Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Shrinking C drive


  • This topic is locked This topic is locked
5 replies to this topic

#1 jah'rakhal

jah'rakhal

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 12 May 2015 - 12:47 PM

Hii,

 

This is a follow up with my previous topic in "AM I INFECTED" forum

 

My C drive has been constantly increasing and decreasing with no big updates

 

I was advised to post my FRST log according to the preperation guide,

 

Thank you for your help in advance......

 

The following is my FRST log

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2015 (ATTENTION: ====> FRST version is 10 days old and could be outdated)
Ran by de (administrator) on VENOM on 12-05-2015 22:44:08
Running from C:\Users\de\Desktop\Firefox
Loaded Profiles: de (Available profiles: de & GM)
Platform: Windows 7 Home Basic Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(WordWeb Software) C:\Program Files (x86)\WordWeb\wweb32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(APN LLC.) C:\Users\de\AppData\Local\VNT\vntldr.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-24] (Synaptics Incorporated)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5470208 2009-12-17] (Dell Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-17] (IDT, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [FAStartup] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [VNT] => C:\Program Files (x86)\VNT\vntldr.exe [196504 2014-06-15] (APN LLC.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-05-01] (Avast Software s.r.o.)
HKLM-x32\...\Run: [Cobian Backup 11 interface] => C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe [4407808 2013-03-07] (Luis Cobian, CobianSoft)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [163040 2010-08-11] (Softthinks)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\FastAccess: C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll [2010-11-17] ()
HKU\S-1-5-21-1713250322-187538473-2916951475-1000\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [65216 2009-11-09] (WordWeb Software)
HKU\S-1-5-21-1713250322-187538473-2916951475-1000\...\Run: [Google Update] => C:\Users\de\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-20] (Google Inc.)
HKU\S-1-5-21-1713250322-187538473-2916951475-1000\...\Run: [uTorrent] => C:\Users\de\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-11] (BitTorrent Inc.)
HKU\S-1-5-21-1713250322-187538473-2916951475-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-26] (Samsung)
HKU\S-1-5-21-1713250322-187538473-2916951475-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1713250322-187538473-2916951475-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1713250322-187538473-2916951475-1000\...\MountPoints2: H - H:\AutoRun.exe
HKU\S-1-5-21-1713250322-187538473-2916951475-1000\...\MountPoints2: {342402ec-90d6-11e4-803a-f04da2a0dc7b} - G:\AutoRun.exe
HKU\S-1-5-21-1713250322-187538473-2916951475-1000\...\MountPoints2: {342402f6-90d6-11e4-803a-f04da2a0dc7b} - G:\AutoRun.exe
HKU\S-1-5-21-1713250322-187538473-2916951475-1000\...\MountPoints2: {56c48ae4-d657-11e2-99ad-f04da2a0dc7b} - G:\AutoRun.exe
HKU\S-1-5-21-1713250322-187538473-2916951475-1000\...\MountPoints2: {56c48aee-d657-11e2-99ad-f04da2a0dc7b} - G:\AutoRun.exe
HKU\S-1-5-21-1713250322-187538473-2916951475-1000\...\MountPoints2: {56c48b26-d657-11e2-99ad-f04da2a0dc7b} - G:\AutoRun.exe
HKU\S-1-5-21-1713250322-187538473-2916951475-1000\...\MountPoints2: {846829cc-50b9-11e1-a215-f04da2a0dc7b} - G:\unlock.exe autoplay=true
HKU\S-1-5-21-1713250322-187538473-2916951475-1000\...\MountPoints2: {bf545ddf-7556-11e0-a4d6-aac46fc4b8ef} - H:\AutoRun.exe
HKU\S-1-5-21-1713250322-187538473-2916951475-1000\...\MountPoints2: {bf546022-7556-11e0-a4d6-f04da2a0dc7b} - G:\AutoRun.exe
HKU\S-1-5-21-1713250322-187538473-2916951475-1000\...\MountPoints2: {bf546029-7556-11e0-a4d6-f04da2a0dc7b} - G:\AutoRun.exe
HKU\S-1-5-21-1713250322-187538473-2916951475-1000\...\MountPoints2: {c4a8ec54-d8c2-11e2-881f-b9e794dc3929} - G:\AutoRun.exe
HKU\S-1-5-21-1713250322-187538473-2916951475-1000\...\MountPoints2: {c4a8ec77-d8c2-11e2-881f-b9e794dc3929} - G:\AutoRun.exe
Lsa: [Notification Packages] scecli FAPassSync
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010-12-11]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\de\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-05-01]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-12-11]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-12-11]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\GM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2011-05-26]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-01] (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1713250322-187538473-2916951475-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1713250322-187538473-2916951475-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/USCON/9
HKU\S-1-5-21-1713250322-187538473-2916951475-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-1713250322-187538473-2916951475-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {66EEA092-D284-4EAA-9D86-A3DFBB3CF5BF} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {66EEA092-D284-4EAA-9D86-A3DFBB3CF5BF} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1713250322-187538473-2916951475-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-1713250322-187538473-2916951475-1000 -> {AB79D3B4-AEDB-428a-B504-BAC00521A1C7} URL = http://www.smartwebsearch.net/index.php?from=4&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1713250322-187538473-2916951475-1000 -> {D3BF3BFE-8504-4E92-A86A-FD830F499829} URL = http://www.bing.com/search?q={searchTerms}&r=446
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-01] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: SSOIEAddonBHO Class -> {DA5BCE70-D057-4D63-943D-5F3927EC59F1} -> C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll [2010-11-17] (Sensible Vision )
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-12-11] (Sun Microsystems, Inc.)
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll [2013-07-23] (Microsoft Corporation.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-06-09] (Sun Microsystems, Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-01] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: SSOIEAddonBHO Class -> {DA5BCE70-D057-4D63-943D-5F3927EC59F1} -> C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll [2010-11-17] (Sensible Vision )
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-06-09] (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll [2013-07-23] (Microsoft Corporation.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\..\Interfaces\{0BB692AF-1D6C-4798-9B42-2483D9AAADFB}: [NameServer] 10.1.80.1
Tcpip\..\Interfaces\{6C39E1A3-B1F5-4FA4-A096-C6AE4949935E}: [NameServer] 218.248.255.146,218.248.255.147

FireFox:
========
FF ProfilePath: C:\Users\de\AppData\Roaming\Mozilla\Firefox\Profiles\9ydca6m8.default
FF Homepage: hxxp://www.google.co.in/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-25] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2010-12-11] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-25] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-07] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_32 -> C:\Windows\SysWOW64\npdeployJava1.dll [2012-06-09] (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2012-06-09] (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1713250322-187538473-2916951475-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\de\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1713250322-187538473-2916951475-1000: @talk.google.com/O1DPlugin -> C:\Users\de\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1713250322-187538473-2916951475-1000: @tools.google.com/Google Update;version=3 -> C:\Users\de\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-1713250322-187538473-2916951475-1000: @tools.google.com/Google Update;version=9 -> C:\Users\de\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF user.js: detected! => C:\Users\de\AppData\Roaming\Mozilla\Firefox\Profiles\9ydca6m8.default\user.js [2015-04-30]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\de\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\de\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF SearchPlugin: C:\Users\de\AppData\Roaming\Mozilla\Firefox\Profiles\9ydca6m8.default\searchplugins\GoogleFeed.xml [2011-05-20]
FF Extension: Ant Video Downloader - C:\Users\de\AppData\Roaming\Mozilla\Firefox\Profiles\9ydca6m8.default\Extensions\anttoolbar@ant.com [2015-04-05]
FF Extension: Adblock Plus - C:\Users\de\AppData\Roaming\Mozilla\Firefox\Profiles\9ydca6m8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-28]
FF Extension: QuickJava - C:\Users\de\AppData\Roaming\Mozilla\Firefox\Profiles\9ydca6m8.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2013-11-20]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-27]
FF HKLM-x32\...\Firefox\Extensions: [fassoxpcom@sensiblevision.com] - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso
FF Extension: FastAccess Web Login - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso [2011-05-13]
FF HKLM-x32\...\Firefox\Extensions: [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}] - C:\Program Files (x86)\SPEEDbit Video Downloader\SPFireFox
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-01]
FF HKU\S-1-5-21-1713250322-187538473-2916951475-1000\...\FireFox\Extensions: [wcapturex@deskperience.com] - C:\Program Files (x86)\WordWeb\WCaptureMoz
FF Extension: WordWeb one-click lookup - C:\Program Files (x86)\WordWeb\WCaptureMoz [2011-10-19]

Chrome:
=======
CHR DefaultSearchKeyword: Default -> C45E8CF1E175E8721ACA4F9FD04173F6C3FDD040C30F4B07BF943C6544BD23FE
CHR DefaultSearchURL: Default -> 4DAE64B37415D39C8E67449183603CF15592C3070A5639FEDC6C7D8CA7C38356
CHR Profile: C:\Users\de\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\de\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaailpifkkekipiachodfkfmgmiapmp [2014-08-24]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\de\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-04-13]
CHR Extension: (Virtual Keyboard) - C:\Users\de\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-04-13]
CHR Extension: (Skype Click to Call) - C:\Users\de\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-04-13]
CHR Extension: (Kaspersky Protection) - C:\Users\de\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh [2014-08-24]
CHR Extension: (Google Wallet) - C:\Users\de\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-13]
CHR Profile: C:\Users\de\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Docs) - C:\Users\de\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-12]
CHR Extension: (Google Drive) - C:\Users\de\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-12]
CHR Extension: (Kaspersky Protection) - C:\Users\de\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-04-12]
CHR Extension: (YouTube) - C:\Users\de\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-12]
CHR Extension: (Rainy Day) - C:\Users\de\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cbfongnabbfejdhkfkikcfjfhacdopai [2014-04-12]
CHR Extension: (Google Search) - C:\Users\de\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-12]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\de\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-04-12]
CHR Extension: (SpeedBit Video Downloader) - C:\Users\de\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\djcpfkccckpeeghiklnhienllljccglb [2014-04-12]
CHR Extension: (Dangerous Websites Blocker) - C:\Users\de\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-04-12]
CHR Extension: (Virtual Keyboard) - C:\Users\de\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-04-12]
CHR Extension: (SpeedBit Search Predict) - C:\Users\de\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ledcpigomgblcmofccnacobhmcdkpiea [2014-04-12]
CHR Extension: (Skype Click to Call) - C:\Users\de\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-04-12]
CHR Extension: (Google Wallet) - C:\Users\de\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-12]
CHR Extension: (Gmail) - C:\Users\de\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-12]
CHR HKLM-x32\...\Chrome\Extension: [aaaailpifkkekipiachodfkfmgmiapmp] - C:\ProgramData\AskPartnerNetwork\Toolbar\SGT-V7\CRX\ToolbarCR.crx [2014-06-21]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-01]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [mbcjjdjanpccmehilicphhmeobiljcpk] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\WordWeb\wcxChrome.crx [2011-10-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-01] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4030800 2015-05-01] (Avast Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 CobianBackup11; C:\Program Files (x86)\Cobian Backup 11\cbService.exe [1131008 2013-03-07] (Luis Cobian, CobianSoft) [File not signed]
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
S4 FAService; C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2428552 2010-11-17] (Sensible Vision ) [File not signed]
S4 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [575488 2008-08-07] (Nokia.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4950016 2009-12-17] (Dell Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-12] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-12] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-12] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-12] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-12] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-12] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-12] ()
S3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20552 2010-07-30] (Devguru Co., Ltd)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-07-18] () [File not signed]
S3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [23552 2008-05-07] (Nokia)
S3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [18432 2008-05-07] (Nokia)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [203672 2013-06-21] (DEVGURU Co., LTD.(www.devguru.co.kr))
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-05-01] (Avast Software)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [14464 2011-02-16] (Western Digital Technologies) [File not signed]
S3 ztemtusbser; C:\Windows\System32\DRIVERS\CT_ZTEMT_U_USBSER.sys [120704 2009-12-11] (ZTEMT Incorporated)
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S2 NEWDRIVER; \??\C:\Windows\SysWow64\WinVDEdrv6.sys [X]
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]
S1 wStLibG64; system32\drivers\wStLibG64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-12 22:43 - 2015-05-12 22:44 - 00000000 ____D () C:\FRST
2015-05-12 17:45 - 2015-05-12 17:45 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-05-12 17:45 - 2015-05-01 01:01 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\asw5D52.tmp
2015-05-12 17:45 - 2015-05-01 01:01 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\asw62C4.tmp
2015-05-12 17:45 - 2015-05-01 01:01 - 00271200 _____ () C:\Windows\system32\Drivers\asw6303.tmp
2015-05-12 17:45 - 2015-05-01 01:01 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\asw6342.tmp
2015-05-12 17:45 - 2015-05-01 01:01 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\asw6030.tmp
2015-05-12 17:45 - 2015-05-01 01:01 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\asw6226.tmp
2015-05-12 17:45 - 2015-05-01 01:01 - 00065736 _____ () C:\Windows\system32\Drivers\asw6275.tmp
2015-05-12 17:45 - 2015-05-01 01:01 - 00029168 _____ () C:\Windows\system32\Drivers\asw61A8.tmp
2015-05-12 17:44 - 2015-05-12 17:44 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-05-12 12:48 - 2015-05-12 12:50 - 00000000 ____D () C:\Users\de\Downloads\The.Simpsons.S26E20.HDTV.x264-LOL[ettv]
2015-05-11 17:01 - 2015-05-11 17:10 - 00000000 ____D () C:\Users\de\Downloads\The.Simpsons.S26E21.HDTV.x264-LOL[ettv]
2015-05-11 16:02 - 2015-05-11 16:03 - 00000000 ____D () C:\Users\de\Downloads\Game.of.Thrones.S05E05.HDTV.x264-ASAP[ettv]
2015-05-03 01:00 - 2015-05-12 13:39 - 00000224 _____ () C:\Windows\setupact.log
2015-05-03 01:00 - 2015-05-03 01:00 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-02 14:54 - 2015-05-02 14:54 - 00000000 ____D () C:\Users\de\AppData\Local\VNT
2015-05-02 11:05 - 2015-05-02 11:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2015-05-02 11:05 - 2015-05-02 11:05 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2015-05-02 09:47 - 2015-05-02 09:47 - 00010496 ____N () C:\Users\de\Desktop\attach.txt
2015-05-02 09:47 - 2015-05-02 09:46 - 00023498 ____N () C:\Users\de\Desktop\dds.txt
2015-05-02 09:22 - 2015-05-02 09:44 - 00000000 ____D () C:\ProgramData\SecTaskMan
2015-05-02 09:22 - 2015-05-02 09:22 - 00000000 ____D () C:\Users\de\AppData\Local\SecTaskMan
2015-05-02 01:22 - 2015-05-02 01:22 - 00001084 ____N () C:\Users\de\Desktop\TweakBit FixMyPC.lnk
2015-05-02 01:19 - 2015-05-02 01:21 - 00000000 ____D () C:\Users\de\Downloads\TweakBit FixMyPC 1.6.8.5 + Crack + 100% Working
2015-05-02 01:02 - 2015-05-02 01:22 - 00000000 ____D () C:\Windows\System32\Tasks\TweakBit
2015-05-02 01:02 - 2015-05-02 01:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakBit
2015-05-02 01:02 - 2015-05-02 01:22 - 00000000 ____D () C:\Program Files (x86)\TweakBit
2015-05-02 01:02 - 2015-05-02 01:16 - 00000000 ____D () C:\ProgramData\TweakBit
2015-05-02 01:01 - 2015-05-02 01:01 - 00003128 _____ () C:\Windows\System32\Tasks\{8E02EECF-1036-4C4E-8875-2DBA19DE5E2C}
2015-05-01 23:54 - 2015-05-01 23:55 - 00000000 ____D () C:\Users\de\Desktop\New folder (3)
2015-05-01 20:32 - 2015-05-01 20:34 - 00000000 ____D () C:\Users\de\Downloads\The.Blacklist.S02E20.HDTV.x264-LOL[ettv]
2015-05-01 15:47 - 2010-06-17 21:10 - 00645632 ____N (IDT, Inc.) C:\Windows\system32\stapi64.dll
2015-05-01 15:45 - 2010-06-17 21:10 - 01465344 _____ (IDT, Inc.) C:\Windows\system32\stapo64.dll
2015-05-01 15:45 - 2010-06-17 21:10 - 00515584 _____ (IDT, Inc.) C:\Windows\system32\Drivers\stwrt64.sys
2015-05-01 15:45 - 2010-06-17 21:10 - 00431616 _____ (IDT, Inc.) C:\Windows\system32\stcplx64.dll
2015-05-01 15:45 - 2010-06-17 21:10 - 00209920 _____ (IDT, Inc.) C:\Windows\system32\st646289.dll
2015-05-01 15:44 - 2015-05-01 15:48 - 00000000 ____D () C:\Program Files\IDT
2015-05-01 15:25 - 2015-05-01 15:25 - 00000000 ____D () C:\Users\de\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2015-05-01 15:24 - 2015-05-01 15:25 - 00000000 ____D () C:\Users\de\AppData\Local\Deployment
2015-05-01 01:15 - 2015-05-01 01:15 - 00000000 ____D () C:\Users\de\AppData\Roaming\Dropbox
2015-05-01 01:04 - 2015-05-01 01:04 - 00000000 ____D () C:\Users\de\AppData\Roaming\AVAST Software
2015-05-01 01:03 - 2015-05-01 01:03 - 00001924 ____N () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-05-01 01:03 - 2015-05-01 01:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-05-01 01:02 - 2015-05-12 17:45 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-05-01 01:02 - 2015-05-12 17:45 - 00272248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-05-01 01:02 - 2015-05-12 17:45 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-05-01 01:02 - 2015-05-12 17:45 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-05-01 01:02 - 2015-05-12 17:45 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-05-01 01:02 - 2015-05-12 17:45 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-05-01 01:02 - 2015-05-12 17:45 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-05-01 01:02 - 2015-05-12 17:45 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-05-01 01:01 - 2015-05-12 17:44 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-05-01 00:59 - 2015-05-01 00:59 - 00000000 ____D () C:\Program Files\AVAST Software
2015-05-01 00:46 - 2015-05-01 00:46 - 00000000 ____D () C:\Users\de\Documents\OneNote Notebooks
2015-04-30 21:18 - 2015-04-30 21:18 - 00000000 ____N () C:\Windows\SysWOW64\sho5AB1.tmp
2015-04-30 21:13 - 2015-04-30 21:13 - 00003150 _____ () C:\Windows\System32\Tasks\{28DE5F8C-DB17-4D13-8037-876FEAD45EFA}
2015-04-30 20:40 - 2015-04-30 21:14 - 00000993 ____N () C:\Users\GM\Desktop\WinDirStat.lnk
2015-04-30 20:40 - 2015-04-30 21:14 - 00000993 ____N () C:\Users\de\Desktop\WinDirStat.lnk
2015-04-30 20:40 - 2015-04-30 20:40 - 00000000 ____D () C:\Users\de\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2015-04-30 20:40 - 2015-04-30 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
2015-04-30 20:40 - 2015-04-30 20:40 - 00000000 ____D () C:\Program Files (x86)\WinDirStat
2015-04-30 20:32 - 2015-04-30 20:32 - 00000001 _____ () C:\Users\de\AppData\Local\llftool.4.40.agreement
2015-04-30 11:00 - 2015-04-30 11:08 - 00000000 ____D () C:\Users\de\Downloads\Modern.Family.S06E21.HDTV.x264-LOL[ettv]
2015-04-28 11:04 - 2015-04-28 11:06 - 00000000 ____D () C:\Users\de\Downloads\The.Simpsons.S26E19.HDTV.x264-LOL[ettv]
2015-04-28 03:08 - 2015-04-28 03:08 - 00001219 ____N () C:\Users\de\Documents\Women's Safety.txt
2015-04-27 13:57 - 2015-04-27 13:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-25 23:16 - 2015-04-25 23:16 - 00001028 ____N () C:\Users\Public\Desktop\VLC media player.lnk
2015-04-25 23:12 - 2015-04-25 23:12 - 00001139 ____N () C:\Users\de\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2015-04-23 18:23 - 2015-04-23 18:24 - 00000000 ____D () C:\Users\de\Desktop\New folder
2015-04-23 18:19 - 2015-05-12 15:28 - 00000000 ____D () C:\Users\de\Desktop\New folder (2)
2015-04-23 11:07 - 2015-04-23 11:10 - 00000000 ____D () C:\Windows\SysWOW64\䁉⸱㬳湁楴楖⵲䝎灕⽤㔱〮㤮㔮㐰⠠䕐卒※䭗㭓䔠㭎䄠䕖㠠㌮㌮⸰㈲※䑖⁆⸸ㄱ㈮㔲ㄮ㐶※楗摮睯⁳‷潈敭䈠獡捩※敓癲捩⁥慐正ㄠ※湉楤㭡ㄠ㕦㜴㠸㘷戴㑡摥㑤昳㈴㘶ㅦ昱㜸扣㘱戸㕤㐴㬶〠〰㄰㤴㤹ⴶ噁佈ⵅ〰〰〰㬱䤠㭎䈠䥕䑌ㄠ⸵⸰⸹〵㬴〠※㬱ㄠ※楦敲潦㭸ㄠ※㕢㙣㑡㉣收〲〴㘳戸㉦㠳㑢攵愹攴ㅤ㘱㐳㌴愵※⤰
2015-04-23 01:15 - 2015-04-24 16:31 - 00000000 ___DC () C:\Users\de\AppData\Local\MigWiz
2015-04-22 22:53 - 2015-04-22 22:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-21 23:24 - 2015-04-21 23:26 - 00000000 ____D () C:\Users\de\Downloads\The.Simpsons.S26E18.HDTV.x264-KILLERS[ettv]
2015-04-16 10:54 - 2015-04-16 10:54 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-04-16 10:54 - 2015-04-16 10:54 - 00000000 ____D () C:\Windows\system32\vbox
2015-04-16 10:51 - 2015-04-16 10:51 - 00000000 ____N () C:\Windows\SysWOW64\shoA310.tmp
2015-04-12 19:50 - 2014-07-26 23:17 - 00000530 ____N () C:\Users\de\Desktop\Frozen Throne.exe.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-12 22:44 - 2011-04-03 01:20 - 00000000 ____D () C:\Users\de\Desktop\Firefox
2015-05-12 22:31 - 2010-12-30 15:26 - 00000000 ____D () C:\Users\de\AppData\Roaming\vlc
2015-05-12 22:29 - 2009-07-14 10:40 - 01255122 _____ () C:\Windows\WindowsUpdate.log
2015-05-12 22:24 - 2011-05-22 16:15 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1713250322-187538473-2916951475-1000UA.job
2015-05-12 22:03 - 2013-04-19 10:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-12 21:59 - 2013-09-18 09:48 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-12 17:59 - 2013-09-18 09:48 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-12 13:53 - 2011-04-02 17:15 - 00000000 ____D () C:\Users\de\AppData\Roaming\uTorrent
2015-05-12 13:47 - 2009-07-14 10:15 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-12 13:47 - 2009-07-14 10:15 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-12 13:40 - 2011-01-28 00:45 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-05-12 13:39 - 2009-07-14 10:38 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-12 09:43 - 2015-02-13 20:31 - 00000000 ____D () C:\Users\de\Downloads\S 2
2015-05-12 09:31 - 2010-12-11 15:53 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2015-05-11 20:44 - 2011-05-10 20:59 - 00000000 ____D () C:\Users\de\AppData\Roaming\Media Player Classic
2015-05-03 13:24 - 2011-05-22 16:15 - 00000844 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1713250322-187538473-2916951475-1000Core.job
2015-05-03 00:46 - 2011-03-13 12:25 - 00000000 ____D () C:\Windows\Minidump
2015-05-02 01:25 - 2013-09-14 10:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Data Recovery For Android
2015-05-02 01:25 - 2011-09-06 00:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
2015-05-01 15:44 - 2010-12-11 15:49 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-01 15:43 - 2010-12-12 04:16 - 00000000 ____D () C:\dell
2015-05-01 15:24 - 2012-02-10 10:42 - 00000000 ____D () C:\Users\de\AppData\Local\Apps\2.0
2015-05-01 00:58 - 2013-10-22 02:13 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-04-29 00:36 - 2015-04-05 22:45 - 00000000 ____D () C:\Users\de\Downloads\Season 8
2015-04-28 15:45 - 2010-12-30 12:17 - 00000000 ____D () C:\Users\de
2015-04-28 10:44 - 2012-07-31 11:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-25 23:11 - 2011-03-31 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
2015-04-25 22:49 - 2013-04-19 10:10 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-25 22:49 - 2012-05-21 18:37 - 00778416 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-25 22:49 - 2011-07-02 17:40 - 00142512 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-25 19:35 - 2010-12-31 11:59 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-04-25 00:36 - 2009-07-14 10:43 - 00783440 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-23 22:44 - 2011-01-05 02:59 - 00000000 ____D () C:\Users\de\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-04-23 00:48 - 2011-05-04 10:59 - 00000000 ____D () C:\Users\de\AppData\Roaming\Azureus
2015-04-23 00:44 - 2010-12-12 04:27 - 00000000 ____D () C:\Windows\Panther
2015-04-22 23:53 - 2009-07-14 08:50 - 00000000 __RSD () C:\Windows\Media
2015-04-22 23:50 - 2011-05-04 11:02 - 00000000 ____D () C:\Users\de\AppData\Local\Conduit
2015-04-22 22:11 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\tracing
2015-04-22 18:43 - 2009-07-14 10:38 - 00032620 ____N () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-22 07:26 - 2011-04-03 00:48 - 00000000 ____D () C:\Users\de\AppData\Roaming\Mozilla
2015-04-16 22:44 - 2013-11-23 22:52 - 00000000 ____D () C:\Users\de\Downloads\Season 26
2015-04-16 11:17 - 2014-03-01 22:45 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2015-04-16 10:56 - 2010-12-11 16:13 - 00000000 ____D () C:\ProgramData\Sonic

==================== Files in the root of some directories =======

2011-01-23 01:18 - 2011-01-23 01:18 - 0000008 _____ () C:\Users\de\AppData\Roaming\NMM-MetaData.db
2011-10-20 09:58 - 2011-10-20 09:58 - 0021260 _____ () C:\Users\de\AppData\Roaming\UserTile.png
2010-12-31 01:45 - 2011-04-09 06:28 - 0005120 ____R () C:\Users\de\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-30 20:32 - 2015-04-30 20:32 - 0000001 _____ () C:\Users\de\AppData\Local\llftool.4.40.agreement
2011-01-01 20:04 - 2011-03-26 16:20 - 0007597 ____R () C:\Users\de\AppData\Local\Resmon.ResmonCfg
2012-08-08 16:11 - 2012-08-26 03:22 - 0000700 ___SH () C:\Users\de\AppData\Local\systemFL7.dat
2011-05-28 00:52 - 2011-05-28 00:52 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Some content of TEMP:
====================
C:\Users\de\AppData\Local\Temp\pc-support-bar-setup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-04 00:58

==================== End Of Log ============================



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:25 AM

Posted 16 May 2015 - 09:08 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
CloseProcesses:

(APN LLC.) C:\Users\de\AppData\Local\VNT\vntldr.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [FAStartup] => [X]
HKLM-x32\...\Run: [VNT] => C:\Program Files (x86)\VNT\vntldr.exe [196504 2014-06-15] (APN LLC.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\S-1-5-21-1713250322-187538473-2916951475-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-1713250322-187538473-2916951475-1000 -> {AB79D3B4-AEDB-428a-B504-BAC00521A1C7} URL = http://www.smartwebsearch.net/index.php?from=4&q={searchTerms}
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
FF user.js: detected! => C:\Users\de\AppData\Roaming\Mozilla\Firefox\Profiles\9ydca6m8.default\user.js [2015-04-30]
CHR Extension: (No Name) - C:\Users\de\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaailpifkkekipiachodfkfmgmiapmp [2014-08-24]
CHR HKLM-x32\...\Chrome\Extension: [aaaailpifkkekipiachodfkfmgmiapmp] - C:\ProgramData\AskPartnerNetwork\Toolbar\SGT-V7\CRX\ToolbarCR.crx [2014-06-21]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-01]
CHR HKLM-x32\...\Chrome\Extension: [mbcjjdjanpccmehilicphhmeobiljcpk] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx [Not Found]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S2 NEWDRIVER; \??\C:\Windows\SysWow64\WinVDEdrv6.sys [X]
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]
S1 wStLibG64; system32\drivers\wStLibG64.sys [X]

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Shrinking C drive
This is often caused when the operating system creates a restore point.
Check your setting.
http://www.howtogeek.com/howto/windows-vista/change-how-often-system-restore-creates-restore-points-in-windows-vista/

===

How is the computer running now?

#3 jah'rakhal

jah'rakhal
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 17 May 2015 - 07:56 AM

Hi,

 

Thank you for the reply

 

I have attached the fixlog and adwcleaner along with this post

 

Attached File  Fixlog.txt   5.6KB   0 downloadsAttached File  AdwCleanerR0.txt   10.47KB   1 downloads

 

I have also removed multiple system restore points today and some 15 GB came up and also reduced my system restore size from

25% to 11% (approx 10 GB)

[I don't know if this was the thing that caused the drive to reduce space ]

 

The computer seems fine now......but I still have some apprehensions......

 

It wud also be really helpful if u cud suggest some websites/links(about viruses/malware)  i cud read to keep myself updated or atleast stay a lil further away from being embarrasingly ignorant

 

Thank you

 

 

 

Hi,

 

Thank you for the reply

 

I have attached the fixlog and adwcleaner along with this post

 

Attached File  Fixlog.txt   5.6KB   0 downloadsAttached File  AdwCleanerR0.txt   10.47KB   1 downloads

 

I have also removed multiple system restore points today and some 15 GB came up and also reduced my system restore size from

25% to 11% (approx 10 GB)

[I don't know if this was the thing that caused the drive to reduce space ]

 

The computer seems fine now......but I still have some apprehensions......

 

It wud also be really helpful if u cud suggest some websites/links(about viruses/malware)  i cud read to keep myself updated or atleast stay a lil further away from being embarrasingly ignorant

 

Thank you

 

 

 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:25 AM

Posted 17 May 2015 - 08:11 AM

It wud also be really helpful if u cud suggest some websites/links(about viruses/malware) i cud read to keep myself updated or atleast stay a lil further away from being embarrasingly ignorant


Looking at closed logs to find out what has been done to fix the problems is not the correct way to learn.

If you are interested in learning of spyware removal I suggest you do you classes.

Training is available at SpywareInfoForum.
You work at you own pace and there is no string attached.

http://www.spywareinfoforum.com/topic/34-the-boot-camp-here-anti-malware-training/

All you have to do is apply.

Good luck.

p.s.
You may have to register if not a member already.

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#5 jah'rakhal

jah'rakhal
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 19 May 2015 - 02:59 AM

Hii,

 

I have applied for the trainee program

 

Thank you for the suggestion



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:25 AM

Posted 19 May 2015 - 08:45 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users