Hi, I am having problems with a very slow working comp. Not able to access my own settings etc. Computor refuses to start at some times, when scans runs its being stopped, Avast is not working consistantly. Had a screenmessage after doing/running a health report on C: that said "Ghostprogram or virus?" then Avast run a scan without my command and it didnt find anything. I have more problems, but stop here, due to the risk my comp will shut down and this will be lost. Would appreciate some help pls. /Annie
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by Anki (administrator) on ANKI-DATOR (27-03-2016 16:00:30)
Running from C:\Users\Anki\Downloads
Loaded Profiles: Anki (Available Profiles: Anki)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: Svenska (Sverige)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPStart.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\mmc.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4669440 2007-07-06] (Realtek Semiconductor)
HKLM\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-08-17] (Synaptics, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-24] (AVAST Software)
HKU\S-1-5-21-826142902-2630971588-3216476343-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-826142902-2630971588-3216476343-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-826142902-2630971588-3216476343-1000\...\MountPoints2: {0331e905-2efc-11e4-929d-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-826142902-2630971588-3216476343-1000\...\MountPoints2: {10b3c8b9-a529-11e2-8aff-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-826142902-2630971588-3216476343-1000\...\MountPoints2: {26707a29-9374-11e4-9f7d-d06830659c88} - F:\AutoRun.exe
HKU\S-1-5-21-826142902-2630971588-3216476343-1000\...\MountPoints2: {5594d53d-a3c2-11e2-af50-000ae4cd0560} - F:\AutoRun.exe
HKU\S-1-5-21-826142902-2630971588-3216476343-1000\...\MountPoints2: {5594d5c5-a3c2-11e2-af50-000ae4cd0560} - F:\AutoRun.exe
HKU\S-1-5-21-826142902-2630971588-3216476343-1000\...\MountPoints2: {6693ab32-50d7-11e5-99c7-e85274ffa18b} - F:\AutoRun.exe
HKU\S-1-5-21-826142902-2630971588-3216476343-1000\...\MountPoints2: {72d48322-e080-11e3-9778-fa147064188b} - F:\AutoRun.exe
HKU\S-1-5-21-826142902-2630971588-3216476343-1000\...\MountPoints2: {7fcb1647-3b68-11e3-aca8-f5ab6bb7b087} - F:\AutoRun.exe
HKU\S-1-5-21-826142902-2630971588-3216476343-1000\...\MountPoints2: {a9e34a72-528c-11e5-b10c-a2b8f69270b1} - F:\AutoRun.exe
HKU\S-1-5-21-826142902-2630971588-3216476343-1000\...\MountPoints2: {b29af99c-a428-11e2-a096-000ae4cd0560} - F:\AutoRun.exe
HKU\S-1-5-21-826142902-2630971588-3216476343-1000\...\MountPoints2: {b7194fa0-91e6-11e4-8e3c-92848217748d} - F:\AutoRun.exe
HKU\S-1-5-21-826142902-2630971588-3216476343-1000\...\MountPoints2: {fa75f6e2-944e-11e4-9b1e-806e6f6e6963} - F:\AutoRun.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-03-24] (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{884DAE63-C386-4E68-A91A-89AF80653B46}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Internet Explorer:
==================
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-826142902-2630971588-3216476343-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-03-24] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-826142902-2630971588-3216476343-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
FireFox:
========
FF ProfilePath: C:\Users\Anki\AppData\Roaming\Mozilla\Firefox\Profiles\tphcomxb.default
FF DefaultSearchEngine: Bing
FF Plugin: @bankid.com/BankID säkerhetsprogram,version=5.1.3.2 -> C:\Program Files\BankID\npBispBrowser.dll [2014-04-09] (Finansiell ID-Teknik BID AB)
FF Plugin: @bankid.com/BankID säkerhetsprogram,version=5.1.4.3 -> C:\Program Files\BankID\npBispBrowser.dll [2014-04-09] (Finansiell ID-Teknik BID AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Extension: Avast Online Security - C:\Users\Anki\AppData\Roaming\Mozilla\Firefox\Profiles\tphcomxb.default\Extensions\wrc@avast.com.xpi [2016-03-24]
