Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

i believe im infected?


  • This topic is locked This topic is locked
7 replies to this topic

#1 heavylow

heavylow

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 03 February 2016 - 02:34 PM

not sure if this is the right place to post this. sorry if its not

but i ran combofix and here are my results

can anyone help me? my computers just been through hell haha

 

 

 

 

ComboFix 16-01-31.01 - Matt 02/03/2016  11:17:56.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3839.1807 [GMT -8:00]
Running from: c:\users\Matt\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2016-01-03 to 2016-02-03  )))))))))))))))))))))))))))))))
.
.
2016-02-03 19:26 . 2016-02-03 19:26 -------- d-----w- c:\users\Liz\AppData\Local\temp
2016-02-03 19:26 . 2016-02-03 19:26 -------- d-----w- c:\users\Irene\AppData\Local\temp
2016-02-03 19:26 . 2016-02-03 19:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-02-02 16:25 . 2015-11-25 11:02 11154520 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{46C691FD-B1E0-4F15-8196-0C0B0F1141E0}\mpengine.dll
2016-01-29 22:32 . 2016-01-29 22:32 -------- d-----w- c:\programdata\Creative Home
2016-01-27 20:03 . 2016-01-27 20:03 -------- d-----w- c:\program files (x86)\iTunes
2016-01-27 20:03 . 2016-01-27 20:03 -------- d-----w- c:\program files\iTunes
2016-01-27 20:03 . 2016-01-27 20:03 -------- d-----w- c:\program files\iPod
2016-01-27 20:01 . 2016-01-27 20:01 -------- d-----w- c:\program files\Bonjour
2016-01-27 20:01 . 2016-01-27 20:01 -------- d-----w- c:\program files (x86)\Bonjour
2016-01-27 19:58 . 2016-01-27 19:58 -------- d-----w- c:\program files (x86)\Apple Software Update
2016-01-27 19:46 . 2016-01-27 19:46 386096 ----a-w- c:\windows\system32\aswBoot.exe
2016-01-27 19:46 . 2016-01-27 19:46 43112 ----a-w- c:\windows\avastSS.scr
2016-01-20 11:02 . 2015-12-08 21:53 641536 ----a-w- c:\windows\SysWow64\advapi32.dll
2016-01-20 11:02 . 2015-12-08 19:07 879104 ----a-w- c:\windows\system32\advapi32.dll
2016-01-20 11:02 . 2015-11-17 01:11 25024 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-01-20 11:02 . 2015-11-17 01:08 705536 ----a-w- c:\windows\system32\invagent.dll
2016-01-20 11:02 . 2015-11-17 01:08 792064 ----a-w- c:\windows\system32\generaltel.dll
2016-01-20 11:02 . 2015-11-17 01:08 505856 ----a-w- c:\windows\system32\devinv.dll
2016-01-20 11:02 . 2015-11-17 01:08 76800 ----a-w- c:\windows\system32\acmigration.dll
2016-01-20 11:02 . 2015-11-17 01:08 1381376 ----a-w- c:\windows\system32\appraiser.dll
2016-01-20 11:02 . 2015-11-16 20:17 210432 ----a-w- c:\windows\system32\aepic.dll
2016-01-20 11:02 . 2015-12-11 18:57 1164800 ----a-w- c:\windows\system32\aeinv.dll
2016-01-20 11:02 . 2015-12-08 21:52 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2016-01-20 11:02 . 2015-12-08 19:07 405504 ----a-w- c:\windows\system32\gdi32.dll
2016-01-20 11:02 . 2015-12-08 17:58 3211264 ----a-w- c:\windows\system32\win32k.sys
2016-01-18 03:46 . 2015-12-08 19:07 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2016-01-18 03:45 . 2015-12-12 18:23 49664 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-02-03 18:48 . 2014-10-29 00:52 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-01-27 19:51 . 2014-10-24 08:09 464256 ----a-w- c:\windows\system32\drivers\aswsp.sys
2016-01-27 19:51 . 2014-10-24 08:08 1065208 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2016-01-27 19:51 . 2014-10-24 08:09 97648 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2016-01-27 19:46 . 2014-10-24 08:09 155304 ----a-w- c:\windows\system32\drivers\aswStm.sys
2016-01-27 19:46 . 2014-10-24 08:09 273784 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2016-01-27 19:46 . 2014-10-24 08:09 65224 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-01-27 19:46 . 2014-10-24 08:09 28656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-01-27 19:46 . 2014-10-24 08:09 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2016-01-21 22:18 . 2014-10-24 07:33 143671360 ----a-w- c:\windows\system32\MRT.exe
2015-12-30 18:37 . 2016-01-18 19:17 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-12-08 19:07 . 2009-07-14 00:22 1393152 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2015-12-02 21:18 . 2014-10-24 07:31 301728 ------w- c:\windows\system32\MpSigStub.exe
2015-11-20 18:54 . 2015-12-10 22:23 98816 ----a-w- c:\windows\system32\wudriver.dll
2015-11-20 18:54 . 2015-12-10 22:23 37888 ----a-w- c:\windows\system32\wups2.dll
2015-11-20 18:54 . 2015-12-10 22:23 36864 ----a-w- c:\windows\system32\wups.dll
2015-11-20 18:54 . 2015-12-10 22:23 3170304 ----a-w- c:\windows\system32\wucltux.dll
2015-11-20 18:54 . 2015-12-10 22:23 2609152 ----a-w- c:\windows\system32\wuaueng.dll
2015-11-20 18:54 . 2015-12-10 22:23 192512 ----a-w- c:\windows\system32\wuwebv.dll
2015-11-20 18:54 . 2015-12-10 22:23 709632 ----a-w- c:\windows\system32\wuapi.dll
2015-11-20 18:54 . 2015-12-10 22:23 91136 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-11-20 18:54 . 2015-12-10 22:23 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-11-20 18:54 . 2015-12-10 22:23 37888 ----a-w- c:\windows\system32\wuapp.exe
2015-11-20 18:54 . 2015-12-10 22:23 140288 ----a-w- c:\windows\system32\wuauclt.exe
2015-11-20 18:34 . 2015-12-10 22:23 93696 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-11-20 18:34 . 2015-12-10 22:23 30208 ----a-w- c:\windows\SysWow64\wups.dll
2015-11-20 18:34 . 2015-12-10 22:23 174080 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-11-20 18:34 . 2015-12-10 22:23 573440 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-11-20 18:33 . 2015-12-10 22:23 35328 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-11-11 18:53 . 2015-12-10 22:23 1735680 ----a-w- c:\windows\system32\comsvcs.dll
2015-11-11 18:53 . 2015-12-10 22:23 525312 ----a-w- c:\windows\system32\catsrvut.dll
2015-11-11 18:39 . 2015-12-10 22:23 1242624 ----a-w- c:\windows\SysWow64\comsvcs.dll
2015-11-11 18:39 . 2015-12-10 22:23 487936 ----a-w- c:\windows\SysWow64\catsrvut.dll
2015-11-10 18:55 . 2015-12-10 22:23 1648128 ----a-w- c:\windows\system32\DWrite.dll
2015-11-10 18:55 . 2015-12-10 22:23 1180160 ----a-w- c:\windows\system32\FntCache.dll
2015-11-10 18:55 . 2015-12-10 22:23 1008640 ----a-w- c:\windows\system32\user32.dll
2015-11-10 18:39 . 2015-12-10 22:23 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-11-10 18:37 . 2015-12-10 22:23 833024 ----a-w- c:\windows\SysWow64\user32.dll
2015-11-06 18:36 . 2014-10-24 08:05 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-10-23 6501656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-15 98304]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-01-27 7021880]
"CanonQuickMenu"="c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" [2013-05-03 1282120]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-10-07 596528]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [BU]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Event Planner Reminder.lnk - c:\program files (x86)\Creative Home\Hallmark Card Studio 2012 Deluxe\Planner\PLNRnote.exe [2011-7-28 365984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
R3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTBS26.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 CouponPrinterService;Coupon Printer Service;c:\program files (x86)\Coupons\CouponPrinterService.exe;c:\program files (x86)\Coupons\CouponPrinterService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWBS2.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-01-29 22:09 1090376 ----a-w- c:\program files (x86)\Google\Chrome\Application\48.0.2564.97\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24 10:02]
.
2016-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24 10:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-01-27 19:46 873304 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FAHConsole"="c:\program files\File Association Helper\FAHConsole.exe" [2014-01-28 729272]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-12-18 170256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-02-03  11:29:10
ComboFix-quarantined-files.txt  2016-02-03 19:29
ComboFix2.txt  2016-01-18 02:49
ComboFix3.txt  2014-09-30 20:42
ComboFix4.txt  2014-07-04 01:19
.
Pre-Run: 371,178,278,912 bytes free
Post-Run: 370,784,960,512 bytes free
.
- - End Of File - - F6991C03284E189F72F64625BEFB9065
A36C5E4F47E84449FF07ED3517B43A31


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,545 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:14 AM

Posted 04 February 2016 - 10:01 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


How is the computer running now?
Wait for further instructions.

#3 heavylow

heavylow
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 04 February 2016 - 01:27 PM

thank you nasdaq much appreciated 

here is my adwcleaner log

 

# AdwCleaner v5.032 - Logfile created 04/02/2016 at 10:15:49
# Updated 31/01/2016 by Xplode
# Database : 2016-02-02.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Matt - MATT-PC
# Running from : C:\Users\Matt\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[-] Service Deleted : CouponPrinterService
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\Coupons
[-] Folder Deleted : C:\ProgramData\apn
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[-] Folder Deleted : C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.shopathome.com_0.localstorage
[-] File Deleted : C:\Users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.shopathome.com_0.localstorage-journal
[-] File Deleted : C:\Users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.shopathome.com_0.localstorage
[-] File Deleted : C:\Users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.shopathome.com_0.localstorage-journal
[-] File Deleted : C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlmebkoiahbppacaicbgncnjhbpdfkcc_0.localstorage
[-] File Deleted : C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlmebkoiahbppacaicbgncnjhbpdfkcc_0.localstorage-journal
[-] File Deleted : C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.shopathome.com_0.localstorage
[-] File Deleted : C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.shopathome.com_0.localstorage-journal
[-] File Deleted : C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.shopathome.com_0.localstorage
[-] File Deleted : C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.shopathome.com_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKCU\Software\BRS
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C168639F-5810-4EC8-B1E8-0251AA8A771C}
[!] Key Not Deleted : HKU\S-1-5-21-514987822-505378600-3997710921-1000\Software\BRS
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask search
[-] [C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : astromenda.com
[-] [C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://astromenda.com/?f=7&a=ast_wnzp01_14_43_ch&cd=2XzuyEtN2Y1L1QzutDtDtByCtB0DtC0E0A0A0CyCyDyDtD0BtN0D0Tzu0StCtDtBzztN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StD0Azy0E0E0D0A0EtGtC0AyEtCtGtBzyyC0FtG0F0FyCyBtGyCyE0B0D0AyEzz0CtCtBzyzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyBtAyDtA0D0E0EtGyCtCyCtBtGyEtB0DzytG0B0Ezz0EtGzzyBtD0E0ByEyEtDtCtBzyzy2Q&cr=1777531485&ir=
[-] [C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : jhfhkgkmljpbkafmkljgfmaokgcaiiee
[-] [C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : pfkfdlcdbajamklbneflfbcmfgddmpae
[-] [C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www.delta-search.com/?affID=119520&babsrc=HP_ss&mntrId=0878550b00000000000000262d1eaac6
[-] [C:\Users\Irene\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Irene\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : dlmebkoiahbppacaicbgncnjhbpdfkcc
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5410 bytes] ##########


#4 heavylow

heavylow
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 04 February 2016 - 01:32 PM

here is the FRST scan log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by Matt (administrator) on MATT-PC (04-02-2016 10:28:22)
Running from C:\Users\Matt\Downloads
Loaded Profiles: Matt (Available Profiles: Matt & Irene & Liz)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Creative Home) C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2012 Deluxe\Planner\PLNRnote.exe
(PDE Publications Limited) C:\Program Files (x86)\Driver Downloader\DDTray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-27] (AVAST Software)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-10-06] (Oracle Corporation)
HKU\S-1-5-21-514987822-505378600-3997710921-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-514987822-505378600-3997710921-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-10-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-01-27] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminder.lnk [2015-06-24]
ShortcutTarget: Event Planner Reminder.lnk -> C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2012 Deluxe\Planner\PLNRnote.exe (Creative Home)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F50C33EA-6C5E-4797-857D-52EAB4398416}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-514987822-505378600-3997710921-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-514987822-505378600-3997710921-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-514987822-505378600-3997710921-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=odc179
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-514987822-505378600-3997710921-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-514987822-505378600-3997710921-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-514987822-505378600-3997710921-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-06] (AVAST Software)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-06] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-06] (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-06] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-27]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-01-27]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.delta-search.com/?affID=119520&babsrc=HP_ss&mntrId=0878550b00000000000000262d1eaac6
CHR StartupUrls: Default -> "hxxp://google.com/","hxxp://astromenda.com/?f=7&a=ast_wnzp01_14_43_ch&cd=2XzuyEtN2Y1L1QzutDtDtByCtB0DtC0E0A0A0CyCyDyDtD0BtN0D0Tzu0StCtDtBzztN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StD0Azy0E0E0D0A0EtGtC0AyEtCtGtBzyyC0FtG0F0FyCyBtGyCyE0B0D0AyEzz0CtCtBzyzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyBtAyDtA0D0E0EtGyCtCyCtBtGyEtB0DzytG0B0Ezz0EtGzzyBtD0E0ByEyEtDtCtBzyzy2Q&cr=1777531485&ir="
CHR Profile: C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-13]
CHR Extension: (Google Docs) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-13]
CHR Extension: (Google Drive) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-01]
CHR Extension: (Glow) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\bekmjjakgojplnhahcilegeiklenjbgb [2014-10-23]
CHR Extension: (YouTube) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-15]
CHR Extension: (Adblock Plus) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-03]
CHR Extension: (Google Search) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-01]
CHR Extension: (Avast SafePrice) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-12-01]
CHR Extension: (Blur) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2016-02-03]
CHR Extension: (Google Sheets) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-13]
CHR Extension: (Google Docs Offline) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-01]
CHR Extension: (Avast Online Security) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-12-01]
CHR Extension: (Dragon Ball Z mmorpg game !) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\kljhjkncoceojjbadalclgdinmijjien [2014-10-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-08]
CHR Extension: (Gmail) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-09]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-11-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-06]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-27] (AVAST Software)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-27] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2016-01-27] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2016-01-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2016-01-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2016-01-27] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065208 2016-01-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-27] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2016-01-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2016-01-27] (AVAST Software)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-04] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [411136 2009-06-10] (Conexant Systems, Inc.)
S3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.)
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-04 10:28 - 2016-02-04 10:29 - 00016775 _____ C:\Users\Matt\Downloads\FRST.txt
2016-02-04 10:28 - 2016-02-04 10:28 - 00000000 ____D C:\FRST
2016-02-04 10:26 - 2016-02-04 10:26 - 02370560 _____ (Farbar) C:\Users\Matt\Downloads\FRST64 (1).exe
2016-02-04 10:25 - 2016-02-04 10:25 - 00001429 _____ C:\Users\Matt\Desktop\FRST64 - Shortcut.lnk
2016-02-04 10:24 - 2016-02-04 10:25 - 02370560 _____ (Farbar) C:\Users\Matt\Downloads\FRST64.exe
2016-02-04 10:07 - 2016-02-04 10:15 - 00000000 ____D C:\AdwCleaner
2016-02-03 11:29 - 2016-02-03 11:29 - 00014859 _____ C:\ComboFix.txt
2016-02-03 11:05 - 2016-02-03 11:05 - 01508352 _____ C:\Users\Matt\Downloads\AdwCleaner (1).exe
2016-02-03 11:03 - 2016-02-03 11:05 - 01508352 _____ C:\Users\Matt\Downloads\AdwCleaner.exe
2016-01-29 14:32 - 2016-01-29 14:32 - 00000000 ____D C:\ProgramData\Creative Home
2016-01-27 12:03 - 2016-01-27 12:03 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-01-27 12:03 - 2016-01-27 12:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-01-27 12:03 - 2016-01-27 12:03 - 00000000 ____D C:\Program Files\iTunes
2016-01-27 12:03 - 2016-01-27 12:03 - 00000000 ____D C:\Program Files\iPod
2016-01-27 12:03 - 2016-01-27 12:03 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-01-27 12:01 - 2016-01-27 12:01 - 00000000 ____D C:\Program Files\Bonjour
2016-01-27 12:01 - 2016-01-27 12:01 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-01-27 11:59 - 2016-01-27 11:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-01-27 11:58 - 2016-01-27 11:58 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2016-01-27 11:58 - 2016-01-27 11:58 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-01-27 11:46 - 2016-01-27 11:46 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-01-27 11:46 - 2016-01-27 11:46 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-01-21 14:37 - 2015-12-30 11:08 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-21 14:37 - 2015-12-30 11:08 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-01-21 14:37 - 2015-12-30 11:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-01-21 14:37 - 2015-12-30 11:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-01-21 14:37 - 2015-12-30 11:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-01-21 14:37 - 2015-12-30 10:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-01-21 14:37 - 2015-12-30 10:58 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-21 14:37 - 2015-12-30 10:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-01-21 14:37 - 2015-12-30 10:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-01-21 14:37 - 2015-12-30 10:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-01-21 14:37 - 2015-12-30 10:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-01-21 14:37 - 2015-12-30 10:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-01-21 14:37 - 2015-12-30 09:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-01-21 14:37 - 2015-12-30 09:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-01-21 14:37 - 2015-12-30 09:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-01-20 03:02 - 2015-12-11 10:57 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-20 03:02 - 2015-12-08 13:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-20 03:02 - 2015-12-08 13:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-20 03:02 - 2015-12-08 11:07 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-20 03:02 - 2015-12-08 11:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-20 03:02 - 2015-12-08 09:58 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-20 03:02 - 2015-11-16 17:11 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-01-20 03:02 - 2015-11-16 17:08 - 01381376 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-01-20 03:02 - 2015-11-16 17:08 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-01-20 03:02 - 2015-11-16 17:08 - 00705536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-01-20 03:02 - 2015-11-16 17:08 - 00505856 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-01-20 03:02 - 2015-11-16 17:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-01-20 03:02 - 2015-11-16 12:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-18 11:17 - 2015-12-30 11:08 - 05572544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-18 11:17 - 2015-12-30 11:05 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-18 11:17 - 2015-12-30 11:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-01-18 11:17 - 2015-12-30 11:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-01-18 11:17 - 2015-12-30 11:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-01-18 11:17 - 2015-12-30 11:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-01-18 11:17 - 2015-12-30 11:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-01-18 11:17 - 2015-12-30 11:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-01-18 11:17 - 2015-12-30 11:01 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-01-18 11:17 - 2015-12-30 11:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-01-18 11:17 - 2015-12-30 11:01 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-18 11:17 - 2015-12-30 11:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-01-18 11:17 - 2015-12-30 11:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-01-18 11:17 - 2015-12-30 10:59 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-01-18 11:17 - 2015-12-30 10:59 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-18 11:17 - 2015-12-30 10:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-01-18 11:17 - 2015-12-30 10:57 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-01-18 11:17 - 2015-12-30 10:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-01-18 11:17 - 2015-12-30 10:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-01-18 11:17 - 2015-12-30 10:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-01-18 11:17 - 2015-12-30 10:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-01-18 11:17 - 2015-12-30 10:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-01-18 11:17 - 2015-12-30 10:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-01-18 11:17 - 2015-12-30 10:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-01-18 11:17 - 2015-12-30 10:44 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-18 11:17 - 2015-12-30 10:41 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-01-18 11:17 - 2015-12-30 10:41 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-01-18 11:17 - 2015-12-30 10:41 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-01-18 11:17 - 2015-12-30 10:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-01-18 11:17 - 2015-12-30 10:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-01-18 11:17 - 2015-12-30 10:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-01-18 11:17 - 2015-12-30 10:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-01-18 11:17 - 2015-12-30 10:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-01-18 11:17 - 2015-12-30 10:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-18 11:17 - 2015-12-30 10:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-01-18 11:17 - 2015-12-30 10:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-01-18 11:17 - 2015-12-30 10:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-18 11:17 - 2015-12-30 10:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-01-18 11:17 - 2015-12-30 10:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-01-18 11:17 - 2015-12-30 10:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-01-18 11:17 - 2015-12-30 10:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 09:50 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-01-18 11:17 - 2015-12-30 09:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-01-18 11:17 - 2015-12-30 09:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-18 11:17 - 2015-12-30 09:42 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-01-18 11:17 - 2015-12-30 09:42 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-18 11:17 - 2015-12-30 09:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-01-18 11:17 - 2015-12-30 09:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-01-18 11:17 - 2015-12-30 09:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-01-18 11:17 - 2015-12-30 09:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-01-18 11:17 - 2015-12-30 09:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-01-18 11:17 - 2015-12-30 09:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-01-18 11:17 - 2015-12-30 09:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 09:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 09:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-01-18 11:17 - 2015-12-30 09:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-01-17 19:46 - 2015-12-08 13:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-01-17 19:46 - 2015-12-08 13:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-17 19:46 - 2015-12-08 13:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-17 19:46 - 2015-12-08 13:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-17 19:46 - 2015-12-08 13:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-17 19:46 - 2015-12-08 13:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-17 19:46 - 2015-12-08 13:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-01-17 19:46 - 2015-12-08 13:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-17 19:46 - 2015-12-08 13:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-17 19:46 - 2015-12-08 13:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-17 19:46 - 2015-12-08 13:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-17 19:46 - 2015-12-08 13:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-17 19:46 - 2015-12-08 13:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-01-17 19:46 - 2015-12-08 13:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-17 19:46 - 2015-12-08 13:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-17 19:46 - 2015-12-08 13:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-17 19:46 - 2015-12-08 13:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-17 19:46 - 2015-12-08 13:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-17 19:46 - 2015-12-08 13:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-17 19:46 - 2015-12-08 13:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-17 19:46 - 2015-12-08 13:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-01-17 19:46 - 2015-12-08 13:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-17 19:46 - 2015-12-08 13:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-17 19:46 - 2015-12-08 13:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-17 19:46 - 2015-12-08 13:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-01-17 19:46 - 2015-12-08 13:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-17 19:46 - 2015-12-08 13:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-17 19:46 - 2015-12-08 13:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-17 19:46 - 2015-12-08 13:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-17 19:46 - 2015-12-08 13:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-17 19:46 - 2015-12-08 13:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-17 19:46 - 2015-12-08 13:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-01-17 19:46 - 2015-12-08 13:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-01-17 19:46 - 2015-12-08 13:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-01-17 19:46 - 2015-12-08 13:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-01-17 19:46 - 2015-12-08 11:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-17 19:46 - 2015-12-08 11:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-01-17 19:46 - 2015-12-08 11:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-17 19:46 - 2015-12-08 11:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-17 19:46 - 2015-12-08 11:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-17 19:46 - 2015-12-08 11:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-17 19:46 - 2015-12-08 11:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-17 19:46 - 2015-12-08 11:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-17 19:46 - 2015-12-08 11:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-17 19:46 - 2015-12-08 11:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-17 19:46 - 2015-12-08 11:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-17 19:46 - 2015-12-08 11:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-01-17 19:46 - 2015-12-08 11:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-17 19:46 - 2015-12-08 11:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-17 19:46 - 2015-12-08 11:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-17 19:46 - 2015-12-08 11:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-17 19:46 - 2015-12-08 11:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-17 19:46 - 2015-12-08 11:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-17 19:46 - 2015-12-08 11:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-17 19:46 - 2015-12-08 11:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-17 19:46 - 2015-12-08 11:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-01-17 19:46 - 2015-12-08 11:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-17 19:46 - 2015-12-08 11:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-17 19:46 - 2015-12-08 11:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-17 19:46 - 2015-12-08 11:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-17 19:46 - 2015-12-08 11:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-17 19:46 - 2015-12-08 11:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-17 19:46 - 2015-12-08 11:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-17 19:46 - 2015-12-08 11:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-17 19:46 - 2015-12-08 11:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-17 19:46 - 2015-12-08 11:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-17 19:46 - 2015-12-08 11:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-17 19:46 - 2015-12-08 11:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-01-17 19:46 - 2015-12-08 11:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-01-17 19:46 - 2015-12-08 11:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-17 19:46 - 2015-12-08 11:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-01-17 19:46 - 2015-12-08 11:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-01-17 19:46 - 2015-12-08 10:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-17 19:46 - 2015-12-08 10:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-01-17 19:46 - 2015-12-08 10:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-01-17 19:45 - 2015-12-23 15:13 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-01-17 19:45 - 2015-12-23 14:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-01-17 19:45 - 2015-12-12 10:54 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-17 19:45 - 2015-12-12 10:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-17 19:45 - 2015-12-12 10:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-01-17 19:45 - 2015-12-12 10:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-01-17 19:45 - 2015-12-12 10:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-17 19:45 - 2015-12-12 10:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-17 19:45 - 2015-12-12 10:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-17 19:45 - 2015-12-12 10:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-01-17 19:45 - 2015-12-12 10:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-01-17 19:45 - 2015-12-12 10:07 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-17 19:45 - 2015-12-12 10:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-17 19:45 - 2015-12-12 10:07 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-01-17 19:45 - 2015-12-12 10:03 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-17 19:45 - 2015-12-12 10:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-17 19:45 - 2015-12-12 10:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-17 19:45 - 2015-12-12 10:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-01-17 19:45 - 2015-12-12 10:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-17 19:45 - 2015-12-12 10:02 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-01-17 19:45 - 2015-12-12 09:55 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-01-17 19:45 - 2015-12-12 09:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-17 19:45 - 2015-12-12 09:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-01-17 19:45 - 2015-12-12 09:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-01-17 19:45 - 2015-12-12 09:40 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-01-17 19:45 - 2015-12-12 09:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-17 19:45 - 2015-12-12 09:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-17 19:45 - 2015-12-12 09:37 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-17 19:45 - 2015-12-12 09:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-01-17 19:45 - 2015-12-12 09:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-01-17 19:45 - 2015-12-12 09:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-01-17 19:45 - 2015-12-12 09:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-01-17 19:45 - 2015-12-12 09:35 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-01-17 19:45 - 2015-12-12 09:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-01-17 19:45 - 2015-12-12 09:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-01-17 19:45 - 2015-12-12 09:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-01-17 19:45 - 2015-12-12 09:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-01-17 19:45 - 2015-12-12 09:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-17 19:45 - 2015-12-12 09:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-01-17 19:45 - 2015-12-12 09:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-01-17 19:45 - 2015-12-12 09:25 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-01-17 19:45 - 2015-12-12 09:23 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-17 19:45 - 2015-12-12 09:22 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-01-17 19:45 - 2015-12-12 09:21 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-01-17 19:45 - 2015-12-12 09:20 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-17 19:45 - 2015-12-12 09:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-01-17 19:45 - 2015-12-12 09:18 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-17 19:45 - 2015-12-12 09:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-01-17 19:45 - 2015-12-12 09:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-01-17 19:45 - 2015-12-12 09:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-01-17 19:45 - 2015-12-12 09:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-01-17 19:45 - 2015-12-12 09:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-17 19:45 - 2015-12-12 09:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-01-17 19:45 - 2015-12-12 09:06 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-17 19:45 - 2015-12-12 09:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-01-17 19:45 - 2015-12-12 09:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-17 19:45 - 2015-12-12 09:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-01-17 19:45 - 2015-12-12 09:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-01-17 19:45 - 2015-12-12 09:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-17 19:45 - 2015-12-12 08:54 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-17 19:45 - 2015-12-12 08:42 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-17 19:45 - 2015-12-12 08:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-17 19:45 - 2015-12-12 08:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-17 19:45 - 2015-12-12 08:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-01-17 19:45 - 2015-12-08 13:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-17 19:45 - 2015-12-08 11:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-17 19:45 - 2015-11-13 15:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-17 19:45 - 2015-11-13 15:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-17 19:45 - 2015-11-13 15:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-01-17 19:45 - 2015-11-13 14:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-01-17 19:45 - 2015-11-13 14:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-01-17 19:45 - 2015-11-13 14:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-01-17 18:36 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
2016-01-17 18:36 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
2016-01-17 18:36 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-01-17 18:36 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-01-17 18:36 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-01-17 18:36 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
2016-01-17 18:36 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
2016-01-17 18:36 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
2016-01-17 18:35 - 2016-01-17 18:48 - 00000000 ____D C:\Windows\erdnt
2016-01-17 18:33 - 2016-02-03 11:07 - 05656479 ____R (Swearware) C:\Users\Matt\Downloads\ComboFix.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-04 10:26 - 2009-07-13 20:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-04 10:26 - 2009-07-13 20:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-04 10:20 - 2014-10-23 23:53 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-04 10:19 - 2014-10-28 16:52 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-04 10:19 - 2014-10-23 23:53 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-04 10:18 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-03 14:03 - 2009-07-13 21:08 - 00032614 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-02-03 11:29 - 2014-05-24 10:23 - 00000000 ____D C:\Qoobox
2016-02-03 11:26 - 2009-07-13 18:34 - 00000215 _____ C:\Windows\system.ini
2016-02-02 08:23 - 2015-06-24 09:50 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-02-02 08:14 - 2014-10-23 23:53 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 08:14 - 2014-10-23 23:53 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-02 08:13 - 2014-10-24 00:09 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-01-30 15:25 - 2014-10-24 00:34 - 00000000 ____D C:\Users\Irene\AppData\Roaming\Apple Computer
2016-01-29 17:25 - 2011-06-04 10:21 - 00000000 ____D C:\Temp
2016-01-29 14:27 - 2014-10-23 23:53 - 00002212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-29 14:27 - 2014-10-23 23:53 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-27 12:03 - 2015-04-09 14:26 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2016-01-27 12:03 - 2014-10-24 00:15 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-01-27 12:01 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-01-27 11:59 - 2014-10-24 00:18 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Apple Computer
2016-01-27 11:59 - 2014-10-24 00:18 - 00000000 ____D C:\Users\Matt\AppData\Local\Apple Computer
2016-01-27 11:58 - 2014-10-24 00:15 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-01-27 11:51 - 2014-10-24 00:09 - 00464256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-01-27 11:51 - 2014-10-24 00:09 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2016-01-27 11:51 - 2014-10-24 00:08 - 01065208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-01-27 11:46 - 2014-10-24 00:09 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-01-27 11:46 - 2014-10-24 00:09 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-01-27 11:46 - 2014-10-24 00:09 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-01-27 11:46 - 2014-10-24 00:09 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-01-27 11:46 - 2014-10-24 00:09 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-01-22 04:01 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2016-01-21 14:50 - 2009-07-13 21:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-21 14:45 - 2009-07-13 20:45 - 00344288 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-21 14:43 - 2014-12-10 04:33 - 00000000 ____D C:\Windows\system32\appraiser
2016-01-21 14:43 - 2014-10-23 23:44 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-01-21 14:36 - 2014-10-23 23:33 - 00000000 ____D C:\Windows\system32\MRT
2016-01-21 14:18 - 2014-10-23 23:33 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-21 14:07 - 2014-10-24 12:06 - 00000000 ____D C:\Users\Liz\AppData\Roaming\Apple Computer
2016-01-17 19:27 - 2014-11-17 18:18 - 00000000 ____D C:\Windows\Minidump
2016-01-17 18:25 - 2014-11-06 13:21 - 00000043 _____ C:\Users\Matt\jagex_cl_oldschool_LIVE.dat
 
==================== Files in the root of some directories =======
 
2014-10-25 18:55 - 2014-10-28 09:55 - 0000125 _____ () C:\Users\Matt\AppData\Roaming\WB.CFG
2014-10-28 09:55 - 2014-10-28 09:55 - 0000001 _____ () C:\Users\Matt\AppData\Local\DSI.DAT
 
Some files in TEMP:
====================
C:\Users\Matt\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-03 12:07
 
==================== End of FRST.txt ============================

and now the additional notepad

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by Matt (2016-02-04 10:29:52)
Running from C:\Users\Matt\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2014-10-24 07:14:00)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-514987822-505378600-3997710921-500 - Administrator - Disabled)
Guest (S-1-5-21-514987822-505378600-3997710921-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-514987822-505378600-3997710921-1002 - Limited - Enabled)
Irene (S-1-5-21-514987822-505378600-3997710921-1003 - Limited - Enabled) => C:\Users\Irene
Liz (S-1-5-21-514987822-505378600-3997710921-1004 - Limited - Enabled) => C:\Users\Liz
Matt (S-1-5-21-514987822-505378600-3997710921-1000 - Administrator - Enabled) => C:\Users\Matt
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-514987822-505378600-3997710921-1000\...\uTorrent) (Version: 3.4.3.40760 - BitTorrent Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ATI AVIVO64 Codecs (Version: 10.8.0.40714 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{14AF193A-EC13-3B3E-BFBF-D2C471F12718}) (Version: 3.0.778.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}) (Version: 12.33.02 - Broadcom Corporation)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.00 - Canon Inc.)
Canon MG2500 series On-screen Manual (HKLM-x32\...\Canon MG2500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MG2500 series User Registration (HKLM-x32\...\Canon MG2500 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
ccc-core-static (x32 Version: 2009.0714.2132.36830 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.80.4.0 - Conexant)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.5) (Version: 5.0.1.5 - Coupons.com Incorporated)
Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Driver Downloader v3.2 (HKLM-x32\...\Driver Downloader_is1) (Version: 3.2 - PDE Publications Limited)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.97 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Hallmark Card Studio 2012 Deluxe (HKLM-x32\...\{8777089A-4CF4-44BA-910B-9A4580669DED}) (Version: 13.0.1.3 - Creative Home)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.17 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
P@H-Protocol (HKLM-x32\...\{14F936AB-5D31-410E-A4E2-70AE504712F2}) (Version: 3.0.8.6 - Valassis)
RuneScape Launcher 1.2.7 (HKLM-x32\...\{FA52A2D0-298E-4D40-8BB7-39928627EA6A}) (Version: 1.2.7 - Jagex Ltd)
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-514987822-505378600-3997710921-1000_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\HPCDMC64.DLL (HP)
CustomCLSID: HKU\S-1-5-21-514987822-505378600-3997710921-1000_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\HPCDMC64.DLL (HP)
CustomCLSID: HKU\S-1-5-21-514987822-505378600-3997710921-1000_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\HPCDMC64.DLL (HP)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0242C4C6-B992-44C7-B9C7-3F393180CAFA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {028F2AD1-5D78-4B81-BA3E-5906D0C52FCB} - System32\Tasks\Driver Downloader Schedule => C:\Program Files (x86)\Driver Downloader\DDTray.exe [2014-08-20] (PDE Publications Limited)
Task: {1BE1EDA7-77B5-45A0-ABF4-19B2FDD4B40B} - System32\Tasks\avastBCLRestartS-1-5-21-514987822-505378600-3997710921-1000 => Chrome.exe 
Task: {26C7E968-36D5-4742-9019-F3FFEF141A7D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-01-27] (AVAST Software)
Task: {3DB0DE97-8695-417C-A6CA-9A473D9BA2A7} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-01-20] (AVAST Software)
Task: {43E174DF-31F9-4667-B4D0-A80AF007CB55} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {5A525B93-EA2D-4DBE-B318-6048363852D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {9F5AADDC-357B-41F0-B4DD-111D9BDC92AA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-24 09:50 - 2012-03-27 19:49 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2014-10-28 16:38 - 2014-10-28 16:36 - 00020288 ____R () C:\Program Files\CCleaner\branding.dll
2008-11-18 11:00 - 2008-11-18 11:00 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-10-23 23:34 - 2014-10-23 23:34 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2016-01-27 11:46 - 2016-01-27 11:46 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-01-27 11:46 - 2016-01-27 11:46 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-02-03 11:40 - 2016-02-03 11:40 - 02819072 _____ () C:\Program Files\AVAST Software\Avast\defs\16020301\algo.dll
2016-01-27 11:46 - 2016-01-27 11:46 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-01-27 11:46 - 2016-01-27 11:46 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-01-29 14:27 - 2016-01-27 09:39 - 01632584 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\libglesv2.dll
2016-01-29 14:27 - 2016-01-27 09:39 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-514987822-505378600-3997710921-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{A287210D-A29E-49EA-B4B2-6AD5595CD5F9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{85AE4847-D90B-4D18-A561-907F2C426842}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2462AEDB-CAB3-4FBC-98B0-4F7DB59EC5AA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D831F247-9D8E-4666-AD74-A12130BF9A21}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D1BFC02A-4519-4C64-8411-E1C1597C9D47}] => (Allow) C:\Users\Irene\Downloads\uTorrent.exe
FirewallRules: [{CCF6D78D-8D84-4EB4-AC8C-F4EEE34C4C82}] => (Allow) C:\Users\Irene\Downloads\uTorrent.exe
FirewallRules: [TCP Query User{8455393F-00B3-4217-BC12-BF082B52FE3E}C:\users\matt\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\matt\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{81BDF52F-8FE8-48F6-88CB-EB0FFB729FA7}C:\users\matt\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\matt\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{3B2214BD-D736-40F2-9951-734A0299E9DD}C:\users\matt\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\matt\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{D3DD0C8B-74AD-4348-A1BD-CEBBAAAAF630}C:\users\matt\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\matt\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{D3AABF91-13D6-43D2-8198-998B499C3C96}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6E28F97C-0EB7-424E-B388-13FD71E741FB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CBEF8889-3CF4-49AA-87BC-1DD4AEA00A05}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1FF9BD36-B637-40EC-A3C5-A243A59CFDC2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7334FB4B-CF6A-4323-BB6D-D82E846EAA44}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{494EA369-B789-48D1-A288-CA4FDF8086D7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
15-11-2015 03:01:11 Windows Update
16-11-2015 03:00:33 Windows Update
19-11-2015 03:00:24 Windows Update
22-11-2015 03:00:24 Windows Update
23-11-2015 03:01:25 Windows Update
24-11-2015 03:00:23 Windows Update
25-11-2015 03:00:22 Windows Update
27-11-2015 03:00:40 Windows Update
28-11-2015 03:00:34 Windows Update
30-11-2015 03:00:23 Windows Update
30-11-2015 19:23:08 Windows Update
01-12-2015 03:02:02 Windows Update
01-12-2015 19:21:44 Windows Update
02-12-2015 03:00:24 Windows Update
03-12-2015 16:20:08 Windows Update
07-12-2015 03:00:22 Windows Update
08-12-2015 03:00:21 Windows Update
09-12-2015 03:00:22 Windows Update
10-12-2015 03:00:22 Windows Update
11-12-2015 03:00:25 Windows Update
12-12-2015 03:02:16 Windows Update
13-12-2015 03:00:10 Windows Update
14-12-2015 03:00:33 Windows Update
16-12-2015 03:00:25 Windows Update
21-12-2015 13:10:05 Windows Update
21-12-2015 14:10:14 Windows Update
22-12-2015 03:00:45 Windows Update
23-12-2015 03:00:32 Windows Update
25-12-2015 03:00:23 Windows Update
26-12-2015 03:00:33 Windows Update
27-12-2015 03:00:33 Windows Update
28-12-2015 03:01:00 Windows Update
28-12-2015 13:03:48 Windows Update
29-12-2015 03:00:39 Windows Update
30-12-2015 03:00:22 Windows Update
01-01-2016 03:00:11 Windows Update
02-01-2016 03:00:26 Windows Update
05-01-2016 14:27:21 Windows Update
06-01-2016 17:56:29 Windows Update
17-01-2016 03:01:37 Windows Update
17-01-2016 18:16:09 Windows Update
17-01-2016 18:53:55 Windows Update
17-01-2016 19:46:26 Windows Update
19-01-2016 03:01:10 Windows Update
21-01-2016 14:13:38 Windows Update
22-01-2016 03:00:52 Windows Update
23-01-2016 03:00:40 Windows Update
25-01-2016 03:00:34 Windows Update
28-01-2016 03:00:36 Windows Update
29-01-2016 14:43:15 Windows Update
30-01-2016 03:00:48 Windows Update
02-02-2016 08:18:16 Windows Update
03-02-2016 03:00:22 Windows Update
03-02-2016 11:11:17 Windows Update
04-02-2016 10:05:12 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/04/2016 10:08:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CNQMUPDT.EXE, version: 2.2.1.0, time stamp: 0x517a49ec
Faulting module name: CNMDWLD.DLL, version: 1.0.0.0, time stamp: 0x4f5eedc8
Exception code: 0xc0000005
Fault offset: 0x000023c6
Faulting process id: 0x1384
Faulting application start time: 0xCNQMUPDT.EXE0
Faulting application path: CNQMUPDT.EXE1
Faulting module path: CNQMUPDT.EXE2
Report Id: CNQMUPDT.EXE3
 
Error: (02/03/2016 02:03:42 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.
 
Program: Host Process for Windows Services
File: 
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: 00000000
Disk type: 0
 
Error: (02/03/2016 02:03:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: rasppp.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c972
Exception code: 0xc000001d
Fault offset: 0x00000000000300e4
Faulting process id: 0xf8
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (02/03/2016 10:46:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: rastapi.DLL_unloaded, version: 0.0.0.0, time stamp: 0x4a5be041
Exception code: 0xc0000005
Fault offset: 0x000007fef72200e4
Faulting process id: 0x100
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (02/02/2016 08:43:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15600
 
Error: (02/02/2016 08:43:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15600
 
Error: (02/02/2016 08:43:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/02/2016 08:36:41 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.
 
Error: (02/02/2016 08:32:52 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.
 
Error: (02/02/2016 08:32:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.
 
 
System errors:
=============
Error: (02/04/2016 10:20:32 AM) (Source: WMPNetworkSvc) (EventID: 14329) (User: )
Description: WMPNetworkSvc0x80070006
 
Error: (02/04/2016 10:18:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error: 
%%3
 
Error: (02/04/2016 10:16:18 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (02/04/2016 10:15:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/04/2016 10:15:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (02/04/2016 10:15:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/04/2016 10:15:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/04/2016 10:15:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Coupon Printer Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (02/04/2016 10:15:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/04/2016 10:15:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ II X2 245 Processor
Percentage of memory in use: 55%
Total physical RAM: 3838.98 MB
Available physical RAM: 1693.08 MB
Total Virtual: 7676.16 MB
Available Virtual: 4975.16 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:581.48 GB) (Free:348.79 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: D5F7CC89)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=581.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,545 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:14 AM

Posted 04 February 2016 - 01:55 PM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-514987822-505378600-3997710921-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HomePage: Default -> hxxp://www.delta-search.com/?affID=119520&babsrc=HP_ss&mntrId=0878550b00000000000000262d1eaac6
CHR StartupUrls: Default -> "hxxp://google.com/","hxxp://astromenda.com/?f=7&a=ast_wnzp01_14_43_ch&cd=2XzuyEtN2Y1L1QzutDtDtByCtB0DtC0E0A0A0CyCyDyDtD0BtN0D0Tzu0StCtDtBzztN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StD0Azy0E0E0D0A0EtGtC0AyEtCtGtBzyyC0FtG0F0FyCyBtGyCyE0B0D0AyEzz0CtCtBzyzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyBtAyDtA0D0E0EtGyCtCyCtBtGyEtB0DzytG0B0Ezz0EtGzzyBtD0E0ByEyEtDtCtBzyzy2Q&cr=1777531485&ir="
CHR Extension: (Avast SafePrice) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-12-01]
CHR Extension: (Avast Online Security) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-12-01]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-11-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-06]
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present and not required for testing purposes remove the old version(s) of Java using the Control Panel > Programs and Features applet.
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.17 - Oracle Corporation)

Please post the Fixlog.txt and let me know what problems persists.

#6 heavylow

heavylow
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 04 February 2016 - 02:40 PM

ok did what you said heres the results.
and i will update my java right now
what does all this mean?
am i infected with something? 
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by Matt (2016-02-04 11:32:17) Run:1
Running from C:\Users\Matt\Desktop\FRST
Loaded Profiles: Matt (Available Profiles: Matt & Irene & Liz)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers:
[DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-514987822-505378600-3997710921-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HomePage: Default -> hxxp://www.delta-search.com/?affID=119520&babsrc=HP_ss&mntrId=0878550b00000000000000262d1eaac6
CHR StartupUrls: Default ->
"hxxp://google.com/","hxxp://astromenda.com/?f=7&a=ast_wnzp01_14_43_ch&cd=2XzuyEtN2Y1L1QzutDtDtByCtB0DtC0E0A0A0CyCyDyDtD0BtN0D0Tzu0StCtDtBzztN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StD0Azy0E0E0D0A0EtGtC0AyEtCtGtBzyyC0FtG0F0FyCyBtGyCyE0B0D0AyEzz0CtCtBzyzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyBtAyDtA0D0E0EtGyCtCyCtBtGyEtB0DzytG0B0Ezz0EtGzzyBtD0E0ByEyEtDtCtBzyzy2Q&cr=1777531485&ir="
CHR Extension: (Avast SafePrice) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-12-01]
CHR Extension: (Avast Online Security) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-12-01]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-11-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST
Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-06]
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => key removed successfully
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: => key not found. 
HKCR\CLSID\ShellIconOverlayIdentifiers: => key not found. 
[DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File => Error: No automatic fix found for this entry.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => key removed successfully
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => key removed successfully
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-514987822-505378600-3997710921-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
"hxxp://google.com/","hxxp://astromenda.com/?f=7&a=ast_wnzp01_14_43_ch&cd=2XzuyEtN2Y1L1QzutDtDtByCtB0DtC0E0A0A0CyCyDyDtD0BtN0D0Tzu0StCtDtBzztN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StD0Azy0E0E0D0A0EtGtC0AyEtCtGtBzyyC0FtG0F0FyCyBtGyCyE0B0D0AyEzz0CtCtBzyzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyBtAyDtA0D0E0EtGyCtCyCtBtGyEtB0DzytG0B0Ezz0EtGzzyBtD0E0ByEyEtDtCtBzyzy2Q&cr=1777531485&ir=" => Error: No automatic fix found for this entry.
C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => moved successfully
C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => key removed successfully
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-06] => Error: No automatic fix found for this entry.
AvastVBoxSvc => service could not remove
IntcAzAudAddService => service removed successfully
VBoxAswDrv => service could not remove
EmptyTemp: => 350.3 MB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-02-04 11:36:22)
 
"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx" => Could not move
 
==== End of Fixlog 11:36:23 ====


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,545 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:14 AM

Posted 06 February 2016 - 06:47 AM

Just a good cleanup of potentially unwanted entries.

Nothing to worry about.



If all is well.

To learn more about how to protect yourself while on the internet read this little
guide best security practices keep safe. http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,545 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:14 AM

Posted 12 February 2016 - 09:58 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users