Hi,
I've issue with my Avast. It gives me informsations like that almost all the time:
URL: http://anythica[...].dll
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe
I did scan with Farbar Recovery Scan Tool.
Can You help me?
My FRST.txt and Addition.txt:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-06-2015 01 Ran by Mark (administrator) on GO-STATION on 21-06-2015 09:29:45 Running from C:\Users\Mark\Downloads Loaded Profiles: Mark (Available Profiles: Mark) Platform: Windows 8.1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Facebook Inc.) C:\Users\Mark\AppData\Local\Facebook\Update\FacebookUpdate.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe (Microsoft Corporation) C:\Windows\System32\SrTasks.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Farbar) C:\Users\Mark\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-04-29] (Avast Software s.r.o.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-01-24] (Qualcomm®Atheros®) HKU\S-1-5-21-4143276486-2623412060-527759189-1001\...\Run: [Facebook Update] => C:\Users\Mark\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-07-27] (Facebook Inc.) HKU\S-1-5-21-4143276486-2623412060-527759189-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-29] (Avast Software s.r.o.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-4143276486-2623412060-527759189-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10048_swoc_campaign_150312__yaie HKU\S-1-5-21-4143276486-2623412060-527759189-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4143276486-2623412060-527759189-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = https://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10048_swoc_campaign_150312__yaie&p={searchTerms} BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-13] (Avast Software s.r.o.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-04-20] (Google Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-08] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-13] (Avast Software s.r.o.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-04-20] (Google Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-08] (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-04-20] (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-04-20] (Google Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{48EA6C5D-F071-4AA5-A135-CDDDA5AD5D3D}: [NameServer] 67.43.111.12,66.28.0.45 FireFox: ======== FF ProfilePath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\ymdob2xf.default FF NewTab: https://www.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10048_swoc_campaign_150312__yaff FF DefaultSearchEngine: Google Default FF DefaultSearchEngine.US: Google Default FF SelectedSearchEngine: Yahoo FF Homepage: https://www.google.com/?gws_rd=ssl FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-21] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-21] () FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-08] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-08] (Oracle Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-4143276486-2623412060-527759189-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Mark\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF SearchPlugin: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\ymdob2xf.default\searchplugins\google-default.xml [2015-03-12] FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-12] FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK Chrome: ======= CHR Profile: C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-14] CHR Extension: (YouTube) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-14] CHR Extension: (Google Search) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-14] CHR Extension: (Avast Online Security) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-14] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-21] CHR Extension: (Google Wallet) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-14] CHR Extension: (Gmail) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-14] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-12] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed] R3 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-01-24] (Windows (R) Win 7 DDK provider) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-29] (Avast Software s.r.o.) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-04-29] (Avast Software s.r.o.) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation) R3 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation) R3 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-01-24] (Atheros) [File not signed] U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-29] () R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-04-29] (Avast Software s.r.o.) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-29] (Avast Software s.r.o.) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449896 2015-04-29] (Avast Software s.r.o.) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-29] (Avast Software s.r.o.) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-29] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-29] (Avast Software s.r.o.) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-29] (Avast Software s.r.o.) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-29] (Avast Software s.r.o.) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-29] () R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70416 2013-09-23] (ASUS Corporation) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( ) R0 MBI; C:\Windows\System32\drivers\MBI.sys [27904 2013-08-08] (Intel Corporation) S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation ) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-04-09] () R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation) U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-21 09:24 - 2015-06-21 09:24 - 02109952 _____ (Farbar) C:\Users\Mark\Downloads\FRST64 (1).exe 2015-06-21 09:20 - 2015-06-21 09:20 - 00000000 ____D C:\Users\Mark\AppData\Local\GWX ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-21 09:30 - 2015-04-09 00:29 - 00015737 _____ C:\Users\Mark\Downloads\FRST.txt 2015-06-21 09:29 - 2015-04-09 00:29 - 00000000 ____D C:\FRST 2015-06-21 09:28 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-06-21 09:00 - 2014-07-18 16:31 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4143276486-2623412060-527759189-1001 2015-06-21 08:54 - 2014-07-27 02:49 - 00000946 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4143276486-2623412060-527759189-1001UA.job 2015-06-21 08:53 - 2014-07-27 17:08 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-06-21 08:53 - 2014-07-27 17:08 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-06-21 08:52 - 2014-11-05 18:51 - 00003930 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7BA85924-FB86-4EE8-B96C-26877713CF9C} 2015-06-21 08:52 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru 2015-06-21 08:51 - 2014-11-09 12:56 - 00000000 ____D C:\Users\Mark\AppData\Roaming\vlc 2015-06-20 18:32 - 2014-10-16 19:03 - 01612545 _____ C:\WINDOWS\WindowsUpdate.log 2015-06-20 18:21 - 2014-09-24 03:15 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-06-20 18:19 - 2013-08-22 10:46 - 00295575 _____ C:\WINDOWS\setupact.log 2015-06-19 12:16 - 2014-07-18 03:57 - 00000074 _____ C:\Users\Mark\AppData\Roaming\sp_data.sys 2015-06-19 12:15 - 2014-05-06 21:15 - 00003268 _____ C:\WINDOWS\System32\Tasks\AsusVibeSchedule 2015-06-19 12:15 - 2014-05-06 21:11 - 00003028 _____ C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus 2015-06-19 12:14 - 2014-05-06 21:11 - 00003004 _____ C:\WINDOWS\System32\Tasks\ASUS Splendid ColorU 2015-06-19 12:14 - 2014-05-06 21:11 - 00002988 _____ C:\WINDOWS\System32\Tasks\ASUS Splendid ACMON 2015-06-19 12:14 - 2014-05-06 21:07 - 00003540 _____ C:\WINDOWS\System32\Tasks\ASUS Smart Gesture Launcher 2015-06-19 12:12 - 2014-05-06 21:10 - 00003474 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1 2015-06-19 12:12 - 2014-05-06 21:10 - 00003464 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2 ==================== Files in the root of some directories ======= 2014-07-18 03:57 - 2015-06-19 12:16 - 0000074 _____ () C:\Users\Mark\AppData\Roaming\sp_data.sys 2015-02-26 13:27 - 2015-04-13 19:21 - 0000600 _____ () C:\Users\Mark\AppData\Local\PUTTY.RND 2014-10-16 18:37 - 2014-10-16 18:37 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2013-05-01 05:34 - 2012-09-07 07:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd 2013-05-01 05:34 - 2009-07-22 06:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe 2013-05-01 05:34 - 2012-09-07 07:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS Files to move or delete: ==================== C:\ProgramData\SetStretch.exe C:\ProgramData\SetStretch.VBS Some files in TEMP: ==================== C:\Users\Mark\AppData\Local\Temp\dllnt_dump.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-21 09:01 ==================== End of log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-06-2015 01 Ran by Mark at 2015-06-21 09:32:00 Running from C:\Users\Mark\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4143276486-2623412060-527759189-500 - Administrator - Disabled) Guest (S-1-5-21-4143276486-2623412060-527759189-501 - Limited - Disabled) Mark (S-1-5-21-4143276486-2623412060-527759189-1001 - Administrator - Enabled) => C:\Users\Mark ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated) Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.4 - ASUS) ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS) ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.5 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0018 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.7 - ASUS) ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation) ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5710.52 - CyberLink Corp.) ASUSDVD (x32 Version: 10.0.5710.52 - CyberLink Corp.) Hidden ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0030 - ASUS) Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) FileZilla Client 3.8.1 (HKLM-x32\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse) Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation) Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.70.304.16315 - Intel Corporation) Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation) Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.316 - Qualcomm Atheros Communications) Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.16.614.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7095 - Realtek Semiconductor Corp.) Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.27038 - Realtek Semiconductor Corp.) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) Windows Driver Package - ASUS (ATP) Mouse (09/17/2013 1.0.0.186) (HKLM\...\D9E691DCEE7D3B9B7C62A7F5C2EAABBB9335DC9A) (Version: 09/17/2013 1.0.0.186 - ASUS) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS) 影像中心 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden 照片库 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 25-03-2015 12:46:53 Windows Update 03-04-2015 22:12:41 Scheduled Checkpoint 09-04-2015 00:01:36 Restore Operation 13-04-2015 16:07:51 Removed Skype™ 7.0 20-04-2015 21:49:46 Windows Update 29-04-2015 16:30:06 Windows Update 20-05-2015 01:43:54 Windows Update 21-06-2015 09:01:02 Windows Update ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 09:25 - 2015-04-13 16:00 - 00000747 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0FEC8EA8-7E55-4DD9-9692-D696C08EA160} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation) Task: {0FF6B456-5A81-4EB2-88DD-37F0222BB4B7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-14] (Google Inc.) Task: {12C2C5CA-5EC2-4583-82C6-6EC93A2D931F} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation) Task: {1987C512-6B28-4978-BA4A-D3442C01B331} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-08-16] (ASUSTeK Computer Inc.) Task: {1A628062-A155-4BC2-AFB2-B9A8D875E9AC} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-07-01] (ASUSTeK Computer Inc.) Task: {1FF52434-86E0-4DD1-B3A3-AF82E7198A1F} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2013-08-29] (ASUSTek Computer Inc.) Task: {3DB0263C-BB1E-4949-A2FE-C53D89B13A99} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-09-23] (AsusTek) Task: {55CAAE8E-617A-4BBD-9067-316BF99698F4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-29] (Avast Software s.r.o.) Task: {5A7BF975-5812-492B-9DE2-5497ABBE3A6B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation) Task: {60D9C72C-71AA-4EC8-BE90-8674A2A855CC} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation) Task: {6790AC8A-5898-46B4-8DDB-178733D1BF2F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation) Task: {746B1D36-AC8F-44C7-BA51-B821BBBCC3A8} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4143276486-2623412060-527759189-1001UA => C:\Users\Mark\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-07-27] (Facebook Inc.) Task: {7CF0D2DC-2E49-4BBC-9BD8-6697EF38A64A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks Task: {9B0BAEC2-0C1F-469A-8B18-34C041E86346} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-14] (Google Inc.) Task: {9EFD4A64-ED60-4420-9D0D-0C9A2F004E45} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-07-01] (ASUSTeK Computer Inc.) Task: {A2151295-3FA5-441A-AF75-DB0BD284AA8E} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe Task: {A5CD6C25-EFF8-457F-8D3C-59D8DB5415FB} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-08-19] (ASUS) Task: {BF11A064-5F38-4C0E-A450-F62439235692} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation) Task: {CBAA2281-576A-4693-816C-7D57E7D5B38A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-21] (Adobe Systems Incorporated) Task: {EB6C0BFD-E0D3-4B3D-9F60-BA08FDAE4BC1} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4143276486-2623412060-527759189-1001Core => C:\Users\Mark\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-07-27] (Facebook Inc.) Task: {F63CA640-7188-487E-95F0-DC7F0F18CF2A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation) Task: {F665D3F9-C45A-4E92-BC7D-F40E49AB7B60} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-20] (Microsoft Corporation) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4143276486-2623412060-527759189-1001Core.job => C:\Users\Mark\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4143276486-2623412060-527759189-1001UA.job => C:\Users\Mark\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2014-01-24 06:24 - 2014-01-24 06:24 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2014-01-24 06:21 - 2014-01-24 06:21 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll 2014-01-24 06:27 - 2014-01-24 06:27 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe 2012-12-19 02:10 - 2012-12-19 02:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe 2015-04-29 17:30 - 2015-04-29 17:30 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-04-29 17:30 - 2015-04-29 17:30 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-05-20 01:26 - 2015-05-20 01:26 - 02929664 _____ () C:\Program Files\AVAST Software\Avast\defs\15051901\algo.dll 2015-06-19 12:10 - 2015-06-19 12:10 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15061901\algo.dll 2015-06-21 09:25 - 2015-06-21 09:25 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15062100\algo.dll 2015-03-12 03:09 - 2015-03-12 03:09 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2013-04-27 13:24 - 2013-04-27 13:24 - 00071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll 2013-08-19 20:16 - 2013-08-19 20:16 - 00015440 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll 2013-08-16 13:03 - 2013-08-16 13:03 - 00023040 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4143276486-2623412060-527759189-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mark\Downloads\Ubuntu-s-Unity-Online-Search-Returns-with-a-Vengeance-in-13-04-2.jpg DNS Servers: 192.168.2.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe /S MSCONFIG\startupreg: DisableS3S4 => c:\windows\temp\DisableS3S464\sethigh.cmd MSCONFIG\startupreg: HotKeysCmds => "C:\WINDOWS\system32\hkcmd.exe" MSCONFIG\startupreg: IgfxTray => "C:\WINDOWS\system32\igfxtray.exe" MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" MSCONFIG\startupreg: RtHDVBg => "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4 MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{8980D6BC-08D8-46A7-B932-B55E3097E291}] => (Allow) C:\Users\Mark\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe FirewallRules: [UDP Query User{DBCFC0A4-0A89-44EB-B4FC-D415233682F0}C:\users\Mark\appdata\local\aptana studio 3\aptanastudio3.exe] => (Allow) C:\users\Mark\appdata\local\aptana studio 3\aptanastudio3.exe FirewallRules: [TCP Query User{56253F38-2281-4255-9483-AFA2C9E33682}C:\users\Mark\appdata\local\aptana studio 3\aptanastudio3.exe] => (Allow) C:\users\Mark\appdata\local\aptana studio 3\aptanastudio3.exe FirewallRules: [{1DBB7B81-3A8B-4B7F-929C-CC258A361675}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE FirewallRules: [{F2B31906-DD6A-45A3-91FF-FE0E3A77208F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{12223DA3-0792-46D5-8D6A-36EFF3A47494}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{037906A0-EA0B-4353-8B10-388C0254F270}] => (Allow) LPort=1900 FirewallRules: [{4C85DDCB-8F3B-459E-8894-079FA992ABC1}] => (Allow) LPort=2869 FirewallRules: [{0C2C45C0-6122-4D6E-B66D-D1A6A4ACD5DB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [TCP Query User{7609DBC8-3F11-4B2F-98C8-304F092D83D5}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{5712F42F-671F-4424-9755-B339FF65B6FB}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{560D1345-2FF5-47F4-A9D3-185896449652}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{15EC31D6-40EC-4B62-87E7-EF457C6E18A3}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe FirewallRules: [UDP Query User{E1EDE883-A45E-48A6-A753-17910A2F8653}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe FirewallRules: [{7CF05B10-31D8-47CE-B0D2-144832E872E1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{A116DB11-E5C8-4EF0-94FA-E272A2A391C3}] => (Allow) C:\Program Files (x86)\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe FirewallRules: [{F5ED134F-8453-47C7-8D5C-DF116B22AC69}] => (Allow) C:\Program Files (x86)\Hobbyist Software\VLC Streamer\mDNSResponder.exe FirewallRules: [TCP Query User{51057679-20A0-4605-A32A-5F0DBEAD5858}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe FirewallRules: [UDP Query User{2918CD53-89E9-48F8-816C-9C391EEBA931}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe FirewallRules: [{AF91A0EB-D33A-4F9D-A4CC-6ABD442512E7}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{1C5F26A0-8D02-4236-A59E-08AE4573AB33}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{E31DF6CA-DE27-4124-81CA-38E5D7E5628E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [TCP Query User{E7563EB8-4E43-41FE-BBB3-F8139AAA6748}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe FirewallRules: [UDP Query User{2A7B38EE-DF71-43E8-B0AC-F675476C65EA}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/21/2015 09:22:28 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY) Description: There was an error with the Windows Location Provider database Error: (05/20/2015 05:04:51 AM) (Source: Google Update) (EventID: 20) (User: Go-Station) Description: Network Request Error. Error: 0x80040801. Http status code: 0. Url=https://www.facebook.com/omaha/update.php Trying config: source=FireFox, direct connection. trying CUP:WinHTTP. Send request returned 0x80040801. Http status code 0. trying WinHTTP. Send request returned 0x80040801. Http status code 0. trying CUP:iexplore. Send request returned 0x80040801. Http status code 0. Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80040801. Http status code 0. trying WinHTTP. Send request returned 0x80040801. Http status code 0. trying CUP:iexplore. Send request returned 0x80040801. Http status code 0. Trying config: source=FireFox, direct connection. trying CUP:WinHTTP. Send request returned 0x80040801. Http status code 0. trying WinHTTP. Send request returned 0x80040801. Http status code 0. trying CUP:iexplore. Send request returned 0x80040801. Http status code 0. Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80 Error: (05/08/2015 04:28:57 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY) Description: There was an error with the Windows Location Provider database Error: (04/29/2015 04:42:51 PM) (Source: Google Update) (EventID: 20) (User: Go-Station) Description: Network Request Error. Error: 0x80040801. Http status code: 0. Url=https://www.facebook.com/omaha/update.php Trying config: source=FireFox, direct connection. trying CUP:WinHTTP. Send request returned 0x80040801. Http status code 0. trying WinHTTP. Send request returned 0x80040801. Http status code 0. trying CUP:iexplore. Send request returned 0x80040801. Http status code 0. Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80040801. Http status code 0. trying WinHTTP. Send request returned 0x80040801. Http status code 0. trying CUP:iexplore. Send request returned 0x80040801. Http status code 0. Trying config: source=FireFox, direct connection. trying CUP:WinHTTP. Send request returned 0x80040801. Http status code 0. trying WinHTTP. Send request returned 0x80040801. Http status code 0. trying CUP:iexplore. Send request returned 0x80040801. Http status code 0. Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80 Error: (04/29/2015 04:31:30 PM) (Source: VSS) (EventID: 12294) (User: ) Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG. Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},0000001DF7C00970). Operation: Get Shadow Copy Properties Context: Execution Context: Coordinator Error: (04/21/2015 00:31:12 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 37.0.1.5570, time stamp: 0x551e23ee Faulting module name: mozalloc.dll, version: 37.0.1.5570, time stamp: 0x551e1536 Exception code: 0x80000003 Fault offset: 0x00001aa1 Faulting process id: 0x5c4 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Faulting package full name: plugin-container.exe4 Faulting package-relative application ID: plugin-container.exe5 Error: (04/21/2015 00:31:12 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program firefox.exe version 37.0.1.5570 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: bf4 Start Time: 01d07bd00a33afc8 Termination Time: 42 Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Report Id: cd9acde8-e843-11e4-be90-10c37b671754 Faulting package full name: Faulting package-relative application ID: Error: (04/21/2015 00:24:43 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (04/20/2015 09:10:55 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (04/14/2015 11:44:32 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 System errors: ============= Error: (06/21/2015 09:01:36 AM) (Source: DCOM) (EventID: 10010) (User: Go-Station) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (06/21/2015 09:01:06 AM) (Source: DCOM) (EventID: 10010) (User: Go-Station) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (05/20/2015 02:04:48 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Update for Windows 8.1 for x64-based Systems (KB3047255). Error: (05/20/2015 02:04:48 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Update for Windows 8.1 for x64-based Systems (KB3047254). Error: (05/20/2015 02:04:48 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Update for Windows 8.1 for x64-based Systems (KB3015696). Error: (05/20/2015 02:04:48 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Update for Windows 8.1 for x64-based Systems (KB3021910). Error: (05/20/2015 02:04:48 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Update for Windows 8.1 for x64-based Systems (KB3048043). Error: (05/20/2015 02:04:48 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Security Update for Microsoft .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2 for x64-based Systems (KB3023219). Error: (05/20/2015 02:04:48 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Security Update for Internet Explorer Flash Player for Windows 8.1 for x64-based Systems (KB3061904). Error: (05/20/2015 02:04:48 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Security Update for Windows 8.1 for x64-based Systems (KB3061518). Microsoft Office: ========================= Error: (06/21/2015 09:22:28 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY) Description: -2147024883 Error: (05/20/2015 05:04:51 AM) (Source: Google Update) (EventID: 20) (User: Go-Station) Description: Network Request Error. Error: 0x80040801. Http status code: 0. Url=https://www.facebook.com/omaha/update.php Trying config: source=FireFox, direct connection. trying CUP:WinHTTP. Send request returned 0x80040801. Http status code 0. trying WinHTTP. Send request returned 0x80040801. Http status code 0. trying CUP:iexplore. Send request returned 0x80040801. Http status code 0. Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80040801. Http status code 0. trying WinHTTP. Send request returned 0x80040801. Http status code 0. trying CUP:iexplore. Send request returned 0x80040801. Http status code 0. Trying config: source=FireFox, direct connection. trying CUP:WinHTTP. Send request returned 0x80040801. Http status code 0. trying WinHTTP. Send request returned 0x80040801. Http status code 0. trying CUP:iexplore. Send request returned 0x80040801. Http status code 0. Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80 Error: (05/08/2015 04:28:57 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY) Description: -2147024883 Error: (04/29/2015 04:42:51 PM) (Source: Google Update) (EventID: 20) (User: Go-Station) Description: Network Request Error. Error: 0x80040801. Http status code: 0. Url=https://www.facebook.com/omaha/update.php Trying config: source=FireFox, direct connection. trying CUP:WinHTTP. Send request returned 0x80040801. Http status code 0. trying WinHTTP. Send request returned 0x80040801. Http status code 0. trying CUP:iexplore. Send request returned 0x80040801. Http status code 0. Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80040801. Http status code 0. trying WinHTTP. Send request returned 0x80040801. Http status code 0. trying CUP:iexplore. Send request returned 0x80040801. Http status code 0. Trying config: source=FireFox, direct connection. trying CUP:WinHTTP. Send request returned 0x80040801. Http status code 0. trying WinHTTP. Send request returned 0x80040801. Http status code 0. trying CUP:iexplore. Send request returned 0x80040801. Http status code 0. Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80 Error: (04/29/2015 04:31:30 PM) (Source: VSS) (EventID: 12294) (User: ) Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshot({00000000-0000-0000-0000-000000000000},0000001DF7C00970) Operation: Get Shadow Copy Properties Context: Execution Context: Coordinator Error: (04/21/2015 00:31:12 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe37.0.1.5570551e23eemozalloc.dll37.0.1.5570551e15368000000300001aa15c401d07c4d5e144863C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlld24ce9ad-e843-11e4-be90-10c37b671754 Error: (04/21/2015 00:31:12 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: firefox.exe37.0.1.5570bf401d07bd00a33afc842C:\Program Files (x86)\Mozilla Firefox\firefox.execd9acde8-e843-11e4-be90-10c37b671754 Error: (04/21/2015 00:24:43 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (04/20/2015 09:10:55 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (04/14/2015 11:44:32 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 ==================== Memory info =========================== Processor: Intel(R) Celeron(R) CPU N2815 @ 1.86GHz Percentage of memory in use: 44% Total physical RAM: 3982.68 MB Available physical RAM: 2215.16 MB Total Pagefile: 4686.68 MB Available Pagefile: 2728.99 MB Total Virtual: 131072 MB Available Virtual: 131071.85 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:185.87 GB) (Free:130.72 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (Data) (Fixed) (Total:258.34 GB) (Free:257.9 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 0FE4DC0A) Partition: GPT Partition Type. ==================== End of log ============================