Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

URL:Mal svchost.exe alerts from avast at startup [Solved]

Started by Fizzbotch , Jan 27 2015 02:21 PM

  • This topic is locked This topic is locked

#1
Fizzbotch
Posted 27 January 2015 - 02:21 PM

Fizzbotch

    Member

  • Member
  • PipPip
  • 12 posts

Hello!

 

I have seen some very similar threads relating to my issue, but there does not appear to be any universal solution that I can find - I would very much appreciate some help!

 

For about a week or so avast has indicated at start up that it has blocked an infection, usually about 10 which all appear to have the same details (although the URL details change at each start up). The most recent is as follows:

 

Infection blocked

Infection details:

URL: http://reddie.net/28...88113950706.dll

Infection: URL:Mal

Process: C:\Windows\System32\svchost.exe

 

I can usually manage to clean out any virus or malware with help found online/one of the trusty removal tools, however this one has me stumped! No threats detected by Malwarebytes or a thorough search with Avast.

 

Apart from the 10 or so alerts from avast at each start up, the only other symptom I have is that my PC occasional fails to start properly. I can tell that it is on as I can hear it and the light on the power button illuminates, however there is nothing displayed on my monitor and my keyboard and mouse do not light up. I understand that this may not be related, and to be honest I am not too concerned about answering this immediately - my real concern is the URL:Mal notifications.

 

I have just downloaded OTL and can post any logs if needed. From what I've read so far this forum seems really helpful, any advice which you can give would be much appreciated! :)

 

Many thanks,

Adam


  • 0

Advertisements

#2
Nevan
Posted 27 January 2015 - 02:46 PM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts

Hello, Fizzbotch. Welcome to Geeks to Go! My nickname is Nevan and I will be helping you getting your system back on its electronic feet.

Before we get started, please keep these things in mind:

  • Always read every part of my post carefully. If you don't, you may do something wrong and there could be more problems to solve.
  • If your security programs give you any warnings when using tools I asked you to, don't be afraid. Every tool I provide to you is 100% safe.
  • Only run tools that I ask you to. Some of them can be dangerous to your system as they have much power.
  • You should save or print my instructions. It is possible that we will be using Safe mode, which will cut you off from your internet connection and without access to them, you might be stuck.
  • Malware removal is a complicated process that takes multiple steps to be completed. Don't give up, be patient.
  • The tools we are going to use and your software may cause unwanted interactions. Because of that, I recommend you to make backups of any important files from your machine before proceeding as they might be lost.
  • I recommend you to stay with me until I tell you that we are done. It is important because when your system does not show any bad symptoms anymore it does not mean that it is 100% clean.
  • Your time to reply is limited. If you don't reply within 3 days, your topic will be closed and you will have to request it to be reopened by contacting one of Moderator group members with the link to this topic.
  • Every program I ask you to download should be saved to and run from desktop. If you don't know how to choose the direction of where a download is saved, check this site. You can also just copy these programs to your desktop manually and then run them from there.
  • Remember that the fixes I give you are only for your machine. Using it on other systems may (and probably will) cause problems.
  • Finally, if you have any questions or are unsure about something, just ask. I will not blame you for it. It is better to ask rather than regret it later.

Also, please note that I'm currently in training, so my answers to you will have to be checked first by an experienced helper before I can post them. This can lengthen the time between my answers to you, but in return you will have an extra person reviewing your log.

Let's get started :)

 
We won't use OTL. Instead, please, do the following scan and post the logs that you get.

FRST Scan

Download Farbar Recovery Scan Tool and save it to your Desktop. There are two different versions:

  • Click here to download the 32-bit version.
  • Click here to download the 64-bit version.

If you don't know which version you should use, download one of them and check if it's working or not. If it doesn't, download the second one. Once you have the right one, perform the instructions below.

  • Right click FRST.exe (or FRST64.exe) and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked and press the Scan button.
  • It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
  • Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.

 
Things that should appear in your next post:

  • FRST.txt log content
  • Addition.txt log content

  • 0

#3
Fizzbotch
Posted 27 January 2015 - 02:56 PM

Fizzbotch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Hello Nevan,

 

It's a pleasure to meet you! Thank you very much for your offer of help :) Please see below my FRST.txt - I will post the Addition.txt in my next post:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Adam (administrator) on POOP on 27-01-2015 20:53:31
Running from C:\Users\Adam\Downloads
Loaded Profiles: Adam (Available profiles: Adam)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\DLNA\DMR\AODMR.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
() C:\Program Files (x86)\ASUS\WebStorage\2.0.1.213\AsusWSWinService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.01\AsusFanControlService.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ASUSHOMECLOUD\MSSQL\Binn\sqlservr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\WiFi GO! Server.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
() C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\ASUSRelayWS.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
() C:\Program Files (x86)\Google\Update\Install\{1978D5A7-C4AD-4A00-B55B-ABAFA7F4D761}\40.0.2214.93_40.0.2214.91_chrome_updater.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\Installer\setup.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573208 2014-04-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 2014-04-15] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKU\S-1-5-21-2390616645-4016548355-1821386625-1001\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3128408 2014-03-13] (Disc Soft Ltd)
HKU\S-1-5-21-2390616645-4016548355-1821386625-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22058080 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-2390616645-4016548355-1821386625-1001\...\Run: [Spotify] => C:\Users\Adam\AppData\Roaming\Spotify\spotify.exe [6737976 2014-12-23] (Spotify Ltd)
HKU\S-1-5-21-2390616645-4016548355-1821386625-1001\...\Run: [Spotify Web Helper] => C:\Users\Adam\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-23] (Spotify Ltd)
HKU\S-1-5-21-2390616645-4016548355-1821386625-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-2390616645-4016548355-1821386625-1001\...\MountPoints2: {c94c3219-6dea-11e4-824e-806e6f6e6963} - "D:\Setup.exe" 
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.0.1.213\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.0.1.213\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.0.1.213\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-2390616645-4016548355-1821386625-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2390616645-4016548355-1821386625-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-gb/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\wzm1ja6v.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Ghostery - C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\wzm1ja6v.default\Extensions\[email protected] [2014-11-17]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-16]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://myhome.vi-view.com/?type=hp&ts=1419872850&from=cor&uid=SamsungXSSDX840XEVOX250GB_S1DBNSAF714080K
CHR StartupUrls: Default -> "hxxp://myhome.vi-view.com/?type=hp&ts=1419872850&from=cor&uid=SamsungXSSDX840XEVOX250GB_S1DBNSAF714080K"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-17]
CHR Extension: (Google Docs) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-17]
CHR Extension: (Google Drive) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-17]
CHR Extension: (YouTube) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-17]
CHR Extension: (Google Search) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-17]
CHR Extension: (Google Sheets) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-17]
CHR Extension: (Avast Online Security) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-17]
CHR Extension: (Google Wallet) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-17]
CHR Extension: (Gmail) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-17]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-16]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2014-01-28] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-24] ()
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.0.1.213\AsusWSWinService.exe [71680 2013-06-26] () [File not signed]
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.01\AsusFanControlService.exe [382776 2014-04-24] (ASUSTeK Computer Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-16] (AVAST Software)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240576 2013-10-06] (DTS, Inc)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-11] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.)
R2 MSSQL$ASUSHOMECLOUD; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ASUSHOMECLOUD\MSSQL\Binn\sqlservr.exe [43129288 2012-06-29] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-09] ()
S4 SQLAgent$ASUSHOMECLOUD; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ASUSHOMECLOUD\MSSQL\Binn\SQLAGENT.EXE [379848 2012-06-29] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-02-24] ()
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-16] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-16] ()
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-11-17] (Disc Soft Ltd)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [457496 2014-03-14] (Intel Corporation)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45112 2014-12-13] (LogMeIn Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39240 2015-01-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-09-05] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-09] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 XSplit_Dummy; C:\Windows\system32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
R3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-27 20:53 - 2015-01-27 20:53 - 00021525 _____ () C:\Users\Adam\Downloads\FRST.txt
2015-01-27 20:52 - 2015-01-27 20:53 - 00000000 ____D () C:\FRST
2015-01-27 20:50 - 2015-01-27 20:51 - 02129920 _____ (Farbar) C:\Users\Adam\Downloads\FRST64.exe
2015-01-27 20:27 - 2015-01-27 20:27 - 00000000 ____D () C:\Users\Adam\Documents\Jamie Knox
2015-01-27 19:46 - 2015-01-27 19:46 - 00091702 _____ () C:\Users\Adam\Downloads\Extras.Txt
2015-01-27 19:45 - 2015-01-27 19:45 - 00129342 _____ () C:\Users\Adam\Downloads\OTL.Txt
2015-01-27 19:42 - 2015-01-27 19:42 - 00602112 _____ (OldTimer Tools) C:\Users\Adam\Downloads\OTL.exe
2015-01-27 19:32 - 2015-01-27 19:32 - 00000348 _____ () C:\Windows\setupact.log
2015-01-27 19:32 - 2015-01-27 19:32 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-26 22:15 - 2015-01-27 20:48 - 00126594 _____ () C:\Windows\WindowsUpdate.log
2015-01-26 20:54 - 2015-01-26 20:54 - 00000000 ____D () C:\Users\Adam\Documents\CCleaner backup regi
2015-01-26 20:51 - 2015-01-26 20:51 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-26 20:51 - 2015-01-26 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-26 20:51 - 2015-01-26 20:51 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-26 20:50 - 2015-01-26 20:50 - 05325208 _____ (Piriform Ltd) C:\Users\Adam\Downloads\ccsetup502.exe
2015-01-26 20:37 - 2015-01-26 20:37 - 00001868 _____ () C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
2015-01-26 20:33 - 2015-01-26 20:34 - 02194432 _____ () C:\Users\Adam\Downloads\adwcleaner_4.109.exe
2015-01-25 22:30 - 2015-01-26 20:36 - 00000000 ____D () C:\AdwCleaner
2015-01-25 22:29 - 2015-01-25 22:29 - 02194432 _____ () C:\Users\Adam\Downloads\AdwCleaner.exe
2015-01-25 18:59 - 2015-01-25 19:00 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Adam\Downloads\tdsskiller.exe
2015-01-23 10:58 - 2015-01-09 22:27 - 00621200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-01-23 10:57 - 2015-01-13 04:15 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-01-23 10:57 - 2015-01-13 04:15 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-01-23 10:57 - 2015-01-10 08:07 - 32102544 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-01-23 10:57 - 2015-01-10 08:07 - 25459856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-01-23 10:57 - 2015-01-10 08:07 - 24765584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-01-23 10:57 - 2015-01-10 08:07 - 20465296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-01-23 10:57 - 2015-01-10 08:07 - 17250776 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-01-23 10:57 - 2015-01-10 08:07 - 13295552 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-01-23 10:57 - 2015-01-10 08:07 - 13210248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-01-23 10:57 - 2015-01-10 08:07 - 10774544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-01-23 10:57 - 2015-01-10 08:07 - 10714488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-01-23 10:57 - 2015-01-10 08:07 - 10274448 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-01-23 10:57 - 2015-01-10 08:07 - 03607184 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-01-23 10:57 - 2015-01-10 08:07 - 03245712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-01-23 10:57 - 2015-01-10 08:07 - 02902456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-01-23 10:57 - 2015-01-10 08:07 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434725.dll
2015-01-23 10:57 - 2015-01-10 08:07 - 01556808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434725.dll
2015-01-23 10:57 - 2015-01-10 08:07 - 00994712 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-01-23 10:57 - 2015-01-10 08:07 - 00969360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-01-23 10:57 - 2015-01-10 08:07 - 00942736 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-01-23 10:57 - 2015-01-10 08:07 - 00929424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-01-23 10:57 - 2015-01-10 08:07 - 00906384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-01-23 10:57 - 2015-01-10 08:07 - 00877488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-01-23 10:57 - 2015-01-10 08:07 - 00833864 _____ () C:\Windows\system32\nvmcumd.dll
2015-01-23 10:57 - 2015-01-10 08:07 - 00496456 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-01-23 10:57 - 2015-01-10 08:07 - 00399688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-01-23 10:57 - 2015-01-10 08:07 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-01-23 10:57 - 2015-01-10 08:07 - 00353040 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-01-23 10:57 - 2015-01-10 08:07 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-01-23 10:57 - 2015-01-10 08:07 - 00305320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-01-23 10:57 - 2015-01-10 08:07 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-01-23 10:57 - 2015-01-10 08:07 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-01-23 10:57 - 2015-01-10 08:07 - 00100496 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcaparm.dll
2015-01-23 10:57 - 2015-01-10 08:07 - 00039240 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvadarm.sys
2015-01-14 18:41 - 2014-12-19 06:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 18:41 - 2014-12-12 02:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 18:41 - 2014-12-12 00:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-14 18:41 - 2014-12-09 01:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 18:41 - 2014-12-08 19:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 18:41 - 2014-12-08 19:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-14 18:41 - 2014-12-08 19:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 18:41 - 2014-12-08 19:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 18:41 - 2014-12-08 19:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 18:41 - 2014-12-08 19:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 18:41 - 2014-12-08 19:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 18:41 - 2014-12-08 19:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 18:41 - 2014-12-06 03:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 18:41 - 2014-12-06 01:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 18:41 - 2014-12-06 01:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-14 18:41 - 2014-10-29 04:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-14 18:41 - 2014-10-29 04:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-14 18:41 - 2014-10-29 03:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-14 18:41 - 2014-10-29 03:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-14 18:41 - 2014-10-29 03:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-14 18:41 - 2014-10-29 03:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-14 18:41 - 2014-10-29 03:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-14 18:41 - 2014-10-29 03:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-14 18:41 - 2014-10-29 03:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-14 18:41 - 2014-10-29 03:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-14 18:41 - 2014-10-29 03:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-14 18:41 - 2014-10-29 02:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-14 18:41 - 2014-10-29 01:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-14 18:41 - 2014-10-29 01:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 18:41 - 2014-10-29 01:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-14 18:41 - 2014-10-29 01:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-04 17:12 - 2015-01-04 17:12 - 00000000 ____D () C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2015-01-04 12:25 - 2015-01-04 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories
2015-01-04 12:25 - 2015-01-04 12:25 - 00000000 ____D () C:\Program Files\Microsoft Xbox 360 Accessories
2015-01-03 13:21 - 2015-01-03 13:21 - 00000000 ____D () C:\Users\Adam\Documents\Telltale Games
2015-01-01 13:57 - 2015-01-01 13:57 - 00001175 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-01 13:57 - 2015-01-01 13:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-01 13:57 - 2015-01-01 13:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-01 13:55 - 2015-01-01 13:55 - 00244128 _____ () C:\Users\Adam\Downloads\Firefox Setup Stub 34.0.5.exe
2014-12-30 18:35 - 2014-12-30 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-30 18:19 - 2014-12-30 18:19 - 01166010 _____ (Igor Pavlov) C:\Users\Adam\Downloads\[Guru3D.com]-DDUv13542 (1).exe
2014-12-30 18:19 - 2014-12-15 18:37 - 00000000 ____D () C:\Users\Adam\Downloads\settings
2014-12-30 18:19 - 2014-12-15 14:49 - 01783808 _____ () C:\Users\Adam\Downloads\Display Driver Uninstaller.exe
2014-12-30 18:19 - 2014-12-15 14:49 - 00194048 _____ () C:\Users\Adam\Downloads\Display Driver Uninstaller.pdb
2014-12-29 17:06 - 2014-12-29 17:05 - 02143832 _____ () C:\Users\Adam\Downloads\speedfan [1].exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-27 20:53 - 2014-11-16 18:57 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-27 20:52 - 2014-11-22 14:18 - 00000000 ____D () C:\Users\Adam\AppData\Roaming\vlc
2015-01-27 20:35 - 2014-11-16 18:54 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-27 20:26 - 2014-11-20 21:11 - 00000000 ____D () C:\Users\Adam\AppData\Roaming\.minecraft
2015-01-27 20:18 - 2014-11-17 20:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-27 20:03 - 2014-11-16 23:54 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2390616645-4016548355-1821386625-1001
2015-01-27 20:03 - 2013-08-22 15:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-27 20:02 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\sru
2015-01-27 19:38 - 2014-03-18 15:26 - 00957496 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-27 19:34 - 2014-11-17 00:47 - 00006464 _____ () C:\Windows\SysWOW64\Gms.log
2015-01-27 19:32 - 2014-11-28 21:44 - 00000000 ____D () C:\Users\Adam\AppData\Local\LogMeIn Hamachi
2015-01-27 19:32 - 2014-11-26 20:19 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-27 19:32 - 2014-11-16 18:54 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-27 19:32 - 2013-08-22 14:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-26 22:36 - 2014-12-15 19:48 - 00000000 ____D () C:\Users\Adam\AppData\Roaming\TS3Client
2015-01-26 20:53 - 2014-11-16 23:46 - 00000000 ____D () C:\Windows\Panther
2015-01-26 20:48 - 2014-11-17 20:31 - 00000000 ____D () C:\Users\Adam\AppData\Local\Spotify
2015-01-26 20:48 - 2014-11-16 19:01 - 00000000 ____D () C:\Users\Adam\AppData\Roaming\Spotify
2015-01-26 20:39 - 2014-12-06 21:42 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-25 22:40 - 2014-12-06 21:42 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-25 20:16 - 2013-08-22 13:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-25 19:45 - 2014-11-17 00:11 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-25 19:45 - 2014-11-17 00:11 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-25 19:18 - 2014-11-17 20:25 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-24 20:20 - 2014-12-09 22:41 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 20:20 - 2014-12-09 22:41 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-23 11:24 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-23 10:58 - 2014-11-26 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-01-16 22:38 - 2014-11-19 22:39 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-16 22:36 - 2014-11-19 22:39 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-16 06:41 - 2014-11-26 20:19 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-01-16 06:41 - 2014-11-26 20:19 - 01514528 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-01-16 06:41 - 2014-11-26 20:19 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-01-16 06:41 - 2014-11-26 20:19 - 01278920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-01-13 04:15 - 2014-11-26 20:18 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-01-10 08:07 - 2014-11-26 20:18 - 18566296 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-01-10 08:07 - 2014-11-26 20:18 - 16009120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-01-10 08:07 - 2014-11-26 20:18 - 14115944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-01-10 08:07 - 2014-11-26 20:18 - 03298816 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-01-10 08:07 - 2014-11-26 20:18 - 01556808 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcvadgenco64.dll
2015-01-10 08:07 - 2014-11-26 20:18 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-01-09 23:30 - 2014-11-26 20:19 - 06860432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-01-09 23:30 - 2014-11-26 20:19 - 03517256 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-01-09 23:29 - 2014-11-26 20:19 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-01-09 23:29 - 2014-11-26 20:19 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-01-09 23:29 - 2014-11-26 20:19 - 00385352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-01-09 23:29 - 2014-11-26 20:19 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-01-09 19:47 - 2014-11-26 20:19 - 04173527 _____ () C:\Windows\system32\nvcoproc.bin
2015-01-09 19:10 - 2014-11-16 19:10 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-04 17:12 - 2014-11-22 11:07 - 00000000 ____D () C:\Users\Adam\Documents\My Games
2014-12-30 18:35 - 2014-12-06 21:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-29 16:43 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\Branding
 
==================== Files in the root of some directories =======
 
2014-12-24 23:04 - 2014-12-24 23:04 - 0000017 _____ () C:\Users\Adam\AppData\Local\resmon.resmoncfg
2014-11-17 00:37 - 2014-11-17 00:37 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some content of TEMP:
====================
C:\Users\Adam\AppData\Local\Temp\Quarantine.exe
C:\Users\Adam\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-23 11:23
 
==================== End Of Log ============================

  • 0

#4
Fizzbotch
Posted 27 January 2015 - 02:59 PM

Fizzbotch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by Adam at 2015-01-27 20:53:49
Running from C:\Users\Adam\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Age of Mythology: Extended Edition (HKLM-x32\...\Steam App 266840) (Version:  - SkyBox Labs)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Boot Setting (HKLM-x32\...\{7AAE9187-C24F-4073-A951-36C370E7A3A5}) (Version: 1.00.18 - ASUSTeK Computer Inc.)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.025 - ASUSTek Computer Inc.)
ASUS Xonar DG Audio (HKLM-x32\...\C-Media Oxygen HD Sound) (Version:  - )
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Banished (HKLM-x32\...\Steam App 242920) (Version:  - Shining Rock Software LLC)
Battlefield: Bad Company 2 (HKLM-x32\...\Steam App 24960) (Version:  - DICE)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Command and Conquer 3: Kane's Wrath (HKLM-x32\...\Steam App 24810) (Version:  - EA Los Angeles)
Command and Conquer 3: Tiberium Wars (HKLM-x32\...\Steam App 24790) (Version:  - EA Los Angeles)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CPUID ASUS CPU-Z 1.69 (HKLM\...\CPUID ASUS CPU-Z_is1) (Version: 1.69 - CPUID, Inc.)
Crusader Kings II (HKLM-x32\...\Steam App 203770) (Version:  - Paradox Development Studio)
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.5.0.0387 - Disc Soft Ltd)
Democracy 3 (HKLM-x32\...\Steam App 245470) (Version:  - Positech Games)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
EVGA PrecisionX 16 (HKLM-x32\...\Steam App 268850) (Version:  - EVGA)
Game of Thrones - A Telltale Games Series (HKLM-x32\...\Steam App 330840) (Version:  - Telltale Games)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\{DFE68F5B-7344-3954-A9E5-449AF9278FB4}) (Version: 66.19.16506 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Guns of Icarus Online (HKLM-x32\...\Steam App 209080) (Version:  - Muse Games)
Intel® Chipset Device Software (x32 Version: 10.0.14 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel® Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.3.1001 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021F0}) (Version: 7.0.210 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.291 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.291 - LogMeIn, Inc.) Hidden
Magic 2014  (HKLM-x32\...\Steam App 213850) (Version:  - Stainless Games)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Media Streamer (HKLM-x32\...\{B457E718-00CA-45C8-9F75-45D66F8DAFF6}) (Version: 2.00.11 - ASUSTeK Computer Inc.)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (HKLM-x32\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{79A2C6E8-C727-4D12-B4B3-19790C181DEA}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM-x32\...\{7419AE1A-D1A5-4B24-BD78-C7ABCC26016F}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 34.0.5 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-GB)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.25 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.25 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 347.25 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version:  - Sony Online Entertainment)
PlanetSide 2 (HKU\S-1-5-21-2390616645-4016548355-1821386625-1001\...\SOE-PlanetSide 2) (Version:  - Sony Online Entertainment)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.18.23036 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7233 - Realtek Semiconductor Corp.)
Remote GO! (HKLM-x32\...\{6B3D0AFB-AC76-402C-8C8C-6B065626B658}) (Version: 3.00.06 - ASUSTeK Computer Inc.)
RollerCoaster Tycoon 3: Platinum! (HKLM-x32\...\Steam App 2700) (Version:  - Frontier)
Rome: Total War (HKLM-x32\...\Steam App 4760) (Version:  - The Creative Assembly)
Sanctum (HKLM-x32\...\Steam App 91600) (Version:  - Coffee Stain Studios)
Sanctum 2 (HKLM-x32\...\Steam App 210770) (Version:  - Coffee Stain Studios)
Service Pack 2 for SQL Server 2008 R2 (KB2630458) (HKLM-x32\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Sins of a Solar Empire®: Rebellion (HKLM-x32\...\Steam App 204880) (Version:  - Ironclad Games)
Sins of a Solar Empire®: Trinity (HKLM-x32\...\Steam App 201290) (Version:  - Ironclad Games)
Skype™ 6.21 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.21.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2390616645-4016548355-1821386625-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
SQL Server 2008 R2 SP2 Common Files (x32 Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (x32 Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (x32 Version: 10.52.4000.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Star Trek Online (HKLM-x32\...\Steam App 9900) (Version:  - Cryptic Studios)
Star Wars - Battlefront II (HKLM-x32\...\Steam App 6060) (Version:  - Pandemic Studios)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tales from the Borderlands (HKLM-x32\...\Steam App 330830) (Version:  - Telltale Games)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.0.1.213 - ASUS Cloud Corporation)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}) (Version: 17.5.10562 - WinZip Computing, S.L. )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2390616645-4016548355-1821386625-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
 
==================== Restore Points  =========================
 
04-01-2015 12:24:50 Installed DirectX
11-01-2015 21:14:52 Scheduled Checkpoint
16-01-2015 22:36:21 Windows Update
23-01-2015 11:23:25 Windows Update
27-01-2015 20:03:42 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 13:25 - 2013-08-22 13:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {09C6FFB4-F1C7-4410-A226-00A29B010052} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2D8CC5B3-3513-4C22-993E-2DBBD80B3B67} - System32\Tasks\ASUS\ASUS WiFi GO! Server Execute => C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\WiFi GO! Server Launcher.exe [2014-01-22] (ASUSTeK Computer Inc.)
Task: {492AB462-A655-4E0F-904D-0900E63BC3C9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-16] (AVAST Software)
Task: {5C191115-21A2-4DBA-A74D-4A84C89F62D6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-16] (Microsoft Corporation)
Task: {61B92C84-6DE9-40FB-93C3-87D3C4087E0D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {8DCE2F49-F309-4F6F-BB74-7488FF6A3976} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-08-27] (ASUSTek Computer Inc.)
Task: {A18E89AF-90A6-487B-9840-23E92840C5D7} - System32\Tasks\ASUS\ASUS Media Streamer DMR => C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\DLNA\DMR\AODMR.exe [2014-04-07] ()
Task: {B1786DE0-BF69-4B49-9DC1-0A9704161299} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {B5688F26-FB64-49CB-9FD6-23F9E568346C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-16] (Google Inc.)
Task: {DC8636A4-B8EF-4CE2-BFB0-6C02A02059F2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-16] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-11-26 20:19 - 2015-01-09 23:29 - 00117392 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-11-17 00:06 - 2014-04-07 17:24 - 00295936 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\DLNA\DMR\AODMR.exe
2014-11-17 00:02 - 2014-01-28 03:16 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2014-11-17 00:03 - 2014-04-24 06:29 - 01360016 ____R () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
2013-06-26 06:54 - 2013-06-26 06:54 - 00071680 _____ () C:\Program Files (x86)\ASUS\WebStorage\2.0.1.213\AsusWSWinService.exe
2014-12-09 22:22 - 2014-12-09 22:22 - 00186048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2014-11-17 00:11 - 2014-01-22 10:35 - 00049976 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\ASUSRelayWS.exe
2015-01-27 20:05 - 2015-01-26 17:08 - 00875088 _____ () C:\Program Files (x86)\Google\Update\Install\{1978D5A7-C4AD-4A00-B55B-ABAFA7F4D761}\40.0.2214.93_40.0.2214.91_chrome_updater.exe
2015-01-26 20:31 - 2015-01-26 20:31 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012601\algo.dll
2015-01-27 19:32 - 2015-01-27 19:32 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012700\algo.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-17 00:02 - 2015-01-27 19:32 - 00033280 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2014-11-17 00:02 - 2014-01-28 03:16 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2014-11-17 00:11 - 2014-01-22 10:35 - 00339968 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\AudioProjection.dll
2014-11-17 00:11 - 2014-01-22 10:35 - 00176128 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\DLCapPP.dll
2014-11-17 00:11 - 2014-01-22 10:35 - 00067584 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\CoreAudioCap.dll
2014-11-17 00:11 - 2014-01-22 10:35 - 00425984 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\awiscale.DLL
2014-11-17 00:11 - 2014-01-22 10:35 - 00221184 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\JpegCD.DLL
2014-11-17 00:11 - 2014-01-22 10:36 - 02502656 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\xH264E.DLL
2014-11-17 00:11 - 2014-01-22 10:36 - 00475136 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\WiFiGO_HookKey.dll
2014-11-17 00:11 - 2014-01-22 10:34 - 00160256 _____ () C:\Program Files (x86)\InstallShield Installation Information\{6B3D0AFB-AC76-402C-8C8C-6B065626B658}\CloudAPI\CloudAPI.dll
2014-11-17 00:11 - 2014-01-22 10:36 - 00753664 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\WiMoveHelp.dll
2014-11-17 00:11 - 2014-01-22 10:35 - 00684032 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\PhoneCtrlAPI.dll
2014-11-16 19:10 - 2014-11-16 19:10 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-03-20 11:43 - 2014-03-20 11:43 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-01-25 18:33 - 2015-01-21 03:50 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libglesv2.dll
2015-01-25 18:33 - 2015-01-21 03:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libegl.dll
2015-01-25 18:33 - 2015-01-21 03:50 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-2390616645-4016548355-1821386625-1001\...\StartupApproved\Run: => "DAEMON Tools Pro Agent"
HKU\S-1-5-21-2390616645-4016548355-1821386625-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2390616645-4016548355-1821386625-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2390616645-4016548355-1821386625-1001\...\StartupApproved\Run: => "Spotify Web Helper"
 
========================= Accounts: ==========================
 
Adam (S-1-5-21-2390616645-4016548355-1821386625-1001 - Administrator - Enabled) => C:\Users\Adam
Administrator (S-1-5-21-2390616645-4016548355-1821386625-500 - Administrator - Disabled)
Guest (S-1-5-21-2390616645-4016548355-1821386625-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Multimedia Audio Controller
Description: Multimedia Audio Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/27/2015 08:03:57 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.
 
Error: (01/27/2015 08:03:45 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: SQLAgent$ASUSHOMECLOUD8
 
Error: (01/27/2015 08:03:45 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: MSSQL$ASUSHOMECLOUD8
 
Error: (01/25/2015 08:46:38 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.
 
Error: (01/25/2015 08:46:05 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.
 
Error: (01/25/2015 08:45:51 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: SQLAgent$ASUSHOMECLOUD8
 
Error: (01/25/2015 08:45:51 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: MSSQL$ASUSHOMECLOUD8
 
Error: (01/25/2015 08:45:50 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume System Reserved was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)
 
Error: (01/23/2015 11:23:37 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.
 
Error: (01/23/2015 11:23:32 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: SQLAgent$ASUSHOMECLOUD8
 
 
System errors:
=============
Error: (01/27/2015 08:04:42 PM) (Source: DCOM) (EventID: 10010) (User: poop)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (01/27/2015 08:04:12 PM) (Source: DCOM) (EventID: 10010) (User: poop)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (01/25/2015 10:31:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).
 
Error: (01/25/2015 10:31:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
 
Error: (01/25/2015 10:31:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (01/25/2015 10:31:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (01/25/2015 10:31:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly. It has done this 1 time(s).
 
Error: (01/25/2015 10:31:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
 
Error: (01/25/2015 10:31:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SQL Server Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (01/25/2015 10:31:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Razer Game Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (01/27/2015 08:03:57 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2
 
Error: (01/27/2015 08:03:45 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: SQLAgent$ASUSHOMECLOUD8
 
Error: (01/27/2015 08:03:45 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: MSSQL$ASUSHOMECLOUD8
 
Error: (01/25/2015 08:46:38 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2
 
Error: (01/25/2015 08:46:05 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2
 
Error: (01/25/2015 08:45:51 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: SQLAgent$ASUSHOMECLOUD8
 
Error: (01/25/2015 08:45:51 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: MSSQL$ASUSHOMECLOUD8
 
Error: (01/25/2015 08:45:50 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System ReservedThe parameter is incorrect. (0x80070057)
 
Error: (01/23/2015 11:23:37 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2
 
Error: (01/23/2015 11:23:32 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: SQLAgent$ASUSHOMECLOUD8
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-11-20 20:46:34.765
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Adam\AppData\Local\Temp\{EC3F0E55-4C66-4F46-A274-A30BA8753BC7}\{0DFF25A2-876E-4E5D-B97A-78BD400AE68B}\cmiainfo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-11-17 20:18:25.703
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Adam\AppData\Local\Temp\{9DB719EC-294F-485A-9EAB-1EEF2D46DDBA}\{0DFF25A2-876E-4E5D-B97A-78BD400AE68B}\cmiainfo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-11-17 20:13:41.692
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Adam\AppData\Local\Temp\{ADD0436D-28C4-4920-AA37-79AD1C8ADA78}\{0DFF25A2-876E-4E5D-B97A-78BD400AE68B}\cmiainfo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4690 CPU @ 3.50GHz
Percentage of memory in use: 23%
Total physical RAM: 8135.06 MB
Available physical RAM: 6201.27 MB
Total Pagefile: 9415.06 MB
Available Pagefile: 7339.42 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.54 GB) (Free:192.09 GB) NTFS
Drive d: (Xbox360_1_2) (CDROM) (Total:0.1 GB) (Free:0 GB) CDFS
Drive f: (Hard Drvie Storage) (Fixed) (Total:878.91 GB) (Free:748.6 GB) NTFS
Drive g: (Backup HDD) (Fixed) (Total:52.6 GB) (Free:52.44 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: C69A88EA)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 97655DCB)
Partition 1: (Not Active) - (Size=878.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=52.6 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#5
Fizzbotch
Posted 27 January 2015 - 03:14 PM

Fizzbotch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Hi Nevan,

 

Sorry I didn't run FRST from desktop, just from my downloads folder. Please let me know if its an issue and I can run the scans again.

 

Many thanks!

Adam


  • 0

#6
Nevan
Posted 27 January 2015 - 03:20 PM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts

It's okay right now. Just remember to move it to Desktop.

 

I'm having a look at the logs right now.


  • 0

#7
Nevan
Posted 27 January 2015 - 04:03 PM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello again, Fizzbotch.

Please, do the following fix and tell me if you still have any problems with your computer.

FRST Fix
  • Download attached fixlist.txt file to your desktop.
    Attached File  fixlist.txt   1.12KB   544 downloads
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Right click FRST64.exe on your desktop and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
    NOTE: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
Things that should appear in your next post:
  • Fixlog.txt log content
  • Please tell me if you still have any problems with your computer

  • 0

#8
Fizzbotch
Posted 27 January 2015 - 04:23 PM

Fizzbotch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Hello again Nevan!

Thank you very much, I ran the fix and after rebooting I have not received the notifications as yet. Below is the fix log as requested:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
Ran by Adam at 2015-01-27 22:17:52 Run:1
Running from C:\Users\Adam\Desktop
Loaded Profiles: Adam (Available profiles: Adam)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2390616645-4016548355-1821386625-1001\...\MountPoints2: {c94c3219-6dea-11e4-824e-806e6f6e6963} - "D:\Setup.exe" 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR HomePage: Default -> hxxp://myhome.vi-view.com/?type=hp&ts=1419872850&from=cor&uid=SamsungXSSDX840XEVOX250GB_S1DBNSAF714080K
CHR StartupUrls: Default -> "hxxp://myhome.vi-view.com/?type=hp&ts=1419872850&from=cor&uid=SamsungXSSDX840XEVOX250GB_S1DBNSAF714080K"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKU\S-1-5-21-2390616645-4016548355-1821386625-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c94c3219-6dea-11e4-824e-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{c94c3219-6dea-11e4-824e-806e6f6e6963} => Key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
{549ACD95-1235-4798-B004-6ED20ABBC76C} canceled.
{5990B1B8-CB0D-4A6E-9B06-5DA1AAEAB270} canceled.
2 out of 2 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => Removed 280.6 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 22:18:13 ====
 
 
All looks good so far, I'm very happy!
 
Adam

  • 0

#9
Nevan
Posted 28 January 2015 - 08:40 AM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, Fizzbotch.

I'm glad to hear that it's been alright so far. Remember to tell me if anything else happens.

We'll do some checks to make sure that we get rid of anything that we can see.

 
Step #1
Uninstall programs

Go to Start Menu>Control Panel>Programs>Uninstall a program (or Control Panel>Programs and Features if using icon view) and remove the following programs:
  • Java 7 Update 21
  • Java 7 Update 51
  • Java 8 Update 25 (64-bit)
  • Java 8 Update 25
 
Step #2
Junkware Removal Tool
  • Download Junkware Removal Tool to your Desktop
  • Close any open windows
  • Disable your Antivirus program
  • Double click JRT.exe on your desktop to run it
  • Click any button to start the scan
  • Wait for Junkware Removal Tool to finish the scan
  • When the scan is finished, JRT.txt will be saved to your desktop and it will automatically open
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
Step #3
AdwCleaner
  • Close any open windows
  • Double click AdwCleaner.exe on your desktop to run it
  • Click the OvD9RYN.png button
  • Wait for AdwCleaner to finish the scan
  • When the scan is finished, there will be "Pending. Please uncheck elements you don't want to remove" message. Leave everything as it is and click p2tBmrU.png button.
  • When the cleaning is finished, the program will ask you to reboot the system. Please do so.
  • Once your machine has rebooted, a Notepad window will be opened. If it won't, you can find it in C:\AdwCleaner. The report will be saved as AdwCleaner[S0].txt.
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
Remember to enable your Antivirus program once you're done!

 
Things that should appear in your next post:
  • JRT.txt log content
  • AdwCleaner[S0].txt log content

  • 0

#10
Fizzbotch
Posted 28 January 2015 - 04:20 PM

Fizzbotch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Hello Nevan,

 

I ran both scans and have the reports as follows:

 

JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 x64
Ran by Adam on 28/01/2015 at 21:52:01.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28/01/2015 at 22:13:52.95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
AdwCleaner:
 
# AdwCleaner v4.109 - Report created 28/01/2015 at 22:16:08
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : Adam - POOP
# Running from : C:\Users\Adam\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Mozilla Firefox v35.0 (x86 en-GB)
 
 
-\\ Google Chrome v40.0.2214.91
 
[C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1419872850&from=cor&uid=SamsungXSSDX840XEVOX250GB_S1DBNSAF714080K&q={searchTerms}
[C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1419872850&from=cor&uid=SamsungXSSDX840XEVOX250GB_S1DBNSAF714080K&q={searchTerms}
[C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1419872850&from=cor&uid=SamsungXSSDX840XEVOX250GB_S1DBNSAF714080K&q={searchTerms}
[C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1419872850&from=cor&uid=SamsungXSSDX840XEVOX250GB_S1DBNSAF714080K&q={searchTerms}
[C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [2573 octets] - [25/01/2015 22:30:10]
AdwCleaner[R1].txt - [880 octets] - [25/01/2015 22:33:48]
AdwCleaner[R2].txt - [1981 octets] - [26/01/2015 20:34:43]
AdwCleaner[R3].txt - [2093 octets] - [28/01/2015 22:14:35]
AdwCleaner[S0].txt - [2633 octets] - [25/01/2015 22:31:58]
AdwCleaner[S1].txt - [2052 octets] - [26/01/2015 20:36:26]
AdwCleaner[S2].txt - [2024 octets] - [28/01/2015 22:16:08]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2084 octets] ##########
 
 
 
Still no sign of the infection pop ups! :)
 
Many thanks Nevan, please let me know if I need to do anything else.
 
Adam

  • 0

Advertisements

#11
Nevan
Posted 29 January 2015 - 09:40 AM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, Fizzbotch.

Let's do some final checks.

Step #1
Malwarebytes Anti-Malware

I can see that you currently have Malwarebytes Anti-Malware installed on your computer. We'll use it.
  • Launch Malwarebytes Anti-Malware
  • In Database version section, click Update Now
  • Once the update is done, click Settings>Detection and Protection
  • Make sure that all three boxes under Detection Options are checked
    oGHz2fO.png
  • Go back to Dashboard and click the big, green Scan Now button.
  • Wait for Malwarebytes Anti-Malware to finish the scan
  • If the program will detect anything, click the 4uwHOgV.png button. The program might want to reboot the system. Allow it it wants to.
  • Once the deletion is done (or after reboot), go to History and double click the last Scan Log.
  • Click the HVS7vK4.png button.
  • Paste (CTRL+V) the log into your next reply.
 
Step #2
ESET Online Scanner
  • Note: This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox
  • Disable your Antivirus program (click here if you don't know how to do this).
  • Visit ESET site
  • Click fxn8GTf.jpg
  • When using:
    • Internet Explorer:
      • Accept the Terms of Use and click Start
      • Allow the running of add-on
    • Other browsers:
      • Download esetsmartinstaller_enu.exe that you'll be given link to
      • Double click esetsmartinstaller_enu.exe
      • Allow the Terms of Use and click Start
  • Make sure that:
    • Enable detection of potentially unwanted applications is checked
    • In Advanced Settings: Remove found threats is unchecked. Scan archives, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked
    TcWwbLS.png
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan
  • When the scan is done, click Finish
  • A log.txt file will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
Remember to enable your Antivirus program once you're done!

 
Step #3
Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

 
Things that should appear in your next post:
  • Malwarebytes Anti-Malware log content
  • ESET Online Scanner log content
  • Checkup.txt log content

  • 0

#12
Fizzbotch
Posted 31 January 2015 - 05:40 AM

Fizzbotch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Hi Nevan,

 

Sorry for the delay! Here are the logs:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 29/01/2015
Scan Time: 20:11:27
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.29.10
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Adam
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 341389
Time Elapsed: 4 min, 44 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#13
Fizzbotch
Posted 31 January 2015 - 05:41 AM

Fizzbotch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
ESET:
 
C:\Users\Adam\Downloads\ccsetup502.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\Installer\da46.msi a variant of Win32/Systweak.L potentially unwanted application

  • 0

#14
Fizzbotch
Posted 31 January 2015 - 05:41 AM

Fizzbotch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Security check:

 

 Results of screen317's Security Check version 0.99.95  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 31  
 Java version 32-bit out of Date! 
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.296  
 Adobe Reader 10.1.3 Adobe Reader out of Date!  
 Mozilla Firefox (35.0) 
 Google Chrome (39.0.2171.99) 
 Google Chrome (40.0.2214.91) 
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 

  • 0

#15
Nevan
Posted 31 January 2015 - 10:25 AM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, Fizzbotch.

Lets do some final corrections.

Step #1
FRST Fix
  • Download attached fixlist.txt file to your desktop.
    Attached File  fixlist.txt   135bytes   258 downloads
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Right click FRST64.exe on your desktop and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
    NOTE: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
Step #2
Updating the programs

Your Adobe Reader is outdated. Visit this site to update it.
  • Warning!: Make sure to uncheck Optional offer box when downloading Adobe products or you will install an adware on your computer.
 
Your Java version is too old. Keeping Java updated is very important as well.
  • WARNING!: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java.
    Read this article.
    I would recommend that you completely uninstall Java unless you need it to run an important software.
    In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)
If you still want to keep Java
  • Click the Start button
  • Click Control Panel
  • Double Click Java - Looks like a coffee cup. You may have to switch to Large icons view on the upper right of the Control Panel to see it.
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed
  • Warning!: Make sure to uncheck Optional offer box when downloading Java or you will install an adware on your computer.
 
Step #3
FRST Check
  • Right click FRST64.exe and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked and press the Scan button.
  • It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
  • Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.
 
Things that should appear in your next post:
  • Fixlog.txt log content
  • FRST.txt log content
  • Addition log content
  • Please tell me if you have successfully updated Java and Adobe Reader.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP