Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unable to complete removal of malware [Solved]


  • This topic is locked This topic is locked

#16
charles.actuary

charles.actuary

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts
Here's the log.

I'm afraid that the shopperz folder and its contents are still there.

Charles



All processes killed
========== FILES ==========
Folder move failed. C:\Program Files\shopperz scheduled to be moved on reboot.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Franny
->Temp folder emptied: 98685683 bytes
->Temporary Internet Files folder emptied: 20413326 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 943341869 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,013.00 mb

Restore point Set: OTM Restore Point

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Franny
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 02062015_172703

Files moved on Reboot...
Folder move failed. C:\Program Files\shopperz scheduled to be moved on reboot.
File C:\Users\Franny\AppData\Local\Temp\~DFA0276B8404193885.TMP not found!
C:\Users\Franny\AppData\Local\Microsoft\Windows\INetCache\Low\IE\HE13NTW3\PRmiXeptR36kaC0GEAetxjqR_3kx9_hJXbbyU8S6IN0[1].woff moved successfully.
C:\Users\Franny\AppData\Local\Microsoft\Windows\INetCache\Low\IE\10T5DUUH\347034-unable-to-complete-removal-of-malware[1].htm moved successfully.
C:\Users\Franny\AppData\Local\Microsoft\Windows\INetCache\Low\IE\10T5DUUH\cJZKeOuBrn4kERxqtaUH3T8E0i7KZn-EPnyo3HZu7kw[1].woff moved successfully.
C:\Users\Franny\AppData\Local\Microsoft\Windows\INetCache\Low\IE\10T5DUUH\k3k702ZOKiLJc3WVjuplzHhCUOGz7vYGh680lGh-uXM[1].woff moved successfully.
C:\Users\Franny\AppData\Local\Microsoft\Windows\INetCache\Low\IE\10T5DUUH\xjAJXh38I15wypJXxuGMBobN6UDyHWBl620a-IRfuBk[1].woff moved successfully.
C:\Users\Franny\AppData\Local\Microsoft\Windows\INetCache\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
C:\Users\Franny\AppData\Local\Microsoft\Windows\INetCache\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Franny\AppData\Local\Microsoft\Windows\INetCache\Low\SuggestedSites.dat moved successfully.
C:\Users\Franny\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File C:\Windows\temp\7zS305E.tmp\AcerOpenPlatformSetup.exe not found!

Registry entries deleted on Reboot...
  • 0

Advertisements


#17
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Please download this registry fix to your desktop http://www.eightforu...ontext_menu.reg
Right click the file and select merge
Accept the several warnings that windows issues
Once done go to explorer and right click C:\Program Files\shopperz
From the menu select "Take Ownership"
Untitled.jpg
A black box will now open and the commands will run as you take ownership of the folder
Please let me know if it has your username as owner (example below)

Capture.JPG

If it does then right click C:\Program Files\shopperz and select delete
  • 0

#18
charles.actuary

charles.actuary

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts

No improvement I'm afraid.  When I tried to take ownership, the black command prompt screen flashed up for a fraction of a second before being closed down again, so I couldn't see whether my username was showing up as owner.  I tried deleting the folder anyway but again got the bogus folder access refusal message.


  • 0

#19
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
This is proving a pain in the butt, as we are using windows 8.1 I can't use the big hammer on it

However there is an old tool that I sometimes use, it has now been updated for 8.1

I am just going to test it on my system to be safe. I will post back in a bit if it works :)
  • 0

#20
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Download Moveonboot to your desktop

Install the programme and run on completion

When the programme runs click the Boot Actions Wizard (top left)
Ok the next page and the main dialogue will open
In the boot action box, using the drop down arrows, select Delete and Folder
In the configuration section click the three dots at the right and navigate to "C:\Program Files\shopperz " and OK that
Then place a tick in Restart Windows (immediately)
moveonboot.jpg

Ensure all other programmes are closed
Press Finish
The system will now reboot
After the reboot could you confirm that the folder has gone
  • 0

#21
charles.actuary

charles.actuary

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts

I'm afraid it's still there.


  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK to delete move on boot just remove the folder form programme files

We will now try this method

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
S2 csrcc; C:\Program Files\shopperz\csrcc.exe [1449352 2015-01-26] () [File not signed]
C:\Program Files\shopperz
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#23
charles.actuary

charles.actuary

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts

Still there, sorry.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-02-2015
Ran by Franny at 2015-02-07 17:10:58 Run:3
Running from C:\Users\Franny\Desktop
Loaded Profiles: Franny (Available profiles: Franny)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
S2 csrcc; C:\Program Files\shopperz\csrcc.exe [1449352 2015-01-26] () [File not signed]
C:\Program Files\shopperz
EmptyTemp:
CMD: bitsadmin /reset /allusers

*****************

Restore point was successfully created.
csrcc => Error deleting Service

"C:\Program Files\shopperz" directory move:

Could not move "C:\Program Files\shopperz\csrcc.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files\shopperz\garrus.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\shopperz\grunt.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files\shopperz\kasumi32.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\shopperz\kasumi64.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\shopperz\krios.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\shopperz\krios64.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\shopperz\liara.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\shopperz\liara64.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\shopperz\mseff32.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\shopperz\nfregdrv64.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files\shopperz\nseven.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files\shopperz\prc64.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files\shopperz\prexec.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files\shopperz\spdata.dat" => Scheduled to move on reboot.
Could not move "C:\Program Files\shopperz\tree.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\shopperz\tsoni.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\shopperz\tsoni64.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\shopperz\unins000.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files\shopperz\wrex64.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files\shopperz" directory. => Scheduled to move on reboot.

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{4828235A-4EE2-487E-9316-C3DBF0758746} canceled.
1 out of 1 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 1.7 GB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-02-07 17:13:09)<=

"C:\Program Files\shopperz\csrcc.exe" => File could not move.
"C:\Program Files\shopperz\garrus.dll" => File could not move.
"C:\Program Files\shopperz\grunt.exe" => File could not move.
"C:\Program Files\shopperz\kasumi32.dll" => File could not move.
"C:\Program Files\shopperz\kasumi64.dll" => File could not move.
"C:\Program Files\shopperz\krios.dll" => File could not move.
"C:\Program Files\shopperz\krios64.dll" => File could not move.
"C:\Program Files\shopperz\liara.dll" => File could not move.
"C:\Program Files\shopperz\liara64.dll" => File could not move.
"C:\Program Files\shopperz\mseff32.dll" => File could not move.
"C:\Program Files\shopperz\nfregdrv64.exe" => File could not move.
"C:\Program Files\shopperz\nseven.exe" => File could not move.
"C:\Program Files\shopperz\prc64.exe" => File could not move.
"C:\Program Files\shopperz\prexec.exe" => File could not move.
"C:\Program Files\shopperz\spdata.dat" => File could not move.
"C:\Program Files\shopperz\tree.js" => File could not move.
"C:\Program Files\shopperz\tsoni.dll" => File could not move.
"C:\Program Files\shopperz\tsoni64.dll" => File could not move.
"C:\Program Files\shopperz\unins000.exe" => File could not move.
"C:\Program Files\shopperz\wrex64.exe" => File could not move.
"C:\Program Files\shopperz" => Directory could not move.

==== End of Fixlog 17:13:09 ====


  • 0

#24
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK this one is a bit of a pain

Download AVZ tool from here to your desktop
Unzip all files to a folder on your desktop
Open the folder and double click the AVZ icon avz.JPG
When the tool opens select "File" > "Standards scripts"
avz1.jpg

Place a tick in :

3. Advanced System Analysis with malware removal mode enabled
5. Update signature database


Then press "Execute selected scripts"
avz2.JPG

There will be several warnings, OK them all and the system will reboot on completion of the analysis

After the reboot look in the folder AVZ4 on your desktop
Open the LOG folder
Attach KL_syscure.zip to your next post
vz3.JPG
  • 0

#25
charles.actuary

charles.actuary

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts

Well that didn't quite run as expected.  After doing its scan, the program didn't restart the computer as expected.  I have attached a screenshot of the program as it was when it had finished running.

 

I then restarted the machine manually.  I have attached the zip file which didn't have the name suggested in the instructions, but was the nearest equivalent.

 

The shopperz folder is still there.  Do you want me to try running the program again?

 

Charles

Attached Thumbnails

  • Snip.PNG

Attached Files


  • 0

Advertisements


#26
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nope, AVZ detected it so I am going to use its boot function to stop the service and delete the blighter

FIX

Open AVZ as before
Click "File" > "Custom scripts"
avzfix1.png

A dialogue will open
Copy and paste the following script into the marked space then press run
avzfix2.JPG

Script for insertion :
 
begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
 DeleteService('csrcc');
 SetServiceStart('csrcc', 4);
 StopService('csrcc');
 BC_DeleteSvc('csrcc');
 DeleteFile('C:\Program Files\shopperz\csrcc.exe','32');
 BC_DeleteFile('C:\Program Files\shopperz\csrcc.exe');
BC_ImportDeletedList;
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
Ensure that you copy from begin to end
  • 0

#27
charles.actuary

charles.actuary

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts

Still there.  I have attached the zip file, though I'm not sure that it has changed from last time.

 

 

Attached Files


  • 0

#28
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

OK it looks like the only to remove this is from outside of windows

Do you have a USB drive of about 4GB in size ?

Download the following three programmes to your desktop :


1. Rufus

For 64bit systems
2. Windows 8.1 64bit RC.. I will PM the download link to you
3. Farbar Recovery Scan Tool x64

Insert the USB stick Then run Rufus
rufus.JPG
Select the ISO file on the desktop via the ISO icon.

Press Start Burn
RufusISO.JPG
Then copy FRST to the same USB

frstwintoboot.JPG



Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here


Windows 8 screen shots

When you reboot you will see this.

Select the language on this screen and keyboard on the next

select%20language8.JPG

Select the Trouble shoot option

Select%20option8.JPG

Select Advanced option

advanced8.JPG

Select Command prompt

command%208.JPG

At the command prompt type the following :

notepad.JPG

The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
frst.JPG
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


  • 0

#29
charles.actuary

charles.actuary

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts

Here you are.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014 (ATTENTION: ====> FRST version is 53 days old and could be outdated)
Ran by SYSTEM on MININT-JBHI54S on 08-02-2015 13:42:34
Running from d:\
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-09-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-14] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [62208 2014-12-19] (Acer Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-02] (AVAST Software)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [90880 2014-12-19] ()
HKLM-x32\...\Run: [ZoneAlarm Installer] => "C:\Program Files (x86)\CheckPoint\Install\Launcher.exe" "C:\Program Files (x86)\CheckPoint\Install\Install.exe" /r config /c "C:\Program Files (x86)\CheckPoint\Install\Install.xml" /w
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-06] ( (Qualcomm®Atheros®))
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\Default\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
HKU\Default User\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
HKU\Franny\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1104384 2014-03-21] (Spotify Ltd)
HKU\Franny\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
HKU\Franny\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)
HKU\Franny\...\Run: [EA Core] => C:\Program Files (x86)\Electronic Arts\EADM\Core.exe [3325952 2009-03-28] (Electronic Arts)
HKU\Franny\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-01-22] (SUPERAntiSpyware)
HKU\Franny\...\Run: [Google+ Auto Backup] => C:\Users\Franny\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3619096 2014-01-06] (Google Inc.)
HKU\Franny\...\RunOnce: [Application Restart #1] => C:\Users\Franny\AppData\Local\Pokki\Engine\HostAppService.exe [7843656 2014-12-31] (Pokki)
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-06] (Windows ® Win 7 DDK provider)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-02] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-02-02] (Avast Software)
S2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2713856 2014-12-19] (Acer Incorporated)
S2 csrcc; C:\Program Files\shopperz\csrcc.exe [1449352 2015-01-26] ()
S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated)
S2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-09-05] (ELAN Microelectronics Corp.)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-02] (Acer Incorporate)
S2 McAfee SiteAdvisor Service; C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR\MCSACORE.EXE [155368 2015-01-30] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-01] (Symantec Corporation)
S3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457768 2013-08-02] (Acer Incorporate)
S3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [448040 2013-08-02] (Acer Incorporate)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-02] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-02-02] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-02-02] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-02] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-02] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-02] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-02-02] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-02] ()
S3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
S1 bsdriver; C:\Windows\system32\drivers\bsdriver.sys [35320 2015-01-30] ()
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-06] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-02] (Malwarebytes Corporation)
S3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 utizmze5; C:\Windows\SysWOW64\Drivers\utizmze5.sys [7168 2015-02-07] ()
S2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-02-02] (Avast Software)
S1 vdizmze5; C:\Windows\SysWOW64\Drivers\vdizmze5.sys [13312 2015-02-07] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-08 05:31 - 2015-02-08 05:31 - 00000197 _____ () C:\Windows\System32\2015-02-08-13-31-09.046-AvastVBoxSVC.exe-2528.log
2015-02-07 14:16 - 2015-02-07 14:16 - 00000197 _____ () C:\Windows\System32\2015-02-07-22-16-27.098-AvastVBoxSVC.exe-2752.log
2015-02-07 14:13 - 2015-02-07 14:13 - 00013312 _____ () C:\Windows\SysWOW64\Drivers\vdizmze5.sys
2015-02-07 14:13 - 2015-02-07 14:13 - 00007168 _____ () C:\Windows\SysWOW64\Drivers\utizmze5.sys
2015-02-07 10:11 - 2015-02-07 10:11 - 00000197 _____ () C:\Windows\System32\2015-02-07-18-11-04.038-AvastVBoxSVC.exe-2892.log
2015-02-07 09:40 - 2015-02-07 09:40 - 00000000 ____D () C:\Users\Franny\Desktop\avz4
2015-02-07 09:39 - 2015-02-07 09:39 - 00000000 ____D () C:\Users\Franny\Desktop\Geeks
2015-02-07 09:38 - 2015-02-07 09:38 - 09370136 _____ () C:\Users\Franny\Desktop\avz4.zip
2015-02-07 09:15 - 2015-02-07 09:15 - 00000197 _____ () C:\Windows\System32\2015-02-07-17-15-01.057-AvastVBoxSVC.exe-2692.log
2015-02-06 14:32 - 2015-02-06 14:32 - 00000197 _____ () C:\Windows\System32\2015-02-06-22-32-11.085-AvastVBoxSVC.exe-2560.log
2015-02-06 14:20 - 2015-02-06 14:20 - 00000197 _____ () C:\Windows\System32\2015-02-06-22-20-49.091-AvastVBoxSVC.exe-2592.log
2015-02-06 14:15 - 2015-02-06 14:15 - 00007625 _____ () C:\Users\Franny\AppData\Local\Resmon.ResmonCfg
2015-02-06 14:04 - 2015-02-06 14:04 - 00000197 _____ () C:\Windows\System32\2015-02-06-22-04-03.017-AvastVBoxSVC.exe-2724.log
2015-02-06 13:58 - 2015-02-06 13:58 - 00000000 ____D () C:\Users\Franny\AppData\Roaming\EMCO
2015-02-06 13:55 - 2015-02-06 13:55 - 39893688 _____ (EMCO Software) C:\Users\Franny\Desktop\MoveOnBootSetup.exe
2015-02-06 10:45 - 2015-02-06 10:45 - 00002118 _____ () C:\Users\Franny\Desktop\Add_Take_Ownership_with_Pause_to_context_menu.reg
2015-02-06 10:44 - 2015-02-06 10:44 - 00000197 _____ () C:\Windows\System32\2015-02-06-18-44-29.069-AvastVBoxSVC.exe-2692.log
2015-02-06 09:30 - 2015-02-06 09:30 - 00000197 _____ () C:\Windows\System32\2015-02-06-17-30-29.092-AvastVBoxSVC.exe-2776.log
2015-02-06 09:27 - 2015-02-06 09:27 - 00000000 ____D () C:\_OTM
2015-02-06 09:23 - 2015-02-06 09:23 - 00522240 _____ (OldTimer Tools) C:\Users\Franny\Desktop\OTM.exe
2015-02-05 13:43 - 2015-02-05 13:45 - 264114073 _____ () C:\Users\Franny\Downloads\Wireless LAN_Atheros_10.0.0.276_W81x64W8x64_A.zip
2015-02-05 12:03 - 2015-02-05 12:03 - 00000197 _____ () C:\Windows\System32\2015-02-05-20-03-45.009-AvastVBoxSVC.exe-2628.log
2015-02-05 00:16 - 2015-02-07 09:10 - 00000000 ____D () C:\Users\Franny\Desktop\FRST-OlderVersion
2015-02-05 00:11 - 2015-02-05 00:11 - 00000000 ____D () C:\Users\Franny\Documents\Temp
2015-02-04 15:10 - 2015-02-04 15:10 - 00000197 _____ () C:\Windows\System32\2015-02-04-23-10-26.044-AvastVBoxSVC.exe-2584.log
2015-02-04 14:47 - 2015-02-04 14:47 - 00000197 _____ () C:\Windows\System32\2015-02-04-22-47-54.041-AvastVBoxSVC.exe-2628.log
2015-02-04 14:33 - 2015-02-04 14:34 - 00000197 _____ () C:\Windows\System32\2015-02-04-22-33-54.062-AvastVBoxSVC.exe-2528.log
2015-02-04 14:18 - 2015-02-04 14:19 - 00000197 _____ () C:\Windows\System32\2015-02-04-22-18-36.065-AvastVBoxSVC.exe-2472.log
2015-02-04 10:37 - 2015-02-04 10:32 - 00401920 _____ (Farbar) C:\Users\Franny\Desktop\MiniToolBox (1).exe
2015-02-03 14:22 - 2015-02-03 14:23 - 00000197 _____ () C:\Windows\System32\2015-02-03-22-22-57.067-AvastVBoxSVC.exe-3440.log
2015-02-03 14:03 - 2015-02-03 14:04 - 00000197 _____ () C:\Windows\System32\2015-02-03-22-03-08.092-AvastVBoxSVC.exe-2900.log
2015-02-03 13:57 - 2015-02-03 13:55 - 02194432 _____ () C:\Users\Franny\Desktop\AdwCleaner.exe
2015-02-03 12:33 - 2015-02-07 09:13 - 00000000 ____D () C:\FRST
2015-02-03 12:32 - 2015-02-07 09:10 - 02132992 _____ (Farbar) C:\Users\Franny\Desktop\FRST64.exe
2015-02-03 12:32 - 2015-02-03 12:32 - 00000197 _____ () C:\Windows\System32\2015-02-03-20-32-05.027-AvastVBoxSVC.exe-3368.log
2015-02-03 12:32 - 2015-02-03 12:29 - 05200384 _____ (AVAST Software) C:\Users\Franny\Desktop\aswmbr.exe
2015-02-03 12:04 - 2015-02-03 12:06 - 00000000 ____D () C:\Users\Franny\Desktop\SD
2015-02-03 11:24 - 2015-02-03 11:23 - 00602112 _____ (OldTimer Tools) C:\Users\Franny\Desktop\OTL.exe
2015-02-03 09:50 - 2015-02-03 09:50 - 00000197 _____ () C:\Windows\System32\2015-02-03-17-50-03.091-AvastVBoxSVC.exe-3536.log
2015-02-03 06:30 - 2015-02-03 06:30 - 00000197 _____ () C:\Windows\System32\2015-02-03-14-30-09.018-AvastVBoxSVC.exe-3408.log
2015-02-03 06:21 - 2015-02-03 06:21 - 00000197 _____ () C:\Windows\System32\2015-02-03-14-21-11.084-AvastVBoxSVC.exe-2724.log
2015-02-03 06:11 - 2015-02-03 06:11 - 00000197 _____ () C:\Windows\System32\2015-02-03-14-11-21.080-AvastVBoxSVC.exe-3436.log
2015-02-03 06:02 - 2015-02-03 14:19 - 00000000 ____D () C:\AdwCleaner
2015-02-03 06:01 - 2015-02-03 05:59 - 02194432 _____ () C:\Users\Franny\Downloads\adwcleaner_4.109.exe
2015-02-02 10:24 - 2015-02-02 10:24 - 00000247 _____ () C:\Windows\System32\2015-02-02-18-24-33.033-aswFe.exe-2360.log
2015-02-02 10:17 - 2015-02-02 10:24 - 00000247 _____ () C:\Windows\System32\2015-02-02-18-17-37.013-aswFe.exe-4440.log
2015-02-02 10:17 - 2015-02-02 10:17 - 00000197 _____ () C:\Windows\System32\2015-02-02-18-17-31.057-AvastVBoxSVC.exe-3152.log
2015-02-02 10:05 - 2015-02-02 10:05 - 00000000 ____D () C:\Users\Franny\AppData\Local\iGware
2015-02-02 10:04 - 2015-02-02 10:04 - 00494120 _____ () C:\Windows\Minidump\020215-92484-01.dmp
2015-02-02 09:17 - 2015-02-08 05:34 - 00000926 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-02 09:17 - 2015-02-07 09:54 - 00000930 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-02 09:17 - 2015-02-04 14:49 - 00003902 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-02 09:17 - 2015-02-04 14:49 - 00003666 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-02 09:17 - 2015-02-02 09:17 - 00000000 ____D () C:\Users\Franny\AppData\Roaming\SUPERAntiSpyware.com
2015-02-02 09:16 - 2015-02-08 05:34 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-02-02 09:16 - 2015-02-02 09:16 - 00001824 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-02-02 09:16 - 2015-02-02 09:16 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-02-02 09:15 - 2015-02-01 07:34 - 21227848 _____ (SUPERAntiSpyware) C:\Users\Franny\Downloads\SUPERAntiSpyware.exe
2015-02-02 08:46 - 2015-02-02 08:47 - 00006130 _____ () C:\Users\Franny\Downloads\download
2015-02-02 08:17 - 2015-02-02 08:17 - 03401864 _____ (Check Point Software Technologies Ltd.) C:\Users\Franny\Downloads\zafwSetupWeb_133_209_000 (1).exe
2015-02-02 08:17 - 2015-02-02 08:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-02 08:16 - 2015-02-02 10:02 - 00000000 ____D () C:\ProgramData\CheckPoint
2015-02-02 08:15 - 2015-02-02 08:15 - 03401864 _____ (Check Point Software Technologies Ltd.) C:\Users\Franny\Downloads\zafwSetupWeb_133_209_000.exe
2015-02-02 07:36 - 2015-02-07 11:01 - 00000000 ____D () C:\Users\Franny\AppData\Local\CrashDumps
2015-02-02 07:36 - 2015-02-02 07:36 - 00003334 _____ () C:\Windows\System32\Tasks\AcerCloud
2015-02-02 07:35 - 2015-02-02 07:36 - 00002060 _____ () C:\Users\Public\Desktop\Acer Portal.lnk
2015-02-02 07:34 - 2015-02-02 07:34 - 00002001 _____ () C:\Users\Public\Desktop\abDocs.lnk
2015-02-02 07:34 - 2015-02-02 07:34 - 00000000 ____D () C:\Users\Franny\AppData\Local\AcerCloud
2015-02-02 07:33 - 2015-02-02 07:33 - 00000000 ____D () C:\Users\Franny\AppData\Local\Doc
2015-02-02 06:11 - 2015-02-02 06:11 - 00000247 _____ () C:\Windows\System32\2015-02-02-14-11-22.051-aswFe.exe-2860.log
2015-02-02 06:04 - 2015-02-02 06:11 - 00000247 _____ () C:\Windows\System32\2015-02-02-14-04-13.080-aswFe.exe-3148.log
2015-02-02 06:04 - 2015-02-02 06:04 - 00000197 _____ () C:\Windows\System32\2015-02-02-14-04-10.050-AvastVBoxSVC.exe-2584.log
2015-02-02 04:21 - 2015-02-02 04:21 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-02-02 04:21 - 2015-02-02 04:21 - 00000000 ____D () C:\Windows\System32\vbox
2015-02-02 04:21 - 2015-02-02 04:21 - 00000000 ____D () C:\Users\Franny\AppData\Roaming\AVAST Software
2015-02-02 04:20 - 2015-02-08 05:36 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-02 04:20 - 2015-02-02 04:20 - 01050432 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsnx.sys
2015-02-02 04:20 - 2015-02-02 04:20 - 00436624 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2015-02-02 04:20 - 2015-02-02 04:20 - 00364512 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2015-02-02 04:20 - 2015-02-02 04:20 - 00267632 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2015-02-02 04:20 - 2015-02-02 04:20 - 00116728 _____ (AVAST Software) C:\Windows\System32\Drivers\aswStm.sys
2015-02-02 04:20 - 2015-02-02 04:20 - 00093568 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2015-02-02 04:20 - 2015-02-02 04:20 - 00087912 _____ (AVAST Software) C:\Windows\System32\Drivers\aswmonflt.sys
2015-02-02 04:20 - 2015-02-02 04:20 - 00065776 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2015-02-02 04:20 - 2015-02-02 04:20 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-02-02 04:20 - 2015-02-02 04:20 - 00029208 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2015-02-02 04:20 - 2015-02-02 04:20 - 00001984 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-02-02 04:19 - 2015-02-02 04:19 - 00000000 ____D () C:\Program Files\AVAST Software
2015-02-02 02:01 - 2015-02-02 04:19 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-02-02 02:01 - 2015-02-02 02:01 - 05006864 _____ (AVAST Software) C:\Users\Franny\Downloads\avast_free_antivirus_setup_online.exe
2015-02-02 00:57 - 2015-02-02 12:11 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2015-02-02 00:57 - 2015-02-02 00:57 - 00001078 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-02 00:57 - 2015-02-02 00:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-02 00:57 - 2015-02-02 00:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-02 00:57 - 2014-11-20 22:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2015-02-02 00:57 - 2014-11-20 22:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2015-02-02 00:57 - 2014-11-20 22:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2015-02-02 00:56 - 2015-02-02 00:56 - 00000711 _____ () C:\Users\Franny\Desktop\mbam-setup-2.0.4.1028.exe - Shortcut.lnk
2015-01-30 07:39 - 2015-01-30 07:40 - 00002037 _____ () C:\Users\Public\Desktop\abPhoto.lnk
2015-01-30 07:37 - 2014-12-31 03:14 - 00298120 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2015-01-30 07:36 - 2015-01-30 07:37 - 00000000 ____D () C:\Users\Franny\AppData\Local\ClearfiPhoto
2015-01-30 07:21 - 2015-01-30 07:21 - 00035320 _____ () C:\Windows\System32\Drivers\bsdriver.sys
2015-01-30 07:20 - 2015-02-02 01:29 - 00000000 ____D () C:\Program Files\shopperz
2015-01-30 07:20 - 2015-01-06 04:38 - 00014040 _____ () C:\Windows\System32\Drivers\cherimoya.sys
2015-01-24 03:23 - 2015-01-24 03:23 - 00284832 _____ () C:\Windows\Minidump\012415-23593-01.dmp
2015-01-21 15:17 - 2014-12-18 22:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2015-01-21 15:17 - 2014-12-11 18:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2015-01-21 15:17 - 2014-12-11 16:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ahcache.sys
2015-01-21 15:17 - 2014-12-08 17:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2015-01-21 15:17 - 2014-12-05 19:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2015-01-21 15:17 - 2014-12-05 17:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2015-01-21 15:17 - 2014-10-28 17:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2015-01-21 15:17 - 2014-10-28 17:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-16 10:20 - 2014-12-08 11:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\System32\wer.dll
2015-01-16 10:20 - 2014-12-08 11:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-16 10:20 - 2014-12-08 11:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\System32\Faultrep.dll
2015-01-16 10:20 - 2014-12-08 11:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-16 10:20 - 2014-12-05 17:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll
2015-01-16 10:20 - 2014-10-28 20:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\System32\WerFault.exe
2015-01-16 10:20 - 2014-10-28 19:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-16 10:20 - 2014-10-28 19:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-16 10:19 - 2014-12-08 11:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\System32\ci.dll
2015-01-16 10:19 - 2014-12-08 11:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll
2015-01-16 10:19 - 2014-12-08 11:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\System32\WerFaultSecure.exe
2015-01-16 10:19 - 2014-12-08 11:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-16 10:19 - 2014-10-28 20:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\System32\wermgr.exe
2015-01-16 10:19 - 2014-10-28 19:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2015-01-16 10:19 - 2014-10-28 19:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2015-01-16 10:19 - 2014-10-28 19:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll
2015-01-16 10:19 - 2014-10-28 19:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\System32\audiodg.exe
2015-01-16 10:19 - 2014-10-28 19:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-16 10:19 - 2014-10-28 19:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-16 10:19 - 2014-10-28 19:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-16 10:19 - 2014-10-28 18:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\werdiagcontroller.dll
2015-01-16 10:19 - 2014-10-28 17:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-16 10:19 - 2014-10-28 17:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2021-10-21 05:36 - 2014-03-21 12:28 - 00000852 _____ () C:\Windows\System32\Drivers\RTKHDRC.dat
2021-10-03 23:34 - 2014-03-21 12:28 - 00000712 _____ () C:\Windows\System32\Drivers\RTMICEQ0.dat
2015-02-08 05:38 - 2013-10-15 06:30 - 00863592 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-02-08 05:38 - 2013-08-22 05:25 - 00524288 ___SH () C:\Windows\System32\config\BBI
2015-02-08 05:37 - 2014-03-21 12:10 - 01953567 _____ () C:\Windows\WindowsUpdate.log
2015-02-08 05:37 - 2013-08-22 06:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-08 05:35 - 2014-12-07 02:07 - 00000000 ____D () C:\Users\Franny\AppData\Roaming\Skype
2015-02-08 05:35 - 2014-11-26 15:02 - 00000000 ____D () C:\Users\Franny\AppData\Local\clear.fi
2015-02-08 05:34 - 2014-12-20 10:48 - 00000000 ____D () C:\Users\Franny\Tracing
2015-02-08 05:34 - 2014-11-26 16:03 - 00000000 __RDO () C:\Users\Franny\SkyDrive
2015-02-08 05:30 - 2013-08-22 06:46 - 00028765 _____ () C:\Windows\setupact.log
2015-02-08 05:27 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\System32\sru
2015-02-07 14:20 - 2014-11-26 15:05 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-786374595-2290240692-171548042-1001
2015-02-07 09:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-07 09:17 - 2014-11-26 15:04 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1D7379BC-7224-49AF-B98F-58EF838D200C}
2015-02-06 14:29 - 2013-10-15 06:21 - 00872272 _____ () C:\Windows\PFRO.log
2015-02-06 10:41 - 2013-08-22 07:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-06 09:31 - 2013-10-15 06:43 - 00000000 ____D () C:\ProgramData\McAfee
2015-02-05 00:09 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\System32\NDF
2015-02-03 14:00 - 2014-12-04 11:56 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-02-03 13:58 - 2013-08-22 07:36 - 00000000 ___HD () C:\Windows\System32\GroupPolicy
2015-02-03 11:31 - 2014-12-20 10:07 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 11:31 - 2014-12-20 10:07 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-03 07:28 - 2014-03-21 12:45 - 00001969 _____ () C:\Users\Public\Desktop\PRIVATE WiFi.lnk
2015-02-03 02:39 - 2014-11-28 17:30 - 00000000 ____D () C:\Windows\System32\MRT
2015-02-03 02:32 - 2014-11-28 17:30 - 113365784 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2015-02-02 12:16 - 2014-11-26 16:08 - 00000000 ____D () C:\Users\Franny\AppData\Local\Google
2015-02-02 10:04 - 2014-12-30 14:37 - 00000000 ____D () C:\Windows\Minidump
2015-02-02 10:02 - 2014-12-30 14:37 - 2031824163 _____ () C:\Windows\MEMORY.DMP
2015-02-02 09:19 - 2014-11-26 16:08 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-02 07:37 - 2013-10-15 06:42 - 00000000 ____D () C:\Program Files (x86)\Acer
2015-02-02 07:36 - 2014-03-21 12:43 - 00000000 ____D () C:\ProgramData\OEM
2015-02-01 11:11 - 2014-11-27 15:06 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-02-01 10:40 - 2014-11-26 16:08 - 00000000 ____D () C:\Users\Franny\AppData\Local\Deployment
2015-01-30 13:31 - 2014-11-26 15:00 - 00000000 ____D () C:\users\Franny
2015-01-30 13:04 - 2013-08-22 05:25 - 00000301 _____ () C:\Windows\win.ini
2015-01-30 13:01 - 2014-11-26 15:00 - 00000000 ____D () C:\Users\Franny\AppData\Local\Pokki
2015-01-30 07:58 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\System32\config\ELAM
2015-01-30 07:43 - 2014-12-01 14:43 - 00000173 _____ () C:\Users\Franny\AppData\Roaming\WB.CFG
2015-01-30 07:37 - 2013-10-15 07:14 - 00000000 ___HD () C:\OEM
2015-01-30 07:33 - 2013-10-15 06:43 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2015-01-30 07:33 - 2013-10-15 06:43 - 00000000 ____D () C:\Program Files (x86)\McAfee
 
Some content of TEMP:
====================
C:\Users\Franny\AppData\Local\Temp\EAD1056.exe
C:\Users\Franny\AppData\Local\Temp\EAD149C.exe
C:\Users\Franny\AppData\Local\Temp\EAD14AC.exe
C:\Users\Franny\AppData\Local\Temp\EAD7644.exe
C:\Users\Franny\AppData\Local\Temp\EAD76E.exe
C:\Users\Franny\AppData\Local\Temp\EADDC3F.exe
C:\Users\Franny\AppData\Local\Temp\EADFB91.exe
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2014-12-03 11:46] - [2014-08-22 23:48] - 2374784 ____A (Microsoft Corporation) ACDBE1ED38167C8B01B8F63161BB2CEA
 
C:\Windows\SysWOW64\explorer.exe
[2014-12-03 11:46] - [2014-08-22 23:13] - 2084520 ____A (Microsoft Corporation) 195822ACCDAA2B4815DD01BAFC335595
 
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2014-12-03 11:47] - [2014-09-21 20:38] - 1519488 ____A (Microsoft Corporation) F0A117D19873FCDF801F082F33BFBB6C
 
C:\Windows\SysWOW64\User32.dll
[2014-12-03 11:47] - [2014-09-18 16:16] - 1346048 ____A (Microsoft Corporation) 5F333FDBF392850373C89BDA31EBEC1B
 
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-12-05 11:07] - [2014-06-18 18:13] - 0310080 ___AC (Microsoft Corporation) 64CA2B4A49A8EAF495E435623ECCE7DB
 
 
==================== Restore Points  =========================
 
Restore point made on: 2015-01-06 07:43:59
Restore point made on: 2015-01-19 15:34:56
Restore point made on: 2015-01-24 02:56:24
Restore point made on: 2015-02-02 04:00:15
Restore point made on: 2015-02-02 04:21:20
Restore point made on: 2015-02-02 10:08:39
Restore point made on: 2015-02-03 13:58:53
Restore point made on: 2015-02-05 12:01:13
Restore point made on: 2015-02-06 09:28:25
Restore point made on: 2015-02-06 13:58:01
Restore point made on: 2015-02-07 09:11:27
 
==================== Memory info =========================== 
 
Percentage of memory in use: 12%
Total physical RAM: 6033.27 MB
Available physical RAM: 5250.33 MB
Total Pagefile: 6033.27 MB
Available Pagefile: 5273.39 MB
Total Virtual: 131072 MB
Available Virtual: 131071.87 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:914.19 GB) (Free:823.28 GB) NTFS
Drive d: (DVD_ROM) (Removable) (Total:3.76 GB) (Free:3.35 GB) NTFS
Drive f: (Recovery) (Fixed) (Total:0.39 GB) (Free:0.12 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 07A72123)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 3.8 GB) (Disk ID: 04464CED)
Partition 1: (Active) - (Size=3.8 GB) - (Type=07 NTFS)
 
 
LastRegBack: 2015-02-07 11:20
 
==================== End Of Log ============================

  • 0

#30
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK let see if it can withstand this

Download the attached fixlist.txt to the USB where FRST is located
Attached File  fixlist.txt   972bytes   127 downloads
Run FRST from the recovery console as before
Press Fix
On completion reboot to normal windows
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP