 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-07-11 19:18 - 2014-06-02 23:33 - 00265216 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2014-07-11 19:18 - 2014-05-30 00:31 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2014-07-11 19:18 - 2014-05-30 00:03 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2014-07-11 19:18 - 2014-05-30 00:02 - 01281536 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-11 19:18 - 2014-05-30 00:02 - 00439808 _____ (Microsoft Corporation) C:\windows\system32\lsm.dll
2014-07-11 19:17 - 2014-06-19 03:12 - 02239488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-11 19:17 - 2014-06-19 03:12 - 01366528 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-11 19:17 - 2014-06-19 03:12 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-07-11 19:17 - 2014-06-19 03:12 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-07-11 19:17 - 2014-06-19 03:12 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-11 19:17 - 2014-06-19 03:11 - 19277312 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-11 19:17 - 2014-06-19 03:11 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-11 19:17 - 2014-06-19 03:11 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-11 19:17 - 2014-06-19 03:10 - 15369728 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-11 19:17 - 2014-06-19 03:10 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-11 19:17 - 2014-06-19 03:10 - 02650624 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-11 19:17 - 2014-06-19 03:10 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-07-11 19:17 - 2014-06-19 03:10 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-11 19:17 - 2014-06-19 03:10 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-11 19:17 - 2014-06-19 03:10 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-11 19:17 - 2014-06-19 03:10 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-11 19:17 - 2014-06-19 03:10 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-07-11 19:17 - 2014-06-19 03:10 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-11 19:17 - 2014-06-19 03:10 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-11 19:17 - 2014-06-19 03:10 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-11 19:17 - 2014-06-19 03:09 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-11 19:17 - 2014-06-19 01:53 - 14368768 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-11 19:17 - 2014-06-19 01:53 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-11 19:17 - 2014-06-19 01:53 - 01141760 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-11 19:17 - 2014-06-19 01:53 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-11 19:17 - 2014-06-19 01:53 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-11 19:17 - 2014-06-19 01:53 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-11 19:17 - 2014-06-19 01:53 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-07-11 19:17 - 2014-06-19 01:52 - 13732352 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-11 19:17 - 2014-06-19 01:52 - 02863616 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-11 19:17 - 2014-06-19 01:52 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-11 19:17 - 2014-06-19 01:52 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-11 19:17 - 2014-06-19 01:52 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-07-11 19:17 - 2014-06-19 01:52 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-11 19:17 - 2014-06-19 01:52 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-11 19:17 - 2014-06-19 01:52 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-11 19:17 - 2014-06-19 01:52 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-07-11 19:17 - 2014-06-19 01:52 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-11 19:17 - 2014-06-19 01:52 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-11 19:17 - 2014-06-19 01:52 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-11 19:17 - 2014-06-19 01:33 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-11 19:17 - 2014-06-19 01:30 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-11 19:17 - 2014-06-18 23:05 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-07-11 19:17 - 2014-06-06 15:06 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-11 19:17 - 2014-06-06 11:17 - 00497152 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-07-11 19:17 - 2014-05-29 23:24 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-08 22:06 - 2014-07-08 22:13 - 00000000 ____D () C:\Users\User\Desktop\Anime
2014-07-05 23:39 - 2014-07-05 23:39 - 00022016 _____ () C:\Users\User\Desktop\ouse.wps
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-01 19:30 - 2014-08-01 19:29 - 00019566 _____ () C:\Users\User\Desktop\FRST.txt
2014-08-01 19:29 - 2014-08-01 19:29 - 00000000 ____D () C:\FRST
2014-08-01 19:28 - 2014-08-01 19:28 - 02094080 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-08-01 19:27 - 2014-08-01 19:27 - 01084928 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2014-08-01 19:27 - 2014-08-01 19:27 - 00001733 _____ () C:\Users\User\Desktop\aswMBR.txt
2014-08-01 19:27 - 2014-08-01 19:27 - 00000512 _____ () C:\Users\User\Desktop\MBR.dat
2014-08-01 19:22 - 2014-08-01 19:22 - 05185536 _____ (AVAST Software) C:\Users\User\Desktop\aswMBR.exe
2014-08-01 19:22 - 2013-11-28 12:29 - 120160768 ___SH () C:\Users\User\Downloads\Thumbs.db
2014-08-01 19:21 - 2014-08-01 15:45 - 01169408 _____ () C:\Users\User\Documents\Lahaina.wps
2014-08-01 19:21 - 2013-11-26 20:23 - 00041222 _____ () C:\Users\User\AppData\Roaming\wklnhst.dat
2014-08-01 19:09 - 2014-01-30 22:40 - 00000922 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-01 19:02 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\system32\sru
2014-08-01 16:42 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-08-01 16:37 - 2014-01-30 22:40 - 00000918 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-01 16:36 - 2012-07-26 08:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-08-01 16:35 - 2014-06-10 20:59 - 00004078 _____ () C:\windows\PFRO.log
2014-08-01 16:35 - 2012-07-26 06:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-08-01 16:32 - 2014-08-01 16:32 - 01016261 _____ (Thisisu) C:\Users\User\Downloads\JRT.exe
2014-08-01 16:28 - 2014-08-01 11:24 - 00000000 ____D () C:\Users\User\AppData\Roaming\iSafe
2014-08-01 15:37 - 2014-07-29 17:31 - 01245184 _____ () C:\Users\User\Desktop\Inoke.wps
2014-08-01 15:34 - 2013-11-26 18:57 - 00000000 ____D () C:\Users\User\Desktop\Manga
2014-08-01 13:51 - 2014-08-01 13:51 - 00001977 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-01 13:51 - 2013-12-01 13:14 - 00427360 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2014-08-01 13:50 - 2014-08-01 13:50 - 00092008 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-08-01 13:50 - 2014-08-01 13:50 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-08-01 13:50 - 2014-08-01 13:50 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-08-01 13:50 - 2013-12-01 13:14 - 01041168 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2014-08-01 13:50 - 2013-12-01 13:14 - 00307344 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-08-01 13:50 - 2013-12-01 13:14 - 00224896 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-08-01 13:50 - 2013-12-01 13:14 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-08-01 13:50 - 2013-12-01 13:14 - 00079184 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-08-01 13:50 - 2013-12-01 13:14 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-08-01 13:50 - 2013-11-23 22:25 - 00003924 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-08-01 11:25 - 2014-08-01 11:25 - 00000000 ____D () C:\windows\system32\log
2014-08-01 11:25 - 2014-08-01 11:25 - 00000000 ____D () C:\Users\User\AppData\Roaming\eCyber
2014-08-01 00:58 - 2014-02-10 20:53 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2014-07-31 16:58 - 2014-04-06 16:09 - 00000000 ____D () C:\Users\User\Desktop\Cosplay
2014-07-31 16:33 - 2013-12-01 13:22 - 07837696 ___SH () C:\Users\User\Desktop\Thumbs.db
2014-07-30 10:22 - 2013-10-14 11:16 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2551212740-1649502207-2926927182-1001
2014-07-29 23:17 - 2014-07-29 23:17 - 00000000 ____D () C:\Users\User\AppData\Local\Microsoft Help
2014-07-29 19:58 - 2014-06-09 17:29 - 01392872 _____ () C:\windows\WindowsUpdate.log
2014-07-29 19:52 - 2014-07-29 19:52 - 00226304 _____ () C:\Users\User\Downloads\Minecraft Wolf-Dog PaperCraft 2.ppt
2014-07-29 19:52 - 2013-10-14 11:06 - 00000000 ____D () C:\Users\User\AppData\Local\Packages
2014-07-29 16:13 - 2014-06-22 20:27 - 00000000 ____D () C:\ProgramData\paltiosoft
2014-07-28 23:02 - 2014-06-24 16:21 - 00001124 _____ () C:\windows\setupact.log
2014-07-25 19:48 - 2014-06-10 17:23 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-07-25 15:21 - 2014-07-25 15:21 - 00000000 ____D () C:\Users\User\AppData\Roaming\IDT
2014-07-25 11:13 - 2014-08-01 11:25 - 00045248 _____ (Elex do Brasil Participações Ltda) C:\windows\system32\Drivers\iSafeKrnlBoot.sys
2014-07-23 19:49 - 2014-07-23 19:49 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-07-22 11:18 - 2012-07-26 08:28 - 00848230 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-17 21:12 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\rescache
2014-07-14 10:01 - 2014-07-14 10:00 - 05127088 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-13 00:20 - 2014-07-13 00:20 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-13 00:20 - 2012-07-26 10:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-13 00:20 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-13 00:20 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-13 00:20 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\WinStore
2014-07-12 12:01 - 2012-07-26 08:59 - 00000000 ____D () C:\windows\CbsTemp
2014-07-12 12:00 - 2013-11-26 19:30 - 00000000 ____D () C:\windows\system32\MRT
2014-07-12 11:58 - 2013-11-26 19:30 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-12 11:58 - 2012-07-26 06:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-07-11 09:59 - 2013-10-14 14:30 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-07-10 23:21 - 2013-10-15 15:11 - 00000000 ____D () C:\Users\User\AppData\Roaming\uTorrent
2014-07-08 22:13 - 2014-07-08 22:06 - 00000000 ____D () C:\Users\User\Desktop\Anime
2014-07-05 23:39 - 2014-07-05 23:39 - 00022016 _____ () C:\Users\User\Desktop\ouse.wps
 
Some content of TEMP:
====================
C:\Users\ADMINI~1\AppData\Local\Temp\PresentationCore.dll
C:\Users\ADMINI~1\AppData\Local\Temp\PresentationFramework.dll
C:\Users\ADMINI~1\AppData\Local\Temp\ReachFramework.dll
C:\Users\ADMINI~1\AppData\Local\Temp\UIAutomationProvider.dll
C:\Users\ADMINI~1\AppData\Local\Temp\UIAutomationTypes.dll
C:\Users\ADMINI~1\AppData\Local\Temp\WindowsBase.dll
C:\Users\ADMINI~1\AppData\Local\Temp\WindowsFormsIntegration.dll
C:\Users\User\AppData\Local\Temp\nsa3B92.exe
C:\Users\User\AppData\Local\Temp\setup{221DEC4E-EE77-4453-8307-337E515296A7}.exe
C:\Users\User\AppData\Local\Temp\setup{BA51618B-D6C4-4DBB-976C-2BEB1EA59F60}.exe
C:\Users\User\AppData\Local\Temp\setup{E1AC5108-3534-4D5F-B6EF-C57DDE5DE39A}.exe
C:\Users\User\AppData\Local\Temp\sfamcc00001.dll
C:\Users\User\AppData\Local\Temp\sfamcc00002.dll
C:\Users\User\AppData\Local\Temp\sfareca00001.dll
C:\Users\User\AppData\Local\Temp\sfareca00002.dll
C:\Users\User\AppData\Local\Temp\sfextra.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-31 12:05
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2014 02
Ran by User at 2014-08-01 19:31:02
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32126 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\Adobe Photoshop CS6) (Version: 13.0.0.0 - ゥ The Computer Guy Tony)
American Conquest (HKLM-x32\...\Steam App 115210) (Version:  - GSC Game World)
Atheros Bluetooth Filter Driver Package (HKLM\...\{026B819B-4D60-4C8B-892D-33A0D8666F60}) (Version: 2.0.0.9 - Qualcomm Atheros)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)
Classic Start 8 (HKLM-x32\...\{913D024D-5EB4-4AC3-A412-C87588574A74}_is1) (Version: 1.0.0.16 - Crawler, LLC)
ComicRack v0.9.172 (HKLM\...\ComicRack) (Version: v0.9.172 - cYo Soft)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0337 - Disc Soft Ltd)
DRAMAtical Murder (HKLM-x32\...\{2C534823-45AB-43BE-9F83-C7E1A824D9B7}) (Version: 1.00.000 - NitroplusCHiRAL)
DTS Sound (HKLM-x32\...\{F8EB8FFC-C535-49A1-A84D-CC75CB2D6ADA}) (Version: 1.00.0062 - DTS, Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader) (Version:  - )
GameRanger (HKCU\...\GameRanger) (Version:  - GameRanger Technologies)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 32.0.1700.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel AppUp® center (HKLM-x32\...\Intel AppUp® center 41663) (Version: 3.8.0.41663.61 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3040 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.4.1001 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.0.4.1001 - Intel Corporation) Hidden
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.738.1 - Intel Corporation) Hidden
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version:  - )
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional 2013 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 15.0.4631.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6012.0828 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
NaturalReaderFree (HKLM-x32\...\{262EFBD9-A907-490F-81F4-561FDD3A8C5C}) (Version: 1.00.0000 - Naturalsoft limited)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
RollerCoaster Tycoon 2 Triple Thrill Pack (HKLM-x32\...\RollerCoaster Tycoon 2 Triple Thrill Pack_is1) (Version:  - GOG.com)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stronghold Kingdoms (HKLM-x32\...\Steam App 47410) (Version:  - FireFly Studios)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.21 - Synaptics Incorporated)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24732 - TeamViewer)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6629.6406 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0020 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0007.32003 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.5.0 - Toshiba Europe GmbH)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Japanese Microsoft IME Postal Code Dictionary (HKLM-x32\...\{83661BA0-9CAD-48C4-AF53-E420C729ACC0}) (Version: 15.0.1157 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Dictionary (HKLM-x32\...\{7DB71278-9AD7-4480-AB08-8649C5010B17}) (Version: 15.0.1215 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Extended Dictionary (HKLM-x32\...\{78CE66A9-85AF-4BD8-8FB7-35B5F3846C00}) (Version: 15.0.1215 - Microsoft Corporation)
Updater (HKLM-x32\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.53 - Creative Island Media, LLC) <==== ATTENTION
Wildlife Park Gold (HKLM-x32\...\{5FF50E1A-4E6D-454B-BA00-6E15D6216BFB}) (Version:  - )
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2551212740-1649502207-2926927182-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2551212740-1649502207-2926927182-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2551212740-1649502207-2926927182-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2551212740-1649502207-2926927182-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
11-07-2014 17:10:06 Scheduled Checkpoint
19-07-2014 09:47:36 Scheduled Checkpoint
28-07-2014 22:01:50 Removed IDT Audio Driver
01-08-2014 10:28:40 Removed Microsoft Visual C++ 2005 Redistributable (x64)
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {06DF0071-CEAA-465E-8C7F-347FDCE1F1C0} - System32\Tasks\Show Desktop @ Start => C:\Windows\explorer.exe [2013-06-01] (Microsoft Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {482C3705-7B41-476E-A5CB-280B62AE5582} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-28] (Synaptics Incorporated)
Task: {573CE3EF-F978-40D1-8766-0F192106EA47} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-30] (Google Inc.)
Task: {5DBBD829-89E8-4014-AF16-C862394A8C69} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-01] (AVAST Software)
Task: {5EF850F2-AFC3-4EC3-8298-5FF7FA16164B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-07-12] (Microsoft Corporation)
Task: {71FBAFAD-FB46-4D6D-B8E3-923342F0A65F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-06-19] (Microsoft Corporation)
Task: {83F39D32-7A3F-4CA3-80F6-9DE26B0E4C5E} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {94441772-C172-4625-8D53-3FC30BCC45F4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-30] (Google Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F21554C2-A183-4866-9287-FA6C2956DD67} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2013-07-18] (Toshiba Europe GmbH)
Task: {F88D3152-1D1F-4F90-9222-F6949D18DB10} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-03-19 17:00 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-04-10 14:45 - 2013-04-10 14:45 - 00016720 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2014-07-11 09:57 - 2014-05-20 17:19 - 08892072 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-01-26 00:44 - 2011-03-02 13:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2014-08-01 13:50 - 2014-08-01 13:50 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-01 13:49 - 2014-08-01 08:12 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14080100\algo.dll
2014-08-01 19:25 - 2014-08-01 19:25 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14080101\algo.dll
2014-08-01 13:50 - 2014-08-01 13:50 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-01-30 22:41 - 2014-01-23 06:56 - 00715544 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libglesv2.dll
2014-01-30 22:41 - 2014-01-23 06:56 - 00100120 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libegl.dll
2014-01-30 22:41 - 2014-01-23 06:56 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll
2014-01-30 22:41 - 2014-01-23 06:57 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll
2014-01-30 22:41 - 2014-01-23 06:55 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ffmpegsumo.dll
2013-06-22 22:12 - 2012-07-18 06:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-02-19 23:00 - 2014-02-19 23:00 - 13632904 _____ () C:\Users\User\AppData\Local\Google\Chrome\User Data\PepperFlash\12.0.0.70\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "TecoResident"
HKLM\...\StartupApproved\Run: => "TCrdMain"
HKLM\...\StartupApproved\Run: => "TODDMain"
HKLM\...\StartupApproved\Run: => "TosWaitSrv"
HKLM\...\StartupApproved\Run32: => "1.TPUReg"
HKLM\...\StartupApproved\Run32: => "TSVU"
HKCU\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKCU\...\StartupApproved\Run: => "Steam"
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Ethernet Controller
Description: Ethernet Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Alcor Micro USB 2.0 Card Reader
Description: Alcor Micro USB 2.0 Card Reader
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Alcor Micro, Corp.
Service: AmUStor
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/28/2014 10:56:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program rundll32.exe version 6.2.9200.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 5b94
 
Start Time: 01cfaaae882aa762
 
Termination Time: 4294967295
 
Application Path: C:\windows\System32\rundll32.exe
 
Report Id: fca13f26-16a1-11e4-bef1-24fd52c78bf4
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (07/25/2014 03:21:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IDTNGUI.exe, version: 1.0.6466.0, time stamp: 0x5140385c
Faulting module name: KERNELBASE.dll, version: 6.2.9200.16864, time stamp: 0x531d34d8
Exception code: 0xe0434352
Fault offset: 0x0000000000047b8c
Faulting process ID: 0x27f4
Faulting application start time: 0xIDTNGUI.exe0
Faulting application path: IDTNGUI.exe1
Faulting module path: IDTNGUI.exe2
Report ID: IDTNGUI.exe3
Faulting package full name: IDTNGUI.exe4
Faulting package-relative application ID: IDTNGUI.exe5
 
Error: (07/25/2014 03:21:22 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IDTNGUI.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.InteropServices.COMException
Stack:
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run()
   at IDTAudioGUI.App.Main()
 
Error: (07/19/2014 11:52:15 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (07/10/2014 07:32:12 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (06/23/2014 05:07:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: NIGHTFALL-PC2)
Description: App Microsoft.Reader_8wekyb3d8bbwe!Microsoft.Reader did not launch within its allotted time.
 
Error: (06/23/2014 05:07:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NIGHTFALL-PC2)
Description: Activation of application Microsoft.Reader_8wekyb3d8bbwe!Microsoft.Reader failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/23/2014 05:07:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: glcnd.exe, version: 6.2.9200.20623, time stamp: 0x510c9a4f
Faulting module name: glcnd.exe, version: 6.2.9200.20623, time stamp: 0x510c9a4f
Exception code: 0xc0000602
Fault offset: 0x0000000000bd221c
Faulting process ID: 0x3678
Faulting application start time: 0xglcnd.exe0
Faulting application path: glcnd.exe1
Faulting module path: glcnd.exe2
Report ID: glcnd.exe3
Faulting package full name: glcnd.exe4
Faulting package-relative application ID: glcnd.exe5
 
Error: (06/22/2014 09:09:24 PM) (Source: UCManSvc) (EventID: 7003) (User: )
Description: ucmgetkey(0) failed. (80090016)
 
Error: (06/22/2014 09:08:12 PM) (Source: UCManSvc) (EventID: 7004) (User: )
Description: Not terminated. ({0100166B-072D-6839-9E9F-006052036AD8}, 01C30300)
 
 
System errors:
=============
Error: (08/01/2014 04:36:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The OutfoxTvService service failed to start due to the following error: 
%%2
 
Error: (08/01/2014 04:35:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The STacSV service failed to start due to the following error: 
%%2
 
Error: (08/01/2014 04:35:24 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0
 
Error: (08/01/2014 04:34:41 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ClickToRunSvc service.
 
Error: (08/01/2014 04:28:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iSafeService service terminated unexpectedly. It has done this 1 time(s).
 
Error: (08/01/2014 01:51:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! EmHWID service failed to start due to the following error: 
%%127
 
Error: (07/30/2014 09:17:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The OutfoxTvService service failed to start due to the following error: 
%%2
 
Error: (07/30/2014 09:17:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The STacSV service failed to start due to the following error: 
%%2
 
Error: (07/30/2014 09:16:35 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0
 
Error: (07/28/2014 11:07:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The OutfoxTvService service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (07/28/2014 10:56:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: rundll32.exe6.2.9200.163845b9401cfaaae882aa7624294967295C:\windows\System32\rundll32.exefca13f26-16a1-11e4-bef1-24fd52c78bf4
 
Error: (07/25/2014 03:21:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IDTNGUI.exe1.0.6466.05140385cKERNELBASE.dll6.2.9200.16864531d34d8e04343520000000000047b8c27f401cfa813abc8bfe9C:\Program Files\IDT\WDM\IDTNGUI.exeC:\windows\system32\KERNELBASE.dllf3f40917-1406-11e4-bef0-24fd52c78bf4
 
Error: (07/25/2014 03:21:22 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IDTNGUI.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.InteropServices.COMException
Stack:
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run()
   at IDTAudioGUI.App.Main()
 
Error: (07/19/2014 11:52:15 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (07/10/2014 07:32:12 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (06/23/2014 05:07:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: NIGHTFALL-PC2)
Description: Microsoft.Reader_8wekyb3d8bbwe!Microsoft.Reader
 
Error: (06/23/2014 05:07:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NIGHTFALL-PC2)
Description: Microsoft.Reader_8wekyb3d8bbwe!Microsoft.Reader-2147023170
 
Error: (06/23/2014 05:07:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: glcnd.exe6.2.9200.20623510c9a4fglcnd.exe6.2.9200.20623510c9a4fc00006020000000000bd221c367801cf8efd02e1ce2bC:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20623_x64__8wekyb3d8bbwe\glcnd.exeC:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20623_x64__8wekyb3d8bbwe\glcnd.exe704a35d5-faf0-11e3-bee2-24fd52c78bf4Microsoft.Reader_6.2.9200.20623_x64__8wekyb3d8bbweMicrosoft.Reader
 
Error: (06/22/2014 09:09:24 PM) (Source: UCManSvc) (EventID: 7003) (User: )
Description: ucmgetkey(0) failed. (80090016)
 
Error: (06/22/2014 09:08:12 PM) (Source: UCManSvc) (EventID: 7004) (User: )
Description: Not terminated. ({0100166B-072D-6839-9E9F-006052036AD8}, 01C30300)
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 56%
Total physical RAM: 3971.27 MB
Available physical RAM: 1720.84 MB
Total Pagefile: 4675.27 MB
Available Pagefile: 2104.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB
 
==================== Drives ================================
 
Drive c: (TI31109800A) (Fixed) (Total:455.07 GB) (Free:307.76 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#4 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 01 August 2014 - 01:33 PM

Hi, how are ya doing  this fine day :)

 

I see signs in your log for some bogus search engines so this is what we need to do

 

Run these programs in order please, if one won't run than just go to the next one, all the logs may not fit all in one reply so take as many replies as you need so i can see them all

 

 

-AdwCleaner-by Xplode
 
Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
 
Do not click on any links in the top Advertisment.
 
  •  
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
 
 
 
===============================================================================
 
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  •  
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
 
 

 

===============================================================================
 
 
 

Download Malwarebytes' Anti-Malware  to your desktop. 
 
  •  
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
 
 
MBAMDashboard_zpsddef9b5f.gif
 
  •  
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished and the log pops up...select Copy to Clipboard
  • Please paste the log back into this thread for review
  • Exit Malwarebytes
 
 

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#5 RevenantWolf

RevenantWolf

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 01 August 2014 - 02:18 PM

Hi there Ken, a lot of issues this time I'm afraid

 

The first program, AdwCleaner, would not run. It claimed I had programs open when I had turned everything off par from the cleaner itself. Checking my control panel, I found numerous 'google chromes' open, despite not having anything open.

 

Here is the log of the junkware removal - 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by User on 01/08/2014 at 21:03:59.56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\dynconie
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\isafe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\User\appdata\local\google\chrome\user data\default\bprotector web data"
Successfully deleted: [File] "C:\Users\User\appdata\local\google\chrome\user data\default\bprotectorpreferences"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\User\AppData\Roaming\isafe"
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01/08/2014 at 21:10:36.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
The final program, malwarebytes, also would not work. Running the program, it would immediately crash after opening, no matter which option I picked.


#6 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 01 August 2014 - 02:40 PM

Lets do this

 

Open notepad (Start =>All Programs => Accessories => Notepad).
Please copy the entire contents of the code box below.
(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Save it to the same directory as frst.exe (or frst64.exe) as fixlist.txt. (it has to be right next to FRST/64)
 
Start
HKLM-x32\...\Run: [CStart8] => C:\Program Files (x86)\CStart8\CStart8Tray64.exe [3138656 2013-10-04] (Crawler.com)
HKU\S-1-5-21-2551212740-1649502207-2926927182-1001\...\MountPoints2: {605d025a-34dc-11e3-be7e-24fd52c78bf4} - "E:\DMMdSetup.exe" 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://search.condui...6AB100406&SSPV=
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {E4968096-FA9A-4460-BC28-E23549DAF8E4} URL = http://start.mysearc...=1913646565&ir=
SearchScopes: HKCU - {E4968096-FA9A-4460-BC28-E23549DAF8E4} URL = 
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\User\AppData\Local\mysearchdial-speeddial.crx [2014-01-30]
CHR HKCU\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\User\AppData\Local\mysearchdial-speeddial.crx [2014-01-30]
CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\User\AppData\Local\mysearchdial-speeddial.crx [2014-04-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-07-10 23:21 - 2013-10-15 15:11 - 00000000 ____D () C:\Users\User\AppData\Roaming\uTorrent
C:\Users\ADMINI~1\AppData\Local\Temp\PresentationCore.dll
C:\Users\ADMINI~1\AppData\Local\Temp\PresentationFramework.dll
C:\Users\ADMINI~1\AppData\Local\Temp\ReachFramework.dll
C:\Users\ADMINI~1\AppData\Local\Temp\UIAutomationProvider.dll
C:\Users\ADMINI~1\AppData\Local\Temp\UIAutomationTypes.dll
C:\Users\ADMINI~1\AppData\Local\Temp\WindowsBase.dll
C:\Users\ADMINI~1\AppData\Local\Temp\WindowsFormsIntegration.dll
C:\Users\User\AppData\Local\Temp\nsa3B92.exe
C:\Users\User\AppData\Local\Temp\setup{221DEC4E-EE77-4453-8307-337E515296A7}.exe
C:\Users\User\AppData\Local\Temp\setup{BA51618B-D6C4-4DBB-976C-2BEB1EA59F60}.exe
C:\Users\User\AppData\Local\Temp\setup{E1AC5108-3534-4D5F-B6EF-C57DDE5DE39A}.exe
C:\Users\User\AppData\Local\Temp\sfamcc00001.dll
C:\Users\User\AppData\Local\Temp\sfamcc00002.dll
C:\Users\User\AppData\Local\Temp\sfareca00001.dll
C:\Users\User\AppData\Local\Temp\sfareca00002.dll
C:\Users\User\AppData\Local\Temp\sfextra.dll
Updater (HKLM-x32\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.53 - Creative Island Media, LLC) <==== ATTENTION
Hosts:
End
 
 
 
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 
Then open FRST64 and click on fix
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#7 RevenantWolf

RevenantWolf

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 01 August 2014 - 03:05 PM

Hi Ken,

 

what do you mean by save it into the same directory? I have frst.exe saved to my desktop and cannot find where I would save the notepad file. 



#8 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 01 August 2014 - 03:35 PM

FRST is running from your desktop, save fixlist.txt to your desktop also, then grab it with your mouse and drop it right next to FRST, then open FRST and click on Fix


Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#9 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 04 August 2014 - 04:33 AM

Still with me ?


Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#10 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 05 August 2014 - 12:18 PM

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users