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-19] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-04-14] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-24]
Chrome:
=======
CHR Profile: C:\Users\Anki\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Dokument) - C:\Users\Anki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-24]
CHR Extension: (Google Drive) - C:\Users\Anki\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-24]
CHR Extension: (YouTube) - C:\Users\Anki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-24]
CHR Extension: (Google Dokument Offline) - C:\Users\Anki\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-24]
CHR Extension: (Avast Online Security) - C:\Users\Anki\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-03-24]
CHR Extension: (Betalning via Chrome Web Store) - C:\Users\Anki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-24]
CHR Extension: (Gmail) - C:\Users\Anki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-24]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-24]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-24] (AVAST Software)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [242256 2014-08-20] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [170000 2007-12-19] (AMD Technologies Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-03-24] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-03-27] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-03-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-03-24] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-03-24] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [816304 2016-03-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447848 2016-03-24] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [171608 2016-03-24] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [67088 2016-03-24] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221240 2016-03-24] (AVAST Software)
S4 JRAID; C:\Windows\system32\drivers\jraid.sys [76688 2008-04-03] (JMicron Technology Corp.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-03-27] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 rootrepeal; \??\C:\Windows\system32\drivers\rootrepeal.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-27 16:00 - 2016-03-27 16:02 - 00012527 _____ C:\Users\Anki\Downloads\FRST.txt
2016-03-27 15:59 - 2016-03-27 15:59 - 01725440 _____ (Farbar) C:\Users\Anki\Downloads\FRST.exe
2016-03-27 01:37 - 2016-03-27 01:37 - 00000902 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-03-27 01:37 - 2016-03-27 01:37 - 00000902 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-03-27 01:33 - 2016-03-27 01:31 - 00035096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-03-26 20:35 - 2016-03-26 20:40 - 00002198 _____ C:\Users\Anki\Desktop\Rkill.txt
2016-03-26 13:21 - 2016-03-26 13:21 - 00000000 ____D C:\fsctmp
2016-03-26 13:19 - 2016-03-26 13:21 - 00000000 ____D C:\$fsctmp
2016-03-24 22:57 - 2016-03-26 22:22 - 00000000 ____D C:\Program Files\GUM9378.tmp
2016-03-24 21:38 - 2016-03-24 21:11 - 00334280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-03-24 21:16 - 2016-03-24 21:16 - 00000000 ____D C:\Users\Anki\AppData\Roaming\AVAST Software
2016-03-24 21:15 - 2016-03-24 21:15 - 05207096 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online(2).exe
2016-03-24 21:15 - 2016-03-24 21:15 - 05207096 _____ (AVAST Software) C:\Users\Anki\Downloads\avast_free_antivirus_setup_online(2).exe
2016-03-24 21:13 - 2016-03-24 21:13 - 00001835 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-03-24 21:13 - 2016-03-24 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-03-24 21:12 - 2016-03-24 21:12 - 00816304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-03-24 21:12 - 2016-03-24 21:12 - 00447848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-03-24 21:12 - 2016-03-24 21:12 - 00221240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-03-24 21:12 - 2016-03-24 21:12 - 00091168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-03-24 21:12 - 2016-03-24 21:11 - 00171608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2016-03-24 21:12 - 2016-03-24 21:11 - 00067088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2016-03-24 21:12 - 2016-03-24 21:11 - 00064272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2016-03-24 21:12 - 2016-03-24 21:11 - 00058776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-03-24 21:12 - 2016-03-24 21:11 - 00032792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-03-24 21:11 - 2016-03-24 21:11 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-03-24 21:08 - 2016-03-27 01:26 - 00000000 ____D C:\Program Files\AVAST Software
