Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Ads By Sasa problem [Solved]


  • This topic is locked This topic is locked

#1
cmislin

cmislin

    Member

  • Member
  • PipPipPip
  • 384 posts
I tried to get rid of the problem myself and unable to do so and I've gotten help here before that was successful.   Attached are the two logs from Farbar.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by chris (administrator) on COOKIE on 13-03-2015 01:07:36
Running from C:\Users\chris\Desktop
Loaded Profiles: chris & boinc_master (Available profiles: chris & boinc_master)
Platform: Microsoft Windows 8.1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser path: "C:\Program Files\Maxthon\Bin\Maxthon.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Coupons.com Inc.) C:\Program Files\Coupons\CouponPrinterService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files\Razer\Razer Services\GSS\GameScannerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinctray.exe
(Razer Inc.) C:\Program Files\Razer\Synapse\RzSynapse.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(The Pidgin developer community) C:\Program Files\Pidgin\pidgin.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Raptr, Inc) C:\Program Files\Raptr\raptr.exe
(Razer, Inc.) C:\Program Files\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Raptr, Inc) C:\Program Files\Raptr\raptr_im.exe
(Razer, Inc.) C:\Users\chris\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Dropbox, Inc.) C:\Users\chris\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe
() C:\Program Files\Mpidentantolycodal\Mpidentantolycodal.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5511352 2015-03-09] (Avast Software s.r.o.)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [59888 2014-12-11] (Space Sciences Laboratory)
HKLM\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [7827440 2014-12-11] (Space Sciences Laboratory)
HKLM\...\Run: [Raptr] => C:\Program Files\Raptr\raptrstub.exe [55568 2015-02-27] (Raptr, Inc)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Razer Synapse] => C:\Program Files\Razer\Synapse\RzSynapse.exe [590144 2015-02-28] (Razer Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-02-13] (Apple Inc.)
HKU\S-1-5-21-1161005709-739677458-2447788345-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5503768 2015-02-19] (Piriform Ltd)
Startup: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\chris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup.lnk
ShortcutTarget: setup.lnk -> C:\ProgramData\{041a9b30-2d2a-ddf9-041a-a9b302d26cc0}\setup.exe (No File)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\chris\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\chris\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\chris\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\chris\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\chris\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\chris\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\chris\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\chris\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-1161005709-739677458-2447788345-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-1161005709-739677458-2447788345-1001] => http=127.0.0.1:9881
HKU\S-1-5-21-1161005709-739677458-2447788345-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
URLSearchHook: [S-1-5-21-1161005709-739677458-2447788345-1004] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\S-1-5-21-1161005709-739677458-2447788345-1001 -> DefaultScope {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://taplika.com/r...=1612115114&ir=
SearchScopes: HKU\S-1-5-21-1161005709-739677458-2447788345-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://taplika.com/r...=1612115114&ir=
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: ArcadeYum Addon -> {651CA263-4157-4AC5-B7C2-03A7C1C00457} -> C:\Users\chris\AppData\Local\ArcadeYum\ArcadeYumIEHelper.dll [2014-10-31] ()
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-03] (Avast Software s.r.o.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7D01FD09-7FC6-41BD-B854-B01722F5E0F4}: [NameServer] 8.8.8.8,8.8.4.4
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\ege7rsn4.default-1414645678850
