Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-07-2015 Ran by don (administrator) on CATS on 10-07-2015 00:48:46 Running from C:\Users\don\Desktop Loaded Profiles: don (Available Profiles: don) Platform: Windows 8.1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe (DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe (Dell Inc.) C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe () C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Dell) C:\Program Files\Dell\Dell Data Services\DDSSvc.exe (Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe (Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Users\don\Downloads\adwcleaner_4.208.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-13] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] () HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-09] (Avast Software s.r.o.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-09-05] (Qualcomm®Atheros®) HKU\S-1-5-21-2764831399-1685386551-2369960238-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd) HKU\S-1-5-21-2764831399-1685386551-2369960238-1001\...\MountPoints2: {d93f8040-26b6-11e5-8262-7429af3f88c6} - "G:\TLBootstrap_WPP.exe" ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-09] (Avast Software s.r.o.) ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2764831399-1685386551-2369960238-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB SearchScopes: HKU\S-1-5-21-2764831399-1685386551-2369960238-1001 -> DefaultScope {BC0C5ABC-E009-4487-9EEA-C0B2D2A10362} URL = SearchScopes: HKU\S-1-5-21-2764831399-1685386551-2369960238-1001 -> {BC0C5ABC-E009-4487-9EEA-C0B2D2A10362} URL = BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-09] (Avast Software s.r.o.) BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-02-25] (Eyeo GmbH) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-09] (Avast Software s.r.o.) BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH) Tcpip\Parameters: [DhcpNameServer] 72.28.160.35 72.28.160.36 Tcpip\..\Interfaces\{985469BF-347A-4992-AE7D-CCA489265EE6}: [DhcpNameServer] 72.28.160.35 72.28.160.36 FireFox: ======== FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-07-10] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-07-10] (Google Inc.) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-09] Chrome: ======= CHR Profile: C:\Users\don\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\don\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-10] CHR Extension: (Google Docs) - C:\Users\don\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-10] CHR Extension: (Google Drive) - C:\Users\don\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-10] CHR Extension: (YouTube) - C:\Users\don\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-10] CHR Extension: (Adblock Plus) - C:\Users\don\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-10] CHR Extension: (Google Search) - C:\Users\don\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-10] CHR Extension: (Google Sheets) - C:\Users\don\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-10] CHR Extension: (Avast Online Security) - C:\Users\don\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-07-10] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\don\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-10] CHR Extension: (Google Wallet) - C:\Users\don\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-10] CHR Extension: (Gmail) - C:\Users\don\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-10] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-09] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-09-05] (Windows (R) Win 7 DDK provider) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-09] (Avast Software s.r.o.) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-07-09] (Avast Software s.r.o.) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-07-09] (Avast Software) R2 Dell Data Services; C:\Program Files\Dell\Dell Data Services\DDSSvc.exe [46792 2015-06-19] (Dell) R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [92528 2015-05-05] (Dell) S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [293440 2014-04-01] (Aviata, Inc.) S2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [148688 2014-07-22] (Dell Inc.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-10] (Dell Inc.) [File not signed] R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor) R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1921768 2014-07-03] (SoftThinks SAS) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2015-01-06] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-01-06] (Microsoft Corporation) R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] () R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-07-09] () R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-07-09] (Avast Software s.r.o.) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-07-09] (Avast Software s.r.o.) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449896 2015-07-09] (Avast Software s.r.o.) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-09] (Avast Software s.r.o.) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-07-09] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-07-09] (Avast Software s.r.o.) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-09] (Avast Software s.r.o.) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-07-09] (Avast Software s.r.o.) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-07-09] () R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-16] (Qualcomm Atheros Communications, Inc.) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-05] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-09] (Avast Software) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2015-01-06] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-10 00:41 - 2015-07-10 00:42 - 00000000 ____D C:\AdwCleaner 2015-07-10 00:41 - 2015-07-10 00:41 - 02248704 _____ C:\Users\don\Downloads\adwcleaner_4.208.exe 2015-07-10 00:24 - 2015-07-10 00:34 - 00005336 _____ C:\Windows\WindowsUpdate.log 2015-07-10 00:18 - 2015-07-10 00:18 - 00002778 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2015-07-10 00:18 - 2015-07-10 00:18 - 00000000 ____D C:\Program Files\CCleaner 2015-07-10 00:14 - 2015-07-10 00:18 - 00000000 ____D C:\ProgramData\HitmanPro 2015-07-10 00:14 - 2015-07-10 00:14 - 00000000 ____D C:\Program Files\HitmanPro 2015-07-10 00:13 - 2015-07-10 00:13 - 06565736 _____ (Piriform Ltd) C:\Users\don\Downloads\ccsetup507.exe 2015-07-10 00:12 - 2015-07-10 00:14 - 11032736 _____ (SurfRight B.V.) C:\Users\don\Downloads\HitmanPro_x64.exe 2015-07-10 00:08 - 2015-07-10 00:08 - 00002281 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-07-10 00:08 - 2015-07-10 00:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-07-10 00:06 - 2015-07-10 00:17 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-10 00:06 - 2015-07-10 00:17 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-10 00:06 - 2015-07-10 00:12 - 00003888 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-07-10 00:06 - 2015-07-10 00:12 - 00003652 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-07-10 00:06 - 2015-07-10 00:08 - 00000000 ____D C:\Users\don\AppData\Local\Google 2015-07-10 00:06 - 2015-07-10 00:07 - 00000000 ____D C:\Program Files (x86)\Google 2015-07-10 00:05 - 2015-07-10 00:06 - 00000000 ____D C:\Users\don\AppData\Local\Deployment 2015-07-10 00:05 - 2015-07-10 00:05 - 00000000 ____D C:\Users\don\AppData\Local\Apps\2.0 2015-07-10 00:03 - 2015-07-10 00:03 - 00000000 ___RD C:\Users\don\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2015-07-10 00:01 - 2015-07-10 00:01 - 00000126 _____ C:\Users\don\Desktop\New Text Document.txt 2015-07-09 23:53 - 2015-07-09 23:53 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2015-07-09 23:47 - 2015-07-09 23:47 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys 2015-07-09 23:47 - 2015-07-09 23:47 - 00000000 ____D C:\ProgramData\RogueKiller 2015-07-09 23:46 - 2015-07-09 23:46 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\don\Desktop\tdsskiller.exe 2015-07-09 23:45 - 2015-07-09 23:46 - 21971528 _____ C:\Users\don\Desktop\RogueKillerX64.exe 2015-07-09 23:44 - 2015-07-09 23:45 - 00002190 _____ C:\Users\don\Desktop\Rkill.txt 2015-07-09 23:43 - 2015-07-09 23:43 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\don\Desktop\rkill.com 2015-07-09 23:35 - 2015-07-10 00:48 - 00016208 _____ C:\Users\don\Desktop\FRST.txt 2015-07-09 23:35 - 2015-07-10 00:48 - 00000000 ____D C:\FRST 2015-07-09 23:35 - 2015-07-09 23:36 - 00024100 _____ C:\Users\don\Desktop\Addition.txt 2015-07-09 23:33 - 2015-07-09 23:33 - 02112512 _____ (Farbar) C:\Users\don\Desktop\FRST64.exe 2015-07-09 23:01 - 2015-07-09 23:12 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-07-09 23:01 - 2015-07-09 23:01 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-07-09 23:01 - 2015-07-09 23:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-07-09 23:01 - 2015-07-09 23:01 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-07-09 23:01 - 2015-07-09 23:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-07-09 23:01 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-07-09 23:01 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-07-09 23:01 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-07-09 22:47 - 2015-07-09 22:47 - 00001870 _____ C:\Users\don\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk 2015-07-09 22:33 - 2015-07-09 22:33 - 00000000 ____D C:\Program Files\Adblock Plus for IE 2015-07-09 20:27 - 2015-07-09 20:27 - 00000000 ___HD C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0} 2015-07-09 16:18 - 2015-07-09 16:18 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys 2015-07-09 16:18 - 2015-07-09 16:18 - 00449896 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswNdisFlt.sys 2015-07-09 16:18 - 2015-07-09 16:18 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys 2015-07-09 16:18 - 2015-07-09 16:18 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe 2015-07-09 16:18 - 2015-07-09 16:18 - 00272248 _____ C:\Windows\system32\Drivers\aswVmm.sys 2015-07-09 16:18 - 2015-07-09 16:18 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys 2015-07-09 16:18 - 2015-07-09 16:18 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys 2015-07-09 16:18 - 2015-07-09 16:18 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-07-09 16:18 - 2015-07-09 16:18 - 00065736 _____ C:\Windows\system32\Drivers\aswRvrt.sys 2015-07-09 16:18 - 2015-07-09 16:18 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr 2015-07-09 16:18 - 2015-07-09 16:18 - 00029168 _____ C:\Windows\system32\Drivers\aswHwid.sys 2015-07-09 16:18 - 2015-07-09 16:18 - 00028144 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswKbd.sys 2015-07-09 16:18 - 2015-07-09 16:18 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2015-07-09 16:18 - 2015-07-09 16:18 - 00002000 _____ C:\Users\Public\Desktop\Avast SafeZone.lnk 2015-07-09 16:18 - 2015-07-09 16:18 - 00001940 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk 2015-07-09 16:18 - 2015-07-09 16:18 - 00000000 ____D C:\Windows\SysWOW64\vbox 2015-07-09 16:18 - 2015-07-09 16:18 - 00000000 ____D C:\Windows\system32\vbox 2015-07-09 16:18 - 2015-07-09 16:18 - 00000000 ____D C:\Users\don\AppData\Roaming\AVAST Software 2015-07-09 16:18 - 2015-07-09 16:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-07-09 16:15 - 2015-07-09 16:15 - 00000000 ____D C:\Program Files\AVAST Software 2015-07-09 16:14 - 2015-07-09 16:14 - 00000000 ____D C:\ProgramData\AVAST Software 2015-07-09 16:06 - 2015-07-09 16:16 - 00000000 ____D C:\Users\don\AppData\Roaming\DropboxOEM 2015-07-09 16:01 - 2015-07-09 16:01 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf 2015-07-09 13:57 - 2015-07-09 13:57 - 00000000 ____D C:\Windows\System32\Tasks\Aviata 2015-07-09 13:48 - 2015-07-10 00:23 - 00000000 ____D C:\Users\don\AppData\Local\CrashDumps 2015-07-09 13:46 - 2014-08-13 15:19 - 00000113 ____H C:\DBAR_Ver.txt 2015-07-09 13:45 - 2015-07-09 13:46 - 00000000 ____D C:\ProgramData\softthinks 2015-07-09 13:45 - 2015-07-09 13:45 - 00000000 ____D C:\Users\don\AppData\Local\softthinks 2015-07-09 13:44 - 2015-07-10 00:08 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2764831399-1685386551-2369960238-1001 2015-07-09 13:44 - 2015-07-09 13:44 - 00000000 __SHD C:\Users\don\AppData\Local\EmieUserList 2015-07-09 13:44 - 2015-07-09 13:44 - 00000000 __SHD C:\Users\don\AppData\Local\EmieSiteList 2015-07-09 13:43 - 2015-07-10 00:03 - 00000000 ____D C:\Users\don\OneDrive 2015-07-09 13:43 - 2015-07-09 19:44 - 00003902 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{00C65CA8-EF4F-4473-961C-5F04F9827AFA} 2015-07-09 13:43 - 2015-07-09 13:43 - 00000000 ____D C:\Users\don\AppData\Local\GWX 2015-07-09 13:41 - 2015-07-09 13:41 - 00003972 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask 2015-07-09 13:41 - 2015-07-09 13:41 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask 2015-07-09 13:41 - 2015-07-09 13:41 - 00003184 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest 2015-07-09 13:41 - 2015-07-09 13:41 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery 2015-07-09 13:40 - 2015-07-09 17:58 - 00000000 ____D C:\Users\don\Documents\Bluetooth Folder 2015-07-09 13:40 - 2015-07-09 13:40 - 00000000 ____D C:\Users\don\AppData\Roaming\Intel Corporation 2015-07-09 13:40 - 2015-07-09 13:40 - 00000000 ____D C:\Users\don\AppData\Local\BMExplorer 2015-07-09 13:39 - 2015-07-09 13:40 - 00000000 ____D C:\Users\don\AppData\Local\PackageStaging 2015-07-09 13:39 - 2015-07-09 13:40 - 00000000 ____D C:\ProgramData\Atheros 2015-07-09 13:39 - 2015-07-09 13:39 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2015-07-09 13:39 - 2015-07-09 13:39 - 00000000 ____D C:\Users\don\AppData\Roaming\Atheros 2015-07-09 13:39 - 2015-07-09 13:39 - 00000000 ____D C:\Users\don\AppData\Local\Power2Go8 2015-07-09 13:39 - 2015-07-09 13:39 - 00000000 ____D C:\Users\don\AppData\Local\DropboxOEM 2015-07-09 13:39 - 2015-07-09 13:39 - 00000000 ____D C:\Users\don\AppData\Local\Aviata 2015-07-09 13:38 - 2015-07-09 14:16 - 00000000 ____D C:\Users\don\AppData\Local\Packages 2015-07-09 13:38 - 2015-07-09 13:38 - 00001448 _____ C:\Users\don\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-07-09 13:38 - 2015-07-09 13:38 - 00000000 ____D C:\Users\don\AppData\Roaming\Macromedia 2015-07-09 13:38 - 2015-07-09 13:38 - 00000000 ____D C:\Users\don\AppData\Roaming\Adobe 2015-07-09 13:38 - 2015-07-09 13:38 - 00000000 ____D C:\Users\don\AppData\Local\VirtualStore 2015-07-09 13:36 - 2015-07-10 00:05 - 00000000 ___SD C:\Windows\system32\GWX 2015-07-09 13:36 - 2015-07-09 13:36 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-07-09 13:35 - 2015-07-09 13:43 - 00000000 ____D C:\Users\don 2015-07-09 13:35 - 2015-07-09 13:35 - 00000020 ___SH C:\Users\don\ntuser.ini 2015-07-09 13:35 - 2015-06-27 07:52 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-07-09 13:35 - 2015-06-27 00:15 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-07-09 13:35 - 2015-06-26 23:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-07-09 13:35 - 2015-06-26 23:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-07-09 13:35 - 2015-06-26 22:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-07-09 13:35 - 2015-06-26 21:45 - 03702272 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-07-09 13:35 - 2015-06-26 21:35 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-07-09 13:35 - 2015-06-26 21:35 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-07-09 13:35 - 2015-06-26 21:32 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2015-07-09 13:35 - 2015-06-26 21:31 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-07-09 13:35 - 2015-06-26 21:30 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-07-09 13:35 - 2015-06-26 21:29 - 02229248 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-07-09 13:35 - 2015-06-26 21:12 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-07-09 13:35 - 2015-06-26 21:12 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-07-09 13:35 - 2015-06-26 21:10 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-07-09 13:35 - 2015-06-26 21:10 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-07-09 13:35 - 2015-06-02 13:47 - 02502928 _____ (Microsoft Corporation) C:\Windows\explorer.exe 2015-07-09 13:35 - 2015-06-02 13:47 - 02209080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe 2015-07-09 13:35 - 2015-06-02 13:47 - 00129120 _____ (Microsoft Corporation) C:\Windows\system32\RestoreOptIn.exe 2015-07-09 13:35 - 2015-06-02 13:47 - 00110576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RestoreOptIn.exe 2015-07-09 13:35 - 2015-01-06 16:12 - 00000000 ___RD C:\Users\don\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-07-09 13:35 - 2015-01-06 16:12 - 00000000 ___RD C:\Users\don\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-07-09 13:35 - 2014-03-18 05:54 - 00000369 _____ C:\Users\don\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2015-07-09 13:35 - 2014-03-18 05:54 - 00000369 _____ C:\Users\don\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2015-07-09 13:35 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\don\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-07-09 13:35 - 2013-08-22 11:36 - 00000000 ____D C:\Users\don\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-07-09 13:34 - 2015-03-13 21:51 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-07-09 13:34 - 2015-03-13 20:09 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll 2015-07-09 13:34 - 2014-10-18 02:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-10 05:33 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\rescache 2015-07-10 00:23 - 2015-01-06 15:51 - 00000000 ____D C:\Windows\Panther 2015-07-10 00:11 - 2015-01-06 16:48 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery 2015-07-10 00:09 - 2014-03-18 05:53 - 00865408 _____ C:\Windows\system32\PerfStringBackup.INI 2015-07-10 00:02 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-10 00:01 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-07-10 00:00 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sru 2015-07-09 16:05 - 2015-01-06 16:50 - 00000000 ____D C:\ProgramData\McAfee 2015-07-09 16:04 - 2013-08-22 11:36 - 00000000 ___HD C:\Windows\ELAMBKUP 2015-07-09 13:51 - 2015-01-06 16:54 - 00000000 ____D C:\Program Files\Dell 2015-07-09 13:48 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness 2015-07-09 13:41 - 2015-01-06 16:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2015-07-09 13:40 - 2015-01-06 16:47 - 00000000 ____D C:\ProgramData\PCDr 2015-07-09 13:38 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\ELAM 2015-07-09 13:36 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp 2015-07-09 13:36 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\AdvancedInstallers ==================== Files in the root of some directories ======= 2015-01-06 16:40 - 2015-01-06 16:40 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2015-01-06 16:39 - 2015-01-06 16:39 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log 2015-01-06 16:36 - 2015-01-06 16:37 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log 2015-01-06 16:37 - 2015-01-06 16:37 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log 2015-01-06 16:37 - 2015-01-06 16:39 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log 2015-01-06 16:36 - 2015-01-06 16:36 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Some files in TEMP: ==================== C:\Users\don\AppData\Local\Temp\dllnt_dump.dll C:\Users\don\AppData\Local\Temp\Quarantine.exe C:\Users\don\AppData\Local\Temp\sqlite3.dll C:\Users\don\AppData\Local\Temp\{4862DED0-DB51-458A-8047-7FE748EB6F90}.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-06 16:14 ==================== End of log ============================