2016-03-24 21:07 - 2016-03-24 21:07 - 05207096 _____ (AVAST Software) C:\Users\Anki\Downloads\avast_free_antivirus_setup_online(1).exe
2016-03-24 20:43 - 2016-03-24 20:43 - 00000364 _____ C:\Windows\Tasks\SafeZone scheduled Autoupdate 1458691937.job
2016-03-24 03:08 - 2016-03-24 03:08 - 00000000 _____ C:\Windows\system32\settings.dat
2016-03-24 00:23 - 2016-03-24 01:57 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2016-03-23 23:53 - 2016-03-23 23:53 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Anki\Downloads\rkill.exe
2016-03-23 23:33 - 2016-03-23 23:33 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Anki\Downloads\rkill.com
2016-03-23 23:24 - 2016-03-23 23:24 - 00000000 __RSH C:\MSDOS.SYS
2016-03-23 23:24 - 2016-03-23 23:24 - 00000000 __RSH C:\IO.SYS
2016-03-23 23:23 - 2016-03-23 23:24 - 00000347 _____ C:\Users\Anki\Downloads\EmsisoftAntiMalwareSetup_bc(1).exe
2016-03-23 23:01 - 2016-03-23 23:09 - 212514840 _____ (Emsisoft Ltd. ) C:\Users\Anki\Downloads\EmsisoftAntiMalwareSetup_bc.exe
2016-03-22 03:14 - 2016-03-22 03:14 - 00000000 __SHD C:\found.001
2016-03-21 04:11 - 2016-03-21 04:11 - 01529344 _____ C:\Users\Anki\Downloads\AdwCleaner(1).exe
2016-03-21 01:01 - 2016-03-21 01:02 - 00448512 _____ (OldTimer Tools) C:\Users\Anki\Downloads\TFC.exe
2016-03-19 00:32 - 2016-03-19 00:32 - 05207096 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2016-03-19 00:32 - 2016-03-19 00:32 - 05207096 _____ (AVAST Software) C:\Users\Anki\Downloads\avast_free_antivirus_setup_online.exe
2016-03-18 03:41 - 2016-03-18 03:41 - 164714926 _____ C:\Windows\MEMORY.DMP
2016-03-14 04:05 - 2016-03-14 04:05 - 00000000 ____D C:\7ef7e19dac6de15c4fd5241bda5350
2016-03-13 22:38 - 2016-02-09 02:17 - 01815552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-13 22:38 - 2016-02-09 02:15 - 12392960 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-13 22:38 - 2016-02-09 02:13 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-03-13 22:38 - 2016-02-09 02:12 - 09753600 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-13 22:38 - 2016-02-09 02:12 - 01140224 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-13 22:38 - 2016-02-09 02:11 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-13 22:38 - 2016-02-09 02:10 - 01804800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-13 22:38 - 2016-02-09 02:10 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-03-13 22:38 - 2016-02-09 02:10 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-13 22:38 - 2016-02-09 02:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-13 22:38 - 2016-02-09 02:10 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-03-13 22:38 - 2016-02-09 02:10 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-03-13 22:38 - 2016-02-09 02:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-03-13 22:38 - 2016-02-09 02:09 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-03-13 22:38 - 2016-02-09 02:09 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-13 22:38 - 2016-02-09 02:09 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-03-13 22:38 - 2016-02-09 02:09 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-03-13 22:38 - 2016-02-09 02:09 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-03-13 22:38 - 2016-02-09 02:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-03-13 22:38 - 2016-02-09 02:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-03-13 22:38 - 2016-02-09 02:09 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-03-13 22:38 - 2016-02-09 02:09 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2016-03-09 15:31 - 2016-03-20 15:21 - 00000000 ____D C:\Program Files\Mozilla Firefox
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-27 16:00 - 2015-03-24 20:58 - 00000000 ____D C:\FRST
2016-03-27 14:29 - 2008-04-10 10:20 - 01548536 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-27 14:29 - 2008-04-10 09:24 - 00649186 _____ C:\Windows\system32\perfh01D.dat
2016-03-27 14:29 - 2008-04-10 09:24 - 00142000 _____ C:\Windows\system32\perfc01D.dat
2016-03-27 14:29 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\inf
2016-03-27 14:27 - 2014-04-17 14:38 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-27 14:19 - 2014-03-19 10:18 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2016-03-27 14:19 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-27 14:19 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-27 14:19 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-27 01:22 - 2014-10-21 15:14 - 00000000 ____D C:\Program Files\Google
2016-03-26 22:22 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\spool
2016-03-26 22:22 - 2006-11-02 12:22 - 37748736 _____ C:\Windows\system32\config\system_previous
2016-03-26 22:22 - 2006-11-02 12:22 - 37486592 _____ C:\Windows\system32\config\software_previous
2016-03-26 22:13 - 2006-11-02 12:22 - 47448064 _____ C:\Windows\system32\config\components_previous
2016-03-26 22:13 - 2006-11-02 12:22 - 00057344 _____ C:\Windows\system32\config\sam_previous
2016-03-26 22:12 - 2006-11-02 12:22 - 00024576 _____ C:\Windows\system32\config\security_previous
2016-03-26 13:31 - 2013-04-13 00:44 - 00000000 ____D C:\Users\Anki
2016-03-26 04:34 - 2006-11-02 14:47 - 00009216 _____ C:\Windows\system32\umstartup.etl
2016-03-25 16:10 - 2006-11-02 14:47 - 00009216 _____ C:\Windows\system32\umstartup000.etl
2016-03-24 22:48 - 2014-10-21 15:14 - 00000000 ____D C:\Users\Anki\AppData\Local\Google
2016-03-24 22:24 - 2006-11-02 12:22 - 00212992 _____ C:\Windows\system32\config\default_previous
2016-03-24 21:16 - 2013-04-14 19:35 - 00001356 _____ C:\Users\Anki\AppData\Local\d3d9caps.dat
2016-03-24 21:08 - 2015-01-04 04:03 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-24 21:01 - 2013-04-14 19:34 - 08659392 _____ C:\Windows\ntbtlog.txt
2016-03-24 01:31 - 2015-01-02 00:42 - 00000905 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-24 01:31 - 2015-01-02 00:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-24 01:31 - 2014-06-17 20:15 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-03-23 09:38 - 2006-11-02 15:01 - 00032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-03-21 05:07 - 2015-11-21 23:09 - 00000000 ____D C:\AdwCleaner
2016-03-20 15:21 - 2015-07-07 23:48 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-03-18 05:38 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2016-03-18 00:38 - 2006-11-02 13:18 - 00000000 ____D C:\Program Files\Common Files\System
2016-03-18 00:38 - 2006-11-02 13:18 - 00000000 ____D C:\Program Files\Common Files\Services
2016-03-10 15:09 - 2015-01-02 00:42 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-10 15:08 - 2015-01-02 00:42 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-10 15:08 - 2015-01-02 00:42 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-08 03:45 - 2013-04-13 00:44 - 00000000 ____D C:\Users\Anki\AppData\Local\Adobe
==================== Files in the root of some directories =======
2013-04-13 00:48 - 2015-09-04 00:51 - 0000160 _____ () C:\Users\Anki\AppData\Roaming\addDefaultValueForDevicePathKey.reg
2013-11-05 01:18 - 2013-11-05 01:18 - 0024206 _____ () C:\Users\Anki\AppData\Roaming\UserTile.png
2013-04-14 19:35 - 2016-03-24 21:16 - 0001356 _____ () C:\Users\Anki\AppData\Local\d3d9caps.dat
2013-05-22 16:53 - 2013-05-22 16:53 - 0003584 _____ () C:\Users\Anki\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some files in TEMP:
====================
C:\Users\Anki\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-03-27 15:18
==================== End of FRST.txt ============================