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Trovi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-09-03] (Coupons, Inc.)
FF Extension: DownloadHelper - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\ege7rsn4.default-1414645678850\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-03-01]
FF Extension: SwagButton - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\ege7rsn4.default-1414645678850\Extensions\[email protected] [2015-02-25]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-18]
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: Default -> hxxp://taplika.com/?f=1&a=tpl_tuto12_15_11&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyCyCtDtB0F0Ezz0AyEyCyDtN0D0Tzu0StCtCyCyCtN1L2XzutAtFzztFtAtFtAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StB0EyByBzyyBzytAtG0D0EtA0BtGtAyDzz0AtG0C0CtCyDtGtAyC0AtAyB0C0AtC0AyDtDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyC0AyCyCtCyE0BtGtA0C0FtCtGyEtByE0AtG0A0F0CtCtG0FyBzyyEzyyCyE0FtB0CtAtC2QtN1B2Z1V1T1S1NzuyDzytA&cr=1612115114&ir=
CHR StartupUrls: Default -> "hxxp://taplika.com/?f=7&a=tpl_tuto12_15_11&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyCyCtDtB0F0Ezz0AyEyCyDtN0D0Tzu0StCtCyCyCtN1L2XzutAtFzztFtAtFtAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StB0EyByBzyyBzytAtG0D0EtA0BtGtAyDzz0AtG0C0CtCyDtGtAyC0AtAyB0C0AtC0AyDtDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyC0AyCyCtCyE0BtGtA0C0FtCtGyEtByE0AtG0A0F0CtCtG0FyBzyyEzyyCyE0FtB0CtAtC2QtN1B2Z1V1T1S1NzuyDzytA&cr=1612115114&ir=","hxxp://www.trovi.com/?gd=&ctid=CT3327155&octid=EB_ORIGINAL_CTID&ISID=MECB21F45-B317-49A7-962D-782A249956A4&SearchSource=55&CUI=&UM=8&UP=SP879BC58A-DCA3-4B35-B876-0472ABCE0400&D=031215&SSPV="
CHR DefaultSearchKeyword: Default -> Taplika.com
CHR DefaultSearchURL: Default -> http://taplika.com/r...=1612115114&ir=
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-13]
CHR Extension: (YouTube) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-13]
CHR Extension: (Adblock Plus) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-07-13]
CHR Extension: (Google Search) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-13]
CHR Extension: (Consumer Input) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\faoigfclahgbjjjaopddafnnapmeppnc [2015-01-01]
CHR Extension: (SwagButton) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2014-08-22]
CHR Extension: (Crackle) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2014-12-22]
CHR Extension: (TV WatchList) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkjcjbkackpifmmpmhjfojjindefnffk [2014-07-13]
CHR Extension: (Google Wallet) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-13]
CHR Extension: (Gmail) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-13]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-03]
StartMenuInternet: Google Chrome - chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-03] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2015-03-03] (Avast Software)
R2 BOINC; C:\Program Files\BOINC\boinc.exe [1279472 2014-12-11] (Space Sciences Laboratory) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [250880 2014-10-28] (Microsoft Corporation)
R2 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [153072 2014-09-05] (Coupons.com Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915784 2015-01-16] (NVIDIA Corporation)
R2 Mpidentantolycodal; C:\Program Files\Mpidentantolycodal\Mpidentantolycodal.exe [279040 2015-02-25] () [File not signed] <==== ATTENTION
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19775816 2015-01-16] (NVIDIA Corporation)
R2 Razer Game Scanner Service; C:\Program Files\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-04] ()
S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [103936 2014-10-28] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [284488 2015-02-03] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [20992 2014-10-28] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22200 2015-02-03] (Microsoft Corporation)
S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1269248 2014-10-28] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-03-03] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73440 2015-03-03] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-03-03] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-03-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788272 2015-03-03] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427480 2015-03-03] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-03-03] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206976 2015-03-03] ()
R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [25600 2014-03-18] (Microsoft Corporation)
S3 GPIO; C:\Windows\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [114904 2015-03-13] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18760 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad32v.sys [32912 2014-11-22] (NVIDIA Corporation)
R3 RTL8168; C:\Windows\system32\DRIVERS\rtlh86.sys [569560 2015-01-21] (Inventec )
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [35624 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [20416 2015-02-04] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [97088 2014-12-10] (Razer, Inc.)
R3 rzudd; C:\Windows\System32\drivers\rzudd.sys [151336 2014-12-30] (Razer Inc)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2015-03-03] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [84800 2015-02-03] (Microsoft Corporation)
R0 Wof; C:\Windows\system32\Drivers\Wof.sys [138584 2014-03-13] (Microsoft Corporation)
R3 WUDFSensorLP; C:\Windows\System32\drivers\WUDFRd.sys [190976 2014-10-28] (Microsoft Corporation)
S3 taphss6; \SystemRoot\system32\DRIVERS\taphss6.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-13 01:07 - 2015-03-13 01:08 - 00020802 _____ () C:\Users\chris\Desktop\FRST.txt
2015-03-13 01:07 - 2015-03-13 01:07 - 00000000 ____D () C:\FRST
2015-03-13 01:06 - 2015-03-13 01:06 - 01135104 _____ (Farbar) C:\Users\chris\Desktop\FRST.exe
2015-03-13 00:55 - 2015-03-13 00:55 - 00000267 _____ () C:\Users\chris\Desktop\How to Remove ads by SASA Get rid of Malware.URL
2015-03-12 23:56 - 2015-03-12 23:56 - 02347384 _____ (ESET) C:\Users\chris\Downloads\esetsmartinstaller_enu.exe
2015-03-12 23:56 - 2015-03-12 23:56 - 00000000 ____D () C:\Program Files\ESET
2015-03-12 23:47 - 2015-03-12 23:47 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Maxthon3
2015-03-12 23:47 - 2015-03-12 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxthon Cloud Browser
2015-03-12 23:46 - 2015-03-12 23:47 - 00000000 ____D () C:\Program Files\Maxthon
2015-03-12 23:29 - 2015-03-12 23:30 - 00000348 _____ () C:\Windows\setupact.log
2015-03-12 23:29 - 2015-03-12 23:29 - 00278698 _____ () C:\Windows\PFRO.log
2015-03-12 23:29 - 2015-03-12 23:29 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-12 19:51 - 2015-03-12 19:51 - 05325696 _____ (Piriform Ltd) C:\Users\chris\Downloads\ccsetup503.exe
2015-03-12 19:35 - 2015-03-12 19:35 - 00000000 ____D () C:\Users\chris\Documents\Optimizer Pro
2015-03-12 17:01 - 2015-03-12 17:01 - 00000043 _____ () C:\Users\chris\AppData\Roaming\WB.CFG
2015-03-12 15:58 - 2015-03-12 15:58 - 00894207 _____ () C:\Users\chris\Desktop\Job_Related-2015-03-12.zip
2015-03-12 13:15 - 2015-03-12 13:18 - 00000000 __SHD () C:\Program Files\Mpidentantolycodal
2015-03-12 12:55 - 2015-03-12 19:34 - 00000000 ___HD () C:\Users\Public\Temp
2015-03-12 12:53 - 2015-03-12 22:07 - 00000000 ____D () C:\Program Files\globalUpdate
2015-03-12 12:53 - 2015-03-12 12:53 - 00000000 ____D () C:\Users\chris\AppData\Local\globalUpdate
2015-03-11 03:01 - 2015-03-05 22:33 - 00358912 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 03:01 - 2015-02-12 13:34 - 19731824 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 03:01 - 2015-02-07 19:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2015-03-11 03:01 - 2015-02-06 19:09 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml
2015-03-11 03:01 - 2015-02-05 21:08 - 01943040 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-03-11 03:01 - 2015-02-02 20:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2015-03-11 03:01 - 2015-01-30 19:29 - 02484224 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-03-11 03:01 - 2015-01-30 19:20 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 03:01 - 2015-01-29 22:25 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2015-03-11 03:01 - 2015-01-29 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2015-03-11 03:01 - 2015-01-29 21:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2015-03-11 03:01 - 2015-01-29 14:34 - 01488040 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 03:01 - 2015-01-28 21:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2015-03-11 03:01 - 2015-01-28 21:00 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-11 03:01 - 2015-01-28 20:56 - 00602624 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-03-11 03:01 - 2015-01-28 20:55 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-03-11 03:01 - 2015-01-28 20:50 - 00811008 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-03-11 03:01 - 2015-01-27 19:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-03-11 03:01 - 2015-01-23 21:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe
2015-03-11 03:01 - 2015-01-23 01:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-03-11 03:01 - 2015-01-21 01:15 - 01123848 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 03:01 - 2014-12-11 01:40 - 00041296 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe
2015-03-11 03:00 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 03:00 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 03:00 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 02:59 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 02:59 - 2015-02-20 20:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-03-11 02:59 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 02:59 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 02:59 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 02:59 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 02:59 - 2015-02-19 21:56 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-11 02:59 - 2015-02-19 21:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-03-11 02:59 - 2015-02-19 21:26 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-03-11 02:59 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 02:59 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 02:59 - 2015-02-19 21:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 02:59 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 02:59 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 02:59 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 02:57 - 2015-02-25 19:27 - 03543552 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 02:57 - 2015-02-19 22:20 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 02:57 - 2015-02-19 22:15 - 00035840 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 02:57 - 2015-02-05 16:17 - 00869696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-03-11 02:57 - 2015-02-03 19:51 - 00227136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-03-11 02:57 - 2015-02-03 19:51 - 00084800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-03-11 02:57 - 2015-02-03 19:51 - 00038392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-03-11 02:57 - 2015-02-02 19:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2015-03-11 02:57 - 2015-01-29 21:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2015-03-11 02:57 - 2015-01-29 21:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2015-03-11 02:57 - 2015-01-29 21:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2015-03-11 02:57 - 2015-01-29 21:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2015-03-11 02:57 - 2015-01-28 20:49 - 02459136 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-03-11 02:57 - 2015-01-28 11:35 - 05769024 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 02:57 - 2015-01-28 11:35 - 01468408 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-03-11 02:57 - 2015-01-27 21:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll
2015-03-11 02:57 - 2015-01-27 21:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 02:57 - 2015-01-23 22:20 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 02:57 - 2015-01-23 20:48 - 02975744 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-10 04:12 - 2015-03-12 05:16 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Curse Client
2015-03-10 04:12 - 2015-03-10 04:12 - 00001092 _____ () C:\Users\chris\Desktop\Curse.lnk
2015-03-10 04:12 - 2015-03-10 04:12 - 00001078 _____ () C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2015-03-10 04:11 - 2015-03-10 04:11 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Curse
2015-03-09 17:30 - 2015-03-09 17:30 - 00005487 _____ () C:\Users\chris\AppData\Roaming\COALJTG
2015-03-09 05:23 - 2015-03-09 05:23 - 00000000 ____D () C:\Users\chris\AppData\Roaming\java
2015-03-08 11:01 - 2015-03-08 11:01 - 01560488 _____ (Maxthon International ltd.) C:\Users\chris\Downloads\mxsetup.exe
2015-03-06 00:29 - 2015-03-06 00:29 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-03 06:26 - 2015-03-03 06:26 - 00000000 ____D () C:\Users\chris\AppData\Local\Apps\2.0
2015-03-03 05:15 - 2015-03-03 05:15 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-03-03 05:15 - 2015-03-03 05:15 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-03-02 19:14 - 2015-03-02 19:17 - 00000197 _____ () C:\Windows\system32\2015-03-02-23-14-33.026-AvastVBoxSVC.exe-2764.log
2015-03-02 18:31 - 2015-03-02 18:32 - 00000197 _____ () C:\Windows\system32\2015-03-02-22-31-47.084-AvastVBoxSVC.exe-2904.log
2015-03-01 04:15 - 2015-03-01 04:15 - 00000000 ____D () C:\Users\chris\dwhelper
2015-02-24 22:03 - 2015-02-24 22:03 - 00001735 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-24 22:03 - 2015-02-24 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-24 22:02 - 2015-02-24 22:03 - 00000000 ____D () C:\Program Files\iTunes
2015-02-24 22:02 - 2015-02-24 22:02 - 00000000 ____D () C:\Program Files\iPod
2015-02-24 20:19 - 2014-12-13 17:29 - 00513488 _____ () C:\Windows\system32\locale.nls
2015-02-24 12:41 - 2015-02-24 12:41 - 00000197 _____ () C:\Windows\system32\2015-02-24-16-41-04.092-AvastVBoxSVC.exe-2724.log
2015-02-24 01:35 - 2015-02-24 01:35 - 00000244 _____ () C:\Users\chris\Desktop\Hurricane Georges Project - pg-13.pdf.URL
2015-02-23 23:10 - 2015-02-23 23:10 - 00000046 _____ () C:\Users\chris\Desktop\Stream TV - Stream TV Free.url
2015-02-21 23:47 - 2015-02-21 23:47 - 00000000 ____D () C:\Users\chris\AppData\Local\Steam
2015-02-15 11:54 - 2015-02-15 11:54 - 00000197 _____ () C:\Windows\system32\2015-02-15-15-54-46.097-AvastVBoxSVC.exe-2852.log
2015-02-14 16:37 - 2015-02-14 16:37 - 00000247 _____ () C:\Windows\system32\2015-02-14-20-37-02.070-aswFe.exe-3208.log
2015-02-14 16:29 - 2015-02-14 16:30 - 00000197 _____ () C:\Windows\system32\2015-02-14-20-29-57.080-AvastVBoxSVC.exe-2016.log
2015-02-12 07:51 - 2015-02-12 07:51 - 00000247 _____ () C:\Users\chris\Desktop\35 Pixelated Versions of Your Favorite TV-Shows - Dorkly Post.URL
2015-02-12 04:07 - 2015-02-12 04:09 - 00000197 _____ () C:\Windows\system32\2015-02-12-08-07-05.061-AvastVBoxSVC.exe-3936.log
2015-02-12 03:55 - 2015-02-12 03:55 - 00009728 _____ (Razer Inc.) C:\Windows\system32\RzStats.IPC.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-13 01:08 - 2014-09-22 18:04 - 00000000 ____D () C:\Users\chris\AppData\Roaming\.purple
2015-03-13 01:06 - 2014-07-20 23:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-13 01:05 - 2014-07-13 23:53 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Skype
2015-03-13 01:02 - 2013-08-22 04:17 - 00000000 ____D () C:\Windows\system32\sru
2015-03-13 00:32 - 2014-07-13 22:11 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-13 00:09 - 2014-07-13 23:24 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-12 23:38 - 2014-07-14 01:23 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-12 23:38 - 2014-07-13 23:28 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Dropbox
2015-03-12 23:37 - 2014-07-13 23:43 - 00000000 ____D () C:\Users\chris\AppData\Roaming\uTorrent
2015-03-12 23:34 - 2014-12-22 18:22 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Raptr
2015-03-12 23:32 - 2014-07-13 22:02 - 00000000 ___DO () C:\Users\chris\OneDrive
2015-03-12 23:31 - 2014-07-31 21:48 - 00427008 ___SH () C:\Users\chris\Desktop\Thumbs.db
2015-03-12 23:30 - 2014-08-30 17:59 - 00000000 ____D () C:\ProgramData\BOINC
2015-03-12 23:30 - 2014-07-13 22:11 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-12 23:29 - 2014-07-13 22:07 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-12 23:29 - 2013-08-22 04:17 - 00000000 ____D () C:\Windows\tracing
2015-03-12 23:29 - 2013-08-22 03:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-12 23:28 - 2013-08-22 02:13 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-03-12 22:16 - 2014-10-31 19:14 - 00000454 _____ () C:\Windows\Tasks\ArcadeYum.job
2015-03-12 19:56 - 2014-08-27 18:34 - 00000000 ____D () C:\Program Files\Steam
2015-03-12 19:56 - 2014-07-16 21:49 - 00000000 ____D () C:\Users\chris\AppData\Roaming\TeamViewer
2015-03-12 19:56 - 2014-07-14 00:24 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Ventrilo
2015-03-12 19:56 - 2014-07-13 23:30 - 00000000 ____D () C:\Users\chris\AppData\Roaming\TS3Client
2015-03-12 19:51 - 2014-12-22 04:07 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-12 19:37 - 2014-08-06 23:44 - 00000000 ____D () C:\Users\chris\AppData\Local\Battle.net
2015-03-12 19:32 - 2014-03-18 04:01 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-12 16:17 - 2014-07-13 21:59 - 00000000 ____D () C:\Users\chris
2015-03-12 12:55 - 2013-08-22 02:21 - 00000000 ___RD () C:\Users\Public
2015-03-12 08:25 - 2013-08-22 04:17 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-03-12 03:58 - 2014-11-13 06:15 - 00000000 ____D () C:\Program Files\Heroes of the Storm
2015-03-11 20:34 - 2013-08-22 03:22 - 00335680 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 20:33 - 2014-07-20 23:27 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-11 20:31 - 2013-08-22 04:17 - 00000000 ___RD () C:\Windows\ToastData
2015-03-11 20:31 - 2013-08-22 04:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-11 20:31 - 2013-08-22 04:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-11 20:31 - 2013-08-22 04:17 - 00000000 ____D () C:\Windows\WinStore
2015-03-11 20:31 - 2013-08-22 04:17 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-11 18:43 - 2013-08-22 04:05 - 00000000 ____D () C:\Windows\CbsTemp
2015-03-11 18:42 - 2014-07-14 00:26 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 18:31 - 2014-07-14 00:26 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-11 18:30 - 2013-08-22 04:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-11 09:24 - 2013-08-22 04:17 - 00000000 ____D () C:\Windows\AppReadiness
2015-03-10 23:22 - 2015-02-04 01:50 - 00000450 _____ () C:\Users\chris\Desktop\boardgame.txt
2015-03-09 05:47 - 2014-07-17 00:11 - 00000000 ____D () C:\Users\chris\AppData\Roaming\.minecraft
2015-03-08 02:24 - 2014-07-16 22:58 - 00025088 ___SH () C:\Users\chris\Documents\Thumbs.db
2015-03-06 22:05 - 2014-08-17 02:25 - 00000000 ____D () C:\Program Files\InfiniteCrisis
2015-03-06 21:24 - 2014-08-17 02:29 - 00000000 ____D () C:\Users\chris\AppData\Local\Turbine
2015-03-04 23:02 - 2014-08-27 18:35 - 00000000 ____D () C:\Program Files\Common Files\Steam
2015-03-04 17:24 - 2014-07-14 00:59 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-04 17:24 - 2014-07-14 00:59 - 00178144 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-04 13:57 - 2014-12-22 18:22 - 00000000 ____D () C:\Program Files\Raptr
2015-03-03 05:15 - 2014-07-18 21:32 - 00427480 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-03-03 05:15 - 2014-07-18 21:32 - 00206976 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-03-03 05:15 - 2014-07-18 21:32 - 00106912 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-03-03 05:15 - 2014-07-18 21:32 - 00081728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-03-03 05:15 - 2014-07-18 21:32 - 00073440 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-03-03 05:15 - 2014-07-18 21:32 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-03-03 05:15 - 2014-07-18 21:32 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-03-03 05:14 - 2014-07-18 21:32 - 00788272 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-03-02 06:44 - 2014-07-22 02:29 - 00000000 ____D () C:\Users\chris\AppData\Roaming\vlc
2015-02-27 02:05 - 2014-09-16 23:07 - 00000000 ____D () C:\Program Files\Hearthstone
2015-02-27 02:00 - 2014-08-06 23:44 - 00000000 ____D () C:\Program Files\Battle.net
2015-02-24 22:02 - 2014-10-21 11:52 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-20 14:02 - 2014-12-08 23:20 - 00000000 ___RD () C:\Program Files\Skype
2015-02-20 14:02 - 2014-07-13 23:53 - 00000000 ____D () C:\ProgramData\Skype
2015-02-12 12:13 - 2013-08-22 04:17 - 00000000 ____D () C:\Windows\rescache
2015-02-12 07:53 - 2014-12-16 00:02 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 07:53 - 2014-07-14 00:53 - 00000000 ___SD () C:\Windows\system32\CompatTel

==================== Files in the root of some directories =======

2015-03-09 17:30 - 2015-03-09 17:30 - 0005487 _____ () C:\Users\chris\AppData\Roaming\COALJTG
2015-03-12 17:01 - 2015-03-12 17:01 - 0000043 _____ () C:\Users\chris\AppData\Roaming\WB.CFG
2015-01-15 11:01 - 2015-01-15 11:01 - 0007602 _____ () C:\Users\chris\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\chris\AppData\Local\Temp\1E6E.tmp.exe
C:\Users\chris\AppData\Local\Temp\200651.exe
C:\Users\chris\AppData\Local\Temp\201212.exe
C:\Users\chris\AppData\Local\Temp\201225.exe
C:\Users\chris\AppData\Local\Temp\201350.exe
C:\Users\chris\AppData\Local\Temp\201388.exe
C:\Users\chris\AppData\Local\Temp\201404.exe
C:\Users\chris\AppData\Local\Temp\201436.exe
C:\Users\chris\AppData\Local\Temp\201444.exe
C:\Users\chris\AppData\Local\Temp\201498.exe
C:\Users\chris\AppData\Local\Temp\DA1D.tmp.exe
C:\Users\chris\AppData\Local\Temp\data.exe
C:\Users\chris\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplbgtjv.dll
C:\Users\chris\AppData\Local\Temp\optsetup.exe
C:\Users\chris\AppData\Local\Temp\Systeye_Reg_Booster_Pro_Silent.exe
C:\Users\chris\AppData\Local\Temp\YouTubeDownloader_289286.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-08 07:34

==================== End Of Log ============================

Attached Files


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you let me know what problems remain after this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
ProxyEnable: [S-1-5-21-1161005709-739677458-2447788345-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-1161005709-739677458-2447788345-1001] => http=127.0.0.1:9881
URLSearchHook: [S-1-5-21-1161005709-739677458-2447788345-1004] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\S-1-5-21-1161005709-739677458-2447788345-1001 -> DefaultScope {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://taplika.com/r...=1612115114&ir=
SearchScopes: HKU\S-1-5-21-1161005709-739677458-2447788345-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://taplika.com/r...=1612115114&ir=
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: ArcadeYum Addon -> {651CA263-4157-4AC5-B7C2-03A7C1C00457} -> C:\Users\chris\AppData\Local\ArcadeYum\ArcadeYumIEHelper.dll [2014-10-31] ()
FF SelectedSearchEngine: Trovi
CHR HomePage: Default -> hxxp://taplika.com/?f=1&a=tpl_tuto12_15_11&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyCyCtDtB0F0Ezz0AyEyCyDtN0D0Tzu0StCtCyCyCtN1L2XzutAtFzztFtAtFtAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StB0EyByBzyyBzytAtG0D0EtA0BtGtAyDzz0AtG0C0CtCyDtGtAyC0AtAyB0C0AtC0AyDtDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyC0AyCyCtCyE0BtGtA0C0FtCtGyEtByE0AtG0A0F0CtCtG0FyBzyyEzyyCyE0FtB0CtAtC2QtN1B2Z1V1T1S1NzuyDzytA&cr=1612115114&ir=
CHR StartupUrls: Default -> "hxxp://taplika.com/?f=7&a=tpl_tuto12_15_11&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyCyCtDtB0F0Ezz0AyEyCyDtN0D0Tzu0StCtCyCyCtN1L2XzutAtFzztFtAtFtAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StB0EyByBzyyBzytAtG0D0EtA0BtGtAyDzz0AtG0C0CtCyDtGtAyC0AtAyB0C0AtC0AyDtDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyC0AyCyCtCyE0BtGtA0C0FtCtGyEtByE0AtG0A0F0CtCtG0FyBzyyEzyyCyE0FtB0CtAtC2QtN1B2Z1V1T1S1NzuyDzytA&cr=1612115114&ir=","hxxp://www.trovi.com/?gd=&ctid=CT3327155&octid=EB_ORIGINAL_CTID&ISID=MECB21F45-B317-49A7-962D-782A249956A4&SearchSource=55&CUI=&UM=8&UP=SP879BC58A-DCA3-4B35-B876-0472ABCE0400&D=031215&SSPV="
CHR DefaultSearchKeyword: Default -> Taplika.com
CHR DefaultSearchURL: Default -> http://taplika.com/r...=1612115114&ir=
CHR Extension: (Consumer Input) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\faoigfclahgbjjjaopddafnnapmeppnc [2015-01-01]
R2 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [153072 2014-09-05] (Coupons.com Inc.)
R2 Mpidentantolycodal; C:\Program Files\Mpidentantolycodal\Mpidentantolycodal.exe [279040 2015-02-25] () [File not signed] <==== ATTENTION
2015-03-12 19:35 - 2015-03-12 19:35 - 00000000 ____D () C:\Users\chris\Documents\Optimizer Pro
2015-03-12 13:15 - 2015-03-12 13:18 - 00000000 __SHD () C:\Program Files\Mpidentantolycodal
2015-03-12 12:53 - 2015-03-12 22:07 - 00000000 ____D () C:\Program Files\globalUpdate
2015-03-12 12:53 - 2015-03-12 12:53 - 00000000 ____D () C:\Users\chris\AppData\Local\globalUpdate
2015-03-11 03:01 - 2015-02-06 19:09 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml
2015-03-12 22:16 - 2014-10-31 19:14 - 00000454 _____ () C:\Windows\Tasks\ArcadeYum.job
Task: {439BBDA7-5710-42E8-A828-1C25E837EBFB} - System32\Tasks\ObronaCleanerUacSkip => C:\Users\chris\AppData\Local\Obrona Cleaner\ObronaCleaner.exe
Task: {5BAADFC0-468B-4A1E-A7F4-24582289EBE9} - \Startup Time Check No Task File <==== ATTENTION
Task: {669D0308-3172-4F5A-AED0-7F9BDF428FD4} - System32\Tasks\{337CFE7E-C41E-42EF-BB25-38B032B19C7A} => pcalua.exe -a "C:\Program Files\RelevantKnowledge\rlvknlg.exe" -c -bootremove -uninst:RelevantKnowledge
Task: {86D82E91-6D13-4ED3-82BA-3BCD70CDB677} - \Run_Bobby_Browser No Task File <==== ATTENTION
Task: {A3205BBF-8FC0-4917-95F2-16A68BA04EA6} - System32\Tasks\ArcadeYum => C:\Users\chris\AppData\Local\ArcadeYum\ArcadeYumVersionControl.exe
Task: {FFEC7CB4-B86C-406D-ABFD-9BBD1AEE31D6} - \avayvaxxvae No Task File <==== ATTENTION
Task: C:\Windows\Tasks\ArcadeYum.job => C:\Users\chris\AppData\Local\ArcadeYum\ArcadeYumVersionControl.exe
C:\Users\chris\AppData\Local\ArcadeYum
C:\Program Files\RelevantKnowledge
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#3
cmislin

cmislin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 384 posts

After doing the "Run FRST and press Fix:" I noticed that the extra ads were gone.  Here are both logs.  Would you have any suggestions for free software  to periodically run?  I currently have the free version of Avast that is always active and I run daily scans.  Also I have free Malwarebytes Anti-Malware which I have to run myself and I run it daily as well.

Attached Files


Edited by cmislin, 13 March 2015 - 08:53 PM.

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
There are several small programmes which will protect additional areas not covered by either MBAM or an AV. I will give links for those at the end

Avast can be set up to block some adwares :

Go to Settings > General
Place a tick in "Scan for Potentially Unwanted Programmes (PUP's) "
OK out

pups.JPG

How is the computer behaving now ?

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan

AswMBR%20scan.JPG


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#5
cmislin

cmislin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 384 posts

It's still running good I haven't seen any "Ads by sasa" or any errand ones thats are not normally there.  When the scan is done I will upload the logs.

 

Update scan is done and edited post

Attached Files


Edited by cmislin, 14 March 2015 - 02:38 PM.

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
In the words of the immoral bard... Magic :)



Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

Remove tools

Download and run Delfix

delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
javara.JPG


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#7
cmislin

cmislin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 384 posts

For Delfix should the setting match the picture?


  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes, sorry I should make that a bit clearer .. Ooops
  • 0

#9
cmislin

cmislin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 384 posts

Ok all done and followed what you told me to do.  Do you need the delfix log?


  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No you can keep that for posterity :)

Keep safe now
  • 0

#11
cmislin

cmislin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 384 posts

OK and do you need me to post in 24hr thats all clear still?  Or only post if somehow a concern crept up?


  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Just post if you have any concerns
  • 0

#13
cmislin

cmislin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 384 posts

OK will do


  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP