Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PUP Optional


  • This topic is locked This topic is locked
57 replies to this topic

#1 harty

harty

  • Members
  • 166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:32 AM

Posted 22 April 2015 - 02:17 PM

Hi just did a Malware scan and found these PUP,S ,,,PUP Optional Binkiland and also PUP Optional Gameo please any help greatfully recieved thanks 



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:32 PM

Posted 22 April 2015 - 06:17 PM

Hello harty and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
---------------------------------------------------------------------------------------------------------
 
Please do the following.
 
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

:hello:
 
Sincerely


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 harty

harty
  • Topic Starter

  • Members
  • 166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:32 AM

Posted 23 April 2015 - 04:24 PM

 

 

 

hi yimaz sorry but my pointer arrow is so erratic i cannot do asnything u say 

 

 



#4 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:32 PM

Posted 23 April 2015 - 04:59 PM

Please do the following.
 
Boot to Safemode with Networking

To Enter Safemode

  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
    this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
  • Then press the Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode
 
next.....
 

Please try run FRST now. ???


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 harty

harty
  • Topic Starter

  • Members
  • 166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:32 AM

Posted 25 April 2015 - 02:29 AM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-04-2015
Ran by Chris at 2015-04-25 08:14:32
Running from C:\Users\Chris\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3340412467-154873619-3684793459-500 - Administrator - Disabled)
Chris (S-1-5-21-3340412467-154873619-3684793459-1000 - Administrator - Enabled) => C:\Users\Chris
Guest (S-1-5-21-3340412467-154873619-3684793459-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3340412467-154873619-3684793459-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Internet Security (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C0CC75CD-F5B7-46AD-B016-17C0F5171718}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 10 v.10.0.10 (HKLM\...\Ashampoo Burning Studio 10_is1) (Version: 10.0.10 - Ashampoo GmbH & Co. KG)
Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.18 - Atheros Communications Inc.)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Configuration Center (HKLM\...\{4DCCBC3E-3F7E-41DB-8056-1704B55FE56A}) (Version: 1.5.1.0303 - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-3340412467-154873619-3684793459-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Finger Sensing Pad Driver (HKLM\...\{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}) (Version: 8.5.9.5 - Sentelic)
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2040 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{CCAFF072-4DDB-4846-963D-15F02A8E9472}) (Version: 13.00.0000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Junk Mail filter update (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Kodi (HKU\S-1-5-21-3340412467-154873619-3684793459-1000\...\Kodi) (Version:  - XBMC-Foundation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Rapport (Version: 3.5.1404.75 - Trusteer) Hidden
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.3 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1404.75 - Trusteer)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XBMC (HKU\S-1-5-21-3340412467-154873619-3684793459-1000\...\XBMC) (Version:  - Team XBMC)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3340412467-154873619-3684793459-1000_Classes\CLSID\{00b7e0ab-817a-44ad-a04b-d1148d524136}\InprocServer32 -> %SystemDrive%\Users\Chris\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3340412467-154873619-3684793459-1000_Classes\CLSID\{7c6e29bc-8b8b-4c3d-859e-af6cd158be0f}\InprocServer32 -> %SystemDrive%\Users\Chris\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3340412467-154873619-3684793459-1000_Classes\CLSID\{88d969c0-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Chris\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3340412467-154873619-3684793459-1000_Classes\CLSID\{88d969c1-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Chris\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3340412467-154873619-3684793459-1000_Classes\CLSID\{88d969c2-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Chris\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3340412467-154873619-3684793459-1000_Classes\CLSID\{88d969c3-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Chris\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3340412467-154873619-3684793459-1000_Classes\CLSID\{88d969c4-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Chris\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3340412467-154873619-3684793459-1000_Classes\CLSID\{88d969c5-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Chris\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3340412467-154873619-3684793459-1000_Classes\CLSID\{88d969c6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Chris\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3340412467-154873619-3684793459-1000_Classes\CLSID\{88d969c8-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Chris\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3340412467-154873619-3684793459-1000_Classes\CLSID\{88d969c9-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Chris\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3340412467-154873619-3684793459-1000_Classes\CLSID\{88d969ca-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Chris\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3340412467-154873619-3684793459-1000_Classes\CLSID\{88d969d6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Chris\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3340412467-154873619-3684793459-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3340412467-154873619-3684793459-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3340412467-154873619-3684793459-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3340412467-154873619-3684793459-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
22-04-2015 10:40:08 Restore Operation
22-04-2015 11:29:34 avast! antivirus system restore point
22-04-2015 11:30:24 Windows Update
22-04-2015 16:56:58 Windows Backup
22-04-2015 23:22:59 Windows Update
24-04-2015 21:29:01 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:04 - 2014-04-01 23:59 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {013B7BF3-4F5F-4F58-921F-5CB6DF91D00A} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {1EB41DE0-9D84-4ED6-8336-F9EB57FAE19E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {2DEA9E47-1FF4-445D-8B97-06E51958E3F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-07] (Google Inc.)
Task: {350D81C4-B139-4261-9406-74E38DB91B59} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {53CF4068-B7D6-4511-9CAC-5844151DFEFA} - System32\Tasks\{F4594B8D-71B7-4E18-88ED-13138E04D4D7} => pcalua.exe -a C:\Users\Chris\Downloads\20080225222658281_1.3M_Camera_Driver_331.2000.4008.6\setup.exe -d C:\Users\Chris\Downloads\20080225222658281_1.3M_Camera_Driver_331.2000.4008.6
Task: {59C2F223-E720-48D8-ACE7-E786337BBC8F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {62D4CEA8-3244-490A-9D1C-C6E946E164FD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-12] (AVAST Software)
Task: {69558D59-C9FC-4846-B29B-1735D88DB72B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-07] (Google Inc.)
Task: {71BC7C0B-78CB-490F-BDFA-9EACDF9B8843} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {8189B65E-3D8D-4739-A3D5-F72E3DB876F7} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {86457168-AE0E-4B34-BECC-42541F96E4B7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-11-04 00:33 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Chris\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-11-04 00:33 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Chris\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3340412467-154873619-3684793459-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
 
==================== Faulty Device Manager Devices =============
 
Name: avast! Revert
Description: avast! Revert
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: avast! VM Monitor
Description: avast! VM Monitor
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/24/2015 09:34:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Timed out waiting for acknowledgement of machine sleep
 
Error: (04/24/2015 09:28:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1856
 
Error: (04/24/2015 09:28:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1856
 
Error: (04/24/2015 09:28:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/23/2015 11:02:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Timed out waiting for acknowledgement of machine sleep
 
Error: (04/23/2015 11:02:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1815477
 
Error: (04/23/2015 11:02:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1815477
 
Error: (04/23/2015 11:02:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/23/2015 11:02:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1814307
 
Error: (04/23/2015 11:02:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1814307
 
 
System errors:
=============
Error: (04/25/2015 08:14:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (04/25/2015 08:14:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (04/25/2015 08:14:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (04/25/2015 08:14:26 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (04/25/2015 08:14:26 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (04/25/2015 08:14:26 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (04/25/2015 08:12:32 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (04/25/2015 08:12:32 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (04/25/2015 08:12:32 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (04/25/2015 08:12:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU M 330 @ 2.13GHz
Percentage of memory in use: 37%
Total physical RAM: 1910.71 MB
Available physical RAM: 1199.34 MB
Total Pagefile: 3821.43 MB
Available Pagefile: 3099.66 MB
Total Virtual: 2047.88 MB
Available Virtual: 1889.96 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:119.65 GB) (Free:52.74 GB) NTFS
Drive d: () (Fixed) (Total:29.3 GB) (Free:25.22 GB) NTFS
Drive f: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 0514265B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29.3 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#6 harty

harty
  • Topic Starter

  • Members
  • 166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:32 AM

Posted 25 April 2015 - 04:39 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-04-2015
Ran by Chris (administrator) on CHRIS-PC on 25-04-2015 08:13:21
Running from C:\Users\Chris\Downloads
Loaded Profiles: Chris (Available profiles: Chris & Guest)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-10-12] (AVAST Software)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Configuration Center] => C:\Program Files\Configuration Center\bin\McaMaster.exe [1105920 2010-03-03] ()
HKLM\...\Run: [fspuip] => C:\Program Files\FSP\fspuip.exe [3354624 2013-11-30] (Sentelic Corporation)
HKU\S-1-5-21-3340412467-154873619-3684793459-1000\...\Run: [GoogleChromeAutoLaunch_4E6299B33FA0592A57BB7C6E94F010D2] => C:\Program Files\Google\Chrome\Application\chrome.exe [812872 2015-04-13] (Google Inc.)
HKU\S-1-5-21-3340412467-154873619-3684793459-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5503768 2015-02-19] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-12-03] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2014-10-12] (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3340412467-154873619-3684793459-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com?fr=hp-avast&type=avastbcl
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3340412467-154873619-3684793459-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3340412467-154873619-3684793459-1000 -> {6B7B5AEB-1EF9-4348-B375-1012628F77D6} URL = https://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-10-12] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\snzqv5la.default
FF Homepage: user_pref("browser.startup.homepage", );
FF NetworkProxy: "type", 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-16] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-18]
FF Extension: No Name - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\snzqv5la.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com [Not Found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR Profile: C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-07]
CHR Extension: (Google Docs) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-07]
CHR Extension: (Google Drive) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-17]
CHR Extension: (YouTube) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-07]
CHR Extension: (Google Search) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-07]
CHR Extension: (Google Sheets) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-07]
CHR Extension: (Avast Online Security) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-12]
CHR Extension: (VerifiedVPN) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdgfdpeigidmiagopmgmnpkaokkofnbb [2015-02-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-25]
CHR Extension: (Google Wallet) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-22]
CHR Extension: (My Font for Gmail™) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\olhcogoioikcdeceiakjbandbaifohik [2014-10-07]
CHR Extension: (Gmail) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-07]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-12]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-12] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-01-23] (AVAST Software)
S2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 DcsService; C:\Program Files\Configuration Center\bin\DeviceControlService.exe [622592 2010-02-23] (Intel Corporation) [File not signed]
S2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2015-02-12] (IBM Corp.)
S2 rpcnet; C:\Windows\system32\rpcnet.exe [78032 2015-04-18] (Absolute Software Corp.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-10-12] ()
S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2014-01-18] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-10-12] (AVAST Software)
R1 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [265072 2014-02-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-10-12] (AVAST Software)
S0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-10-12] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-11-24] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-10-12] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-10-12] (AVAST Software)
S0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-10-12] ()
R3 IPMLEBL; C:\Windows\System32\Drivers\ipmlebl.sys [10368 2013-11-30] (Intel Corporation)
R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [48640 2013-11-30] (Atheros Communications, Inc.)
S1 RapportCerberus_80128; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80128.sys [472152 2015-02-24] (IBM Corp.)
S1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [251640 2015-02-12] (IBM Corp.)
S3 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [208856 2015-02-12] (IBM Corp.)
S1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [332696 2015-02-12] (IBM Corp.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2014-11-05] (The OpenVPN Project)
R3 VKBD; C:\Windows\System32\DRIVERS\virkbd.sys [18432 2013-11-30] (Intel Corporation)
S3 catchme; \??\C:\Users\Chris\AppData\Local\Temp\catchme.sys [X]
S3 CFcatchme; \??\C:\Users\Chris\AppData\Local\Temp\CFcatchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-25 08:13 - 2015-04-25 08:13 - 00012921 _____ () C:\Users\Chris\Downloads\FRST.txt
2015-04-25 08:13 - 2015-04-25 08:13 - 00000000 ____D () C:\FRST
2015-04-25 08:08 - 2015-04-25 08:08 - 01139200 _____ (Farbar) C:\Users\Chris\Downloads\FRST.exe
2015-04-25 08:06 - 2015-04-25 08:06 - 02099712 _____ (Farbar) C:\Users\Chris\Downloads\FRST64 (2).exe
2015-04-25 07:56 - 2015-04-25 07:57 - 02099712 _____ (Farbar) C:\Users\Chris\Downloads\FRST64 (1).exe
2015-04-25 07:51 - 2015-04-25 07:51 - 00000000 ____D () C:\809c80cd539a8bbeed
2015-04-24 22:05 - 2015-04-25 07:51 - 00000000 ____D () C:\038b1f96d662ce7b0a8bcfb8
2015-04-24 21:35 - 2015-04-24 22:05 - 00000000 ____D () C:\a4a3319e1073701effb2ca42be
2015-04-24 21:34 - 2015-04-24 21:35 - 00000000 ____D () C:\5db8a21d7b9a7de117187763d046
2015-04-24 21:33 - 2015-04-24 21:34 - 00000000 ____D () C:\3b045d86f399a23b18872e6e
2015-04-23 22:18 - 2015-04-23 22:19 - 00001132 _____ () C:\Users\Chris\Downloads\FSS.txt
2015-04-23 22:18 - 2015-04-23 22:18 - 00415232 _____ (Farbar) C:\Users\Chris\Downloads\FSS.exe
2015-04-23 22:14 - 2015-04-23 22:15 - 02099712 _____ (Farbar) C:\Users\Chris\Downloads\FRST64.exe
2015-04-22 23:25 - 2015-04-22 23:25 - 00000000 ____D () C:\4243219594a2bb5778c3e7
2015-04-22 23:24 - 2015-04-22 23:25 - 00000000 ____D () C:\d16ecb5cb8d315b91200
2015-04-22 23:24 - 2015-04-22 23:24 - 00000000 ____D () C:\c78ffbb829d3ce085157e566ec748643
2015-04-22 23:24 - 2015-04-22 23:24 - 00000000 ____D () C:\a07b4ca36ef82e37d1
2015-04-22 23:23 - 2015-04-22 23:24 - 00000000 ____D () C:\edb97a61490a2b1a0653ab6a94bc
2015-04-22 19:40 - 2015-04-22 19:41 - 00000000 ____D () C:\Program Files\FSP
2015-04-22 19:23 - 2015-04-22 19:23 - 00000626 _____ () C:\Windows\PFRO.log
2015-04-22 18:17 - 2015-04-22 18:17 - 00000000 ____D () C:\Qoobox
2015-04-22 18:16 - 2015-04-22 18:17 - 00000000 ___SD () C:\32788R22FWJFW
2015-04-22 18:15 - 2015-04-22 18:15 - 05619466 ____R (Swearware) C:\Users\Chris\Downloads\ComboFix (1).exe
2015-04-22 18:11 - 2015-04-22 18:12 - 05613495 _____ (Swearware) C:\Users\Chris\Downloads\ComboFix.exe
2015-04-22 17:16 - 2015-04-22 17:16 - 00000347 _____ () C:\Users\Chris\Documents\Games - Shortcut.lnk
2015-04-22 15:29 - 2015-04-22 19:21 - 00000000 ____D () C:\AdwCleaner
2015-04-22 15:08 - 2015-04-22 15:19 - 628183552 _____ () C:\Users\Chris\Documents\Drive_C.064
2015-04-22 15:06 - 2015-04-22 15:19 - 688128000 _____ () C:\Users\Chris\Documents\Drive_C.062
2015-04-22 15:06 - 2015-04-22 15:19 - 688128000 _____ () C:\Users\Chris\Documents\Drive_C.061
2015-04-22 15:05 - 2015-04-22 15:19 - 688128000 _____ () C:\Users\Chris\Documents\Drive_C.060
2015-04-22 15:04 - 2015-04-22 15:19 - 688128000 _____ () C:\Users\Chris\Documents\Drive_C.059
2015-04-22 15:03 - 2015-04-22 15:19 - 688128000 _____ () C:\Users\Chris\Documents\Drive_C.058
2015-04-22 14:46 - 2015-04-22 15:19 - 688128000 _____ () C:\Users\Chris\Documents\Drive_C.041
2015-04-22 14:45 - 2015-04-22 15:19 - 688128000 _____ () C:\Users\Chris\Documents\Drive_C.040
2015-04-22 14:44 - 2015-04-22 15:19 - 688128000 _____ () C:\Users\Chris\Documents\Drive_C.039
2015-04-22 14:44 - 2015-04-22 15:19 - 688128000 _____ () C:\Users\Chris\Documents\Drive_C.038
2015-04-22 14:43 - 2015-04-22 15:19 - 688128000 _____ () C:\Users\Chris\Documents\Drive_C.037
2015-04-22 14:42 - 2015-04-22 15:19 - 688128000 _____ () C:\Users\Chris\Documents\Drive_C.036
2015-04-22 14:42 - 2015-04-22 15:19 - 688128000 _____ () C:\Users\Chris\Documents\Drive_C.035
2015-04-22 14:40 - 2015-04-22 15:19 - 688128000 _____ () C:\Users\Chris\Documents\Drive_C.034
2015-04-22 14:40 - 2015-04-22 15:19 - 688128000 _____ () C:\Users\Chris\Documents\Drive_C.033
2015-04-22 14:39 - 2015-04-22 15:19 - 688128000 _____ () C:\Users\Chris\Documents\Drive_C.032
2015-04-22 14:38 - 2015-04-22 15:19 - 688128000 _____ () C:\Users\Chris\Documents\Drive_C.031
2015-04-22 14:38 - 2015-04-22 15:19 - 688128000 _____ () C:\Users\Chris\Documents\Drive_C.030
2015-04-22 14:37 - 2015-04-22 15:19 - 688128000 _____ () C:\Users\Chris\Documents\Drive_C.029
2015-04-22 14:36 - 2015-04-22 15:19 - 688128000 _____ () C:\Users\Chris\Documents\Drive_C.028
2015-04-22 14:33 - 2015-04-22 15:19 - 688128000 _____ () C:\Users\Chris\Documents\Drive_C.026
2015-04-22 14:32 - 2015-04-22 15:19 - 688128000 _____ () C:\Users\Chris\Documents\Drive_C.025
2015-04-22 12:06 - 2015-04-22 15:19 - 688128000 _____ () C:\Users\Chris\Documents\Drive_C.024
2015-04-22 12:06 - 2015-04-22 15:19 - 688128000 _____ () C:\Users\Chris\Documents\Drive_C.023
2015-04-22 12:05 - 2015-04-22 15:19 - 688128000 _____ () C:\Users\Chris\Documents\Drive_C.021
2015-04-22 12:04 - 2015-04-22 15:19 - 688128000 _____ () C:\Users\Chris\Documents\Drive_C.020
2015-04-22 12:04 - 2015-04-22 15:19 - 688128000 _____ () C:\Users\Chris\Documents\Drive_C.019
2015-04-22 12:03 - 2015-04-22 15:19 - 688128000 _____ () C:\Users\Chris\Documents\Drive_C.018
2015-04-22 12:02 - 2015-04-22 15:19 - 688128000 _____ () C:\Users\Chris\Documents\Drive_C.016
2015-04-22 12:01 - 2015-04-22 15:19 - 688128000 _____ () C:\Users\Chris\Documents\Drive_C.015
2015-04-22 12:01 - 2015-04-22 15:19 - 688128000 _____ () C:\Users\Chris\Documents\Drive_C.014
2015-04-22 12:00 - 2015-04-22 15:19 - 688128000 _____ () C:\Users\Chris\Documents\Drive_C.012
2015-04-22 11:59 - 2015-04-22 15:19 - 688128000 _____ () C:\Users\Chris\Documents\Drive_C.011
2015-04-22 11:59 - 2015-04-22 15:19 - 688128000 _____ () C:\Users\Chris\Documents\Drive_C.009
2015-04-22 11:58 - 2015-04-22 15:19 - 688128000 _____ () C:\Users\Chris\Documents\Drive_C.008
2015-04-22 11:58 - 2015-04-22 15:19 - 688128000 _____ () C:\Users\Chris\Documents\Drive_C.007
2015-04-22 11:57 - 2015-04-22 15:19 - 688128000 _____ () C:\Users\Chris\Documents\Drive_C.006
2015-04-22 11:56 - 2015-04-22 15:19 - 688128000 _____ () C:\Users\Chris\Documents\Drive_C.005
2015-04-22 11:56 - 2015-04-22 15:19 - 688128000 _____ () C:\Users\Chris\Documents\Drive_C.004
2015-04-22 11:45 - 2015-04-22 16:31 - 00000000 ____D () C:\Program Files\Runtime Software
2015-04-22 11:38 - 2015-04-22 11:38 - 00002007 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2015-04-22 11:38 - 2015-04-22 11:38 - 00000000 ____D () C:\c3a07747bb9d5a3f46eff184
2015-04-22 11:37 - 2015-04-22 11:38 - 00000000 ____D () C:\5f55a7974ce2d0ddae6b6c204aada03d
2015-04-22 11:37 - 2015-04-22 11:37 - 00000000 ____D () C:\f1b70eded6d718de79c9
2015-04-22 11:36 - 2015-04-22 11:37 - 00000000 ____D () C:\0a783aaa1593e1f24da152
2015-04-22 11:35 - 2015-04-22 11:36 - 00000000 ____D () C:\e4354d2eb194c07a4b65aabdae
2015-04-21 21:53 - 2015-04-21 21:53 - 00000000 ____D () C:\Users\Chris\Downloads\New folder (3)
2015-04-21 21:53 - 2015-04-21 21:53 - 00000000 ____D () C:\Users\Chris\Downloads\New folder (2)
2015-04-21 21:53 - 2015-04-21 21:53 - 00000000 ____D () C:\Users\Chris\Downloads\New folder
2015-04-21 19:37 - 2015-04-21 19:37 - 00000000 ____D () C:\1f293e2c6c401a0703acce56f26457fe
2015-04-21 19:36 - 2015-04-21 19:37 - 00000000 ____D () C:\9c2e95079513e207f6fd98b7c7
2015-04-21 19:36 - 2015-04-21 19:36 - 00000000 ____D () C:\5901657dece3c30a8f63
2015-04-21 19:35 - 2015-04-21 19:36 - 00000000 ____D () C:\61b47af6de41fce08f79
2015-04-21 19:20 - 2015-04-23 21:59 - 00001580 _____ () C:\Windows\setupact.log
2015-04-21 19:20 - 2015-04-21 19:20 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-20 22:18 - 2015-04-22 20:09 - 00000000 ____D () C:\fa892372f7a6b5f06c3ae2
2015-04-19 09:07 - 2015-04-19 09:07 - 00000000 ____D () C:\4973a0d21f5c1eb9073b
2015-04-19 09:07 - 2015-04-19 09:07 - 00000000 ____D () C:\35882d92f5bc1edac75572e64238
2015-04-19 09:07 - 2015-04-19 09:07 - 00000000 ____D () C:\077d96e129294eb72d32ec0d55706d39
2015-04-19 09:06 - 2015-04-19 09:07 - 00000000 ____D () C:\183a7d9cf45400023b
2015-04-19 09:06 - 2015-04-19 09:06 - 00000000 ____D () C:\4216465ba0b2785d8f0d61
2015-04-18 17:32 - 2015-04-18 17:33 - 00000000 ____D () C:\6ccdd3b233b6c9ae7d0e8d5e8a
2015-04-18 17:32 - 2015-04-18 17:32 - 00000000 ____D () C:\f928ae905b0c46cfb956
2015-04-18 17:32 - 2015-04-18 17:32 - 00000000 ____D () C:\8d0e30f03ea4ee41ffa24558863d
2015-04-18 17:32 - 2015-04-18 17:32 - 00000000 ____D () C:\4b7cd8cc8c83fe76bb491171
2015-04-18 17:31 - 2015-04-18 17:32 - 00000000 ____D () C:\68cb87d61f6226cf36
2015-04-16 19:27 - 2015-04-16 19:27 - 00000000 ____D () C:\921e1191bb01c8e1055c4f
2015-04-16 19:27 - 2015-04-16 19:27 - 00000000 ____D () C:\8d5d58c7110257dae1e1e7880044
2015-04-16 19:22 - 2015-04-16 19:23 - 00000000 ____D () C:\b7e6abef8c6837370abafc3cc4818611
2015-04-16 19:15 - 2015-04-16 19:15 - 00000000 ____D () C:\1993e04a0a07a6ddfb70
2015-04-16 19:14 - 2015-04-16 19:15 - 00000000 ____D () C:\91475bc01cbc3d34bfe5
2015-04-15 17:28 - 2015-04-15 17:29 - 202843456 _____ (Kaspersky Lab) C:\Users\Chris\Downloads\kts15.0.1.415en_6996.exe
2015-04-15 17:22 - 2015-04-15 17:24 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Panda Security
2015-04-15 17:20 - 2015-04-16 19:05 - 00000000 ____D () C:\Program Files\Panda Security
2015-04-15 17:16 - 2015-04-15 17:25 - 00000000 ____D () C:\ProgramData\Panda Security
2015-04-15 10:19 - 2015-03-23 04:06 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 10:19 - 2015-03-23 04:06 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 10:19 - 2015-03-23 04:06 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 10:19 - 2015-03-23 04:06 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 10:19 - 2015-03-23 04:06 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 10:19 - 2015-03-23 04:06 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 10:19 - 2015-03-23 04:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 10:19 - 2015-03-23 03:59 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 10:19 - 2015-03-04 05:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 10:19 - 2015-03-04 05:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 10:18 - 2015-04-02 00:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 10:18 - 2015-03-17 06:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-15 10:18 - 2015-03-17 06:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 10:18 - 2015-03-17 06:01 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 10:18 - 2015-03-17 06:01 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 10:18 - 2015-03-17 05:59 - 01306112 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 10:18 - 2015-03-17 05:57 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 10:18 - 2015-03-17 05:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 10:18 - 2015-03-17 05:57 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 10:18 - 2015-03-17 05:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 10:18 - 2015-03-17 05:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 10:18 - 2015-03-17 05:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 10:18 - 2015-03-17 05:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 10:18 - 2015-03-17 05:57 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 10:18 - 2015-03-17 05:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 10:18 - 2015-03-17 05:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 10:18 - 2015-03-17 05:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 10:18 - 2015-03-17 05:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 10:18 - 2015-03-17 05:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 10:18 - 2015-03-17 05:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 10:18 - 2015-03-17 05:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 10:18 - 2015-03-17 05:56 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 10:18 - 2015-03-17 05:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 10:18 - 2015-03-17 05:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 10:18 - 2015-03-17 05:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 10:18 - 2015-03-17 05:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 10:18 - 2015-03-17 05:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 10:18 - 2015-03-17 05:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 10:18 - 2015-03-13 04:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 10:18 - 2015-03-13 04:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 10:18 - 2015-03-13 04:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 10:18 - 2015-03-13 04:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 10:18 - 2015-03-13 04:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 10:18 - 2015-03-13 04:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 10:18 - 2015-03-13 04:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 10:18 - 2015-03-13 04:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 10:18 - 2015-03-13 04:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 10:18 - 2015-03-13 04:16 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 10:18 - 2015-03-13 04:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 10:18 - 2015-03-13 04:09 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 10:18 - 2015-03-13 04:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 10:18 - 2015-03-13 04:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 10:18 - 2015-03-13 03:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 10:18 - 2015-03-13 03:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 10:18 - 2015-03-13 03:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 10:18 - 2015-03-13 03:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 10:18 - 2015-03-13 03:43 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 10:18 - 2015-03-13 03:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 10:18 - 2015-03-13 03:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 10:18 - 2015-03-13 03:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 10:18 - 2015-03-13 03:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 10:18 - 2015-03-05 05:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 10:17 - 2015-03-25 04:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 10:17 - 2015-03-25 04:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 10:17 - 2015-03-25 04:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 10:17 - 2015-03-25 04:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 10:17 - 2015-03-25 04:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 10:17 - 2015-03-25 04:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 10:17 - 2015-03-25 04:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 10:17 - 2015-03-25 04:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 10:17 - 2015-03-25 04:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 10:17 - 2015-03-25 04:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 10:17 - 2015-03-25 04:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 10:17 - 2015-03-13 04:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 10:17 - 2015-03-13 04:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 10:17 - 2015-03-13 04:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 10:17 - 2015-03-13 04:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 10:17 - 2015-03-13 03:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 10:17 - 2015-03-13 03:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 10:17 - 2015-03-13 03:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 10:17 - 2015-03-10 04:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 10:17 - 2015-03-10 04:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 10:17 - 2015-02-25 04:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 01:30 - 2015-04-15 01:30 - 00000000 ____D () C:\db33d560e87a0a1a71e5ce7f
2015-04-15 01:30 - 2015-04-15 01:30 - 00000000 ____D () C:\bb1e32933df732e3c53655eb
2015-04-15 01:29 - 2015-04-15 01:30 - 00000000 ____D () C:\2a590f048682f053f28a12
2015-04-15 01:29 - 2015-04-15 01:29 - 00000000 ____D () C:\4131543f97f900f6fcc6
2015-04-14 09:55 - 2015-04-14 09:56 - 00000000 ____D () C:\f701148fa2a198896752d61dc44f36f5
2015-04-14 09:55 - 2015-04-14 09:55 - 00000000 ____D () C:\f842bb3e9288799903
2015-04-14 09:55 - 2015-04-14 09:55 - 00000000 ____D () C:\c398fc02a16a9895ab5fd3eb
2015-04-14 09:55 - 2015-04-14 09:55 - 00000000 ____D () C:\5bafd08d202f32dc20aa5710
2015-04-13 10:00 - 2015-04-13 10:00 - 00000000 ____D () C:\a425bce3afcc6f12a07c39fa08
2015-04-13 09:59 - 2015-04-13 10:00 - 00000000 ____D () C:\84c2c2ec862dce3e947f6b0a96
2015-04-13 09:59 - 2015-04-13 09:59 - 00000000 ____D () C:\e60cc2942614bfce9b163ca06964a5
2015-04-13 09:58 - 2015-04-13 09:59 - 00000000 ____D () C:\50173e732b5e4f3534
2015-04-12 22:30 - 2015-04-12 22:30 - 00000000 ____D () C:\Users\Chris\Tracing
2015-04-12 10:38 - 2015-04-12 10:38 - 00000000 ____D () C:\2a3ef3646899ca572954fa
2015-04-12 10:37 - 2015-04-12 10:38 - 00000000 ____D () C:\e8320ccdeb4f21cf99
2015-04-12 10:37 - 2015-04-12 10:37 - 00000000 ____D () C:\c949b8781acb84284093
2015-04-12 10:36 - 2015-04-12 10:37 - 00000000 ____D () C:\e33cdec9e6f594c127e5564e
2015-04-11 09:09 - 2015-04-11 09:10 - 00000000 ____D () C:\c4251352aa87a34fbfa684ba88
2015-04-11 09:09 - 2015-04-11 09:09 - 00000000 ____D () C:\87885a8a16b74badf83514263535b581
2015-04-11 09:09 - 2015-04-11 09:09 - 00000000 ____D () C:\5da4af0fea70c6a311c6d1ae99cc
2015-04-11 09:08 - 2015-04-11 09:09 - 00000000 ____D () C:\d9294bbd75376fa3b29d
2015-04-10 13:58 - 2015-04-10 14:03 - 00000000 ____D () C:\9a33d1bdcce1b393bd13f9
2015-04-08 23:14 - 2015-04-08 23:14 - 00000000 ____D () C:\ed7f7fc9f76c1b0a76801ab6fc3b
2015-04-08 23:14 - 2015-04-08 23:14 - 00000000 ____D () C:\642729e7d20facd9c83db3e80d
2015-04-08 23:13 - 2015-04-08 23:13 - 00000000 ____D () C:\ddc666e80e51fb23566d28f05e85
2015-04-08 23:13 - 2015-04-08 23:13 - 00000000 ____D () C:\da009d40da1ad4be97656d
2015-04-07 23:07 - 2015-04-07 23:07 - 00000000 ____D () C:\f0503a3594b80340e8
2015-04-07 23:07 - 2015-04-07 23:07 - 00000000 ____D () C:\430285d4d4614d7873f4fcff
2015-04-07 23:06 - 2015-04-07 23:07 - 00000000 ____D () C:\433f00d0ce2c53729e838bed
2015-04-07 23:06 - 2015-04-07 23:06 - 00000000 ____D () C:\5d330a06b6cbccc249dd78cd3b32
2015-04-07 18:39 - 2015-04-07 18:40 - 00000000 ____D () C:\441ad4ed2739230830f6a4cf24
2015-04-07 18:39 - 2015-04-07 18:39 - 00000000 ____D () C:\edeb95b6d2a4b0eafc36cd13a0e5
2015-04-07 18:39 - 2015-04-07 18:39 - 00000000 ____D () C:\02045b7acc0bd27990c52c
2015-04-07 18:35 - 2015-04-07 18:38 - 00000000 ____D () C:\5aa27585d4fb8d7a9a86ba
2015-04-06 10:22 - 2015-04-22 20:09 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-02 00:17 - 2015-04-02 21:08 - 00000000 ____D () C:\cc296e5ef9ade91a3c40e78e17
2015-04-01 19:55 - 2015-04-01 19:55 - 00000000 ____D () C:\cd1042f02b311e409e607dc6c9f2
2015-04-01 19:55 - 2015-04-01 19:55 - 00000000 ____D () C:\608e3223e90030504a
2015-04-01 19:55 - 2015-04-01 19:55 - 00000000 ____D () C:\2986b4138c92591a8385
2015-04-01 19:54 - 2015-04-01 19:55 - 00000000 ____D () C:\67bccdfa4adb1d0c03c507646e521494
2015-04-01 19:45 - 2015-04-01 19:45 - 00000000 ____D () C:\5b112a80bbe7ff4e66e62064
2015-03-31 23:22 - 2015-03-31 23:23 - 00000000 ____D () C:\c6e45fd6f2bfb03b07b318e7b18f95
2015-03-31 23:02 - 2015-03-31 23:22 - 00000000 ____D () C:\ba93789de29bbab90c70fa
2015-03-31 22:12 - 2015-03-31 22:12 - 00000000 ____D () C:\f39b09e3b4f7d3210bc14dd0
2015-03-31 22:12 - 2015-03-31 22:12 - 00000000 ____D () C:\d25ed5979435e7498dcbe4
2015-03-31 22:12 - 2015-03-31 22:12 - 00000000 ____D () C:\69cfc161492a16e1552c
2015-03-31 22:11 - 2015-03-31 22:12 - 00000000 ____D () C:\d9d677f3e657310008f2
2015-03-31 18:08 - 2015-03-31 18:08 - 00000000 ____D () C:\47a509ac256d821357c95113a4124e26
2015-03-31 18:07 - 2015-03-31 18:07 - 00000000 ____D () C:\8d015b2390a555ccf903187b4b15
2015-03-31 18:07 - 2015-03-31 18:07 - 00000000 ____D () C:\4a77a24dc8bb48790067e5
2015-03-31 18:06 - 2015-03-31 18:07 - 00000000 ____D () C:\020418e1301ee45c728bb9
2015-03-29 23:52 - 2015-03-29 23:53 - 00000000 ____D () C:\c4c22e87fd9ee0047238d6fad8
2015-03-29 23:52 - 2015-03-29 23:52 - 00000000 ____D () C:\af140bf066f366c227b364e21b3c2f59
2015-03-29 23:52 - 2015-03-29 23:52 - 00000000 ____D () C:\4877e146fad2404686
2015-03-29 23:52 - 2015-03-29 23:52 - 00000000 ____D () C:\1f51aee4bea290bf9dd92bdb13fc8037
2015-03-29 13:08 - 2015-03-29 13:08 - 00000000 ____D () C:\b60c5181494119ae678c59c5e9bcb6
2015-03-29 13:08 - 2015-03-29 13:08 - 00000000 ____D () C:\7bcd7fcb55e074b9708b7705
2015-03-29 13:08 - 2015-03-29 13:08 - 00000000 ____D () C:\00b2c46ad4d4be443b
2015-03-29 13:07 - 2015-03-29 13:07 - 00000000 ____D () C:\ca44726f0166f451c3456f
2015-03-28 23:56 - 2015-03-28 23:56 - 00000000 ____D () C:\b64acad30f73783677db649c18f46e
2015-03-28 23:55 - 2015-03-28 23:56 - 00000000 ____D () C:\8cb162c9349a9a6590b051e2e5
2015-03-28 23:55 - 2015-03-28 23:55 - 00000000 ____D () C:\4fa5234ece0dbde0b621e689493c211f
2015-03-28 23:55 - 2015-03-28 23:55 - 00000000 ____D () C:\1ba5a7fdc805f73f686c2952
2015-03-28 18:11 - 2015-03-28 18:11 - 00000000 ____D () C:\b750a60f9b9e21480473ba5702d3079b
2015-03-28 18:10 - 2015-03-28 18:11 - 00000000 ____D () C:\d13d05b6eb3a354b02bb
2015-03-28 18:10 - 2015-03-28 18:10 - 00000000 ____D () C:\e9cf3fb26f86ebae0ca6
2015-03-28 18:09 - 2015-03-28 18:10 - 00000000 ____D () C:\2a3ae439c1dcd0e466ab31
2015-03-26 12:17 - 2015-03-26 12:17 - 00000000 ____D () C:\000278a95386f72d97
2015-03-26 12:16 - 2015-03-26 12:17 - 00000000 ____D () C:\96fbafdb42c38b0963c1452d08051f
2015-03-26 12:16 - 2015-03-26 12:16 - 00000000 ____D () C:\e945922f9b8a273ee6a6
2015-03-26 12:14 - 2015-03-26 12:16 - 00000000 ____D () C:\5026d4ae0a3879239c
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-25 08:02 - 2013-11-30 12:03 - 01774410 _____ () C:\Windows\WindowsUpdate.log
2015-04-25 07:52 - 2015-03-16 18:40 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-25 07:51 - 2014-01-15 20:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-25 07:51 - 2013-11-30 12:00 - 00017920 _____ () C:\Windows\system32\rpcnetp.exe
2015-04-24 21:28 - 2014-10-07 21:54 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-23 22:07 - 2009-07-14 05:34 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-23 22:07 - 2009-07-14 05:34 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-23 22:00 - 2013-11-30 12:50 - 00078032 _____ (Absolute Software Corp.) C:\Windows\system32\rpcnet.dll
2015-04-23 21:59 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-22 20:10 - 2014-12-13 15:05 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-22 20:10 - 2014-07-04 19:56 - 00000000 ____D () C:\Users\Guest
2015-04-22 20:10 - 2014-05-07 13:44 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-22 20:10 - 2009-07-14 08:48 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-04-22 20:10 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-04-22 20:09 - 2014-10-07 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-22 20:09 - 2014-01-18 12:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2015-04-22 20:09 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-04-22 20:09 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2015-04-22 20:09 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-04-22 20:07 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-22 20:06 - 2014-07-04 19:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2015-04-22 19:09 - 2013-11-30 12:10 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-22 18:25 - 2014-10-07 22:09 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-22 16:45 - 2014-04-03 23:42 - 00000000 ____D () C:\Users\Chris\Downloads\backups
2015-04-22 16:29 - 2014-10-12 20:19 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Dropbox
2015-04-22 16:16 - 2013-11-30 12:01 - 00017920 _____ () C:\Windows\system32\rpcnetp.dll
2015-04-22 16:00 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-04-22 11:27 - 2013-11-30 12:13 - 00000000 ____D () C:\Users\Chris
2015-04-20 20:16 - 2015-01-18 16:38 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\XBMC
2015-04-18 23:39 - 2013-11-30 12:50 - 00078032 ____N (Absolute Software Corp.) C:\Windows\system32\rpcnet.exe
2015-04-16 19:45 - 2013-11-30 13:06 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-16 19:28 - 2013-11-30 14:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-16 19:28 - 2013-11-30 13:05 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-16 19:07 - 2013-11-30 12:31 - 00109280 _____ () C:\Users\Chris\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-16 19:05 - 2009-07-14 05:33 - 00407384 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-15 14:45 - 2015-01-12 15:05 - 00000000 ____D () C:\Windows\pss
2015-04-15 12:11 - 2014-03-10 23:32 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Skype
2015-04-15 10:33 - 2014-01-15 20:48 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-15 10:33 - 2014-01-15 20:48 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-09 17:27 - 2014-04-01 23:12 - 00000000 ____D () C:\ProgramData\Skype
2015-04-09 17:27 - 2014-03-10 23:31 - 00000000 ___RD () C:\Program Files\Skype
2015-04-08 08:16 - 2015-01-08 20:01 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Kodi
2015-03-30 20:20 - 2014-11-29 13:59 - 00006076 _____ () C:\Users\Chris\.swfinfo
 
==================== Files in the root of some directories =======
 
2014-03-17 16:03 - 2014-03-17 16:03 - 0000055 _____ () C:\Users\Chris\AppData\Roaming\mbam.context.scan
2014-01-15 21:42 - 2014-01-15 21:42 - 0000073 _____ () C:\Users\Chris\AppData\Roaming\WB.CFG
 
Files to move or delete:
====================
C:\Users\Chris\delfile.bat
 
 
Some content of TEMP:
====================
C:\Users\Chris\AppData\Local\Temp\Quarantine.exe
C:\Users\Chris\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Chris\AppData\Local\Temp\sqlite3.dll
C:\Users\Chris\AppData\Local\Temp\{39F87D1B-DFAB-4433-B387-CA609A292D8A}.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-15 11:07
 
==================== End Of Log ============================


#7 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:32 PM

Posted 25 April 2015 - 11:38 AM

Hi harty,

Unistall:
Avast! Antivirus
Avast! Internet Security
Avast Online Security


Avast uninstall utulity
https://www.avast.com/uninstall-utility

 

Download and run OTC

  • Download OTCleanIt and save it to your desktop
  • Double click on the OTC.exe icon to start the program
  • Click the CleanUp! button
  • You will get a prompt saying "Being Cleanup Process", select Yes
  • Restart your computer when prompted

---------------------------------------------------------------------------------------------

C:\Users\Chris\Documents\Drive_C.064
C:\Users\Chris\Documents\Drive_C.062
C:\Users\Chris\Documents\Drive_C.037

C:\Users\Chris\delfile.bat

Do you recognise this programs?

 

---------------------------------------------------------------

Now  can you  enter the normal mode ?


Edited by olgun52, 25 April 2015 - 11:40 AM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 harty

harty
  • Topic Starter

  • Members
  • 166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:32 AM

Posted 25 April 2015 - 11:58 AM

uninstalled avast ran OTC clean up    The documents drive i have been having some trouble locating my download files as the folder is not on the list i have always used ...I can now enter normal mode 



#9 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:32 PM

Posted 25 April 2015 - 12:23 PM

Okay.

C:\Users\Chris\delfile.bat

Do you recognise this program?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 harty

harty
  • Topic Starter

  • Members
  • 166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:32 AM

Posted 25 April 2015 - 12:26 PM

no i do not recognise the program ??



#11 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:32 PM

Posted 25 April 2015 - 01:12 PM

Hi harty,
 
Step 1:
FRST Script:
Please download this attached txt.gif  fixlist.txt 14.68KB 0 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.
 
Step 2:
Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Double-click mbam-setup-2.1.4.1018.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • At the end of the installation, a database update will be performed.
  • Click on Scan Now.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export.
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.

Already installed:
Threat Scan

  • On the Dashboard, click the Scan Now button.
  • A check for database updates will be performed.
  • After the update check completes, a Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export.
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.

Have a nice day.

Attached Files


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 harty

harty
  • Topic Starter

  • Members
  • 166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:32 AM

Posted 25 April 2015 - 02:18 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/10/2014
Scan Time: 07:13:30
Logfile: malware.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.10.10.03
Rootkit Database: v2014.10.08.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Chris
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 330159
Time Elapsed: 18 min, 17 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 1
PUP.Optional.SweetPacks.A, C:\Program Files\sweetpacks bundle uninstaller_WinRAR_1552994, , [7695898a4f2db97d98208a8640c38a76], 
 
Files: 1
PUP.Optional.SweetPacks.A, C:\Program Files\sweetpacks bundle uninstaller_WinRAR_1552994\uninstaller.exe, , [7695898a4f2db97d98208a8640c38a76], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#13 harty

harty
  • Topic Starter

  • Members
  • 166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:32 AM

Posted 25 April 2015 - 02:27 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-04-2015
Ran by Chris at 2015-04-25 19:28:40 Run:1
Running from C:\Users\Chris\Desktop
Loaded Profiles: Chris (Available profiles: Chris & Guest)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
CreateRestorePoint:
CloseProcesses:
C:\Users\Chris\delfile.bat
C:\Users\Chris\AppData\Local\Temp\Quarantine.exe
C:\Users\Chris\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Chris\AppData\Local\Temp\sqlite3.dll
C:\Users\Chris\AppData\Local\Temp\{39F87D1B-DFAB-4433-B387-CA609A292D8A}.exe
2015-04-02 00:17 - 2015-04-02 21:08 - 00000000 ____D () C:\cc296e5ef9ade91a3c40e78e17
2015-04-01 19:55 - 2015-04-01 19:55 - 00000000 ____D () C:\cd1042f02b311e409e607dc6c9f2
2015-04-01 19:55 - 2015-04-01 19:55 - 00000000 ____D () C:\608e3223e90030504a
2015-04-01 19:55 - 2015-04-01 19:55 - 00000000 ____D () C:\2986b4138c92591a8385
2015-04-01 19:54 - 2015-04-01 19:55 - 00000000 ____D () C:\67bccdfa4adb1d0c03c507646e521494
2015-04-01 19:45 - 2015-04-01 19:45 - 00000000 ____D () C:\5b112a80bbe7ff4e66e62064
2015-03-31 23:22 - 2015-03-31 23:23 - 00000000 ____D () C:\c6e45fd6f2bfb03b07b318e7b18f95
2015-03-31 23:02 - 2015-03-31 23:22 - 00000000 ____D () C:\ba93789de29bbab90c70fa
2015-03-31 22:12 - 2015-03-31 22:12 - 00000000 ____D () C:\f39b09e3b4f7d3210bc14dd0
2015-03-31 22:12 - 2015-03-31 22:12 - 00000000 ____D () C:\d25ed5979435e7498dcbe4
2015-03-31 22:12 - 2015-03-31 22:12 - 00000000 ____D () C:\69cfc161492a16e1552c
2015-03-31 22:11 - 2015-03-31 22:12 - 00000000 ____D () C:\d9d677f3e657310008f2
2015-03-31 18:08 - 2015-03-31 18:08 - 00000000 ____D () C:\47a509ac256d821357c95113a4124e26
2015-03-31 18:07 - 2015-03-31 18:07 - 00000000 ____D () C:\8d015b2390a555ccf903187b4b15
2015-03-31 18:07 - 2015-03-31 18:07 - 00000000 ____D () C:\4a77a24dc8bb48790067e5
2015-03-31 18:06 - 2015-03-31 18:07 - 00000000 ____D () C:\020418e1301ee45c728bb9
2015-03-29 23:52 - 2015-03-29 23:53 - 00000000 ____D () C:\c4c22e87fd9ee0047238d6fad8
2015-03-29 23:52 - 2015-03-29 23:52 - 00000000 ____D () C:\af140bf066f366c227b364e21b3c2f59
2015-03-29 23:52 - 2015-03-29 23:52 - 00000000 ____D () C:\4877e146fad2404686
2015-03-29 23:52 - 2015-03-29 23:52 - 00000000 ____D () C:\1f51aee4bea290bf9dd92bdb13fc8037
2015-03-29 13:08 - 2015-03-29 13:08 - 00000000 ____D () C:\b60c5181494119ae678c59c5e9bcb6
2015-03-29 13:08 - 2015-03-29 13:08 - 00000000 ____D () C:\7bcd7fcb55e074b9708b7705
2015-03-29 13:08 - 2015-03-29 13:08 - 00000000 ____D () C:\00b2c46ad4d4be443b
2015-03-29 13:07 - 2015-03-29 13:07 - 00000000 ____D () C:\ca44726f0166f451c3456f
2015-03-28 23:56 - 2015-03-28 23:56 - 00000000 ____D () C:\b64acad30f73783677db649c18f46e
2015-03-28 23:55 - 2015-03-28 23:56 - 00000000 ____D () C:\8cb162c9349a9a6590b051e2e5
2015-03-28 23:55 - 2015-03-28 23:55 - 00000000 ____D () C:\4fa5234ece0dbde0b621e689493c211f
2015-03-28 23:55 - 2015-03-28 23:55 - 00000000 ____D () C:\1ba5a7fdc805f73f686c2952
2015-03-28 18:11 - 2015-03-28 18:11 - 00000000 ____D () C:\b750a60f9b9e21480473ba5702d3079b
2015-03-28 18:10 - 2015-03-28 18:11 - 00000000 ____D () C:\d13d05b6eb3a354b02bb
2015-03-28 18:10 - 2015-03-28 18:10 - 00000000 ____D () C:\e9cf3fb26f86ebae0ca6
2015-03-28 18:09 - 2015-03-28 18:10 - 00000000 ____D () C:\2a3ae439c1dcd0e466ab31
2015-03-26 12:17 - 2015-03-26 12:17 - 00000000 ____D () C:\000278a95386f72d97
2015-03-26 12:16 - 2015-03-26 12:17 - 00000000 ____D () C:\96fbafdb42c38b0963c1452d08051f
2015-03-26 12:16 - 2015-03-26 12:16 - 00000000 ____D () C:\e945922f9b8a273ee6a6
2015-03-26 12:14 - 2015-03-26 12:16 - 00000000 ____D () C:\5026d4ae0a3879239c
2015-04-12 10:38 - 2015-04-12 10:38 - 00000000 ____D () C:\2a3ef3646899ca572954fa
2015-04-12 10:37 - 2015-04-12 10:38 - 00000000 ____D () C:\e8320ccdeb4f21cf99
2015-04-12 10:37 - 2015-04-12 10:37 - 00000000 ____D () C:\c949b8781acb84284093
2015-04-12 10:36 - 2015-04-12 10:37 - 00000000 ____D () C:\e33cdec9e6f594c127e5564e
2015-04-11 09:09 - 2015-04-11 09:10 - 00000000 ____D () C:\c4251352aa87a34fbfa684ba88
2015-04-11 09:09 - 2015-04-11 09:09 - 00000000 ____D () C:\87885a8a16b74badf83514263535b581
2015-04-11 09:09 - 2015-04-11 09:09 - 00000000 ____D () C:\5da4af0fea70c6a311c6d1ae99cc
2015-04-11 09:08 - 2015-04-11 09:09 - 00000000 ____D () C:\d9294bbd75376fa3b29d
2015-04-10 13:58 - 2015-04-10 14:03 - 00000000 ____D () C:\9a33d1bdcce1b393bd13f9
2015-04-08 23:14 - 2015-04-08 23:14 - 00000000 ____D () C:\ed7f7fc9f76c1b0a76801ab6fc3b
2015-04-08 23:14 - 2015-04-08 23:14 - 00000000 ____D () C:\642729e7d20facd9c83db3e80d
2015-04-08 23:13 - 2015-04-08 23:13 - 00000000 ____D () C:\ddc666e80e51fb23566d28f05e85
2015-04-08 23:13 - 2015-04-08 23:13 - 00000000 ____D () C:\da009d40da1ad4be97656d
2015-04-07 23:07 - 2015-04-07 23:07 - 00000000 ____D () C:\f0503a3594b80340e8
2015-04-07 23:07 - 2015-04-07 23:07 - 00000000 ____D () C:\430285d4d4614d7873f4fcff
2015-04-07 23:06 - 2015-04-07 23:07 - 00000000 ____D () C:\433f00d0ce2c53729e838bed
2015-04-07 23:06 - 2015-04-07 23:06 - 00000000 ____D () C:\5d330a06b6cbccc249dd78cd3b32
2015-04-07 18:39 - 2015-04-07 18:40 - 00000000 ____D () C:\441ad4ed2739230830f6a4cf24
2015-04-07 18:39 - 2015-04-07 18:39 - 00000000 ____D () C:\edeb95b6d2a4b0eafc36cd13a0e5
2015-04-07 18:39 - 2015-04-07 18:39 - 00000000 ____D () C:\02045b7acc0bd27990c52c
2015-04-07 18:35 - 2015-04-07 18:38 - 00000000 ____D () C:\5aa27585d4fb8d7a9a86b
2015-04-15 01:30 - 2015-04-15 01:30 - 00000000 ____D () C:\db33d560e87a0a1a71e5ce7f
2015-04-15 01:30 - 2015-04-15 01:30 - 00000000 ____D () C:\bb1e32933df732e3c53655eb
2015-04-15 01:29 - 2015-04-15 01:30 - 00000000 ____D () C:\2a590f048682f053f28a12
2015-04-15 01:29 - 2015-04-15 01:29 - 00000000 ____D () C:\4131543f97f900f6fcc6
2015-04-14 09:55 - 2015-04-14 09:56 - 00000000 ____D () C:\f701148fa2a198896752d61dc44f36f5
2015-04-14 09:55 - 2015-04-14 09:55 - 00000000 ____D () C:\f842bb3e9288799903
2015-04-14 09:55 - 2015-04-14 09:55 - 00000000 ____D () C:\c398fc02a16a9895ab5fd3eb
2015-04-14 09:55 - 2015-04-14 09:55 - 00000000 ____D () C:\5bafd08d202f32dc20aa5710
2015-04-13 10:00 - 2015-04-13 10:00 - 00000000 ____D () C:\a425bce3afcc6f12a07c39fa08
2015-04-13 09:59 - 2015-04-13 10:00 - 00000000 ____D () C:\84c2c2ec862dce3e947f6b0a96
2015-04-13 09:59 - 2015-04-13 09:59 - 00000000 ____D () C:\e60cc2942614bfce9b163ca06964a5
2015-04-13 09:58 - 2015-04-13 09:59 - 00000000 ____D () C:\50173e732b5e4f3534
2015-04-15 17:22 - 2015-04-15 17:24 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Panda Security
2015-04-15 17:20 - 2015-04-16 19:05 - 00000000 ____D () C:\Program Files\Panda Security
2015-04-15 17:16 - 2015-04-15 17:25 - 00000000 ____D () C:\ProgramData\Panda Security
2015-04-15 17:28 - 2015-04-15 17:29 - 202843456 _____ (Kaspersky Lab) C:\Users\Chris\Downloads\kts15.0.1.415en_6996.exe
2015-04-20 22:18 - 2015-04-22 20:09 - 00000000 ____D () C:\fa892372f7a6b5f06c3ae2
2015-04-19 09:07 - 2015-04-19 09:07 - 00000000 ____D () C:\4973a0d21f5c1eb9073b
2015-04-19 09:07 - 2015-04-19 09:07 - 00000000 ____D () C:\35882d92f5bc1edac75572e64238
2015-04-19 09:07 - 2015-04-19 09:07 - 00000000 ____D () C:\077d96e129294eb72d32ec0d55706d39
2015-04-19 09:06 - 2015-04-19 09:07 - 00000000 ____D () C:\183a7d9cf45400023b
2015-04-19 09:06 - 2015-04-19 09:06 - 00000000 ____D () C:\4216465ba0b2785d8f0d61
2015-04-18 17:32 - 2015-04-18 17:33 - 00000000 ____D () C:\6ccdd3b233b6c9ae7d0e8d5e8a
2015-04-18 17:32 - 2015-04-18 17:32 - 00000000 ____D () C:\f928ae905b0c46cfb956
2015-04-18 17:32 - 2015-04-18 17:32 - 00000000 ____D () C:\8d0e30f03ea4ee41ffa24558863d
2015-04-18 17:32 - 2015-04-18 17:32 - 00000000 ____D () C:\4b7cd8cc8c83fe76bb491171
2015-04-18 17:31 - 2015-04-18 17:32 - 00000000 ____D () C:\68cb87d61f6226cf36
2015-04-16 19:27 - 2015-04-16 19:27 - 00000000 ____D () C:\921e1191bb01c8e1055c4f
2015-04-16 19:27 - 2015-04-16 19:27 - 00000000 ____D () C:\8d5d58c7110257dae1e1e7880044
2015-04-16 19:22 - 2015-04-16 19:23 - 00000000 ____D () C:\b7e6abef8c6837370abafc3cc4818611
2015-04-16 19:15 - 2015-04-16 19:15 - 00000000 ____D () C:\1993e04a0a07a6ddfb70
2015-04-16 19:14 - 2015-04-16 19:15 - 00000000 ____D () C:\91475bc01cbc3d34bfe5
2015-04-21 19:37 - 2015-04-21 19:37 - 00000000 ____D () C:\1f293e2c6c401a0703acce56f26457fe
2015-04-21 19:36 - 2015-04-21 19:37 - 00000000 ____D () C:\9c2e95079513e207f6fd98b7c7
2015-04-21 19:36 - 2015-04-21 19:36 - 00000000 ____D () C:\5901657dece3c30a8f63
2015-04-21 19:35 - 2015-04-21 19:36 - 00000000 ____D () C:\61b47af6de41fce08f79
2015-04-22 11:38 - 2015-04-22 11:38 - 00000000 ____D () C:\c3a07747bb9d5a3f46eff184
2015-04-22 11:37 - 2015-04-22 11:38 - 00000000 ____D () C:\5f55a7974ce2d0ddae6b6c204aada03d
2015-04-22 11:37 - 2015-04-22 11:37 - 00000000 ____D () C:\f1b70eded6d718de79c9
2015-04-22 11:36 - 2015-04-22 11:37 - 00000000 ____D () C:\0a783aaa1593e1f24da152
2015-04-22 11:35 - 2015-04-22 11:36 - 00000000 ____D () C:\e4354d2eb194c07a4b65aabdae
2015-04-22 18:16 - 2015-04-22 18:17 - 00000000 ___SD () C:\32788R22FWJFW
2015-04-22 18:15 - 2015-04-22 18:15 - 05619466 ____R (Swearware) C:\Users\Chris\Downloads\ComboFix (1).exe
2015-04-22 23:25 - 2015-04-22 23:25 - 00000000 ____D () C:\4243219594a2bb5778c3e7
2015-04-22 23:24 - 2015-04-22 23:25 - 00000000 ____D () C:\d16ecb5cb8d315b91200
2015-04-22 23:24 - 2015-04-22 23:24 - 00000000 ____D () C:\c78ffbb829d3ce085157e566ec748643
2015-04-22 23:24 - 2015-04-22 23:24 - 00000000 ____D () C:\a07b4ca36ef82e37d1
2015-04-22 23:23 - 2015-04-22 23:24 - 00000000 ____D () C:\edb97a61490a2b1a0653ab6a94bc
2015-04-25 08:06 - 2015-04-25 08:06 - 02099712 _____ (Farbar) C:\Users\Chris\Downloads\FRST64 (2).exe
2015-04-25 07:56 - 2015-04-25 07:57 - 02099712 _____ (Farbar) C:\Users\Chris\Downloads\FRST64 (1).exe
2015-04-25 07:51 - 2015-04-25 07:51 - 00000000 ____D () C:\809c80cd539a8bbeed
2015-04-24 22:05 - 2015-04-25 07:51 - 00000000 ____D () C:\038b1f96d662ce7b0a8bcfb8
2015-04-24 21:35 - 2015-04-24 22:05 - 00000000 ____D () C:\a4a3319e1073701effb2ca42be
2015-04-24 21:34 - 2015-04-24 21:35 - 00000000 ____D () C:\5db8a21d7b9a7de117187763d046
2015-04-24 21:33 - 2015-04-24 21:34 - 00000000 ____D () C:\3b045d86f399a23b18872e6e
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 catchme; \??\C:\Users\Chris\AppData\Local\Temp\catchme.sys [X]
S3 CFcatchme; \??\C:\Users\Chris\AppData\Local\Temp\CFcatchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
CHR Extension: (Avast Online Security) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-12]
FF Extension: No Name - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\snzqv5la.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com [Not Found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\snzqv5la.default
FF Homepage: user_pref("browser.startup.homepage", );
FF NetworkProxy: "type", 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3340412467-154873619-3684793459-1000 -> {6B7B5AEB-1EF9-4348-B375-1012628F77D6} URL = https://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3340412467-154873619-3684793459-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com?fr=hp-avast&type=avastbcl
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CustomCLSID: HKU\S-1-5-21-3340412467-154873619-3684793459-1000_Classes\CLSID\{00b7e0ab-817a-44ad-a04b-d1148d524136}\InprocServer32 -> %SystemDrive%\Users\Chris\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3340412467-154873619-3684793459-1000_Classes\CLSID\{7c6e29bc-8b8b-4c3d-859e-af6cd158be0f}\InprocServer32 -> %SystemDrive%\Users\Chris\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3340412467-154873619-3684793459-1000_Classes\CLSID\{88d969c0-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Chris\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3340412467-154873619-3684793459-1000_Classes\CLSID\{88d969c1-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Chris\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3340412467-154873619-3684793459-1000_Classes\CLSID\{88d969c2-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Chris\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3340412467-154873619-3684793459-1000_Classes\CLSID\{88d969c3-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Chris\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3340412467-154873619-3684793459-1000_Classes\CLSID\{88d969c4-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Chris\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3340412467-154873619-3684793459-1000_Classes\CLSID\{88d969c5-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Chris\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3340412467-154873619-3684793459-1000_Classes\CLSID\{88d969c6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Chris\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3340412467-154873619-3684793459-1000_Classes\CLSID\{88d969c8-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Chris\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3340412467-154873619-3684793459-1000_Classes\CLSID\{88d969c9-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Chris\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3340412467-154873619-3684793459-1000_Classes\CLSID\{88d969ca-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Chris\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3340412467-154873619-3684793459-1000_Classes\CLSID\{88d969d6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Chris\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype 
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
 
 
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Users\Chris\delfile.bat => Moved successfully.
C:\Users\Chris\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Chris\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Chris\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\Chris\AppData\Local\Temp\{39F87D1B-DFAB-4433-B387-CA609A292D8A}.exe => Moved successfully.
C:\cc296e5ef9ade91a3c40e78e17 => Moved successfully.
C:\cd1042f02b311e409e607dc6c9f2 => Moved successfully.
C:\608e3223e90030504a => Moved successfully.
C:\2986b4138c92591a8385 => Moved successfully.
C:\67bccdfa4adb1d0c03c507646e521494 => Moved successfully.
C:\5b112a80bbe7ff4e66e62064 => Moved successfully.
C:\c6e45fd6f2bfb03b07b318e7b18f95 => Moved successfully.
C:\ba93789de29bbab90c70fa => Moved successfully.
C:\f39b09e3b4f7d3210bc14dd0 => Moved successfully.
C:\d25ed5979435e7498dcbe4 => Moved successfully.
C:\69cfc161492a16e1552c => Moved successfully.
C:\d9d677f3e657310008f2 => Moved successfully.
C:\47a509ac256d821357c95113a4124e26 => Moved successfully.
C:\8d015b2390a555ccf903187b4b15 => Moved successfully.
C:\4a77a24dc8bb48790067e5 => Moved successfully.
C:\020418e1301ee45c728bb9 => Moved successfully.
C:\c4c22e87fd9ee0047238d6fad8 => Moved successfully.
C:\af140bf066f366c227b364e21b3c2f59 => Moved successfully.
C:\4877e146fad2404686 => Moved successfully.
C:\1f51aee4bea290bf9dd92bdb13fc8037 => Moved successfully.
C:\b60c5181494119ae678c59c5e9bcb6 => Moved successfully.
C:\7bcd7fcb55e074b9708b7705 => Moved successfully.
C:\00b2c46ad4d4be443b => Moved successfully.
C:\ca44726f0166f451c3456f => Moved successfully.
C:\b64acad30f73783677db649c18f46e => Moved successfully.
C:\8cb162c9349a9a6590b051e2e5 => Moved successfully.
C:\4fa5234ece0dbde0b621e689493c211f => Moved successfully.
C:\1ba5a7fdc805f73f686c2952 => Moved successfully.
C:\b750a60f9b9e21480473ba5702d3079b => Moved successfully.
C:\d13d05b6eb3a354b02bb => Moved successfully.
C:\e9cf3fb26f86ebae0ca6 => Moved successfully.
C:\2a3ae439c1dcd0e466ab31 => Moved successfully.
C:\000278a95386f72d97 => Moved successfully.
C:\96fbafdb42c38b0963c1452d08051f => Moved successfully.
C:\e945922f9b8a273ee6a6 => Moved successfully.
C:\5026d4ae0a3879239c => Moved successfully.
C:\2a3ef3646899ca572954fa => Moved successfully.
C:\e8320ccdeb4f21cf99 => Moved successfully.
C:\c949b8781acb84284093 => Moved successfully.
C:\e33cdec9e6f594c127e5564e => Moved successfully.
C:\c4251352aa87a34fbfa684ba88 => Moved successfully.
C:\87885a8a16b74badf83514263535b581 => Moved successfully.
C:\5da4af0fea70c6a311c6d1ae99cc => Moved successfully.
C:\d9294bbd75376fa3b29d => Moved successfully.
C:\9a33d1bdcce1b393bd13f9 => Moved successfully.
C:\ed7f7fc9f76c1b0a76801ab6fc3b => Moved successfully.
C:\642729e7d20facd9c83db3e80d => Moved successfully.
C:\ddc666e80e51fb23566d28f05e85 => Moved successfully.
C:\da009d40da1ad4be97656d => Moved successfully.
C:\f0503a3594b80340e8 => Moved successfully.
C:\430285d4d4614d7873f4fcff => Moved successfully.
C:\433f00d0ce2c53729e838bed => Moved successfully.
C:\5d330a06b6cbccc249dd78cd3b32 => Moved successfully.
C:\441ad4ed2739230830f6a4cf24 => Moved successfully.
C:\edeb95b6d2a4b0eafc36cd13a0e5 => Moved successfully.
C:\02045b7acc0bd27990c52c => Moved successfully.
"C:\5aa27585d4fb8d7a9a86b" => File/Directory not found.
C:\db33d560e87a0a1a71e5ce7f => Moved successfully.
C:\bb1e32933df732e3c53655eb => Moved successfully.
C:\2a590f048682f053f28a12 => Moved successfully.
C:\4131543f97f900f6fcc6 => Moved successfully.
C:\f701148fa2a198896752d61dc44f36f5 => Moved successfully.
C:\f842bb3e9288799903 => Moved successfully.
C:\c398fc02a16a9895ab5fd3eb => Moved successfully.
C:\5bafd08d202f32dc20aa5710 => Moved successfully.
C:\a425bce3afcc6f12a07c39fa08 => Moved successfully.
C:\84c2c2ec862dce3e947f6b0a96 => Moved successfully.
C:\e60cc2942614bfce9b163ca06964a5 => Moved successfully.
C:\50173e732b5e4f3534 => Moved successfully.
C:\Users\Chris\AppData\Roaming\Panda Security => Moved successfully.
C:\Program Files\Panda Security => Moved successfully.
C:\ProgramData\Panda Security => Moved successfully.
C:\Users\Chris\Downloads\kts15.0.1.415en_6996.exe => Moved successfully.
C:\fa892372f7a6b5f06c3ae2 => Moved successfully.
C:\4973a0d21f5c1eb9073b => Moved successfully.
C:\35882d92f5bc1edac75572e64238 => Moved successfully.
C:\077d96e129294eb72d32ec0d55706d39 => Moved successfully.
C:\183a7d9cf45400023b => Moved successfully.
C:\4216465ba0b2785d8f0d61 => Moved successfully.
C:\6ccdd3b233b6c9ae7d0e8d5e8a => Moved successfully.
C:\f928ae905b0c46cfb956 => Moved successfully.
C:\8d0e30f03ea4ee41ffa24558863d => Moved successfully.
C:\4b7cd8cc8c83fe76bb491171 => Moved successfully.
C:\68cb87d61f6226cf36 => Moved successfully.
C:\921e1191bb01c8e1055c4f => Moved successfully.
C:\8d5d58c7110257dae1e1e7880044 => Moved successfully.
C:\b7e6abef8c6837370abafc3cc4818611 => Moved successfully.
C:\1993e04a0a07a6ddfb70 => Moved successfully.
C:\91475bc01cbc3d34bfe5 => Moved successfully.
C:\1f293e2c6c401a0703acce56f26457fe => Moved successfully.
C:\9c2e95079513e207f6fd98b7c7 => Moved successfully.
C:\5901657dece3c30a8f63 => Moved successfully.
C:\61b47af6de41fce08f79 => Moved successfully.
C:\c3a07747bb9d5a3f46eff184 => Moved successfully.
C:\5f55a7974ce2d0ddae6b6c204aada03d => Moved successfully.
C:\f1b70eded6d718de79c9 => Moved successfully.
C:\0a783aaa1593e1f24da152 => Moved successfully.
C:\e4354d2eb194c07a4b65aabdae => Moved successfully.
C:\32788R22FWJFW => Moved successfully.
"C:\Users\Chris\Downloads\ComboFix (1).exe" => File/Directory not found.
C:\4243219594a2bb5778c3e7 => Moved successfully.
C:\d16ecb5cb8d315b91200 => Moved successfully.
C:\c78ffbb829d3ce085157e566ec748643 => Moved successfully.
C:\a07b4ca36ef82e37d1 => Moved successfully.
C:\edb97a61490a2b1a0653ab6a94bc => Moved successfully.
"C:\Users\Chris\Downloads\FRST64 (2).exe" => File/Directory not found.
"C:\Users\Chris\Downloads\FRST64 (1).exe" => File/Directory not found.
C:\809c80cd539a8bbeed => Moved successfully.
C:\038b1f96d662ce7b0a8bcfb8 => Moved successfully.
C:\a4a3319e1073701effb2ca42be => Moved successfully.
C:\5db8a21d7b9a7de117187763d046 => Moved successfully.
C:\3b045d86f399a23b18872e6e => Moved successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
catchme => Service not found.
CFcatchme => Service deleted successfully.
esgiguard => Service deleted successfully.
C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki directory not found.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\snzqv5la.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com => not found.
C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} => not found.
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\snzqv5la.default => Should not be moved.
Firefox homepage deleted successfully.
Firefox Proxy settings were reset.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3340412467-154873619-3684793459-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6B7B5AEB-1EF9-4348-B375-1012628F77D6}" => Key deleted successfully.
HKCR\CLSID\{6B7B5AEB-1EF9-4348-B375-1012628F77D6} => Key not found. 
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-3340412467-154873619-3684793459-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-3340412467-154873619-3684793459-1000_Classes\CLSID\{00b7e0ab-817a-44ad-a04b-d1148d524136}" => Key deleted successfully.
"HKU\S-1-5-21-3340412467-154873619-3684793459-1000_Classes\CLSID\{7c6e29bc-8b8b-4c3d-859e-af6cd158be0f}" => Key deleted successfully.
"HKU\S-1-5-21-3340412467-154873619-3684793459-1000_Classes\CLSID\{88d969c0-f192-11d4-a65f-0040963251e5}" => Key deleted successfully.
"HKU\S-1-5-21-3340412467-154873619-3684793459-1000_Classes\CLSID\{88d969c1-f192-11d4-a65f-0040963251e5}" => Key deleted successfully.
"HKU\S-1-5-21-3340412467-154873619-3684793459-1000_Classes\CLSID\{88d969c2-f192-11d4-a65f-0040963251e5}" => Key deleted successfully.
"HKU\S-1-5-21-3340412467-154873619-3684793459-1000_Classes\CLSID\{88d969c3-f192-11d4-a65f-0040963251e5}" => Key deleted successfully.
"HKU\S-1-5-21-3340412467-154873619-3684793459-1000_Classes\CLSID\{88d969c4-f192-11d4-a65f-0040963251e5}" => Key deleted successfully.
"HKU\S-1-5-21-3340412467-154873619-3684793459-1000_Classes\CLSID\{88d969c5-f192-11d4-a65f-0040963251e5}" => Key deleted successfully.
"HKU\S-1-5-21-3340412467-154873619-3684793459-1000_Classes\CLSID\{88d969c6-f192-11d4-a65f-0040963251e5}" => Key deleted successfully.
"HKU\S-1-5-21-3340412467-154873619-3684793459-1000_Classes\CLSID\{88d969c8-f192-11d4-a65f-0040963251e5}" => Key deleted successfully.
"HKU\S-1-5-21-3340412467-154873619-3684793459-1000_Classes\CLSID\{88d969c9-f192-11d4-a65f-0040963251e5}" => Key deleted successfully.
"HKU\S-1-5-21-3340412467-154873619-3684793459-1000_Classes\CLSID\{88d969ca-f192-11d4-a65f-0040963251e5}" => Key deleted successfully.
"HKU\S-1-5-21-3340412467-154873619-3684793459-1000_Classes\CLSID\{88d969d6-f192-11d4-a65f-0040963251e5}" => Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring => Error: No automatic fix found for this entry.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype => Error: No automatic fix found for this entry.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset all =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
EmptyTemp: => Removed 898 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 19:31:12 ====


#14 harty

harty
  • Topic Starter

  • Members
  • 166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:32 AM

Posted 25 April 2015 - 02:37 PM

I rebooted my laptop and restarted then opened up windows and a Open File Security Warning box  appeared saying ,,,,,,are you sure you want to run this file .............  C:\Program Files\FSP\FspUip.exe and then a choice to run or cancel .. what should i do ??/



#15 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:32 PM

Posted 25 April 2015 - 03:02 PM

It is clean software.

http://www.systemlookup.com/search.php?list=&type=filename&search=FspUip.exe&s=

 

You can now run.

--------------------------

Does not delete  found malwarebytes ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users