Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WhatsApp "You have a Voice Mail" infection


  • This topic is locked This topic is locked
18 replies to this topic

#1 simrick

simrick

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:55 PM

Posted 16 February 2015 - 02:58 PM

Hi. Starting a new topic as advised by another helper in the forum - see original thread here:

 

http://www.bleepingcomputer.com/forums/t/566095/need-advice-please-rogue-whatsapp-voice-email/

 

[especially posts #10 and #11]

 

Clicked on an email that had a button in it that said "you have a new voice mail - click here" If it doesn't work, make sure this message is in your inbox.

 

Once clicked, it proceeded to send spam emails to all contacts in Thunderbird.

 

I have cleaned the computer and everything appears to be running fine, but I am here for expert help to make sure it is clean.

 

After you read the previous thread, let me please reiterate a few things:

 

1. The computer is used for email, surfing the web, and ebay (and therefore PayPal)

2. I have not been able to find much about this rogue email on the web-what is does besides spam - if it installs anything else, that's why I am here. I ran a virus total on the link and it came up clean.

3. people who received the spam from this computer say that they opened the email and nothing happened - no one thinks they have any infection from it.

4. the final ESET scan identified some "part" files as Elenoocka.A trojan. I think this is that new CTB-Locker?

5. The computer is behind a NAT router firewall

 

I know from experience, that even legitimate files which don't fully download and are therefore named *.PART are often false positives when scanned. Let me say, that there is NO INDICATION of encryption on the computer. I think the three part files flagged by ESET are either FPs or never fully downloaded malicious files, which therefore did no damage.

 

All this being said, I would like to have an expert go through the paces with me, so we can be assured that this computer is clean, and nothing is lurking in the background. I am also concerned if anyone who got the spam has an infection now if they clicked the button?

 

 

 

Thanks in advance for the help.

 

I am posting the FarBar logs below

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Jan (administrator) on JANSPC on 16-02-2015 19:22:54
Running from C:\Users\Jan\Desktop
Loaded Profiles: Jan (Available profiles: Jan & Administrator)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-

tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService

\1.00.13\AsSysCtrlService.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent

\1.1.18.159\AsusWSWinService.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth

\AvrcpService.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components

\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware

\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware

\mbamservice.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer

\Version9\TeamViewer_Service.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF

\PresentationFontCache.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin

\FABS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components

\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components

\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth

\BTServer.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps

\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe

\LiveComm.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Users\Jan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers

\x64\3\E_YATIIUE.EXE
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Amazon Digital Services, LLC.) C:\Users\Jan\AppData\Local\Apps\2.0\QQAGQXNE.DAX

\H65B81HP.HH3\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\AmazonCl

oudDrive.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root

\office15\ONENOTEM.EXE
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information

\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager

\EEventManager.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs

\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Sun Microsystems, Inc.) C:\Users\Jan\AppData\Local\Apps\2.0\QQAGQXNE.DAX

\H65B81HP.HH3\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\LocalServi

ceJre\bin\AmazonCloudDriveW.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer

\Version9\TeamViewer_Desktop.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash

\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash

\FlashPlayerPlugin_16_0_0_305.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The

file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

[7199448 2013-10-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1353432

2013-10-01] (Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth

\BTServer.exe [253952 2013-05-07] (Realtek Semiconductor Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe

[161984 2014-01-18] (IvoSoft)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield

Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe

[550272 2012-08-20] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync

Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE

[3187360 2013-10-11] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink

\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility

\FUFAXRCV.exe [502912 2012-04-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility

\FUFAXSTM.exe [863360 2012-04-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event

Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe

[5227112 2015-02-03] (AVAST Software)
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft

\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft

\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <======

ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <======

ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe

<====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com

<====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft

\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com

<====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft

\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe

<====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr

<====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <======

ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <======

ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <======

ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <======

ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif

<====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com

<====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com

<====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif

<====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <======

ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <======

ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu

\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe

<====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe

<====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <======

ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu

\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr

<====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <======

ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <======

ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <======

ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu

\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu

\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <======

ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <======

ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft

\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <======

ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr

<====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\spotify\spotifylauncher.exe <======

ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\spotify

\spotifylauncher.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\spotify

\spotifylauncher.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\spotify\spotify.exe

<====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\spotify

\spotify.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\spotify\spotify.exe <======

ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\spotify

\spotifylauncher.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\spotify

\spotify.exe <====== ATTENTION
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1356060280-3843463768-1386410482-1001\...\Run: [Spotify] => C:\Users

\Jan\AppData\Roaming\Spotify\spotify.exe [6737976 2015-01-19] (Spotify Ltd)
HKU\S-1-5-21-1356060280-3843463768-1386410482-1001\...\Run: [Spotify Web Helper]

=> C:\Users\Jan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01

-19] (Spotify Ltd)
HKU\S-1-5-21-1356060280-3843463768-1386410482-1001\...\Run: [SkyDrive] => C:

\Users\Jan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-25] (Microsoft

Corporation)
HKU\S-1-5-21-1356060280-3843463768-1386410482-1001\...\Run: [EPLTarget

\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE

[283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1356060280-3843463768-1386410482-1001\...\Run: [SUPERAntiSpyware]

=> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-01-22]

(SUPERAntiSpyware)
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool

\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

\Amazon Cloud Drive.appref-ms ()
Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root

\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-

9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent

\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-

4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent

\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-

7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent

\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>

C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-

825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-

825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to

default.)

HKU\S-1-5-21-1356060280-3843463768-1386410482-1001\Software\Microsoft\Internet

Explorer\Main,Start Page = https://www.google.co.uk/
HKU\S-1-5-21-1356060280-3843463768-1386410482-1001\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-

E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-

E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-

E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1356060280-3843463768-1386410482-1001 -> URL

http://search.conduit.com/Results.aspx?

gd=&ctid=CT3319613&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=58&CUI

=&UM=5&UP=SP327F9496-00CF-4599-BF82-8497E93F4AAF&q={searchTerms}

&SSPV=
SearchScopes: HKU\S-1-5-21-1356060280-3843463768-1386410482-1001 ->

SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix=

{searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:

\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office

\Office15\OCHelper.dll (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:

\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:

\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-

ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS

\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:

\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:

\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:

\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:

\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} -

C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-

D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files

\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles

\hboohm6m.default-1420839845523
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash

\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight

\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash

\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files

(x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel

Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel

\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft

Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft

Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files

(x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR

\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-

mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll

(Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles

\hboohm6m.default-1420839845523\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-

2b9879e08c5d}.xpi [2015-02-03]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software

\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

[2015-02-03]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program

Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-02-03]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program

Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will

not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-

07-22] (SUPERAntiSpyware.com)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736

2012-06-01] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936

2012-06-01] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService

\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync

Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02

-03] (AVAST Software)
R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe

[35328 2013-05-07] (Realtek Semiconductor Corporation) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe

[45056 2013-06-15] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe

[2449592 2014-11-12] (Microsoft Corporation)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko

Epson Corporation)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

[1840128 2011-05-24] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services

\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01]

(Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL

\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware

\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

[969016 2014-11-21] (Malwarebytes Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22]

(Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will

not be moved unless listed separately.)

R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19]

(ASUSTek Computer Inc.)
R0 asahci64; C:\Windows\System32\drivers\asahci64.sys [49760 2012-01-06] (Asmedia

Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-03] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-02-03] (AVAST

Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-02-03] (AVAST

Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-03] (AVAST

Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-03] (AVAST

Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-02-03] (AVAST

Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-03] ()
S3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek  

                                          )
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26]

(Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21]

(Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752

2015-02-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-

21] (Malwarebytes Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [548936 2013-05-24]

(Realtek Semiconductor Corporation)
R3 RTL8168; C:\Windows\system32\DRIVERS\rtlh64.sys [681688 2015-01-21] (Inventec       

                                     )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2975960 2013-08-02] (Realtek

Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07

-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-

12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file

could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 19:22 - 2015-02-16 19:23 - 00034130 _____ () C:\Users\Jan\Desktop\FRST.txt
2015-02-16 19:22 - 2015-02-16 19:22 - 00000000 ____D () C:\FRST
2015-02-16 19:22 - 2015-02-16 19:19 - 02085888 _____ (Farbar) C:\Users\Jan\Desktop

\FRST64.exe
2015-02-16 19:03 - 2015-02-16 19:03 - 00025755 _____ () C:\Users\Jan\Documents

\Malwarebytes-keycode-2015-02-16.htm
2015-02-16 19:02 - 2015-02-16 19:03 - 00000000 ____D () C:\Users\Jan\Documents

\Malwarebytes-keycode-2015-02-16_files
2015-02-15 14:50 - 2015-02-15 22:18 - 00010286 _____ () C:\Users\Jan\Documents\Hi

there.odt
2015-02-14 07:31 - 2015-02-14 07:31 - 00355400 _____ () C:\WINDOWS\Minidump

\021415-21218-01.dmp
2015-02-13 16:05 - 2015-02-13 16:07 - 00002186 _____ () C:\Users\Jan\Desktop\Rkill.txt
2015-02-13 16:05 - 2015-02-03 12:36 - 01943800 _____ (Bleeping Computer, LLC) C:

\Users\Jan\Desktop\rkill.exe
2015-02-13 15:51 - 2015-02-13 15:51 - 02347384 _____ (ESET) C:\Users\Jan\Downloads

\esetsmartinstaller_enu(2).exe
2015-02-12 21:22 - 2015-02-12 21:22 - 02347384 _____ (ESET) C:\Users\Jan\Downloads

\esetsmartinstaller_enu(1).exe
2015-02-12 16:38 - 2015-02-12 16:38 - 00536840 _____ () C:\WINDOWS\Minidump

\021215-24640-01.dmp
2015-02-12 08:47 - 2015-01-23 05:50 - 03959296 _____ (Microsoft Corporation) C:

\WINDOWS\system32\jscript9.dll
2015-02-12 08:47 - 2015-01-23 04:27 - 02864640 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\jscript9.dll
2015-02-11 11:06 - 2015-01-29 08:30 - 00593408 _____ (Microsoft Corporation) C:

\WINDOWS\system32\AutoUpdate.exe
2015-02-11 11:06 - 2015-01-29 08:30 - 00467952 _____ (Microsoft Corporation) C:

\WINDOWS\system32\NotificationUI.exe
2015-02-11 11:06 - 2015-01-29 08:30 - 00011056 _____ () C:\WINDOWS

\system32\AutoconfigV2.cab
2015-02-11 11:06 - 2015-01-29 08:05 - 00695808 _____ (Microsoft Corporation) C:

\WINDOWS\system32\WSShared.dll
2015-02-11 11:06 - 2015-01-29 08:05 - 00163840 _____ (Microsoft Corporation) C:

\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-02-11 11:06 - 2015-01-29 06:19 - 00568832 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\WSShared.dll
2015-02-11 11:06 - 2015-01-29 06:19 - 00124928 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-02-11 11:06 - 2015-01-15 11:44 - 01043968 _____ (Microsoft Corporation) C:

\WINDOWS\system32\usercpl.dll
2015-02-11 11:06 - 2015-01-15 11:44 - 00588288 _____ (Microsoft Corporation) C:

\WINDOWS\system32\SHCore.dll
2015-02-11 11:06 - 2015-01-15 11:43 - 01282560 _____ (Microsoft Corporation) C:

\WINDOWS\system32\lsasrv.dll
2015-02-11 11:06 - 2015-01-15 10:00 - 00961536 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\usercpl.dll
2015-02-11 11:06 - 2015-01-15 10:00 - 00452608 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\SHCore.dll
2015-02-11 11:06 - 2015-01-15 09:38 - 00717824 _____ (Microsoft Corporation) C:

\WINDOWS\system32\adtschema.dll
2015-02-11 11:06 - 2015-01-15 09:09 - 00717824 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\adtschema.dll
2015-02-11 11:06 - 2015-01-15 04:08 - 00568656 _____ (Microsoft Corporation) C:

\WINDOWS\system32\Drivers\cng.sys
2015-02-11 11:06 - 2015-01-12 06:48 - 19291136 _____ (Microsoft Corporation) C:

\WINDOWS\system32\mshtml.dll
2015-02-11 11:06 - 2015-01-12 05:06 - 14373376 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 11:06 - 2015-01-09 04:33 - 04061696 _____ (Microsoft Corporation) C:

\WINDOWS\system32\win32k.sys
2015-02-11 11:05 - 2015-02-04 09:54 - 00609280 _____ (Microsoft Corporation) C:

\WINDOWS\system32\generaltel.dll
2015-02-11 11:05 - 2015-02-04 09:52 - 00894464 _____ (Microsoft Corporation) C:

\WINDOWS\system32\appraiser.dll
2015-02-11 11:05 - 2015-02-04 09:52 - 00761856 _____ (Microsoft Corporation) C:

\WINDOWS\system32\invagent.dll
2015-02-11 11:05 - 2015-02-04 09:52 - 00414208 _____ (Microsoft Corporation) C:

\WINDOWS\system32\devinv.dll
2015-02-11 11:05 - 2015-02-04 09:52 - 00227328 _____ (Microsoft Corporation) C:

\WINDOWS\system32\aepdu.dll
2015-02-11 11:05 - 2015-02-02 23:18 - 01098752 _____ (Microsoft Corporation) C:

\WINDOWS\system32\aeinv.dll
2015-02-11 11:05 - 2015-01-15 21:45 - 06973248 _____ (Microsoft Corporation) C:

\WINDOWS\system32\ntoskrnl.exe
2015-02-11 11:05 - 2015-01-12 06:49 - 02237952 _____ (Microsoft Corporation) C:

\WINDOWS\system32\wininet.dll
2015-02-11 11:05 - 2015-01-12 06:49 - 01627648 _____ (Microsoft Corporation) C:

\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 11:05 - 2015-01-12 06:49 - 01409536 _____ (Microsoft Corporation) C:

\WINDOWS\system32\urlmon.dll
2015-02-11 11:05 - 2015-01-12 06:49 - 00915968 _____ (Microsoft Corporation) C:

\WINDOWS\system32\uxtheme.dll
2015-02-11 11:05 - 2015-01-12 06:49 - 00600576 _____ (Microsoft Corporation) C:

\WINDOWS\system32\vbscript.dll
2015-02-11 11:05 - 2015-01-12 06:48 - 00603136 _____ (Microsoft Corporation) C:

\WINDOWS\system32\msfeeds.dll
2015-02-11 11:05 - 2015-01-12 06:47 - 15403008 _____ (Microsoft Corporation) C:

\WINDOWS\system32\ieframe.dll
2015-02-11 11:05 - 2015-01-12 06:47 - 02655744 _____ (Microsoft Corporation) C:

\WINDOWS\system32\iertutil.dll
2015-02-11 11:05 - 2015-01-12 06:47 - 00855552 _____ (Microsoft Corporation) C:

\WINDOWS\system32\jscript.dll
2015-02-11 11:05 - 2015-01-12 06:47 - 00451584 _____ (Microsoft Corporation) C:

\WINDOWS\system32\dxtmsft.dll
2015-02-11 11:05 - 2015-01-12 06:46 - 01509376 _____ (Microsoft Corporation) C:

\WINDOWS\system32\inetcpl.cpl
2015-02-11 11:05 - 2015-01-12 05:07 - 01762816 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\wininet.dll
2015-02-11 11:05 - 2015-01-12 05:07 - 01338880 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 11:05 - 2015-01-12 05:07 - 01181696 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 11:05 - 2015-01-12 05:07 - 00523264 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 11:05 - 2015-01-12 05:06 - 13761024 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 11:05 - 2015-01-12 05:06 - 02055168 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 11:05 - 2015-01-12 05:06 - 00690688 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\jscript.dll
2015-02-11 11:05 - 2015-01-12 05:06 - 00493056 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 11:05 - 2015-01-12 05:06 - 00357888 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 11:05 - 2015-01-12 04:16 - 00441856 _____ (Microsoft Corporation) C:

\WINDOWS\system32\html.iec
2015-02-11 11:05 - 2015-01-12 03:46 - 00361984 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\html.iec
2015-02-11 11:05 - 2014-12-18 08:51 - 00096576 _____ (Microsoft Corporation) C:

\WINDOWS\system32\Drivers\wfplwfs.sys
2015-02-11 11:05 - 2014-12-18 06:52 - 00889344 _____ (Microsoft Corporation) C:

\WINDOWS\system32\nshwfp.dll
2015-02-11 11:05 - 2014-12-18 06:51 - 01160192 _____ (Microsoft Corporation) C:

\WINDOWS\system32\IKEEXT.DLL
2015-02-11 11:05 - 2014-12-18 06:50 - 00723968 _____ (Microsoft Corporation) C:

\WINDOWS\system32\BFE.DLL
2015-02-11 11:05 - 2014-12-18 06:20 - 00702464 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\nshwfp.dll
2015-02-11 11:05 - 2014-12-08 23:14 - 00391526 _____ () C:\WINDOWS

\system32\ApnDatabase.xml
2015-02-11 11:05 - 2014-12-08 06:48 - 00391168 _____ (Microsoft Corporation) C:

\WINDOWS\system32\scesrv.dll
2015-02-11 11:05 - 2014-12-08 05:04 - 00318464 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 11:05 - 2014-11-26 06:43 - 00778240 _____ (Microsoft Corporation) C:

\WINDOWS\system32\oleaut32.dll
2015-02-11 11:05 - 2014-11-26 04:50 - 00567808 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\oleaut32.dll
2015-02-09 12:00 - 2015-02-09 12:00 - 04919339 _____ () C:\Users\Jan\Documents

\IMG_2402.MOV Pups.MOV
2015-02-09 07:17 - 2015-02-09 07:17 - 00157268 _____ () C:\Users\Jan\Downloads\Need

Advice Please-Rogue WhatsApp voice email - Am I infected  What do I do.htm
2015-02-09 07:17 - 2015-02-09 07:17 - 00000000 ____D () C:\Users\Jan\Downloads\Need

Advice Please-Rogue WhatsApp voice email - Am I infected  What do I do_files
2015-02-08 22:27 - 2015-02-08 22:27 - 00041347 _____ () C:\Users\Jan\Desktop\Result.txt
2015-02-08 22:25 - 2015-02-08 22:25 - 00003021 _____ () C:\Users\Jan\Desktop\FSS.txt
2015-02-08 22:01 - 2015-02-08 22:18 - 00000000 ____D () C:\AdwCleaner
2015-02-03 20:21 - 2015-02-03 20:21 - 00001971 _____ () C:\Users\Public\Desktop\Avast

Free Antivirus.lnk
2015-02-03 20:21 - 2015-02-03 20:21 - 00000000 ____D () C:\Users\Jan\AppData

\Roaming\AVAST Software
2015-02-03 20:21 - 2015-02-03 20:21 - 00000000 ____D () C:\ProgramData\Microsoft

\Windows\Start Menu\Programs\AVAST Software
2015-02-03 20:20 - 2015-02-03 20:21 - 00004182 _____ () C:\WINDOWS\System32\Tasks

\avast! Emergency Update
2015-02-03 20:20 - 2015-02-03 20:20 - 01050432 _____ (AVAST Software) C:\WINDOWS

\system32\Drivers\aswsnx.sys
2015-02-03 20:20 - 2015-02-03 20:20 - 00436624 _____ (AVAST Software) C:\WINDOWS

\system32\Drivers\aswSP.sys
2015-02-03 20:20 - 2015-02-03 20:20 - 00364512 _____ (AVAST Software) C:\WINDOWS

\system32\aswBoot.exe
2015-02-03 20:20 - 2015-02-03 20:20 - 00267632 _____ () C:\WINDOWS

\system32\Drivers\aswVmm.sys
2015-02-03 20:20 - 2015-02-03 20:20 - 00116728 _____ (AVAST Software) C:\WINDOWS

\system32\Drivers\aswStm.sys
2015-02-03 20:20 - 2015-02-03 20:20 - 00093568 _____ (AVAST Software) C:\WINDOWS

\system32\Drivers\aswRdr2.sys
2015-02-03 20:20 - 2015-02-03 20:20 - 00087912 _____ (AVAST Software) C:\WINDOWS

\system32\Drivers\aswmonflt.sys
2015-02-03 20:20 - 2015-02-03 20:20 - 00065776 _____ () C:\WINDOWS

\system32\Drivers\aswRvrt.sys
2015-02-03 20:20 - 2015-02-03 20:20 - 00043152 _____ (AVAST Software) C:\WINDOWS

\avastSS.scr
2015-02-03 20:20 - 2015-02-03 20:20 - 00029208 _____ () C:\WINDOWS

\system32\Drivers\aswHwid.sys
2015-02-03 20:18 - 2015-02-03 20:18 - 00000000 ____D () C:\Program Files\AVAST

Software
2015-02-03 20:16 - 2015-02-03 20:18 - 00000000 ____D () C:\ProgramData\AVAST

Software
2015-02-03 20:16 - 2014-12-31 11:14 - 00298120 ____N (Microsoft Corporation) C:

\WINDOWS\system32\MpSigStub.exe
2015-02-03 20:07 - 2015-02-03 20:07 - 00000144 _____ () C:\WINDOWS

\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-02-03 19:59 - 2015-02-03 19:59 - 00053248 _____ () C:\WINDOWS

\SysWOW64\zlib.dll
2015-02-03 19:59 - 2015-02-03 19:59 - 00001223 _____ () C:\Users\Public\Desktop

\CryptoPrevent.lnk
2015-02-03 19:59 - 2015-02-03 19:59 - 00000000 ____D () C:\ProgramData\Microsoft

\Windows\Start Menu\Programs\Foolish IT
2015-02-03 19:59 - 2015-02-03 19:59 - 00000000 ____D () C:\ProgramData\Foolish IT
2015-02-03 19:59 - 2015-02-03 19:59 - 00000000 ____D () C:\Program Files (x86)\Foolish

IT
2015-02-03 19:34 - 2015-02-16 16:44 - 00000000 ____D () C:\Program Files

\SUPERAntiSpyware
2015-02-03 19:34 - 2015-02-03 19:34 - 00001815 _____ () C:\Users\Public\Desktop

\SUPERAntiSpyware Free Edition.lnk
2015-02-03 19:34 - 2015-02-03 19:34 - 00000000 ____D () C:\Users\Jan\AppData

\Roaming\SUPERAntiSpyware.com
2015-02-03 19:34 - 2015-02-03 19:34 - 00000000 ____D () C:\ProgramData

\SUPERAntiSpyware.com
2015-02-03 19:34 - 2015-02-03 19:34 - 00000000 ____D () C:\ProgramData\Microsoft

\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-02-03 17:45 - 2015-02-03 17:45 - 05006864 _____ (AVAST Software) C:\Users\Jan

\Downloads\avast_free_antivirus_setup_online.exe
2015-02-03 17:43 - 2015-02-03 17:43 - 00971528 _____ (Foolish IT LLC ) C:\Users\Jan

\Downloads\CryptoPreventSetup.exe
2015-02-03 17:42 - 2015-02-03 17:43 - 21037696 _____ (SUPERAntiSpyware) C:\Users

\Jan\Downloads\SUPERAntiSpyware.exe
2015-02-03 17:41 - 2015-02-03 17:41 - 02347384 _____ (ESET) C:\Users\Jan\Downloads

\esetsmartinstaller_enu.exe
2015-02-03 17:41 - 2015-02-03 17:41 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-03 17:33 - 2015-02-03 17:33 - 00000000 ____D () C:\ProgramData\Microsoft

\Windows\Start Menu\Programs\Auslogics
2015-02-03 17:33 - 2015-02-03 17:33 - 00000000 ____D () C:\ProgramData\Auslogics
2015-02-03 17:33 - 2015-02-03 17:33 - 00000000 ____D () C:\Program Files

(x86)\Auslogics
2015-02-03 17:27 - 2015-02-03 17:27 - 00000451 _____ () C:\WINDOWS

\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-02-03 17:23 - 2015-02-03 17:23 - 00000000 ____H () C:\ProgramData\DP45977C.lfl
2015-02-03 16:31 - 2015-02-03 16:31 - 06707696 _____ (Auslogics Labs Pty Ltd ) C:

\Users\Jan\Downloads\disk-defrag-setup.exe
2015-02-03 16:19 - 2015-02-03 16:40 - 00000000 ____D () C:\ProgramData\Malwarebytes'

Anti-Malware (portable)
2015-02-03 16:13 - 2015-02-03 16:13 - 00001113 _____ () C:\Users\Public\Desktop

\Malwarebytes Anti-Malware.lnk
2015-02-03 16:09 - 2015-02-03 16:09 - 00000000 ____D () C:\ProgramData\Microsoft

\Windows\Start Menu\Programs\CrystalDiskInfo
2015-02-03 16:09 - 2015-02-03 16:09 - 00000000 ____D () C:\Program Files

(x86)\CrystalDiskInfo
2015-02-03 14:34 - 2014-11-15 06:06 - 00059392 _____ (Microsoft Corporation) C:

\WINDOWS\system32\wuauclt.exe
2015-02-03 14:34 - 2014-11-15 05:13 - 03286016 _____ (Microsoft Corporation) C:

\WINDOWS\system32\wuaueng.dll
2015-02-03 14:34 - 2014-11-15 05:13 - 01623552 _____ (Microsoft Corporation) C:

\WINDOWS\system32\wucltux.dll
2015-02-03 14:34 - 2014-11-15 05:13 - 00775168 _____ (Microsoft Corporation) C:

\WINDOWS\system32\wuapi.dll
2015-02-03 14:34 - 2014-11-15 05:13 - 00253440 _____ (Microsoft Corporation) C:

\WINDOWS\system32\WUSettingsProvider.dll
2015-02-03 14:34 - 2014-11-15 05:13 - 00144384 _____ (Microsoft Corporation) C:

\WINDOWS\system32\wuwebv.dll
2015-02-03 14:34 - 2014-11-15 05:13 - 00100352 _____ (Microsoft Corporation) C:

\WINDOWS\system32\wudriver.dll
2015-02-03 14:34 - 2014-11-15 05:13 - 00040448 _____ (Microsoft Corporation) C:

\WINDOWS\system32\wuapp.exe
2015-02-03 14:34 - 2014-11-15 05:12 - 00176640 _____ (Microsoft Corporation) C:

\WINDOWS\system32\storewuauth.dll
2015-02-03 14:34 - 2014-11-15 03:54 - 00035328 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\wuapp.exe
2015-02-03 14:34 - 2014-11-15 03:53 - 00630272 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\wuapi.dll
2015-02-03 14:34 - 2014-11-15 03:53 - 00128000 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\wuwebv.dll
2015-02-03 14:34 - 2014-11-15 03:53 - 00086528 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\wudriver.dll
2015-02-03 14:33 - 2014-12-19 06:48 - 00210432 _____ (Microsoft Corporation) C:

\WINDOWS\system32\profsvc.dll
2015-02-03 14:33 - 2014-12-19 04:35 - 00142336 _____ (Microsoft Corporation) C:

\WINDOWS\system32\Drivers\mrxdav.sys
2015-02-03 14:33 - 2014-12-11 06:51 - 00062976 _____ (Microsoft Corporation) C:

\WINDOWS\system32\TSWbPrxy.exe
2015-02-03 14:33 - 2014-12-06 07:53 - 00458240 _____ (Microsoft Corporation) C:

\WINDOWS\system32\wer.dll
2015-02-03 14:33 - 2014-12-06 07:53 - 00026112 _____ (Microsoft Corporation) C:

\WINDOWS\system32\WerFaultSecure.exe
2015-02-03 14:33 - 2014-12-06 07:52 - 00384000 _____ (Microsoft Corporation) C:

\WINDOWS\system32\ncsi.dll
2015-02-03 14:33 - 2014-12-06 07:52 - 00357376 _____ (Microsoft Corporation) C:

\WINDOWS\system32\nlasvc.dll
2015-02-03 14:33 - 2014-12-06 07:52 - 00072192 _____ (Microsoft Corporation) C:

\WINDOWS\system32\nlaapi.dll
2015-02-03 14:33 - 2014-12-06 07:51 - 00370688 _____ (Microsoft Corporation) C:

\WINDOWS\system32\Faultrep.dll
2015-02-03 14:33 - 2014-12-06 07:51 - 00267264 _____ (Microsoft Corporation) C:

\WINDOWS\system32\EncDump.dll
2015-02-03 14:33 - 2014-12-06 07:50 - 00783872 _____ (Microsoft Corporation) C:

\WINDOWS\system32\audiosrv.dll
2015-02-03 14:33 - 2014-12-06 06:10 - 00355840 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\wer.dll
2015-02-03 14:33 - 2014-12-06 06:10 - 00023552 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-02-03 14:33 - 2014-12-06 06:09 - 00332800 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\Faultrep.dll
2015-02-03 14:33 - 2014-12-06 06:09 - 00055296 _____ (Microsoft Corporation) C:

\WINDOWS\SysWOW64\nlaapi.dll
2015-02-03 14:33 - 2014-11-05 06:40 - 00733184 _____ (Microsoft Corporation) C:

\WINDOWS\system32\win32spl.dll
2015-02-03 14:33 - 2014-11-05 06:39 - 01024512 _____ (Microsoft Corporation) C:

\WINDOWS\system32\localspl.dll
2015-02-03 14:33 - 2014-11-01 06:28 - 00417280 _____ (Microsoft Corporation) C:

\WINDOWS\system32\services.exe
2015-02-03 14:33 - 2014-10-29 14:21 - 00499008 _____ (Microsoft Corporation) C:

\WINDOWS\system32\Drivers\vhdmp.sys
2015-01-26 17:31 - 2015-01-26 17:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla

Firefox
2015-01-21 07:01 - 2015-01-21 07:01 - 00681688 _____ (Inventec ) C:\WINDOWS

\system32\Drivers\rtlh64.sys
2015-01-21 07:01 - 2015-01-21 07:01 - 00075480 _____ (Realtek Semiconductor

Corporation) C:\WINDOWS\system32\RtNicProp64.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 19:18 - 2014-03-25 14:07 - 00000000 ____D () C:\Users\Jan\AppData

\Roaming\ClassicShell
2015-02-16 19:17 - 2014-03-25 18:39 - 00000000 ____D () C:\Users\Jan\Desktop\Suzanne
2015-02-16 19:04 - 2014-03-25 15:36 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe

Flash Player Updater.job
2015-02-16 19:00 - 2012-07-26 08:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-16 18:44 - 2014-07-07 20:11 - 00000000 ____D () C:\Users\Jan\AppData\Local

\Deployment
2015-02-16 18:28 - 2014-03-25 15:25 - 00129752 _____ (Malwarebytes Corporation) C:

\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-16 18:10 - 2014-03-21 21:19 - 00004956 _____ () C:\WINDOWS\System32\Tasks

\Microsoft Office 15 Sync Maintenance for JANSPC-Jan JansPC
2015-02-16 16:53 - 2014-03-19 09:47 - 00003600 _____ () C:\WINDOWS\System32\Tasks

\Optimize Start Menu Cache Files-S-1-5-21-1356060280-3843463768-1386410482-1001
2015-02-16 16:44 - 2014-03-08 16:26 - 00000000 ___RD () C:\Users\Jan\OneDrive
2015-02-16 16:43 - 2014-03-19 09:38 - 00006383 _____ () C:\Users\Jan\AppData\Local

\BTServer.log
2015-02-16 09:34 - 2012-07-26 08:12 - 00000000 ____D () C:\WINDOWS

\system32\FxsTmp
2015-02-14 07:31 - 2014-03-19 09:30 - 00000000 ____D () C:\WINDOWS\Minidump
2015-02-14 07:31 - 2012-07-26 07:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-14 07:30 - 2014-03-19 09:30 - 438307803 _____ () C:\WINDOWS\MEMORY.DMP
2015-02-13 21:05 - 2012-07-26 05:26 - 01310720 ___SH () C:\WINDOWS

\system32\config\BBI
2015-02-13 13:02 - 2014-03-24 21:48 - 00001109 _____ () C:\ProgramData\Microsoft

\Windows\Start Menu\Programs\TeamViewer 9.lnk
2015-02-13 13:01 - 2014-03-24 21:48 - 00001097 _____ () C:\Users\Public\Desktop

\TeamViewer 9.lnk
2015-02-13 10:13 - 2013-12-16 20:14 - 00000000 ____D () C:\ProgramData\Realtek
2015-02-12 09:19 - 2013-12-16 20:14 - 01278698 _____ () C:\WINDOWS

\WindowsUpdate.log
2015-02-12 09:07 - 2012-07-26 08:12 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-12 08:56 - 2012-07-26 07:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-12 08:53 - 2012-07-26 08:12 - 00000000 ____D () C:\Program Files\Common

Files\microsoft shared
2015-02-12 07:01 - 2014-11-03 21:05 - 00393544 _____ () C:\WINDOWS

\system32\FNTCACHE.DAT
2015-02-11 23:35 - 2012-07-26 08:12 - 00000000 ____D () C:\WINDOWS\WinStore
2015-02-11 23:34 - 2014-12-12 12:50 - 00000000 ____D () C:\WINDOWS

\system32\appraiser
2015-02-11 23:34 - 2014-07-09 22:12 - 00000000 ___SD () C:\WINDOWS

\system32\CompatTel
2015-02-11 11:42 - 2013-12-16 20:16 - 00000000 ____D () C:\ProgramData\Package

Cache
2015-02-11 11:41 - 2014-03-20 18:41 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-11 11:35 - 2014-03-20 18:41 - 116773704 _____ (Microsoft Corporation) C:

\WINDOWS\system32\MRT.exe
2015-02-08 22:19 - 2013-10-11 19:32 - 00055162 _____ () C:\WINDOWS\PFRO.log
2015-02-06 10:26 - 2014-03-19 09:38 - 00000000 ____D () C:\Users\Jan\AppData\Local

\Packages
2015-02-04 19:04 - 2014-03-25 15:36 - 00003718 _____ () C:\WINDOWS\System32\Tasks

\Adobe Flash Player Updater
2015-02-03 20:13 - 2012-07-26 05:26 - 00262144 ___SH () C:\WINDOWS

\system32\config\ELAM
2015-02-03 20:10 - 2015-01-09 21:47 - 00000000 ____D () C:\Users\Jan\Documents

\ccleaner-reg-backups
2015-02-03 19:29 - 2014-11-03 13:28 - 00714184 _____ (Adobe Systems Incorporated) C:

\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 19:29 - 2014-11-03 13:28 - 00106440 _____ (Adobe Systems Incorporated) C:

\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-03 17:28 - 2014-03-19 09:31 - 00000000 ____D () C:\Users\Jan
2015-02-03 17:23 - 2013-10-11 20:55 - 00000000 ____D () C:\WINDOWS

\SysWOW64\RTCOM
2015-02-03 17:23 - 2012-07-26 07:21 - 00046000 _____ () C:\WINDOWS\setupact.log
2015-02-03 17:22 - 2013-12-16 20:12 - 00000000 ____D () C:\Program Files\Intel
2015-02-03 17:10 - 2014-03-25 14:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla

Maintenance Service
2015-02-03 17:08 - 2012-07-26 08:12 - 00000000 ____D () C:\WINDOWS\system32\en-GB
2015-02-03 16:18 - 2014-03-25 15:25 - 00097496 _____ (Malwarebytes Corporation) C:

\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-03 16:13 - 2014-03-25 15:25 - 00000000 ____D () C:\ProgramData\Microsoft

\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-03 16:13 - 2014-03-25 15:25 - 00000000 ____D () C:\Program Files

(x86)\Malwarebytes Anti-Malware
2015-02-03 14:34 - 2012-07-26 08:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2015-02-03 14:19 - 2014-04-08 11:54 - 00000000 ____D () C:\Users\Jan\AppData\Local

\DoNotTrackPlus
2015-01-29 15:54 - 2014-03-08 16:30 - 00056832 ___SH () C:\Users\Jan\Downloads

\Thumbs.db
2015-01-19 15:51 - 2014-03-20 16:37 - 00000000 ____D () C:\Users\Jan\AppData

\Roaming\Spotify
2015-01-19 15:46 - 2014-03-20 16:41 - 00000000 ____D () C:\Users\Jan\AppData\Local

\Spotify
2015-01-19 14:08 - 2012-07-26 08:12 - 00000000 ____D () C:\WINDOWS\system32\NDF

==================== Files in the root of some directories =======

2014-03-19 09:38 - 2015-02-16 16:43 - 0006383 _____ () C:\Users\Jan\AppData\Local

\BTServer.log
2015-02-03 17:23 - 2015-02-03 17:23 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Jan\AppData\Local\Temp\COMAP.EXE
C:\Users\Jan\AppData\Local\Temp\DYIATHUQLCW.exe
C:\Users\Jan\AppData\Local\Temp\Quarantine.exe
C:\Users\Jan\AppData\Local\Temp\SHSetup.exe
C:\Users\Jan\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Jan\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-13 08:35

==================== End Of Log ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015
Ran by Jan at 2015-02-16 19:24:03
Running from C:\Users\Jan\Desktop
Boot Mode: Normal

==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-

DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-

DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-

AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them.

The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version:

16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001})

(Version: 11.0.10 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.01.01

- ASUSTeK Computer Inc.)
Amazon Cloud Drive (HKU\S-1-5-21-1356060280-3843463768-1386410482-1001\...

\23ab716f18849b6f) (Version: 2.4.2013.3290 - Amazon)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-

869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
ASUS Easy Update (HKLM-x32\...\{E7AA854E-6756-424E-84C2-4E47D5729AFF})

(Version: 2.00.30 - ASUSTeK Computer Inc)
ASUS Music Maker (HKLM-x32\...\MAGIX_{5E00D8DF-905B-41C7-B562-

C126DE3A4167}) (Version: 18.0.3.3 - MAGIX AG)
ASUS Music Maker (Version: 18.0.3.3 - MAGIX AG) Hidden
ASUS MX Suite (HKLM-x32\...\MAGIX_{9204F334-2A46-49F1-89C4-65CEB7AC1974})

(Version: 1.13.0.121 - MAGIX AG)
ASUS MX Suite (Version: 1.13.0.121 - MAGIX AG) Hidden
ASUS Video easy (HKLM-x32\...\MAGIX_{7DB84618-76E3-4999-A9A0-D7D756E14129})

(Version: 3.0.1.42 - MAGIX AG)
ASUS Video easy (Version: 3.0.1.42 - MAGIX AG) Hidden
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 -

ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B})

(Version: 10.0.4127.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4127.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
AudibleManager (HKLM-x32\...\AudibleManager) (Version:

18414980.4759644.48.2001286984 - Audible, Inc.)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}

_is1) (Version: 5.2.0.0 - Auslogics Labs Pty Ltd)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9})

(Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722})

(Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F})

(Version: 1.1.6 - Cisco Systems, Inc.)
Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 -

IvoSoft)
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1)

(Version:  - Foolish IT LLC)
CrystalDiskInfo 6.3.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.3.0 - Crystal Dew World)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DriverTuner 3.5.0.1 (HKLM-x32\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1)

(Version: 3.5.0.1 - LionSea Software co., ltd)
eManual (HKLM-x32\...\{0C84E634-EB68-4A54-B21E-A05EC87A4CC5}) (Version: 1.00.05

- ASUSTeK Computer Inc.)
Epson Connect Guide (HKLM-x32\...\Epson Connect Guide) (Version:  - )
Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391})

(Version: 3.01.0005 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A})

(Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson Network Guide WF-2540 Series (HKLM-x32\...\WF-2540 Series Netg) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson User's Guide WF-2540 Series (HKLM-x32\...\WF-2540 Series Useg) (Version:  - )
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version:  -

SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version:

2.6.0 - SEIKO EPSON CORPORATION)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{6C5F8503-55D2-4398-858C-

362B7A7AF51C}) (Version: 2.1.31.0 - MAGIX AG)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galeria de Fotografias (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
InstallConverter (x32 Version: 1.0 - InstallConverter) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-

C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-

B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-

4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-

Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us)

(Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1356060280-3843463768-1386410482-1001\...

\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version:

5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-

473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-

51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-

C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-

F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-

30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...

\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft

Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6

-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-

35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-

1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-

5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual

Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US))

(Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 -

Mozilla)
Mozilla Thunderbird 31.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 en-

US)) (Version: 31.4.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94})

(Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-

441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft

Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft

Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft

Corporation) Hidden
Raccolta foto (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB})

(Version: 3.744.744.062013 - REALTEK Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-

06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-

958108FE7DBC}) (Version: 6.0.1.7050 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-

17329590CD5}) (Version: 1.00.0225 - REALTEK Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054})

(Version: 10.0.0 - McAfee)
Software Updater (HKLM-x32\...\{FA7EE274-7370-43B7-9A45-A39B17CCCDC5})

(Version: 4.3.3 - SEIKO EPSON CORPORATION)
Spotify (HKU\S-1-5-21-1356060280-3843463768-1386410482-1001\...\Spotify) (Version:

0.9.15.27.g87efe634 - Spotify AB)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA})

(Version: 6.0.1170 - SUPERAntiSpyware.com)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.38846 - TeamViewer)
Why ASUS PC (HKLM-x32\...\{5648F9D9-299E-408C-AC1F-59DC75894A1F}) (Version:

1.00.02 - ASUSTeK Computer Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft

Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-

867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Συλλογή φωτογραφιών (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
影像中心 (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items):

==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be

moved.)

CustomCLSID: HKU\S-1-5-21-1356060280-3843463768-1386410482-1001_Classes

\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS

\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1356060280-3843463768-1386410482-1001_Classes

\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Jan

\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft

Corporation)
CustomCLSID: HKU\S-1-5-21-1356060280-3843463768-1386410482-1001_Classes

\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Jan

\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft

Corporation)
CustomCLSID: HKU\S-1-5-21-1356060280-3843463768-1386410482-1001_Classes

\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Jan

\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft

Corporation)
CustomCLSID: HKU\S-1-5-21-1356060280-3843463768-1386410482-1001_Classes

\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Jan

\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft

Corporation)
CustomCLSID: HKU\S-1-5-21-1356060280-3843463768-1386410482-1001_Classes

\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Jan

\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft

Corporation)

==================== Restore Points  =========================

01-02-2015 11:07:34 Scheduled Checkpoint
03-02-2015 16:57:47 WUs
08-02-2015 22:06:46 before cleaning with ADW Cleaner
12-02-2015 08:50:36 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 05:26 - 2012-07-26 05:26 - 00000824 ____N C:\WINDOWS\system32\Drivers

\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could

be listed separately to be moved.)

Task: {27FEAB9F-8657-4ACB-93EB-7F5F92DD710C} - System32\Tasks\avast!

Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015

-02-03] (AVAST Software)
Task: {2E847485-B335-4F4E-AD41-5C8C1982CD6E} - System32\Tasks\Adobe Acrobat

Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[2014-12-19] (Adobe Systems Incorporated)
Task: {4900E6D1-DE54-4EB5-80D9-06D191C0B28D} - System32\Tasks\Microsoft Office

15 Sync Maintenance for JANSPC-Jan JansPC => C:\Program Files\Microsoft Office

15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation)
Task: {4E4786B2-4C2D-4C73-A48A-EB1D16890D67} - System32\Tasks\Microsoft\Office

\Office Automatic Updates => C:\Program Files\Microsoft Office

15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {589A5956-F8E9-4170-84D0-33230EAB3F87} - System32\Tasks\CCleanerSkipUAC

=> C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {5D8CFBBC-488A-4C60-9CB5-9F06A6FF1F1E} - System32\Tasks\Adobe Flash

Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash

\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {874E7F0E-656C-4F60-BDCE-D9AC51DC9702} - System32\Tasks

\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe

[2012-09-27] ()
Task: {901A1E38-C9B3-4FB3-B61D-EB93B141C0B9} - System32\Tasks\ASUS\ASUS AI

Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-

03-13] (ASUSTeK Computer Inc.)
Task: {ABCFC09F-A82C-4138-AC0C-FB6C25084434} - System32\Tasks\ASUS\ASUS

Easy Update => C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe [2012-11-20]

(ASUSTeK Computer Inc.)
Task: {BD6A6B09-767B-4E70-ACF7-B1C9625123FD} - System32\Tasks\Microsoft

\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-11]

(Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS

\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2013-10-11 21:01 - 2012-06-01 09:42 - 00920736 _____ () C:\Program Files (x86)\ASUS

\AXSP\1.00.19\atkexComSvc.exe
2012-12-19 06:10 - 2012-12-19 06:10 - 00072192 _____ () C:\Program Files (x86)\ASUS

\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2013-12-16 20:14 - 2013-06-15 02:12 - 00045056 _____ () C:\Program Files

(x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2014-03-20 16:57 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft

Office 15\ClientX64\ApiClient.dll
2014-11-23 11:33 - 2014-09-23 13:36 - 08897696 _____ () C:\Program Files\Microsoft

Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-06-25 10:02 - 2013-06-05 07:43 - 00176048 _____ () C:\Program Files

\WindowsApps

\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe

\ModernShared\ErrorReporting\ErrorReporting.dll
2015-02-13 19:48 - 2015-02-13 19:48 - 02912256 _____ () C:\Program Files\AVAST

Software\Avast\defs\15021301\algo.dll
2015-02-16 18:57 - 2015-02-16 18:57 - 02911744 _____ () C:\Program Files\AVAST

Software\Avast\defs\15021600\algo.dll
2013-10-11 21:01 - 2015-02-14 07:31 - 00021504 _____ () C:\Program Files (x86)\ASUS

\AXSP\1.00.19\PEbiosinterface32.dll
2013-10-11 21:01 - 2010-06-29 02:58 - 00104448 _____ () C:\Program Files (x86)\ASUS

\AXSP\1.00.19\ATKEX.dll
2013-12-16 20:12 - 2012-06-25 18:41 - 01198912 _____ () C:\Program Files (x86)\Intel

\Intel® Management Engine Components\UNS\ACE.dll
2014-09-25 17:45 - 2014-09-25 17:45 - 00081056 _____ () C:\Users\Jan\AppData\Local

\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.dll
2014-11-23 11:31 - 2014-11-23 11:31 - 00316576 _____ () C:\Program Files\Microsoft

Office 15\root\office15\AppVIsvStream32.dll
2015-02-03 20:20 - 2015-02-03 20:20 - 38562088 _____ () C:\Program Files\AVAST

Software\Avast\libcef.dll
2014-11-23 11:33 - 2014-11-23 11:33 - 00316576 _____ () C:\Program Files\Microsoft

Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared

\OFFICE15\AppVIsvStream32.dll
2014-08-02 08:45 - 2015-02-16 16:45 - 00046080 _____ () C:\Users\Jan\AppData\Local

\Apps\2.0\QQAGQXNE.DAX

\H65B81HP.HH3\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\NativeOpe

rations.dll
2014-08-02 08:45 - 2014-08-02 08:45 - 00541696 _____ () C:\Users\Jan\AppData\Local

\Temp\sqlite-3.7.2-sqlitejdbc.dll
2015-01-26 17:31 - 2015-01-26 17:31 - 03925104 _____ () C:\Program Files (x86)\Mozilla

Firefox\mozjs.dll
2014-09-25 17:45 - 2014-09-25 17:45 - 00081056 _____ () C:\Users\Jan\AppData\Local

\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.DLL
2015-01-15 13:44 - 2015-01-15 13:44 - 03347056 _____ () C:\Program Files (x86)\Mozilla

Thunderbird\mozjs.dll
2015-01-15 13:44 - 2015-01-15 13:44 - 00158832 _____ () C:\Program Files (x86)\Mozilla

Thunderbird\NSLDAP32V60.dll
2015-01-15 13:44 - 2015-01-15 13:44 - 00023152 _____ () C:\Program Files (x86)\Mozilla

Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Jan\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will

be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be

removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1356060280-3843463768-1386410482-1001\Control Panel\Desktop\

\Wallpaper ->
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "BtServer"
HKLM\...\StartupApproved\Run32: => "FUFAXRCV"
HKLM\...\StartupApproved\Run32: => "FUFAXSTM"
HKU\S-1-5-21-1356060280-3843463768-1386410482-1001\...\StartupApproved\Run: =>

"Spotify"
HKU\S-1-5-21-1356060280-3843463768-1386410482-1001\...\StartupApproved\Run: =>

"Spotify Web Helper"

==================== Accounts: =============================

Administrator (S-1-5-21-1356060280-3843463768-1386410482-500 - Administrator -

Disabled) => C:\Users\Administrator
Guest (S-1-5-21-1356060280-3843463768-1386410482-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1356060280-3843463768-1386410482-1005 - Limited -

Enabled)
Jan (S-1-5-21-1356060280-3843463768-1386410482-1001 - Administrator - Enabled) =>

C:\Users\Jan

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/16/2015 03:01:47 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in

manifest or policy file "C:\WINDOWS\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line

C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version

already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (02/15/2015 10:00:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID:

5973) (User: JANSPC)
Description: Activation of application

microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail

failed with error: -2147418113 See the Microsoft-Windows-TWinUI/Operational log for

additional information.

Error: (02/15/2015 10:26:00 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in

manifest or policy file "C:\WINDOWS\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line

C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version

already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (02/15/2015 10:21:11 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in

manifest or policy file "C:\WINDOWS\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line

C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version

already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (02/14/2015 07:54:07 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in

manifest or policy file "C:\WINDOWS\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line

C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version

already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (02/13/2015 05:46:13 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in

manifest or policy file "C:\WINDOWS\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line

C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version

already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (02/13/2015 03:57:23 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in

manifest or policy file "C:\WINDOWS\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line

C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version

already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (02/13/2015 03:57:21 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in

manifest or policy file "C:\WINDOWS\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line

C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version

already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (02/13/2015 03:57:14 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in

manifest or policy file "C:\WINDOWS\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line

C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version

already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (02/13/2015 08:41:44 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in

manifest or policy file "C:\WINDOWS\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line

C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version

already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.


System errors:
=============
Error: (02/16/2015 09:35:50 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-

E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT

AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/16/2015 03:05:40 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume Windows.

The exact nature of the corruption is unknown.  The file system structures need to be scanned

online.

Error: (02/14/2015 09:15:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-

E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT

AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/14/2015 07:31:47 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000009f (0x0000000000000003, 0xfffffa8003bbb060, 0xfffff88000a2b7f0,

0xfffffa8007dbeca0)C:\WINDOWS\MEMORY.DMP021415-21218-01

Error: (02/14/2015 07:30:51 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6)

(User: NT AUTHORITY)
Description: 0xc000014d0

Error: (02/14/2015 07:31:05 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:51:05 PM on ‎2/‎13/‎2015 was unexpected.

Error: (02/14/2015 07:30:43 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29)

(User: NT AUTHORITY)
Description: 32212254731130208

Error: (02/13/2015 11:46:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-

E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT

AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/13/2015 09:05:36 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6)

(User: NT AUTHORITY)
Description: 0xc000014d0

Error: (02/13/2015 04:36:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-

E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT

AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable


Microsoft Office Sessions:
=========================
Error: (02/16/2015 03:01:47 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:

\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestc:

\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (02/15/2015 10:00:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID:

5973) (User: JANSPC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!

Microsoft.WindowsLive.Mail-2147418113

Error: (02/15/2015 10:26:00 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:

\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestc:

\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (02/15/2015 10:21:11 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:

\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestc:

\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (02/14/2015 07:54:07 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:

\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestc:

\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (02/13/2015 05:46:13 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:

\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users

\Jan\Downloads\esetsmartinstaller_enu(2).exe

Error: (02/13/2015 03:57:23 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:

\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users

\Jan\Downloads\esetsmartinstaller_enu(2).exe

Error: (02/13/2015 03:57:21 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:

\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users

\Jan\Downloads\esetsmartinstaller_enu(2).exe

Error: (02/13/2015 03:57:14 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:

\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users

\Jan\Downloads\esetsmartinstaller_enu(2).exe

Error: (02/13/2015 08:41:44 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:

\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestc:

\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe


==================== Memory info ===========================

Processor: Intel® Core™ i3-3240T CPU @ 2.90GHz
Percentage of memory in use: 65%
Total physical RAM: 3786.93 MB
Available physical RAM: 1312.24 MB
Total Pagefile: 7626.93 MB
Available Pagefile: 4586.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:149.56 GB) (Free:89.54 GB) NTFS
Drive d: (Data) (Fixed) (Total:292.9 GB) (Free:292.4 GB) NTFS
Drive g: () (Removable) (Total:29.28 GB) (Free:24.58 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 797D463C)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 29.3 GB) (Disk ID: 413401AF)
Partition 1: (Not Active) - (Size=29.3 GB) - (Type=0B)

==================== End Of Log ============================

 

 

 

 



BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:55 PM

Posted 21 February 2015 - 03:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/567281 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:10:55 AM

Posted 24 February 2015 - 05:40 PM

Hi, simrick! I'm going to try to help you out. :)

Before we get started, here are some things I need you to remember:

  • Please don't make any changes to your computer, or run programs, without asking me first! This will make it practically impossible for me to assist you.
  • Always read my posts completely before doing anything, and follow the instructions in the order I give them to you, unless stated otherwise.
  • If you're getting help elsewhere, or have already resolved the problem, please let me know so I can close this thread.
  • Please respond to me within five days of me replying to you. If you need more time, please let me know. I will close topics that I have not received a response from within five days.
  • Please be patient with me. I need some time to analyze your logs and responses so I can correctly help you. I should respond to you within two days, but if I haven't, please send me a PM! I may have missed your response. Bribing me with candy for faster replies is not advised.
  • If something goes wrong, you don't understand something, or you don't know what to do, please stop and ask me before proceeding with any further steps!

First of all, is Word Wrap in Notepad on? If so, please disable it by opening Notepad, clicking Format, and unchecking Word Wrap. It makes logs rather difficult to read. :)

 

I don't see anything particularly alarming in your logs, although there are a few things I'd like to clean up.

 

Farbar Recovery Scan Tool

I need you to run a fix with FRST.

  • Open up Notepad, and copy and paste the text in the following box into the Notepad text field:
    HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-10-11] (ASUSTek Computer Inc.)
    Winlogon\Notify\igfxcui: igfxdev.dll [X]
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1356060280-3843463768-1386410482-1001 -> URL http://search.conduit.com/Results.aspx?gd=&ctid=CT3319613&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=58&CUI=&UM=5&UP=SP327F9496-00CF-4599-BF82-8497E93F4AAF&q={searchTerms}&SSPV=
    SearchScopes: HKU\S-1-5-21-1356060280-3843463768-1386410482-1001 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix{searchTerms}
    C:\Users\Jan\Downloads\esetsmartinstaller_enu(2).exe
    C:\Users\Jan\Downloads\esetsmartinstaller_enu(1).exe
    C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    C:\Users\Jan\Downloads\avast_free_antivirus_setup_online.exe
    C:\Users\Jan\Downloads\esetsmartinstaller_enu.exe
    C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
    C:\ProgramData\DP45977C.lfl
    C:\Users\Jan\Downloads\disk-defrag-setup.exe
    C:\Users\Jan\AppData\Local\Temp\COMAP.EXE
    C:\Users\Jan\AppData\Local\Temp\DYIATHUQLCW.exe
    C:\Users\Jan\AppData\Local\Temp\Quarantine.exe
    C:\Users\Jan\AppData\Local\Temp\SHSetup.exe
    C:\Users\Jan\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
    C:\Users\Jan\AppData\Local\Temp\sqlite3.dll
    InstallConverter (x32 Version: 1.0 - InstallConverter) Hidden
    Συλλογή φωτογραφιών (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    影像中心 (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    照片库 (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    C:\Users\Jan\AppData\Local\Apps\2.0\QQAGQXNE.DAX\H65B81HP.HH3\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\NativeOperations.dll
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    Save it to the same location as FRST as fixlist.txt.
  • Open up FRST, and click the Fix button. If it asks you to reboot in order to complete the fix, please do so.
  • Once it's done fixing things, it will create Fixlog.txt in the same folder. Please copy and paste it into your reply.

Uninstall Programs

Next, I need you to uninstall some programs using either Programs and Features or Revo Uninstaller.

 

However, allow me to ask if you use any of the following before you do. None of these are bad, but you should remove them if you don't need them:

 

Adobe Reader XI (11.0.10) (this is particularly vulnerable to malware exploitation; Firefox has a built-in .pdf reader, so this is often unnecessary)

CrystalDiskInfo 6.3.0
ESET Online Scanner v3 (after using it once, you probably don't need it again)

Why ASUS PC (just a tutorial program)

Windows Live Essentials

 

If you want to use Programs and Features:

  • Right click on the Windows logo on the left corner of your screen, click Control Panel, and then Uninstall a program.
  • Once it loads all the programs, uninstall the following, if present, one at a time:
    Adobe Reader XI (11.0.10)

    CrystalDiskInfo 6.3.0

    DriverTuner 3.5.0.1

    ESET Online Scanner v3

    InstallConverter

    Why ASUS PC

    Windows Live Essentials
    by clicking Change/Remove, and following the prompts in the uninstaller.

If you have any problems uninstalling a program using Programs and Features, proceed to the below method.

If you want to use Revo Uninstaller (which does a better job at cleaning up):

  • Download Revo from here, and save it to your desktop.
  • Double click the installer on your desktop, and let the program install.
  • Once it's done, double click the Revo Uninstaller shortcut on your desktop to run it. Once it loads all the programs, uninstall the following, if present, one at a time:
    Adobe Reader XI (11.0.10)

    CrystalDiskInfo 6.3.0

    DriverTuner 3.5.0.1

    ESET Online Scanner v3

    InstallConverter

    Why ASUS PC

    Windows Live Essentials
  • Double click the program, and say Yes on the prompt. Ensure the Moderate option is ticked, and click Next.
  • Follow the prompts in the built-in uninstaller, and then click Next in Revo.
  • If any registry remnants are found, check the bold items only. If there is a closed folder visible, click the + to expand it until you find the bold item. Then Delete the remnants.
  • Proceed again, and if any files/folders were found, delete those, too.

Finally, I see you've disabled a few items using MSCONFIG. This is a rather messy way to go about removing start-up entries, so I would like for you to re-enable them. I would be more than happy to disable them again using a cleaner method, if you'd like. :)
 

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "BtServer"
HKLM\...\StartupApproved\Run32: => "FUFAXRCV"
HKLM\...\StartupApproved\Run32: => "FUFAXSTM"
HKU\S-1-5-21-1356060280-3843463768-1386410482-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1356060280-3843463768-1386410482-1001\...\StartupApproved\Run: => "Spotify Web Helper"

 

Let me know how the computer's running.

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#4 simrick

simrick
  • Topic Starter

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:55 PM

Posted 25 February 2015 - 11:14 AM

Hi Gunto.

Just a question before I begin. Regarding the removal of:

 

Adobe Reader XI (11.0.10)

CrystalDiskInfo 6.3.0

 

Do you have a suggestion for another, safer PDF reader? Because Firefox alone won't be sufficient.

Do you have another suggestion for free monitoring of the hard drive SMART attributes?

 

Thanks!

 

EDIT/ADDITIONAL

 

I get an error about unicode characters whne I try to save the fixlist.txt. Not sure what to do?Attached File  unicode.PNG   10.71KB   0 downloads

 

 

I will remove the other programs via Programs and Features except Adobe Reader. However, InstallConcerter is not on the list so I can't remove that one.


Edited by simrick, 25 February 2015 - 01:34 PM.


#5 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:10:55 AM

Posted 25 February 2015 - 06:21 PM

Hi,

 

There are quite a few alternatives to Adobe Reader, such as Sumatra PDF, Cool PDF Reader, and Slim PDF reader (this one will ask you to register it; feel free to decline). Both Sumatra and Cool PDF Reader are (optionally) portable/installer-free as well.

 

For another SMART monitor, I use GSmartControl should it ever be necessary. It's also portable. :)

 

Regarding fixlist.txt, change the encoding from ANSI to Unicode in the drop-down menu right next to Save before saving it. Does it work now?

 

InstallConverter is actually hidden from Programs and Features, which is why you can't find it. However, I included its "hidden" entry in fixlist.txt to fix that, so try removing it again after running FRST. :)

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#6 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:10:55 AM

Posted 28 February 2015 - 08:05 PM

Hi,

It's been three days since my last post, so I am bumping the topic just in case you missed my previous reply. If you need more time to get back to me, please let me know, because I'll assume you're inactive otherwise.

If I still haven't heard from you in two days, this topic will be locked, so please get back to me by then.

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#7 simrick

simrick
  • Topic Starter

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:55 PM

Posted 28 February 2015 - 09:44 PM

Gunto, Please bear with me, I need some more time to get to this. Thank you very much for your help.



#8 simrick

simrick
  • Topic Starter

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:55 PM

Posted 02 March 2015 - 12:02 PM

Hi,

It's been three days since my last post, so I am bumping the topic just in case you missed my previous reply. If you need more time to get back to me, please let me know, because I'll assume you're inactive otherwise.

If I still haven't heard from you in two days, this topic will be locked, so please get back to me by then.

Gunto

 

 

Here is the fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-03-2015
Ran by Jan at 2015-03-02 17:00:07 Run:1
Running from C:\Users\Jan\Desktop
Loaded Profiles: Jan (Available profiles: Jan & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-10-11] (ASUSTek Computer Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1356060280-3843463768-1386410482-1001 -> URL http://search.conduit.com/Results.aspx?gd=&ctid=CT3319613&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=58&CUI=&UM=5&UP=SP327F9496-00CF-4599-BF82-8497E93F4AAF&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1356060280-3843463768-1386410482-1001 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix{searchTerms}
C:\Users\Jan\Downloads\esetsmartinstaller_enu(2).exe
C:\Users\Jan\Downloads\esetsmartinstaller_enu(1).exe
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\Users\Jan\Downloads\avast_free_antivirus_setup_online.exe
C:\Users\Jan\Downloads\esetsmartinstaller_enu.exe
C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
C:\ProgramData\DP45977C.lfl
C:\Users\Jan\Downloads\disk-defrag-setup.exe
C:\Users\Jan\AppData\Local\Temp\COMAP.EXE
C:\Users\Jan\AppData\Local\Temp\DYIATHUQLCW.exe
C:\Users\Jan\AppData\Local\Temp\Quarantine.exe
C:\Users\Jan\AppData\Local\Temp\SHSetup.exe
C:\Users\Jan\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Jan\AppData\Local\Temp\sqlite3.dll
InstallConverter (x32 Version: 1.0 - InstallConverter) Hidden
Συλλογή φωτογραφιών (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
影像中心 (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
C:\Users\Jan\AppData\Local\Apps\2.0\QQAGQXNE.DAX\H65B81HP.HH3\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\NativeOperations.dll
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ASUSPRP => value deleted successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-1356060280-3843463768-1386410482-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => value deleted successfully.
HKU\S-1-5-21-1356060280-3843463768-1386410482-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => value deleted successfully.
C:\Users\Jan\Downloads\esetsmartinstaller_enu(2).exe => Moved successfully.
C:\Users\Jan\Downloads\esetsmartinstaller_enu(1).exe => Moved successfully.
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => Moved successfully.
C:\Users\Jan\Downloads\avast_free_antivirus_setup_online.exe => Moved successfully.
C:\Users\Jan\Downloads\esetsmartinstaller_enu.exe => Moved successfully.
C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat => Moved successfully.
C:\ProgramData\DP45977C.lfl => Moved successfully.
C:\Users\Jan\Downloads\disk-defrag-setup.exe => Moved successfully.
C:\Users\Jan\AppData\Local\Temp\COMAP.EXE => Moved successfully.
C:\Users\Jan\AppData\Local\Temp\DYIATHUQLCW.exe => Moved successfully.
C:\Users\Jan\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Jan\AppData\Local\Temp\SHSetup.exe => Moved successfully.
C:\Users\Jan\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Temp\sqlite3.dll => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallConverter\\SystemComponent => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{032CB0D7-FDBF-4CA9-901B-A4C1B01B1777}\\SystemComponent => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7DB15F28-5E38-476A-A773-EA07EAEAB1B3}\\SystemComponent => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{25716F85-7DB7-4CB4-8BD3-1992DBA3F59C}\\SystemComponent => value deleted successfully.
C:\Users\Jan\AppData\Local\Apps\2.0\QQAGQXNE.DAX\H65B81HP.HH3\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\NativeOperations.dll => Moved successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc" => Key deleted successfully.

==== End of Fixlog 17:00:12 ====

 

Install/Converter did show up in the installed programs list, so I was able to uninstall it now - thanks for that.

 

Everything else is uninstalled except Adobe Reader, and everything si enabled as you suggested.

 

We don't want Spotify starting at every boot, so please tell me how to stop that?

Thanks.

 

One more thing:

I see now these strange entries in the programs list - chinese characters....is that something you unhid as well? and should I uninstall them?

Thanks.

 

The picture of the screenshot can be seen here

http://ge.tt/5cdMwUB2/v/0?c


Edited by simrick, 02 March 2015 - 12:28 PM.


#9 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:10:55 AM

Posted 03 March 2015 - 12:26 AM

Hi,

 

Great work on running FRST; everything went well there. :)

 

For now, please run another scan with FRST so that I may get a fresh look at your system. In addition to removing any start-up entries you don't want (such as Spotify), I can also get rid of any leftover infections or junk files. This time, only FRST.txt will be made; please copy it into your reply.

 

I can't seem to see that screenshot you posted, but I know what you're talking about. Yes, I unhid them, and you are free to remove them.

 

Also, is the computer having any performance problems? Has it ran better since I've had you run fixes? :)

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#10 simrick

simrick
  • Topic Starter

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:55 PM

Posted 04 March 2015 - 09:34 PM

Thanks. Will try to get to the computer tomorrow.



#11 simrick

simrick
  • Topic Starter

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:55 PM

Posted 06 March 2015 - 01:57 PM

I'm sorry - she seems to be having power problems today in the area, and I am not able to login. Will try tomorrow. Thank you for your patience.



#12 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:10:55 AM

Posted 07 March 2015 - 06:31 AM

No problem, thanks for keeping me updated. :)

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#13 simrick

simrick
  • Topic Starter

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:55 PM

Posted 09 March 2015 - 01:14 PM

Hi. Sorry for the delay. Here is the FRST text file:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2015 03
Ran by Jan (administrator) on JANSPC on 09-03-2015 18:04:06
Running from C:\Users\Jan\Desktop
Loaded Profiles: Jan (Available profiles: Jan & Administrator)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\AvrcpService.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIIUE.EXE
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corporation) C:\Users\Jan\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Amazon Digital Services, LLC.) C:\Users\Jan\AppData\Local\Apps\2.0\QQAGQXNE.DAX\H65B81HP.HH3\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\AmazonCloudDrive.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Sun Microsystems, Inc.) C:\Users\Jan\AppData\Local\Apps\2.0\QQAGQXNE.DAX\H65B81HP.HH3\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\LocalServiceJre\bin\AmazonCloudDriveW.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7199448 2013-10-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1353432 2013-10-01] (Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [253952 2013-05-07] (Realtek Semiconductor Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2012-08-20] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-04-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-04-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-03] (AVAST Software)
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\spotify\spotifylauncher.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\spotify\spotifylauncher.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\spotify\spotifylauncher.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\spotify\spotify.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\spotify\spotify.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\spotify\spotify.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\spotify\spotifylauncher.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\spotify\spotify.exe <====== ATTENTION
HKU\S-1-5-21-1356060280-3843463768-1386410482-1001\...\Run: [Spotify Web Helper] => C:\Users\Jan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-19] (Spotify Ltd)
HKU\S-1-5-21-1356060280-3843463768-1386410482-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1356060280-3843463768-1386410482-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-01-22] (SUPERAntiSpyware)
HKU\S-1-5-21-1356060280-3843463768-1386410482-1001\...\Run: [OneDrive] => C:\Users\Jan\AppData\Local\Microsoft\OneDrive\OneDrive.exe [281256 2015-03-03] (Microsoft Corporation)
HKU\S-1-5-21-1356060280-3843463768-1386410482-1001\...\Run: [Spotify] => C:\Users\Jan\AppData\Roaming\Spotify\spotify.exe [6737976 2015-01-19] (Spotify Ltd)
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.appref-ms ()
Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Jan\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Jan\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Jan\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Jan\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Jan\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Jan\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1356060280-3843463768-1386410482-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
HKU\S-1-5-21-1356060280-3843463768-1386410482-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2014-12-02] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-02-03] (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-14] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-01-18] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-02-03] (AVAST Software)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-08-27] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\hboohm6m.default-1420839845523
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-03-20] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\hboohm6m.default-1420839845523\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-03]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-03]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-02-03]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-03] (AVAST Software)
R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-05-07] (Realtek Semiconductor Corporation) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [45056 2013-06-15] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)
R0 asahci64; C:\Windows\System32\drivers\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-03] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-02-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-02-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-03] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-02-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-03] ()
S3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek                                            )
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [548936 2013-05-24] (Realtek Semiconductor Corporation)
R3 RTL8168; C:\Windows\system32\DRIVERS\rtlh64.sys [681688 2015-01-21] (Inventec                                            )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2975960 2013-08-02] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-09 18:04 - 2015-03-09 18:04 - 00034604 _____ () C:\Users\Jan\Desktop\FRST.txt
2015-03-09 18:03 - 2015-03-09 18:03 - 02095104 _____ (Farbar) C:\Users\Jan\Desktop\FRST64.exe
2015-03-09 18:03 - 2015-03-09 18:03 - 00000000 ____D () C:\Users\Jan\Desktop\FRST-OlderVersion
2015-03-07 14:09 - 2015-03-07 14:09 - 00000000 ___HD () C:\OneDriveTemp
2015-03-06 10:02 - 2015-03-06 10:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-02 17:14 - 2015-03-02 17:14 - 00000144 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-02-26 18:48 - 2015-02-26 19:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-02-25 12:58 - 2015-01-09 06:43 - 00951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-02-25 12:58 - 2015-01-09 05:03 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-02-25 12:58 - 2015-01-08 23:52 - 00478296 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-25 12:58 - 2015-01-08 23:52 - 00478296 _____ () C:\WINDOWS\system32\locale.nls
2015-02-16 19:22 - 2015-03-09 18:04 - 00000000 ____D () C:\FRST
2015-02-16 19:03 - 2015-02-16 19:03 - 00025755 _____ () C:\Users\Jan\Documents\Malwarebytes-keycode-2015-02-16.htm
2015-02-16 19:02 - 2015-02-16 19:03 - 00000000 ____D () C:\Users\Jan\Documents\Malwarebytes-keycode-2015-02-16_files
2015-02-15 14:50 - 2015-02-15 22:18 - 00010286 _____ () C:\Users\Jan\Documents\Hi there.odt
2015-02-14 07:31 - 2015-02-14 07:31 - 00355400 _____ () C:\WINDOWS\Minidump\021415-21218-01.dmp
2015-02-12 16:38 - 2015-02-12 16:38 - 00536840 _____ () C:\WINDOWS\Minidump\021215-24640-01.dmp
2015-02-12 08:47 - 2015-01-23 05:50 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-12 08:47 - 2015-01-23 04:27 - 02864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-11 11:06 - 2015-01-29 08:30 - 00593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AutoUpdate.exe
2015-02-11 11:06 - 2015-01-29 08:30 - 00467952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationUI.exe
2015-02-11 11:06 - 2015-01-29 08:30 - 00011056 _____ () C:\WINDOWS\system32\AutoconfigV2.cab
2015-02-11 11:06 - 2015-01-29 08:05 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-02-11 11:06 - 2015-01-29 08:05 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-02-11 11:06 - 2015-01-29 06:19 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-02-11 11:06 - 2015-01-29 06:19 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-02-11 11:06 - 2015-01-15 11:44 - 01043968 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2015-02-11 11:06 - 2015-01-15 11:44 - 00588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-02-11 11:06 - 2015-01-15 11:43 - 01282560 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-11 11:06 - 2015-01-15 10:00 - 00961536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2015-02-11 11:06 - 2015-01-15 10:00 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-02-11 11:06 - 2015-01-15 09:38 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-11 11:06 - 2015-01-15 09:09 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-11 11:06 - 2015-01-15 04:08 - 00568656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 11:06 - 2015-01-12 06:48 - 19291136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 11:06 - 2015-01-12 05:06 - 14373376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 11:06 - 2015-01-09 04:33 - 04061696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-11 11:05 - 2015-02-04 09:54 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-11 11:05 - 2015-02-04 09:52 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-11 11:05 - 2015-02-04 09:52 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-11 11:05 - 2015-02-04 09:52 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-11 11:05 - 2015-02-04 09:52 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-11 11:05 - 2015-02-02 23:18 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-11 11:05 - 2015-01-15 21:45 - 06973248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 11:05 - 2015-01-12 06:49 - 02237952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 11:05 - 2015-01-12 06:49 - 01627648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 11:05 - 2015-01-12 06:49 - 01409536 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 11:05 - 2015-01-12 06:49 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2015-02-11 11:05 - 2015-01-12 06:49 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 11:05 - 2015-01-12 06:48 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 11:05 - 2015-01-12 06:47 - 15403008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 11:05 - 2015-01-12 06:47 - 02655744 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 11:05 - 2015-01-12 06:47 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 11:05 - 2015-01-12 06:47 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 11:05 - 2015-01-12 06:46 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 11:05 - 2015-01-12 05:07 - 01762816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 11:05 - 2015-01-12 05:07 - 01338880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 11:05 - 2015-01-12 05:07 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 11:05 - 2015-01-12 05:07 - 00523264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 11:05 - 2015-01-12 05:06 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 11:05 - 2015-01-12 05:06 - 02055168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 11:05 - 2015-01-12 05:06 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 11:05 - 2015-01-12 05:06 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 11:05 - 2015-01-12 05:06 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 11:05 - 2015-01-12 04:16 - 00441856 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-02-11 11:05 - 2015-01-12 03:46 - 00361984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-02-11 11:05 - 2014-12-18 08:51 - 00096576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2015-02-11 11:05 - 2014-12-18 06:52 - 00889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-02-11 11:05 - 2014-12-18 06:51 - 01160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-02-11 11:05 - 2014-12-18 06:50 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-02-11 11:05 - 2014-12-18 06:20 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-02-11 11:05 - 2014-12-08 23:14 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-11 11:05 - 2014-12-08 06:48 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 11:05 - 2014-12-08 05:04 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 11:05 - 2014-11-26 06:43 - 00778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 11:05 - 2014-11-26 04:50 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-09 12:00 - 2015-02-09 12:00 - 04919339 _____ () C:\Users\Jan\Documents\IMG_2402.MOV Pups.MOV
2015-02-09 07:17 - 2015-02-09 07:17 - 00157268 _____ () C:\Users\Jan\Downloads\Need Advice Please-Rogue WhatsApp voice email - Am I infected  What do I do.htm
2015-02-09 07:17 - 2015-02-09 07:17 - 00000000 ____D () C:\Users\Jan\Downloads\Need Advice Please-Rogue WhatsApp voice email - Am I infected  What do I do_files
2015-02-08 22:01 - 2015-02-08 22:18 - 00000000 ____D () C:\AdwCleaner

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-09 18:04 - 2014-03-25 15:36 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-09 18:02 - 2012-07-26 08:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-09 17:59 - 2014-03-20 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2015-03-09 17:43 - 2015-02-03 19:34 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-03-09 17:30 - 2013-12-16 20:14 - 01650682 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-09 17:15 - 2014-07-07 20:11 - 00000000 ____D () C:\Users\Jan\AppData\Local\Deployment
2015-03-09 15:31 - 2014-03-25 15:25 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-09 14:56 - 2014-03-21 21:19 - 00004958 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for JANSPC-Jan JansPC
2015-03-09 13:01 - 2014-03-19 09:38 - 00038197 _____ () C:\Users\Jan\AppData\Local\BTServer.log
2015-03-09 10:51 - 2014-03-25 14:07 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\ClassicShell
2015-03-09 10:42 - 2012-07-26 08:12 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-03-08 11:45 - 2014-11-21 22:09 - 00000000 ___HD () C:\$Windows.~BT
2015-03-08 10:37 - 2014-03-19 09:47 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1356060280-3843463768-1386410482-1001
2015-03-08 10:20 - 2014-03-08 16:26 - 00000000 ___RD () C:\Users\Jan\OneDrive
2015-03-06 11:53 - 2014-03-25 14:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-06 11:53 - 2014-03-16 15:58 - 00081920 ___SH () C:\Users\Jan\Desktop\Thumbs.db
2015-03-04 09:46 - 2013-12-16 20:14 - 00000000 ____D () C:\ProgramData\Realtek
2015-03-03 11:14 - 2014-03-20 20:50 - 00002261 _____ () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-03-02 17:18 - 2014-03-20 16:37 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Spotify
2015-03-02 17:15 - 2014-03-20 16:41 - 00000000 ____D () C:\Users\Jan\AppData\Local\Spotify
2015-03-02 17:14 - 2012-07-26 07:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-02 17:13 - 2012-07-26 05:26 - 01310720 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-02 17:10 - 2014-03-24 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallConverter
2015-03-01 10:43 - 2012-07-26 08:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2015-02-27 09:43 - 2013-10-11 19:32 - 00055872 _____ () C:\WINDOWS\PFRO.log
2015-02-25 18:31 - 2014-03-21 10:10 - 00000000 ____D () C:\Users\Jan\AppData\Local\Windows Live
2015-02-25 18:30 - 2013-10-11 21:18 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2015-02-25 18:29 - 2013-04-25 13:46 - 00000000 ____D () C:\WINDOWS\en-GB
2015-02-25 18:29 - 2012-07-26 08:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-25 18:26 - 2013-10-11 21:01 - 00000000 ____D () C:\Program Files (x86)\ASUS
2015-02-25 18:26 - 2013-10-11 20:55 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-25 18:26 - 2013-10-11 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-02-25 13:00 - 2012-07-26 07:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-25 10:08 - 2014-03-19 21:00 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-18 17:29 - 2014-09-20 16:53 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Games
2015-02-16 19:17 - 2014-03-25 18:39 - 00000000 ____D () C:\Users\Jan\Desktop\Suzanne
2015-02-14 07:31 - 2014-03-19 09:30 - 00000000 ____D () C:\WINDOWS\Minidump
2015-02-14 07:30 - 2014-03-19 09:30 - 438307803 _____ () C:\WINDOWS\MEMORY.DMP
2015-02-13 13:02 - 2014-03-24 21:48 - 00001109 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2015-02-13 13:01 - 2014-03-24 21:48 - 00001097 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2015-02-12 09:07 - 2012-07-26 08:12 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-12 07:01 - 2014-11-03 21:05 - 00393544 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-11 23:35 - 2012-07-26 08:12 - 00000000 ____D () C:\WINDOWS\WinStore
2015-02-11 23:34 - 2014-12-12 12:50 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-11 23:34 - 2014-07-09 22:12 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-11 11:42 - 2013-12-16 20:16 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-11 11:41 - 2014-03-20 18:41 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-11 11:35 - 2014-03-20 18:41 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2014-03-19 09:38 - 2015-03-09 13:01 - 0038197 _____ () C:\Users\Jan\AppData\Local\BTServer.log

Some content of TEMP:
====================
C:\Users\Jan\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-05 17:27

==================== End Of Log ============================

 

I am also re-uploading that file which you couldn't read (because it was so small). Here is the link

 

http://ge.tt/1k8ImvB2/v/0

 

If you still think they are safe to remove, please let me know and I will do that.

 

The computer seems to be running fine, thanks.



#14 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:10:55 AM

Posted 09 March 2015 - 02:19 PM

Hi,

 

Not a problem, and awesome to hear that the PC is running well!

 

Those programs in the screenshot are indeed the ones I thought they were. You are free to remove them. :)

 

Farbar Recovery Scan Tool

 

Now then, time to get rid of Spotify auto-starting and remove a few other things.

I need you to run a fix with FRST.

  • Open up Notepad, and copy and paste the text in the following box into the Notepad text field:
    HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-1356060280-3843463768-1386410482-1001\...\Run: [Spotify Web Helper] => C:\Users\Jan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-19] (Spotify Ltd)
    HKU\S-1-5-21-1356060280-3843463768-1386410482-1001\...\Run: [Spotify] => C:\Users\Jan\AppData\Roaming\Spotify\spotify.exe [6737976 2015-01-19] (Spotify Ltd)
    C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallConverter
    C:\Users\Jan\AppData\Local\Windows Live
    C:\Program Files (x86)\Windows Live
    C:\Users\Jan\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
    Save it to the same location as FRST as fixlist.txt.
  • Open up FRST, and click the Fix button. If it asks you to reboot in order to complete the fix, please do so.
  • Once it's done fixing things, it will create Fixlog.txt in the same folder. Please copy and paste it into your reply.

Malwarebytes

Next, to make sure there is no more malware left hiding, I need you to run a scan with Malwarebytes Anti-Malware.

  • Double-click the MBAM shortcut on your desktop (or single-click the one in your start menu) to open MBAM.
  • Click Update Now >>, and check for updates. If a new version of MBAM is included in the update, follow the prompts and install it.
  • Once the program is done updating, click Scan at the top of the main interface. Then tick the Custom Scan option, and hit the Scan Now >> button. On this screen, make sure every box is checked, then start the scan. If there is an update available, allow MBAM to update.
  • Once the scan is finished, click Apply Actions to any found malware. If MBAM asks you to reboot, do so immediately.
  • When done, retrieve the log by clicking History on the main interface, then Application logs. View the log of the scan you just ran, then click the Copy to Clipboard button, and paste it into your reply.

Let me know if there are any other problems you'd like for me to look into. If there aren't, we're almost done!

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#15 simrick

simrick
  • Topic Starter

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:55 PM

Posted 10 March 2015 - 12:13 PM

Hi Gunto,

One question - are we sure we want to mess with her printer software?  Thanks.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users