Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CloudScout/Trojan.DNSChanger


  • This topic is locked This topic is locked
21 replies to this topic

#1 DiamondMaverick

DiamondMaverick

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 28 July 2015 - 10:08 PM

I initially posted this over a month ago... I didn't have time to 'fix' it and I abandoned the computer for a while.  This is what I initially posted:

 

I inadvertently downloaded something I shouldn't have; now I have random cloudscout links popping up everywhere. The computer response time is very delayed. Webpages crash randomly for no apparent reason (the page crashed as I had my previous draft of a post typed up). I'm not sure what kind of info you need, but we'll start with this:

OS: Windows 8, 64-bit. Not sure what service pack, if any. Downloaded adwcleaner, malwarebytes, and hitmanpro... All of which found stuff in the first run... I cleaned/deleted as prompted after each one. The thing initially started (or I noticed it) on FF. After I ran the three, I 'reset' FF, but it didn't seem to help, the links were still there. I uninstalled FF. I also downloaded avast.. It found nothing. Please tell me how to proceed. 

 

 

Boopme suggested I follow prep guide and post new topic.

 

- I backed up data onto an external harddrive.

- I ran disk cleanup

- Ran chkdsk (it closed itself when it was done, so I'm assuming it found nothing?) [everything below was also run in safe mode, since I didn't exit it]

- No issues with device manager

- System File Checker says...

Windows Resource Protection found corrupt files but was unable to fix some of them.  Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. Note that logging is currently not supported in offline servicing scenarios.

 

...really don't think it's JUST a slow computer so... moving on after all that... restarted my computer in regular mode... Will be back with FRST Logs, since I'm starting this topic on a different computer.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:26-07-2015

Ran by C (administrator) on MAV_LAPTOP (28-07-2015 21:50:01)
Running from C:\Users\C\Downloads
Loaded Profiles: C (Available Profiles: C & ascat_000)
Platform: Windows 8 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser not detected!)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Andrea Electronics Corporation) C:\Windows\System32\AECLSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(SurfRight B.V.) C:\Users\ascat_000\Desktop\HitmanPro_x64.exe
() C:\Program Files (x86)\Google\Update\Install\{72917ACA-3BD5-45C6-952A-7CC614C1A58D}\44.0.2403.125_43.0.2357.134_chrome_updater.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Google Inc.) C:\Windows\Temp\CR_66730.tmp\setup.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe
(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AOL Inc.) C:\Program Files (x86)\AIM\aim.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [678296 2012-07-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3759504 2012-07-20] (Dell Inc.)
HKLM\...\Run: [Dell Audio] => c:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe [20591616 2012-08-06] ()
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe [763520 2012-07-31] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [127616 2012-07-31] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-28] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2335855941-3855980251-1180739866-1001\...\Run: [Aim] => C:\Program Files (x86)\AIM\aim.exe [4331392 2012-05-30] (AOL Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-28] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2335855941-3855980251-1180739866-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com
HKU\S-1-5-21-2335855941-3855980251-1180739866-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2335855941-3855980251-1180739866-1001 -> {945EB969-E38F-4020-86EC-4A402DE2DCEA} URL = 
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-07-31] (Qualcomm Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-28] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-10-25] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-28] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-25] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.200.1
Tcpip\..\Interfaces\{191E37D9-00E5-4D51-A710-9AC5A0545ABD}: [NameServer] 81.218.119.5,82.163.142.130
Tcpip\..\Interfaces\{191E37D9-00E5-4D51-A710-9AC5A0545ABD}: [DhcpNameServer] 192.168.200.1
Tcpip\..\Interfaces\{C1D13D43-A59F-4FFD-A11E-1BFEAAADE84A}: [NameServer] 81.218.119.5,82.163.142.130
Tcpip\..\Interfaces\{C1D13D43-A59F-4FFD-A11E-1BFEAAADE84A}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{D75A8879-4884-4D6D-994B-A3E669A259E8}: [NameServer] 81.218.119.5,82.163.142.130
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_160.dll [2015-06-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-28] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2335855941-3855980251-1180739866-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-06-18]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR Profile: C:\Users\C\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Wallet) - C:\Users\C\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-25]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-06-18]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-18]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AECLFilters; C:\Windows\system32\AECLSr64.exe [99696 2012-08-06] (Andrea Electronics Corporation)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [207488 2012-07-31] (Qualcomm Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-28] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109008 2015-07-28] (AVAST Software)
S2 CirrusAudioService; c:\Program Files\Cirrus Logic Audio Panel\Cirrvus.exe [7168 2012-08-06] (Cirrus Logic) [File not signed]
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-06-18] (SurfRight B.V.)
R2 HPSLPSVC; C:\Users\C\AppData\Local\Temp\7zS1A04\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [78088 2014-08-26] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-09-12] (SoftThinks SAS)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-11-14] (Wacom Technology, Corp.)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-07-22] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-28] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-07-28] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-28] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [454016 2015-07-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-28] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-07-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-28] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-07-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-28] (AVAST Software)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-07-31] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 CirrusLFD; C:\Windows\system32\DRIVERS\CSLFDx64.sys [41328 2012-08-06] (Cirrus Logic)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-28 21:50 - 2015-07-28 21:50 - 00018318 _____ C:\Users\C\Downloads\FRST.txt
2015-07-28 21:49 - 2015-07-28 21:49 - 02146816 _____ (Farbar) C:\Users\C\Downloads\FRST64.exe
2015-07-28 21:47 - 2015-07-28 21:47 - 00000000 ___RD C:\Users\C\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-07-28 21:47 - 2015-07-28 21:47 - 00000000 ____D C:\Users\C\AppData\Roaming\AVAST Software
2015-07-28 21:46 - 2015-07-28 21:46 - 00000000 ____D C:\Users\C\AppData\Roaming\WTablet
2015-07-28 21:43 - 2015-07-28 21:43 - 00026043 _____ C:\Users\ascat_000\Desktop\Addition.txt
2015-07-28 21:42 - 2015-07-28 21:44 - 00032227 _____ C:\Users\ascat_000\Desktop\FRST.txt
2015-07-28 21:41 - 2015-07-28 21:50 - 00000000 ____D C:\FRST
2015-07-28 21:40 - 2015-07-28 21:40 - 02146816 _____ (Farbar) C:\Users\ascat_000\Desktop\FRST64.exe
2015-07-28 21:34 - 2015-07-28 21:34 - 00000000 ___RD C:\Users\ascat_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-07-28 21:26 - 2015-07-28 21:26 - 00001984 _____ C:\Users\Public\Desktop\Avast SafeZone.lnk
2015-07-28 21:26 - 2015-07-28 21:26 - 00001924 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
2015-07-28 21:26 - 2015-07-28 21:25 - 00028144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2015-07-28 21:25 - 2015-07-28 21:25 - 00454016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2015-07-28 21:25 - 2015-07-28 21:25 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-07-28 21:25 - 2015-07-28 21:25 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-07-28 20:45 - 2015-07-28 20:45 - 00003584 ____N C:\bootsqm.dat
2015-07-14 22:49 - 2015-07-14 22:49 - 00001323 _____ C:\Users\ascat_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera 30.lnk
2015-07-14 22:31 - 2015-06-29 11:18 - 00026288 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-14 22:31 - 2015-06-29 08:28 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-14 22:31 - 2015-06-29 08:27 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-14 22:31 - 2015-06-29 08:27 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-14 22:31 - 2015-06-29 08:27 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-14 22:31 - 2015-06-29 08:27 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-14 22:31 - 2015-06-29 08:27 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-14 22:31 - 2015-06-26 08:07 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-14 22:31 - 2015-05-07 08:05 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml
2015-07-14 22:26 - 2015-06-24 20:54 - 04064768 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-28 21:48 - 2012-12-10 19:03 - 01791946 _____ C:\Windows\WindowsUpdate.log
2015-07-28 21:47 - 2012-07-26 02:59 - 00000000 ____D C:\Windows\CbsTemp
2015-07-28 21:46 - 2013-05-03 23:18 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-28 21:46 - 2012-11-28 14:10 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-07-28 21:41 - 2013-05-03 23:18 - 00003900 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-28 21:41 - 2013-05-03 23:18 - 00003664 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-28 21:41 - 2013-05-03 23:18 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-28 21:39 - 2015-06-18 05:46 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-28 21:30 - 2012-07-26 02:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-28 21:29 - 2015-06-18 05:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-07-28 21:29 - 2012-11-28 15:37 - 00072830 _____ C:\Windows\PFRO.log
2015-07-28 21:25 - 2015-06-18 05:46 - 01048856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-07-28 21:25 - 2015-06-18 05:46 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-07-28 21:25 - 2015-06-18 05:46 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-07-28 21:25 - 2015-06-18 05:46 - 00150672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-07-28 21:25 - 2015-06-18 05:46 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-07-28 21:25 - 2015-06-18 05:46 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-07-28 21:25 - 2015-06-18 05:46 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-07-28 21:25 - 2015-06-18 05:46 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-07-28 21:13 - 2013-10-18 20:14 - 00000946 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2335855941-3855980251-1180739866-1002UA.job
2015-07-28 21:13 - 2013-10-18 20:14 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2335855941-3855980251-1180739866-1002Core.job
2015-07-28 21:08 - 2013-10-18 20:14 - 00003900 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2335855941-3855980251-1180739866-1002UA
2015-07-28 21:08 - 2013-10-18 20:14 - 00003520 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2335855941-3855980251-1180739866-1002Core
2015-07-28 21:07 - 2012-07-26 03:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-07-28 21:02 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\system32\sru
2015-07-28 20:48 - 2012-07-26 00:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-07-28 19:12 - 2015-03-22 22:34 - 00456704 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-28 19:12 - 2012-07-26 00:26 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-07-28 19:11 - 2012-07-26 03:12 - 00000000 ___RD C:\Windows\ToastData
2015-07-28 18:56 - 2014-08-27 03:38 - 00000000 ____D C:\Windows\Minidump
2015-07-28 18:19 - 2013-03-23 05:39 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-25 18:15 - 2015-04-18 19:17 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-25 18:15 - 2015-04-18 19:17 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-25 18:12 - 2015-03-10 01:07 - 00000000 ____D C:\Windows\system32\MRT
2015-07-25 17:55 - 2013-04-05 06:32 - 00000000 ____D C:\Users\ascat_000\Documents\My PSP8 Files
2015-07-14 22:49 - 2014-06-14 17:28 - 00004082 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1377937541
2015-07-14 20:50 - 2014-04-14 18:41 - 01062128 _____ C:\Users\ascat_000\Documents\VH Lesson.xlsx
2015-07-14 20:01 - 2014-08-29 02:33 - 00000000 ____D C:\Users\ascat_000\Desktop\Gazette Stuff
2015-07-14 18:43 - 2013-05-03 23:19 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-12 22:26 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\AUInstallAgent
2015-07-06 16:34 - 2015-04-18 19:21 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-06 16:34 - 2015-04-18 19:21 - 00177632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-03 08:43 - 2013-03-11 00:33 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2014-08-30 20:34 - 2014-08-30 20:34 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-11-28 14:06 - 2012-11-28 14:06 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2012-11-28 14:01 - 2012-11-28 14:03 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2012-11-28 14:03 - 2012-11-28 14:04 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2012-11-28 14:01 - 2012-11-28 14:01 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2012-11-28 14:04 - 2012-11-28 14:06 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
 
Some files in TEMP:
====================
C:\Users\ascat_000\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\C\AppData\Local\Temp\0028381438135475mcinst.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-25 19:15
 
==================== End of log ============================

 

But um... I can't seem to attach the second Addition.txt file?


Edited by Orange Blossom, 29 July 2015 - 12:53 AM.
Moved to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:11 PM

Posted 31 July 2015 - 08:28 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\Program Files (x86)\Google\Update\Install\{72917ACA-3BD5-45C6-952A-7CC614C1A58D}\44.0.2403.125_43.0.2357.134_chrome_updater.exe
(Google Inc.) C:\Windows\Temp\CR_66730.tmp\setup.exe
HKLM-x32\...\Run: [] => [X]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-06-18]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-18]
C:\Program Files (x86)\Google\Update\Install\{72917ACA-3BD5-45C6-952A-7CC614C1A58D}\44.0.2403.125_43.0.2357.134_chrome_updater.exe
C:\Windows\Temp\CR_66730.tmp\

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

I suspect that you will to re-install Chrome.

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

Re-install Chrome and the Bookmarks.

How is the computer running now?

#3 DiamondMaverick

DiamondMaverick
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 31 July 2015 - 04:45 PM

 

Fix result of Farbar Recovery Scan Tool (x64) Version:30-07-2015

Ran by C (2015-07-31 15:08:03) Run:1
Running from C:\Users\C\Downloads
Loaded Profiles: C (Available Profiles: C & ascat_000)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
() C:\Program Files (x86)\Google\Update\Install\{72917ACA-3BD5-45C6-952A-7CC614C1A58D}\44.0.2403.125_43.0.2357.134_chrome_updater.exe
(Google Inc.) C:\Windows\Temp\CR_66730.tmp\setup.exe
HKLM-x32\...\Run: [] => [X]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-06-18]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-18]
C:\Program Files (x86)\Google\Update\Install\{72917ACA-3BD5-45C6-952A-7CC614C1A58D}\44.0.2403.125_43.0.2357.134_chrome_updater.exe
C:\Windows\Temp\CR_66730.tmp\
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\Google\Update\Install\{72917ACA-3BD5-45C6-952A-7CC614C1A58D}\44.0.2403.125_43.0.2357.134_chrome_updater.exe => No running process found
C:\Windows\Temp\CR_66730.tmp\setup.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => key removed successfully
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
C:\Program Files (x86)\Google\Update\Install\{72917ACA-3BD5-45C6-952A-7CC614C1A58D}\44.0.2403.125_43.0.2357.134_chrome_updater.exe => moved successfully.
C:\Windows\Temp\CR_66730.tmp => moved successfully.
EmptyTemp: => 2.2 GB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-07-31 16:21:50)<=
 
"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx" => Could not move
"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Could not move
 
==== End of Fixlog 16:21:50 ====

 

THANK YOU! It seems to be running okay now (no cloudscout links that I can see thus far).  Do I need to do anything else? Uninstall the extra stuff I installed trying to fix it myself (adwcleaner, hitmanpro, malwarebytes, etc)?



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:11 PM

Posted 01 August 2015 - 08:18 AM

Do I need to do anything else? Uninstall the extra stuff I installed trying to fix it myself (adwcleaner, hitmanpro, malwarebytes, etc)?


You should keep these 3 programs.
The Others you decide or let me know what they are before deleting them.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#5 DiamondMaverick

DiamondMaverick
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 03 August 2015 - 03:18 AM

Thank you very much nasdaq! 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:11 PM

Posted 03 August 2015 - 06:56 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:11 PM

Posted 03 November 2015 - 08:11 AM

This topic has been re-opened at the request of the person who originally posted.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:11 PM

Posted 03 November 2015 - 08:15 AM

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

===

Please run the Farbat tool and post a fresh FRST log.
When running the tool make sure you place a ckeck in the Check box to create a fresh Addition.txt file, post it also for my review.

#9 DiamondMaverick

DiamondMaverick
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 06 November 2015 - 03:06 AM

I can't even log onto this site on that laptop. I can get to the site, but any clicking anywhere (the login button, for example... Or really anywhere on the page at all) takes me to stupid other spam sites. Suggestions to get around it?

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:11 PM

Posted 06 November 2015 - 10:57 AM

Run the Farbar tool and post a fresh FRST log.

Make sure the the Check box for the Addition.txt file is checked.
This will create a new Addition.txt file which you should attach to your next replay. I need to see it also.

#11 DiamondMaverick

DiamondMaverick
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 12 November 2015 - 02:44 AM

I currently have Java disabled... this seems to enable me to log in to this website...

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by ascat_000 (ATTENTION: The user is not administrator) on MAV_LAPTOP (12-11-2015 01:28:33)
Running from C:\Users\ascat_000\Desktop
Loaded Profiles: C & ascat_000 & (Available Profiles: C & ascat_000)
Platform: Windows 8 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> WTabletServiceCon.exe
Failed to access process -> svchost.exe
Failed to access process -> AvastSvc.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> armsvc.exe
Failed to access process -> AECLSr64.exe
Failed to access process -> AppleMobileDeviceService.exe
Failed to access process -> AdminService.exe
Failed to access process -> mDNSResponder.exe
Failed to access process -> HPSupportSolutionsFrameworkService.exe
Failed to access process -> HeciServer.exe
Failed to access process -> Jhi_service.exe
Failed to access process -> mbamscheduler.exe
Failed to access process -> RichVideo.exe
Failed to access process -> svchost.exe
Failed to access process -> Ath_WlanAgent.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> GoogleUpdate.exe
Failed to access process -> IAStorDataMgrSvc.exe
Failed to access process -> LMS.exe
Failed to access process -> SftService.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> UNS.exe
Failed to access process -> iPodService.exe
Failed to access process -> hmpsched.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> dwm.exe
Failed to access process -> msiexec.exe
Failed to access process -> taskhostex.exe
Failed to access process -> HitmanPro_x64.exe
Failed to access process -> explorer.exe
Failed to access process -> LiveComm.exe
Failed to access process -> taskeng.exe
Failed to access process -> mbam.exe
Failed to access process -> WMIADAP.exe
Failed to access process -> Toaster.exe
Failed to access process -> Apoint.exe
Failed to access process -> RuntimeBroker.exe
Failed to access process -> quickset.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> CirrusAudioPanel_Dell.exe
Failed to access process -> BtvStack.exe
Failed to access process -> igfxtray.exe
Failed to access process -> hkcmd.exe
Failed to access process -> ApMsgFwd.exe
Failed to access process -> hidfind.exe
Failed to access process -> igfxpers.exe
Failed to access process -> ApntEx.exe
Failed to access process -> aim.exe
Failed to access process -> conhost.exe
Failed to access process -> FlashUtil32_18_0_0_209_Plugin.exe
Failed to access process -> CLMLSvc_P2G8.exe
Failed to access process -> PDVD10Serv.exe
Failed to access process -> AdobeARM.exe
Failed to access process -> hpwuschd2.exe
Failed to access process -> iTunesHelper.exe
Failed to access process -> jusched.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> avastui.exe
Failed to access process -> dwm.exe
Failed to access process -> unsecapp.exe
Failed to access process -> WmiPrvSE.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
Failed to access process -> WacomHost.exe
Failed to access process -> Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
() C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe
(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
Failed to access process -> svchost.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Google Inc.) C:\Users\ascat_000\AppData\Local\Google\Update\GoogleUpdate.exe
() C:\Users\ascat_000\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Google Inc.) C:\Users\ascat_000\AppData\Local\Google\Update\GoogleUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
Failed to access process -> IAStorIcon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Users\ascat_000\AppData\Local\Google\Update\1.3.28.15\GoogleCrashHandler.exe
Failed to access process -> rundll32.exe
Failed to access process -> wsqmcons.exe
Failed to access process -> sdclt.exe
(Opera Software) C:\Users\ascat_000\AppData\Local\Programs\Opera\launcher.exe
Failed to access process -> rundll32.exe
Failed to access process -> taskhost.exe
Failed to access process -> taskhost.exe
Failed to access process -> AutoUpdate.exe
Failed to access process -> diagtrackrunner.exe
Failed to access process -> SettingSyncHost.exe
Failed to access process -> AutoUpdate.exe
Failed to access process -> conhost.exe
Failed to access process -> SearchProtocolHost.exe
Failed to access process -> SearchFilterHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\ascat_000\AppData\Local\Google\Update\1.3.28.15\GoogleCrashHandler64.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [678296 2012-07-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3759504 2012-07-20] (Dell Inc.)
HKLM\...\Run: [Dell Audio] => c:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe [20591616 2012-08-06] ()
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe [763520 2012-07-31] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [127616 2012-07-31] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-08-25] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2335855941-3855980251-1180739866-1002\...\Run: [Google Update] => C:\Users\ascat_000\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-05] (Google Inc.)
HKU\S-1-5-21-2335855941-3855980251-1180739866-1002\...\Run: [Amazon Music] => C:\Users\ascat_000\AppData\Local\Amazon Music\Amazon Music Helper.exe [5886272 2015-03-02] ()
HKU\S-1-5-21-2335855941-3855980251-1180739866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\ascat_000\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-05] (Google Inc.)
HKU\S-1-5-21-2335855941-3855980251-1180739866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Amazon Music] => C:\Users\ascat_000\AppData\Local\Amazon Music\Amazon Music Helper.exe [5886272 2015-03-02] ()
HKU\S-1-5-21-2335855941-3855980251-1180739866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_209_Plugin.exe [1155760 2015-08-08] (Adobe Systems Incorporated)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-28] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.200.1
Tcpip\..\Interfaces\{191E37D9-00E5-4D51-A710-9AC5A0545ABD}: [NameServer] 81.218.119.5,82.163.142.130
Tcpip\..\Interfaces\{191E37D9-00E5-4D51-A710-9AC5A0545ABD}: [DhcpNameServer] 192.168.200.1
Tcpip\..\Interfaces\{C1D13D43-A59F-4FFD-A11E-1BFEAAADE84A}: [NameServer] 81.218.119.5,82.163.142.130
Tcpip\..\Interfaces\{C1D13D43-A59F-4FFD-A11E-1BFEAAADE84A}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{D75A8879-4884-4D6D-994B-A3E669A259E8}: [NameServer] 81.218.119.5,82.163.142.130

Internet Explorer:
==================
HKU\S-1-5-21-2335855941-3855980251-1180739866-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com
HKU\S-1-5-21-2335855941-3855980251-1180739866-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
HKU\S-1-5-21-2335855941-3855980251-1180739866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com
HKU\S-1-5-21-2335855941-3855980251-1180739866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
URLSearchHook: [S-1-5-21-2335855941-3855980251-1180739866-1001] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-2335855941-3855980251-1180739866-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2335855941-3855980251-1180739866-1002 -> {945EB969-E38F-4020-86EC-4A402DE2DCEA} URL =
SearchScopes: HKU\S-1-5-21-2335855941-3855980251-1180739866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {945EB969-E38F-4020-86EC-4A402DE2DCEA} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-07-31] (Qualcomm Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-28] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-10-25] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-28] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-25] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\ascat_000\AppData\Roaming\Mozilla\Firefox\Profiles\zbnae36s.default-1434449817754
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-08-08] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-08-08] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2335855941-3855980251-1180739866-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\ascat_000\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2335855941-3855980251-1180739866-1002: @talk.google.com/O1DPlugin -> C:\Users\ascat_000\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2335855941-3855980251-1180739866-1002: @tools.google.com/Google Update;version=3 -> C:\Users\ascat_000\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2335855941-3855980251-1180739866-1002: @tools.google.com/Google Update;version=9 -> C:\Users\ascat_000\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2335855941-3855980251-1180739866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/GoogleTalkPlugin -> C:\Users\ascat_000\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2335855941-3855980251-1180739866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/O1DPlugin -> C:\Users\ascat_000\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2335855941-3855980251-1180739866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\ascat_000\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2335855941-3855980251-1180739866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\ascat_000\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\ascat_000\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\ascat_000\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-08-14] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found

Chrome:
=======
CHR HomePage: Default -> hxxp://dell13.msn.com/
CHR DefaultSearchKeyword: Default -> t
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll => No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll => No File
CHR Profile: C:\Users\ascat_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\ascat_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-12]
CHR Extension: (Google Drive) - C:\Users\ascat_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\ascat_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-21]
CHR Extension: (Google Search) - C:\Users\ascat_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-06]
CHR Extension: (Google Docs Offline) - C:\Users\ascat_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-11]
CHR Extension: (Refresh Monkey) - C:\Users\ascat_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljngnafhejmefmijjoedbclkadhacebd [2013-12-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ascat_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-08]
CHR Extension: (Page Monitor) - C:\Users\ascat_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemhgklkefakciniebenbfclihhmmfcd [2015-10-21]
CHR Extension: (Gmail) - C:\Users\ascat_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-07]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-18]

Opera:
=======
OPR Extension: (Super Auto Refresh) - C:\Users\ascat_000\AppData\Roaming\Opera Software\Opera Stable\Extensions\ghjaeanhfafkigkehjgapnlobfhefkme [2015-08-14]
OPR Extension: (Download Chrome Extension) - C:\Users\ascat_000\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2015-08-07]
OPR Extension: (Refresh Monkey) - C:\Users\ascat_000\AppData\Roaming\Opera Software\Opera Stable\Extensions\ljngnafhejmefmijjoedbclkadhacebd [2014-08-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AECLFilters; C:\Windows\system32\AECLSr64.exe [99696 2012-08-06] (Andrea Electronics Corporation)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [207488 2012-07-31] (Qualcomm Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-28] (AVAST Software)
S2 CirrusAudioService; c:\Program Files\Cirrus Logic Audio Panel\Cirrvus.exe [7168 2012-08-06] (Cirrus Logic) [File not signed]
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-11-06] (SurfRight B.V.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [78088 2014-08-26] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [23040 2012-09-19] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [23040 2012-09-19] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [23040 2012-09-19] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-09-12] (SoftThinks SAS)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-11-14] (Wacom Technology, Corp.)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-07-22] (Atheros) [File not signed]
S2 HPSLPSVC; C:\Users\C\AppData\Local\Temp\7zS1A04\hpslpsvc64.dll [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-28] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-28] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-08-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-28] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-07-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-28] (AVAST Software)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-07-31] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 CirrusLFD; C:\Windows\system32\DRIVERS\CSLFDx64.sys [41328 2012-08-06] (Cirrus Logic)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-09-20] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-12 01:28 - 2015-11-12 01:28 - 00000000 ____D C:\Users\ascat_000\Desktop\FRST-OlderVersion
2015-11-12 01:27 - 2015-11-12 01:27 - 00000000 ___RD C:\Users\ascat_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-10-29 03:22 - 2015-11-05 11:43 - 00001323 _____ C:\Users\ascat_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera 33.lnk
2015-10-24 01:07 - 2015-10-26 00:56 - 00053468 _____ C:\Users\ascat_000\Desktop\FP Ext Ped - AST.xlsx
2015-10-21 00:02 - 2014-04-16 12:20 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2015-10-21 00:02 - 2014-04-16 12:20 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2015-10-16 04:28 - 2015-09-18 07:32 - 14290944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-16 04:27 - 2015-09-18 07:32 - 13775360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-16 04:27 - 2015-09-18 07:32 - 02866176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-16 04:27 - 2015-09-18 07:32 - 02056704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-16 04:27 - 2015-09-18 07:32 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-16 04:27 - 2015-09-18 07:32 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-16 04:27 - 2015-09-18 07:32 - 00737280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-10-16 04:27 - 2015-09-18 07:32 - 00715264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-16 04:27 - 2015-09-18 07:32 - 00525824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-16 04:27 - 2015-09-18 07:32 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-16 04:27 - 2015-09-18 07:32 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-16 04:27 - 2015-09-18 07:32 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-16 04:27 - 2015-09-18 07:30 - 19280896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-16 04:27 - 2015-09-18 07:30 - 15416320 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-16 04:27 - 2015-09-18 07:30 - 03960832 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-16 04:27 - 2015-09-18 07:30 - 02656768 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-16 04:27 - 2015-09-18 07:30 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-16 04:27 - 2015-09-18 07:30 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-16 04:27 - 2015-09-18 07:30 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-10-16 04:27 - 2015-09-18 07:30 - 00857600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-16 04:27 - 2015-09-18 07:30 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-16 04:27 - 2015-09-18 07:30 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-16 04:27 - 2015-09-18 07:30 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-16 04:25 - 2015-09-18 09:09 - 00032432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-16 04:25 - 2015-09-18 07:30 - 01290752 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-16 04:25 - 2015-09-18 07:30 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-16 04:25 - 2015-09-18 07:30 - 00699904 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-16 04:25 - 2015-09-18 07:30 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-16 04:25 - 2015-09-18 07:30 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-16 04:25 - 2015-09-18 07:10 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-16 04:25 - 2015-08-01 08:50 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-16 04:25 - 2015-08-01 07:56 - 19778048 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-16 04:22 - 2015-10-01 17:55 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2015-10-16 04:22 - 2015-10-01 17:55 - 00588800 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-10-16 04:22 - 2015-09-28 21:33 - 06971224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-16 04:22 - 2015-09-28 20:02 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2015-10-16 04:22 - 2015-09-28 20:02 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-10-16 04:22 - 2015-09-28 20:01 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-16 04:22 - 2015-09-22 11:53 - 01405408 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-16 04:22 - 2015-09-22 11:53 - 01273184 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-10-15 23:34 - 2015-07-22 16:09 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-12 01:29 - 2015-06-15 12:08 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-12 01:29 - 2012-12-10 18:03 - 01060655 _____ C:\Windows\WindowsUpdate.log
2015-11-12 01:28 - 2015-07-28 20:42 - 00027398 _____ C:\Users\ascat_000\Desktop\FRST.txt
2015-11-12 01:28 - 2015-07-28 20:41 - 00000000 ____D C:\FRST
2015-11-12 01:28 - 2015-07-28 20:40 - 02198528 _____ (Farbar) C:\Users\ascat_000\Desktop\FRST64.exe
2015-11-12 01:27 - 2015-07-31 15:26 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-12 01:27 - 2012-11-28 13:10 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-11-12 01:26 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\system32\sru
2015-11-12 01:25 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\AUInstallAgent
2015-11-06 01:44 - 2013-10-18 19:14 - 00000946 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2335855941-3855980251-1180739866-1002UA.job
2015-11-06 01:41 - 2015-06-16 01:05 - 11337112 _____ (SurfRight B.V.) C:\Users\ascat_000\Desktop\HitmanPro_x64.exe
2015-11-06 01:40 - 2012-07-26 01:28 - 00850046 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-06 01:34 - 2012-07-26 01:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-06 00:50 - 2015-08-07 23:19 - 00000000 ____D C:\Users\ascat_000\Desktop\DEFENSE
2015-11-06 00:50 - 2014-08-29 01:31 - 00000000 ____D C:\Users\ascat_000\Desktop\Quid Stuff
2015-11-06 00:50 - 2013-11-01 17:59 - 00000000 ____D C:\Users\ascat_000\Desktop\The VH Rules of Quidditch - Virtual Hogwarts_files
2015-11-06 00:44 - 2013-10-18 19:14 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2335855941-3855980251-1180739866-1002Core.job
2015-11-05 02:58 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\rescache
2015-11-05 02:20 - 2014-01-02 04:09 - 00113462 _____ C:\Users\ascat_000\Desktop\FP Charts.xlsx
2015-11-01 23:26 - 2013-04-10 00:34 - 00000000 _____ C:\Windows\SysWOW64\SystemPreferences.xml
2015-10-24 18:41 - 2015-08-11 01:41 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-10-24 06:35 - 2015-07-31 15:27 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-21 01:50 - 2014-04-14 17:41 - 01062316 _____ C:\Users\ascat_000\Documents\VH Lesson.xlsx
2015-10-21 00:11 - 2012-11-28 14:37 - 00132158 _____ C:\Windows\PFRO.log
2015-10-21 00:07 - 2015-04-18 18:17 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-21 00:07 - 2015-04-18 18:17 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-21 00:06 - 2012-07-26 02:12 - 00000000 ___RD C:\Windows\ToastData
2015-10-21 00:06 - 2012-07-26 01:59 - 00000000 ____D C:\Windows\CbsTemp
2015-10-18 21:35 - 2013-03-23 04:39 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-18 21:16 - 2015-03-10 00:07 - 00000000 ____D C:\Windows\system32\MRT
2015-10-18 21:05 - 2013-03-10 23:33 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-18 20:59 - 2012-07-26 01:52 - 00000000 ____D C:\Program Files\Windows Journal
2015-10-16 00:35 - 2015-04-18 18:21 - 00809944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-16 00:35 - 2015-04-18 18:21 - 00176096 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2013-09-06 13:49 - 2013-09-06 13:49 - 0003584 _____ () C:\Users\ascat_000\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-30 19:34 - 2014-08-30 19:34 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-11-28 13:06 - 2012-11-28 13:06 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2012-11-28 13:01 - 2012-11-28 13:03 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2012-11-28 13:03 - 2012-11-28 13:04 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2012-11-28 13:01 - 2012-11-28 13:01 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2012-11-28 13:04 - 2012-11-28 13:06 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

Some files in TEMP:
====================
C:\Users\ascat_000\AppData\Local\Temp\{4B4C3B77-D232-4FD8-A79A-492CB2B9C6FF}-44.0.2403.157_44.0.2403.155_chrome_updater.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD. The user is not administrator

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by ascat_000 (2015-11-12 01:30:12)
Running from C:\Users\ascat_000\Desktop
Windows 8 (X64) (2012-12-11 00:03:32)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2335855941-3855980251-1180739866-500 - Administrator - Disabled)
ascat_000 (S-1-5-21-2335855941-3855980251-1180739866-1002 - Limited - Enabled) => C:\Users\ascat_000
C (S-1-5-21-2335855941-3855980251-1180739866-1001 - Administrator - Enabled) => C:\Users\C
Guest (S-1-5-21-2335855941-3855980251-1180739866-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
AIM 7 (HKLM-x32\...\AIM_7) (Version: - )
Amazon Music (HKU\S-1-5-21-2335855941-3855980251-1180739866-1002\...\Amazon Amazon Music) (Version: 3.8.1.754 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-2335855941-3855980251-1180739866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Amazon Amazon Music) (Version: 3.8.1.754 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software)
Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.3.0-3 - Wacom Technology Corp.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cirrus Logic Audio Panel (Version: 1.2.10.0 - Cirrus Logic) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.2 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D9ED3EFC-AB00-4CE0-ADED-80EE6B1158A7}) (Version: 2.2.2000.0 - Dell Products, LP)
Dell Support Center (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.39 - PC-Doctor, Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.210 - ALPS ELECTRIC CO., LTD.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
DSC/AA Factory Installer (Version: 3.2.6032.39 - PC-Doctor, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.10.251 - SurfRight B.V.)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Support Solutions Framework (HKLM-x32\...\{348A1F5B-07B3-4436-9A47-FFE44EFE856E}) (Version: 11.51.0004 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2849 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Jasc Paint Shop Pro 8 (HKLM-x32\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.00.0000 - Jasc Software Inc)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Opera 12.16 (HKU\S-1-5-21-2335855941-3855980251-1180739866-1002\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
Opera 12.16 (HKU\S-1-5-21-2335855941-3855980251-1180739866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
Opera Stable 33.0.1990.58 (HKU\S-1-5-21-2335855941-3855980251-1180739866-1002\...\Opera 33.0.1990.58) (Version: 33.0.1990.58 - Opera Software)
Opera Stable 33.0.1990.58 (HKU\S-1-5-21-2335855941-3855980251-1180739866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Opera 33.0.1990.58) (Version: 33.0.1990.58 - Opera Software)
Pandora (HKLM-x32\...\com.pandora.desktop.E7C14276FFE9EEF0BC7DCE654C467D9A299EFD21.1) (Version: 2.0.8 - PANDORA MEDIA, INC.)
Pandora (x32 Version: 2.0.8 - PANDORA MEDIA, INC.) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.204 - Qualcomm Atheros Communications)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.003 - Dell Inc.)
Scrivener Update (HKLM-x32\...\Scrivener 1570) (Version: 1600 - Literature and Latte)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-25 23:26 - 2012-07-25 23:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job =>
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job =>
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job =>
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2335855941-3855980251-1180739866-1002Core.job => C:\Users\ascat_000\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2335855941-3855980251-1180739866-1002UA.job => C:\Users\ascat_000\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-05-21 12:49 - 2012-11-14 13:45 - 01184640 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2012-08-06 19:16 - 2012-08-06 19:16 - 20591616 _____ () C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe
2012-08-06 19:16 - 2012-08-06 19:16 - 03765248 _____ () C:\Program Files\Cirrus Logic Audio Panel\en-US\CirrusAudioPanel_Dell.resources.dll
2012-08-06 19:16 - 2012-08-06 19:16 - 00048128 _____ () C:\Program Files\Cirrus Logic Audio Panel\CoreAudioApi.dll
2012-08-06 19:16 - 2012-08-06 19:16 - 00013312 _____ () C:\Program Files\Cirrus Logic Audio Panel\LocalizationControlsLib.dll
2012-08-06 19:16 - 2012-08-06 19:16 - 00270848 _____ () C:\Program Files\Cirrus Logic Audio Panel\LocalizeLanguage.dll
2012-08-06 19:16 - 2012-08-06 19:16 - 00011776 _____ () C:\Program Files\Cirrus Logic Audio Panel\ExtendedWindowsControls.dll
2012-07-31 19:10 - 2012-07-31 19:10 - 00384128 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ContactsApi.dll
2012-11-28 14:12 - 2012-07-25 14:08 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-07-11 14:31 - 2015-03-02 16:44 - 05886272 _____ () C:\Users\ascat_000\AppData\Local\Amazon Music\Amazon Music Helper.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2335855941-3855980251-1180739866-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\ascat_000\Pictures\Synyster Gates\it_doesn__t_even_matter__by_xsecondheartbeatx-d3d1vcy.jpg
HKU\S-1-5-21-2335855941-3855980251-1180739866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\ascat_000\Pictures\Synyster Gates\it_doesn__t_even_matter__by_xsecondheartbeatx-d3d1vcy.jpg
DNS Servers: 81.218.119.5 - 82.163.142.130
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{A2E40052-CE72-4A29-9DAF-526391DEF0D6}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Btvstack.exe
FirewallRules: [{6E357FD2-C191-4B86-B062-1EBC99ED6DA9}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
FirewallRules: [{37EF6308-3410-4387-990B-915C74D5B827}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
FirewallRules: [{1EF15FF3-140C-469D-81F0-542CD39F62C8}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Win7Ui.exe
FirewallRules: [{2AD847B8-AE65-4554-9ABA-A02A00C692AB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{B1F303CC-5E09-47A1-9977-A4B7E0B8FC82}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{3D6C8994-B5BF-4D0A-AF4C-50D6F1683B69}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{92C71FA1-E7F4-4F61-ABA3-21E4C56BA510}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B7E554F1-9894-47F9-8F62-2AE7D31188DB}] => (Allow) LPort=2869
FirewallRules: [{C23210E3-106D-4063-96FE-93F116977559}] => (Allow) LPort=1900
FirewallRules: [{F864A64F-96CB-42AB-8BB4-808AF36EC2B2}] => (Allow) C:\Program Files (x86)\AIM\aim.exe
FirewallRules: [{36238DFB-576D-43F7-AC7D-640C1237B724}] => (Allow) C:\Program Files (x86)\AIM\aim.exe
FirewallRules: [{3DFB915E-6063-44E0-93AA-15A26762A20B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5A826757-0085-449C-8F5E-FF2819BF4409}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EB92D848-F06F-459E-909C-8107BD16DCB0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C3543CED-1715-4668-97BA-6965EC00E0D9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BC5EC47E-2B2F-4F1B-A88D-A7C731C8A9A2}] => (Allow) C:\Users\C\AppData\Local\Temp\7zS1A04\hppiw.exe
FirewallRules: [{7CA7D3D3-EF81-4E10-B917-48A72B79719C}] => (Allow) C:\Users\C\AppData\Local\Temp\7zS1A04\hppiw.exe
FirewallRules: [{5202D1CE-E8CA-41E6-81DE-B652D5E759BF}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{E1327AC2-0902-4846-83AA-5CCF8F88D281}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{7DDC3214-76E2-4A94-9177-338DF99AFC5A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{3AC0304E-EE42-4322-AC96-7CF1F2890609}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{BD157E5F-C711-4B0B-B9AC-097F34509326}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{BA63ED67-150B-4CDB-860C-E59A5781853B}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{CA8CF5B5-2252-459C-A4BF-78BDB59FF1D0}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{B43F6452-0488-4F27-8C28-AD3D8CCCF023}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{09A79A6F-F462-492B-A01B-FC12BFB7517D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E361E243-098D-4071-8FFE-1742C45C9F92}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/12/2015 01:27:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BtvStack.exe, version: 8.0.0.204, time stamp: 0x5017bc2c
Faulting module name: audio.dll, version: 8.0.0.204, time stamp: 0x5017bc21
Exception code: 0xc0000005
Fault offset: 0x000000000001ae08
Faulting process id: 0x14ec
Faulting application start time: 0xBtvStack.exe0
Faulting application path: BtvStack.exe1
Faulting module path: BtvStack.exe2
Report Id: BtvStack.exe3
Faulting package full name: BtvStack.exe4
Faulting package-relative application ID: BtvStack.exe5

Error: (11/06/2015 02:07:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15594

Error: (11/06/2015 02:07:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15594

Error: (11/06/2015 02:07:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/06/2015 01:58:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcdrsysinfocsmi.p5x, version: 6.0.6032.39, time stamp: 0x4ffe56d2
Faulting module name: MSVCR90.dll, version: 9.0.30729.6871, time stamp: 0x4fee5fd5
Exception code: 0x40000015
Fault offset: 0x000000000004267f
Faulting process id: 0x16d4
Faulting application start time: 0xpcdrsysinfocsmi.p5x0
Faulting application path: pcdrsysinfocsmi.p5x1
Faulting module path: pcdrsysinfocsmi.p5x2
Report Id: pcdrsysinfocsmi.p5x3
Faulting package full name: pcdrsysinfocsmi.p5x4
Faulting package-relative application ID: pcdrsysinfocsmi.p5x5

Error: (11/06/2015 01:35:10 AM) (Source: CirrusAudioService) (EventID: 0) (User: )
Description: Service cannot be started. System.TypeLoadException: Could not load type 'CirrusLogicSquared.LogicSquared' from assembly 'LogicSquared, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'.
at CirrusService.ServiceContractImpl..ctor()
at CirrusService.CirrusService.CreateServiceHost()
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (11/06/2015 01:24:49 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAV_LAPTOP)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/06/2015 01:24:49 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAV_LAPTOP)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/06/2015 01:24:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAV_LAPTOP)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/06/2015 01:24:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAV_LAPTOP)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (11/06/2015 01:37:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).

Error: (11/06/2015 01:37:22 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Error: (11/06/2015 01:34:13 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (11/06/2015 01:26:02 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.

Error: (11/06/2015 01:25:32 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (11/06/2015 01:25:26 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BrokerInfrastructure service.

Error: (11/06/2015 01:24:49 AM) (Source: DCOM) (EventID: 10010) (User: MAV_LAPTOP)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (11/06/2015 01:24:49 AM) (Source: DCOM) (EventID: 10010) (User: MAV_LAPTOP)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (11/06/2015 01:24:48 AM) (Source: DCOM) (EventID: 10010) (User: MAV_LAPTOP)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (11/06/2015 01:24:48 AM) (Source: DCOM) (EventID: 10010) (User: MAV_LAPTOP)
Description: Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.1


==================== Memory info ===========================

Processor: Intel® Core™ i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 41%
Total physical RAM: 3959.09 MB
Available physical RAM: 2333.42 MB
Total Virtual: 8567.09 MB
Available Virtual: 6691.2 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:457.4 GB) (Free:241.85 GB) NTFS

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:11 PM

Posted 12 November 2015 - 09:10 AM

ATTENTION: System Restore is disabled



How to: Turn System Restore ON - Windows
http://windows.microsoft.com/en-ca/windows/turn-system-restore-on-off#1TC=windows-7
===


Ran by ascat_000 (ATTENTION: The user is not administrator)

Please use an Administrator account to run the Farbar tool one more time.
Post the FRST log for my review.

#13 DiamondMaverick

DiamondMaverick
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 13 November 2015 - 02:25 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by C (administrator) on MAV_LAPTOP (13-11-2015 01:14:28)
Running from C:\Users\C\Downloads
Loaded Profiles: C & (Available Profiles: C & ascat_000)
Platform: Windows 8 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AECLSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(AOL Inc.) C:\Program Files (x86)\AIM\aim.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\AutoUpdate.exe
(Microsoft Corporation) C:\Windows\System32\AutoUpdate.exe
(Microsoft Corporation) C:\Windows\System32\AutoUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [678296 2012-07-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3759504 2012-07-20] (Dell Inc.)
HKLM\...\Run: [Dell Audio] => c:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe [20591616 2012-08-06] ()
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe [763520 2012-07-31] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [127616 2012-07-31] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-08-25] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2335855941-3855980251-1180739866-1001\...\Run: [Aim] => C:\Program Files (x86)\AIM\aim.exe [4331392 2012-05-30] (AOL Inc.)
HKU\S-1-5-21-2335855941-3855980251-1180739866-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Aim] => C:\Program Files (x86)\AIM\aim.exe [4331392 2012-05-30] (AOL Inc.)
HKU\S-1-5-21-2335855941-3855980251-1180739866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\ascat_000\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-05] (Google Inc.)
HKU\S-1-5-21-2335855941-3855980251-1180739866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Amazon Music] => C:\Users\ascat_000\AppData\Local\Amazon Music\Amazon Music Helper.exe [5886272 2015-03-02] ()
HKU\S-1-5-21-2335855941-3855980251-1180739866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_209_Plugin.exe [1155760 2015-08-08] (Adobe Systems Incorporated)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-28] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.200.1
Tcpip\..\Interfaces\{191E37D9-00E5-4D51-A710-9AC5A0545ABD}: [NameServer] 81.218.119.5,82.163.142.130
Tcpip\..\Interfaces\{191E37D9-00E5-4D51-A710-9AC5A0545ABD}: [DhcpNameServer] 192.168.200.1
Tcpip\..\Interfaces\{C1D13D43-A59F-4FFD-A11E-1BFEAAADE84A}: [NameServer] 81.218.119.5,82.163.142.130
Tcpip\..\Interfaces\{C1D13D43-A59F-4FFD-A11E-1BFEAAADE84A}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{D75A8879-4884-4D6D-994B-A3E669A259E8}: [NameServer] 81.218.119.5,82.163.142.130

Internet Explorer:
==================
HKU\S-1-5-21-2335855941-3855980251-1180739866-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com
HKU\S-1-5-21-2335855941-3855980251-1180739866-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
HKU\S-1-5-21-2335855941-3855980251-1180739866-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com
HKU\S-1-5-21-2335855941-3855980251-1180739866-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
HKU\S-1-5-21-2335855941-3855980251-1180739866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com
HKU\S-1-5-21-2335855941-3855980251-1180739866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2335855941-3855980251-1180739866-1001 -> {945EB969-E38F-4020-86EC-4A402DE2DCEA} URL =
SearchScopes: HKU\S-1-5-21-2335855941-3855980251-1180739866-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {945EB969-E38F-4020-86EC-4A402DE2DCEA} URL =
SearchScopes: HKU\S-1-5-21-2335855941-3855980251-1180739866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {945EB969-E38F-4020-86EC-4A402DE2DCEA} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-07-31] (Qualcomm Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-28] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-10-25] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-28] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-25] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\C\AppData\Roaming\Mozilla\Firefox\Profiles\rjjn2xlo.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-08-08] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-08-08] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2335855941-3855980251-1180739866-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin HKU\S-1-5-21-2335855941-3855980251-1180739866-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin HKU\S-1-5-21-2335855941-3855980251-1180739866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/GoogleTalkPlugin -> C:\Users\ascat_000\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2335855941-3855980251-1180739866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/O1DPlugin -> C:\Users\ascat_000\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2335855941-3855980251-1180739866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\ascat_000\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2335855941-3855980251-1180739866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\ascat_000\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-08-14] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found

Chrome:
=======
CHR Profile: C:\Users\C\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\C\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-31]
CHR Extension: (Google Docs) - C:\Users\C\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-31]
CHR Extension: (Google Drive) - C:\Users\C\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-06]
CHR Extension: (YouTube) - C:\Users\C\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-06]
CHR Extension: (Google Search) - C:\Users\C\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-06]
CHR Extension: (Google Sheets) - C:\Users\C\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-31]
CHR Extension: (Google Docs Offline) - C:\Users\C\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-03]
CHR Extension: (Avast Online Security) - C:\Users\C\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\C\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-31]
CHR Extension: (Gmail) - C:\Users\C\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-31]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-18]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AECLFilters; C:\Windows\system32\AECLSr64.exe [99696 2012-08-06] (Andrea Electronics Corporation)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [207488 2012-07-31] (Qualcomm Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-28] (AVAST Software)
S2 CirrusAudioService; c:\Program Files\Cirrus Logic Audio Panel\Cirrvus.exe [7168 2012-08-06] (Cirrus Logic) [File not signed]
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-11-06] (SurfRight B.V.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [78088 2014-08-26] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-09-12] (SoftThinks SAS)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-11-14] (Wacom Technology, Corp.)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-07-22] (Atheros) [File not signed]
S2 HPSLPSVC; C:\Users\C\AppData\Local\Temp\7zS1A04\hpslpsvc64.dll [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-28] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-28] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-08-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-28] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-07-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-28] (AVAST Software)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-07-31] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 CirrusLFD; C:\Windows\system32\DRIVERS\CSLFDx64.sys [41328 2012-08-06] (Cirrus Logic)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-09-20] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-11-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-13 01:11 - 2015-11-13 01:11 - 00000000 ___RD C:\Users\C\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-11-13 00:10 - 2015-11-13 00:10 - 00000000 ____D C:\AVAST Software
2015-11-12 01:28 - 2015-11-12 01:28 - 00000000 ____D C:\Users\ascat_000\Desktop\FRST-OlderVersion
2015-11-12 01:27 - 2015-11-12 01:27 - 00000000 ___RD C:\Users\ascat_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-11-06 02:01 - 2015-11-06 02:01 - 00000000 ____D C:\Users\C\AppData\Local\Macromedia
2015-11-06 02:00 - 2015-11-06 02:01 - 00000000 ____D C:\Users\C\AppData\Local\Mozilla
2015-10-29 03:22 - 2015-11-05 11:43 - 00001323 _____ C:\Users\ascat_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera 33.lnk
2015-10-24 01:07 - 2015-10-26 00:56 - 00053468 _____ C:\Users\ascat_000\Desktop\FP Ext Ped - AST.xlsx
2015-10-21 00:02 - 2014-04-16 12:20 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2015-10-21 00:02 - 2014-04-16 12:20 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2015-10-16 04:28 - 2015-09-18 07:32 - 14290944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-16 04:27 - 2015-09-18 07:32 - 13775360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-16 04:27 - 2015-09-18 07:32 - 02866176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-16 04:27 - 2015-09-18 07:32 - 02056704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-16 04:27 - 2015-09-18 07:32 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-16 04:27 - 2015-09-18 07:32 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-16 04:27 - 2015-09-18 07:32 - 00737280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-10-16 04:27 - 2015-09-18 07:32 - 00715264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-16 04:27 - 2015-09-18 07:32 - 00525824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-16 04:27 - 2015-09-18 07:32 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-16 04:27 - 2015-09-18 07:32 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-16 04:27 - 2015-09-18 07:32 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-16 04:27 - 2015-09-18 07:30 - 19280896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-16 04:27 - 2015-09-18 07:30 - 15416320 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-16 04:27 - 2015-09-18 07:30 - 03960832 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-16 04:27 - 2015-09-18 07:30 - 02656768 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-16 04:27 - 2015-09-18 07:30 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-16 04:27 - 2015-09-18 07:30 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-16 04:27 - 2015-09-18 07:30 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-10-16 04:27 - 2015-09-18 07:30 - 00857600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-16 04:27 - 2015-09-18 07:30 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-16 04:27 - 2015-09-18 07:30 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-16 04:27 - 2015-09-18 07:30 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-16 04:25 - 2015-09-18 09:09 - 00032432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-16 04:25 - 2015-09-18 07:30 - 01290752 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-16 04:25 - 2015-09-18 07:30 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-16 04:25 - 2015-09-18 07:30 - 00699904 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-16 04:25 - 2015-09-18 07:30 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-16 04:25 - 2015-09-18 07:30 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-16 04:25 - 2015-09-18 07:10 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-16 04:25 - 2015-08-01 08:50 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-16 04:25 - 2015-08-01 07:56 - 19778048 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-16 04:22 - 2015-10-01 17:55 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2015-10-16 04:22 - 2015-10-01 17:55 - 00588800 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-10-16 04:22 - 2015-09-28 21:33 - 06971224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-16 04:22 - 2015-09-28 20:02 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2015-10-16 04:22 - 2015-09-28 20:02 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-10-16 04:22 - 2015-09-28 20:01 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-16 04:22 - 2015-09-22 11:53 - 01405408 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-16 04:22 - 2015-09-22 11:53 - 01273184 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-10-15 23:34 - 2015-07-22 16:09 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-15 23:34 - 2015-07-22 16:09 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-13 01:14 - 2015-07-31 14:07 - 00000000 ____D C:\Users\C\Downloads\FRST-OlderVersion
2015-11-13 01:14 - 2015-07-28 20:50 - 00022564 _____ C:\Users\C\Downloads\FRST.txt
2015-11-13 01:14 - 2015-07-28 20:49 - 02198528 _____ (Farbar) C:\Users\C\Downloads\FRST64.exe
2015-11-13 01:14 - 2015-07-28 20:41 - 00000000 ____D C:\FRST
2015-11-13 01:14 - 2012-12-10 18:03 - 01763792 _____ C:\Windows\WindowsUpdate.log
2015-11-13 01:11 - 2012-12-10 18:06 - 00000000 ____D C:\Users\C\Documents\Bluetooth Folder
2015-11-13 01:02 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\system32\sru
2015-11-13 00:44 - 2013-10-18 19:14 - 00000946 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2335855941-3855980251-1180739866-1002UA.job
2015-11-13 00:44 - 2013-10-18 19:14 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2335855941-3855980251-1180739866-1002Core.job
2015-11-13 00:35 - 2015-07-31 15:27 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-13 00:15 - 2012-07-26 01:59 - 00000000 ____D C:\Windows\CbsTemp
2015-11-13 00:08 - 2012-07-26 01:28 - 00850046 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-12 01:33 - 2013-03-15 03:14 - 00000000 ____D C:\Users\ascat_000\AppData\Local\CrashDumps
2015-11-12 01:32 - 2014-08-30 19:35 - 00000000 ____D C:\Users\C\AppData\Roaming\HpUpdate
2015-11-12 01:32 - 2012-11-28 13:10 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-11-12 01:31 - 2015-07-28 20:42 - 00043031 _____ C:\Users\ascat_000\Desktop\FRST.txt
2015-11-12 01:31 - 2012-12-10 18:13 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2335855941-3855980251-1180739866-1001
2015-11-12 01:30 - 2015-07-28 20:43 - 00024130 _____ C:\Users\ascat_000\Desktop\Addition.txt
2015-11-12 01:29 - 2015-06-15 12:08 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-12 01:28 - 2015-07-28 20:40 - 02198528 _____ (Farbar) C:\Users\ascat_000\Desktop\FRST64.exe
2015-11-12 01:27 - 2015-07-31 15:26 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-12 01:25 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\AUInstallAgent
2015-11-06 02:01 - 2014-05-30 02:52 - 00000000 ____D C:\Users\C\AppData\Roaming\Mozilla
2015-11-06 01:59 - 2013-03-10 22:45 - 00000000 ____D C:\Users\C\AppData\Local\CrashDumps
2015-11-06 01:41 - 2015-06-16 01:05 - 11337112 _____ (SurfRight B.V.) C:\Users\ascat_000\Desktop\HitmanPro_x64.exe
2015-11-06 01:34 - 2012-07-26 01:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-06 01:26 - 2012-07-25 23:26 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-11-06 00:50 - 2015-08-07 23:19 - 00000000 ____D C:\Users\ascat_000\Desktop\DEFENSE
2015-11-06 00:50 - 2014-08-29 01:31 - 00000000 ____D C:\Users\ascat_000\Desktop\Quid Stuff
2015-11-06 00:50 - 2013-11-01 17:59 - 00000000 ____D C:\Users\ascat_000\Desktop\The VH Rules of Quidditch - Virtual Hogwarts_files
2015-11-05 11:43 - 2014-06-14 16:28 - 00004082 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1377937541
2015-11-05 02:58 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\rescache
2015-11-05 02:20 - 2014-01-02 04:09 - 00113462 _____ C:\Users\ascat_000\Desktop\FP Charts.xlsx
2015-11-01 23:26 - 2013-04-10 00:34 - 00000000 _____ C:\Windows\SysWOW64\SystemPreferences.xml
2015-10-24 18:41 - 2015-08-11 01:41 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-10-21 01:50 - 2014-04-14 17:41 - 01062316 _____ C:\Users\ascat_000\Documents\VH Lesson.xlsx
2015-10-21 00:11 - 2012-11-28 14:37 - 00132158 _____ C:\Windows\PFRO.log
2015-10-21 00:07 - 2015-04-18 18:17 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-21 00:07 - 2015-04-18 18:17 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-21 00:06 - 2012-07-26 02:12 - 00000000 ___RD C:\Windows\ToastData
2015-10-18 21:35 - 2013-03-23 04:39 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-18 21:16 - 2015-03-10 00:07 - 00000000 ____D C:\Windows\system32\MRT
2015-10-18 21:05 - 2013-03-10 23:33 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-18 20:59 - 2012-07-26 01:52 - 00000000 ____D C:\Program Files\Windows Journal
2015-10-16 00:35 - 2015-04-18 18:21 - 00809944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-16 00:35 - 2015-04-18 18:21 - 00176096 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-15 23:05 - 2015-06-18 04:46 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update

==================== Files in the root of some directories =======

2014-08-30 19:34 - 2014-08-30 19:34 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-11-28 13:06 - 2012-11-28 13:06 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2012-11-28 13:01 - 2012-11-28 13:03 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2012-11-28 13:03 - 2012-11-28 13:04 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2012-11-28 13:01 - 2012-11-28 13:01 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2012-11-28 13:04 - 2012-11-28 13:06 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

Some files in TEMP:
====================
C:\Users\ascat_000\AppData\Local\Temp\{4B4C3B77-D232-4FD8-A79A-492CB2B9C6FF}-44.0.2403.157_44.0.2403.155_chrome_updater.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-05 02:36

==================== End of FRST.txt ============================



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:11 PM

Posted 13 November 2015 - 09:30 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:


(Microsoft Corporation) C:\Windows\System32\AutoUpdate.exe
(Microsoft Corporation) C:\Windows\System32\AutoUpdate.exe
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
CHR Extension: (Avast Online Security) - C:\Users\C\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-18]
S2 HPSLPSVC; C:\Users\C\AppData\Local\Temp\7zS1A04\hpslpsvc64.dll [X]
C:\ProgramData\Ament.ini
C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

p.s.
The running process AutoUpdate.exe may have been set by a Worm.
Are you using a USB key that may be infected?

How is the computer running now?

#15 DiamondMaverick

DiamondMaverick
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 14 November 2015 - 04:22 PM

It's running the same... only when I disable Java on chrome can I log in. Cloudscout links are still there, unfortunately.

The running process AutoUpdate.exe may have been set by a Worm. Are you using a USB key that may be infected?
I don't have anything currently attached to my computer (no external HD, monitor); with the exception of a wireless Logitech mouse.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users