Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Smart Wrapper Icon Virus [Solved]

Started by confused_goose , Aug 07 2015 04:04 AM

  • This topic is locked This topic is locked

#1
confused_goose
Posted 07 August 2015 - 04:04 AM

confused_goose

    Member

  • Member
  • PipPip
  • 22 posts

Hello,

I am not sure if this is the right place to put this but basically I have this program that was installed when I was trying to download some software. It is called ICSW1.13_0U1E1Q1T2Z1P0S2Z1T1C1V1N1P1G1P1C1L1R1.13.exe and shows up as a persistent "Smart Wrapper" Icon but I can't find it anywhere else aside from that icon (i.e. I cannot find it under Programs in the control panel or anywhere else).

A little bit about my laptop: It's an Asus X205TA, running Windows 8.1, a few months old. System: 32-bit Operating System, x64-based processor. That's all I can think of. I'll answer any other questions that would help fix this issue. 

 

I will be posting my FRST and Addition logs in the following posts.

Any help would be much appreciated. Thank you!! smile.gif
 


  • 0

Advertisements

#2
confused_goose
Posted 07 August 2015 - 04:04 AM

confused_goose

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:06-08-2015
Ran by tania_000 (administrator) on TEA_ASUS (07-08-2015 06:01:20)
Running from E:\Desktop
Loaded Profiles: tania_000 (Available Profiles: tania_000)
Platform: Microsoft Windows 8.1 with Bing (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Seagate Technology LLC) C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files\Seagate\Seagate Dashboard 2.0\MobileService.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(ASUS) C:\Program Files\ASUS\Splendid\ACMON.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(BitTorrent Inc.) C:\Users\tania_000\AppData\Roaming\uTorrent\uTorrent.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLoader.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPCenter.exe
(Intel Corporation) C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPHelper.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkNGUI] => C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe [7750144 2014-09-10] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-08-01] (AVAST Software)
HKLM\...\Run: [DBAgent] => C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1518664 2014-09-17] (Seagate Technology LLC)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [81336 2014-12-31] (Intel Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157992 2015-07-11] (Apple Inc.)
HKU\S-1-5-21-2489842463-321880632-3367131723-1001\...\Run: [GoogleChromeAutoLaunch_622834A2EA5AFFCAC390CB14C1AE4BB5] => C:\Program Files\Google\Chrome\Application\chrome.exe [813896 2015-07-31] (Google Inc.)
HKU\S-1-5-21-2489842463-321880632-3367131723-1001\...\Run: [Uploader] => C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127080 2014-09-17] (Seagate Technology LLC)
HKU\S-1-5-21-2489842463-321880632-3367131723-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6278424 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-2489842463-321880632-3367131723-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53753984 2015-07-18] (Skype Technologies S.A.)
HKU\S-1-5-21-2489842463-321880632-3367131723-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [407040 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-21-2489842463-321880632-3367131723-1001\...\Run: [uTorrent] => C:\Users\tania_000\AppData\Roaming\uTorrent\uTorrent.exe [1693024 2015-08-01] (BitTorrent Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-08-01] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2489842463-321880632-3367131723-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-2489842463-321880632-3367131723-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\S-1-5-21-2489842463-321880632-3367131723-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-01] (AVAST Software)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0500B3B7-BDF8-4E2A-A280-8BFCC80CB3C7}: [DhcpNameServer] 169.254.125.80
Tcpip\..\Interfaces\{8E5F24DC-910C-4E2F-A378-74A7285BA14F}: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2013-07-12] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2013-07-12] (Intel Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-02]
 
Chrome: 
=======
CHR Profile: C:\Users\tania_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\tania_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-30]
CHR Extension: (Entanglement Web App) - C:\Users\tania_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-12-30]
CHR Extension: (Google Docs) - C:\Users\tania_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-30]
CHR Extension: (Google Drive) - C:\Users\tania_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-30]
CHR Extension: (YouTube) - C:\Users\tania_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-30]
CHR Extension: (Google Cast) - C:\Users\tania_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-01-11]
CHR Extension: (Adblock Plus) - C:\Users\tania_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-30]
CHR Extension: (Google Search) - C:\Users\tania_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-30]
CHR Extension: (Dropbox for Gmail) - C:\Users\tania_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2015-05-13]
CHR Extension: (Avast SafePrice) - C:\Users\tania_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-01-12]
CHR Extension: (Google Sheets) - C:\Users\tania_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-30]
CHR Extension: (Avast Online Security) - C:\Users\tania_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-02]
CHR Extension: (TweetDeck by Twitter) - C:\Users\tania_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2014-12-30]
CHR Extension: (AmazonSmile 1Button for Chrome) - C:\Users\tania_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgenjhkjihnmigcommchefpajjhdmba [2014-12-30]
CHR Extension: (Google Keep - notes and lists) - C:\Users\tania_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2014-12-30]
CHR Extension: (Panel View for Keep) - C:\Users\tania_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccocffecajimkdjgfpjhlpiimcnadhb [2014-12-30]
CHR Extension: (Evernote Web) - C:\Users\tania_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2014-12-30]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\tania_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Phone 2 Google Chrome™) - C:\Users\tania_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnlgojabfogikedjanecphloghlegpdm [2014-12-30]
CHR Extension: (Poppit!) - C:\Users\tania_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-12-30]
CHR Extension: (Messenger (Unofficial)) - C:\Users\tania_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdapmeleikeppmfgadilffngabfpibok [2015-07-29]
CHR Extension: (Hangouts) - C:\Users\tania_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-12-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\tania_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-30]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\tania_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2014-12-30]
CHR Extension: (Gmail) - C:\Users\tania_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-30]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-03-24]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-24]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AsHidService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [103224 2014-05-14] (ASUSTek Computer Inc.)
R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe [115512 2014-03-26] (ASUSTek Computer Inc.)
R2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-21] (ASUS)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-01] (AVAST Software)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [1677016 2014-11-25] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [250880 2014-10-28] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1867448 2015-07-01] (Microsoft Corporation)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279000 2014-06-13] (Intel Corporation)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [83384 2014-12-31] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [97208 2014-12-31] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [90552 2014-12-31] (Intel Corporation)
R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-04-10] (Foxit Software Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [277976 2014-06-13] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [586752 2013-07-02] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [637912 2013-07-02] (Intel® Corporation)
R2 jhi_service; C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-01-15] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [103936 2014-10-28] (Microsoft Corporation)
R2 Seagate Dashboard Services; C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-09-17] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files\Seagate\Seagate Dashboard 2.0\MobileService.exe [157776 2014-09-17] (Seagate Technology LLC)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [284488 2015-02-03] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [20992 2014-10-28] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22200 2015-02-03] (Microsoft Corporation)
S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1269248 2014-10-28] (Microsoft Corporation)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-02] (ASUS)
R3 AsusHID; C:\Windows\System32\drivers\AsusHID.sys [69912 2014-07-29] (ASUS Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-08-01] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-08-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-08-01] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-08-01] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788784 2015-08-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433264 2015-08-01] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [113592 2015-08-01] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-08-01] (AVAST Software)
R1 ATKWMIACPIIO; C:\Program Files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [17720 2013-07-02] (ASUSTek Computer Inc.)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [97896 2013-07-18] (ASIX Electronics Corp.)
R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [25600 2014-03-18] (Microsoft Corporation)
R3 BCMSDH43XX; C:\Windows\system32\DRIVERS\bcmdhd63.sys [307928 2014-11-25] (Broadcom Corp)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [186880 2014-03-18] (Microsoft Corporation)
R3 BthMini; C:\Windows\System32\Drivers\BTHMINI.sys [23552 2015-06-09] (Microsoft Corporation)
S3 btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [145112 2014-11-25] (Broadcom Corporation.)
R3 BtwSerialBus; C:\Windows\system32\DRIVERS\BtwSerialBus.sys [132312 2014-11-25] (Broadcom Corporation.)
R3 camera; C:\Windows\system32\DRIVERS\camera.sys [460800 2014-06-24] (Intel Corporation)
R3 DptfDevDBPT; C:\Windows\system32\DRIVERS\DptfDevPower.sys [25528 2014-12-31] (Intel Corporation)
R3 DptfDevDisplay; C:\Windows\system32\DRIVERS\DptfDevDisplay.sys [28088 2014-12-31] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [36280 2014-12-31] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [80824 2014-12-31] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [182200 2014-12-31] (Intel Corporation)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [23552 2014-05-15] (Intel Corporation)
R3 GpioVirtual; C:\Windows\System32\drivers\iaiogpiovirtual.sys [16896 2014-03-21] (Intel Corporation)
R3 HIDSwitch; C:\Windows\System32\drivers\AsHIDSwitch.sys [17720 2013-10-07] (ASUS)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [62464 2014-05-15] (Intel Corporation)
R3 iaiouart; C:\Windows\System32\drivers\iaiouart.sys [87552 2014-03-21] (Intel Corporation)
S0 iaStorA; C:\Windows\System32\drivers\iaStorA.sys [489832 2013-12-15] (Intel Corporation)
S3 intaud_WaveExtensible; C:\Windows\system32\drivers\intelaud.sys [32152 2014-05-06] (Intel Corporation)
R3 IntelSST; C:\Windows\system32\drivers\isstrtc.sys [260608 2014-06-27] (Intel® Corporation)
R3 iwdbus; C:\Windows\System32\drivers\iwdbus.sys [23448 2014-05-06] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [21968 2014-03-15] (Intel Corporation)
S3 NETwNs32; C:\Windows\system32\DRIVERS\Netwsn00.sys [10372096 2013-06-18] (Intel Corporation)
S3 NuidFltr; C:\Windows\System32\drivers\NuidFltr.sys [25808 2014-01-07] (Microsoft Corporation)
R3 PMIC; C:\Windows\System32\drivers\PMIC.sys [66560 2014-07-01] (Intel Corporation)
R3 rtii2sac; C:\Windows\system32\DRIVERS\rtii2sac.sys [204504 2014-09-15] (Realtek Semiconductor Corp.)
S3 teamviewervpn; C:\Windows\system32\DRIVERS\teamviewervpn.sys [25088 2014-12-15] (TeamViewer GmbH)
R3 TXEI; C:\Windows\System32\drivers\TXEI.sys [75792 2014-01-09] (Intel Corporation)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2014-08-16] (Apple, Inc.) [File not signed]
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [84800 2015-02-03] (Microsoft Corporation)
R0 Wof; C:\Windows\system32\Drivers\Wof.sys [138584 2014-05-30] (Microsoft Corporation)
R3 WUDFSensorLP; C:\Windows\System32\drivers\WUDFRd.sys [190976 2014-10-28] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [190976 2014-10-28] (Microsoft Corporation)
U0 msahci; system32\drivers\msahci.sys [X]
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-06 16:00 - 2015-08-07 06:01 - 00000000 ___DC C:\FRST
2015-08-06 15:25 - 2015-08-06 15:25 - 00000000 ___DC C:\Program Files\K-Lite Codec Pack
2015-08-06 15:25 - 2015-08-06 15:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2015-08-06 14:23 - 2015-08-06 14:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-08-06 14:22 - 2015-08-06 14:23 - 00000000 ___DC C:\Program Files\iTunes
2015-08-06 14:22 - 2015-08-06 14:22 - 00000000 ___DC C:\Program Files\iPod
2015-08-06 13:18 - 2015-08-06 13:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-08-06 13:17 - 2015-08-06 13:17 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-08-06 13:17 - 2015-08-06 13:17 - 00000000 ___DC C:\Program Files\Apple Software Update
2015-08-06 13:16 - 2015-08-06 14:22 - 00000000 ___DC C:\Program Files\Common Files\Apple
2015-08-04 20:28 - 2015-08-04 20:31 - 00098520 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-04 20:28 - 2015-08-04 20:28 - 00000000 ___DC C:\Program Files\Malwarebytes Anti-Malware
2015-08-04 20:28 - 2015-08-04 20:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-04 20:28 - 2015-06-18 08:41 - 00094936 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-04 20:28 - 2015-06-18 08:41 - 00051928 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-04 20:28 - 2015-06-18 08:41 - 00023256 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-04 20:15 - 2015-08-04 20:15 - 00000042 ____C C:\Windows\system32\AK083E209605E394C.lie
2015-08-04 20:15 - 2015-08-04 20:15 - 00000000 ___DC C:\Rbackup
2015-08-02 11:30 - 2015-08-02 07:35 - 00000000 _SHDC C:\Recovery
2015-08-02 11:29 - 2015-08-02 14:08 - 00000000 ___DC C:\Windows.old
2015-08-02 10:04 - 2015-08-02 10:04 - 00008192 _____ C:\Windows\system32\config\userdiff
2015-08-02 09:55 - 2015-08-02 09:55 - 00000000 ___DC C:\$SysReset
2015-08-02 05:44 - 2015-08-02 05:46 - 00000713 ____C C:\Windows\DtcInstall.log
2015-08-02 05:30 - 2015-08-02 08:15 - 00009528 ____C C:\Windows\diagwrn.xml
2015-08-02 05:30 - 2015-08-02 08:15 - 00009528 ____C C:\Windows\diagerr.xml
2015-08-01 18:39 - 2015-06-12 12:36 - 15159296 ____C (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2015-08-01 18:38 - 2015-07-14 18:04 - 00869720 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-08-01 18:38 - 2015-07-14 17:59 - 00393560 ____C (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2015-08-01 18:38 - 2015-06-11 15:26 - 01853272 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-08-01 18:38 - 2015-06-09 18:03 - 00023552 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\BthMini.SYS
2015-08-01 18:38 - 2015-06-09 18:02 - 01014784 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2015-08-01 18:38 - 2015-06-09 18:02 - 00039424 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2015-08-01 18:38 - 2015-06-09 14:17 - 00411133 ____C C:\Windows\system32\ApnDatabase.xml
2015-08-01 18:38 - 2015-05-11 20:32 - 00554328 ____C (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-01 18:38 - 2015-04-30 20:14 - 05468136 ____C (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2015-08-01 18:38 - 2015-04-30 20:14 - 01192576 ____C (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-08-01 18:38 - 2015-04-30 20:14 - 00227736 ____C (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2015-08-01 10:57 - 2015-08-07 05:33 - 00002885 ____C C:\Windows\setupact.log
2015-08-01 10:57 - 2015-08-01 10:57 - 00000000 ____C C:\Windows\setuperr.log
2015-08-01 10:56 - 2015-08-07 05:32 - 00072808 ____C C:\Windows\PFRO.log
2015-08-01 10:01 - 2015-08-01 10:01 - 00313472 ____C (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-08-01 10:01 - 2015-08-01 10:01 - 00043112 ____C (AVAST Software) C:\Windows\avastSS.scr
2015-07-31 07:06 - 2015-07-31 07:06 - 00000000 ___DC C:\Program Files\AnvSoft
2015-07-31 07:06 - 2015-07-31 07:06 - 00000000 ____D C:\Users\tania_000\Documents\Anvsoft
2015-07-31 07:06 - 2015-07-31 07:06 - 00000000 ____D C:\Users\tania_000\AppData\Roaming\Anvsoft
2015-07-31 07:06 - 2015-07-31 07:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
2015-07-30 22:22 - 2015-08-07 04:15 - 01260762 ____C C:\Windows\WindowsUpdate.log
2015-07-28 22:36 - 2015-07-25 09:34 - 00923648 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-26 08:02 - 2015-07-26 08:02 - 00000000 ___DC C:\Program Files\Common Files\DESIGNER
2015-07-21 02:46 - 2015-07-14 10:14 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 02:46 - 2015-07-14 10:14 - 00035840 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-15 21:16 - 2015-08-06 13:18 - 00000000 ___DC C:\Program Files\QuickTime
2015-07-15 10:57 - 2015-07-02 17:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 10:55 - 2015-07-02 16:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 10:54 - 2015-07-02 16:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 10:54 - 2015-07-02 15:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-14 17:49 - 2015-06-29 18:48 - 00024240 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-14 17:49 - 2015-06-29 11:05 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-14 17:49 - 2015-06-26 09:37 - 00587264 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-14 17:49 - 2015-06-26 09:37 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-14 17:49 - 2015-06-26 09:36 - 00932864 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-14 17:49 - 2015-06-26 09:36 - 00628224 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-14 17:49 - 2015-06-26 09:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-14 16:31 - 2015-06-24 22:29 - 03531776 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-14 16:27 - 2015-07-09 14:05 - 00128568 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-14 16:27 - 2015-07-09 11:39 - 03062784 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-14 16:27 - 2015-07-09 11:38 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-14 16:27 - 2015-07-09 11:37 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-14 16:27 - 2015-07-09 11:35 - 00334336 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-07-14 16:27 - 2015-07-09 11:35 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-14 16:27 - 2015-07-09 11:34 - 00721920 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-14 16:27 - 2015-07-09 11:31 - 02163200 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-14 16:27 - 2015-07-01 17:14 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-14 16:27 - 2015-06-26 23:08 - 00239104 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-14 16:27 - 2015-06-26 22:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-14 16:27 - 2015-06-26 22:14 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-14 16:27 - 2015-05-11 12:27 - 00308736 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll
2015-07-14 16:27 - 2015-05-03 10:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-14 16:27 - 2015-05-03 10:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-07-14 16:27 - 2015-04-29 19:21 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2015-07-14 16:27 - 2015-04-28 09:13 - 00513480 _____ C:\Windows\system32\locale.nls
2015-07-14 16:26 - 2015-06-28 01:12 - 00851704 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-14 16:26 - 2015-06-28 01:12 - 00147800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-14 16:26 - 2015-06-28 01:06 - 00332120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-14 16:26 - 2015-06-26 22:18 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-14 16:26 - 2015-06-26 22:17 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-14 16:26 - 2015-06-26 22:17 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-14 16:26 - 2015-06-26 21:27 - 01117696 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-14 16:26 - 2015-06-26 21:26 - 00802816 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-14 16:26 - 2015-06-16 01:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-14 16:26 - 2015-06-15 17:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-14 16:26 - 2015-06-15 17:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-14 16:26 - 2015-06-15 17:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-14 16:26 - 2015-06-15 17:09 - 03607552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-14 16:26 - 2015-06-15 17:04 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-14 16:26 - 2015-06-15 17:03 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-14 16:26 - 2015-06-15 16:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-07-14 16:26 - 2015-06-15 16:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-14 16:26 - 2015-06-15 16:43 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-14 16:26 - 2015-06-15 16:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-07-14 16:26 - 2015-06-15 16:41 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-14 16:26 - 2015-06-15 16:37 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-07-14 16:26 - 2015-06-15 16:32 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-07-14 16:26 - 2015-06-15 16:31 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-14 16:26 - 2015-06-15 16:30 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-14 16:26 - 2015-06-15 16:30 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-14 16:26 - 2015-06-15 16:17 - 01048576 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-07-14 16:26 - 2015-06-15 16:07 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-14 16:26 - 2015-06-15 16:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-14 16:26 - 2015-06-15 15:57 - 02460160 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-14 16:26 - 2015-06-10 23:54 - 01132640 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-14 16:26 - 2015-05-30 15:24 - 00694272 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-07-14 16:26 - 2015-05-30 15:24 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-07-14 16:26 - 2015-05-12 09:18 - 00207360 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2015-07-14 16:26 - 2015-05-07 12:53 - 19734960 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-07-14 16:26 - 2015-05-07 12:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-07-14 16:26 - 2015-05-07 11:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2015-07-14 16:26 - 2015-05-03 10:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2015-07-14 16:26 - 2015-05-02 19:21 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-07-14 16:26 - 2015-04-24 22:25 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-07-14 16:26 - 2015-04-23 11:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-07-10 07:17 - 2015-08-02 10:16 - 00000000 ___HD C:\$Windows.~BT
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-07 06:02 - 2013-08-22 04:17 - 00000000 ___DC C:\Windows\system32\sru
2015-08-07 05:59 - 2015-03-09 15:06 - 00000000 ____D C:\Users\tania_000\AppData\Roaming\uTorrent
2015-08-07 05:48 - 2014-12-30 19:43 - 00000000 ____D C:\Users\tania_000\AppData\Roaming\Skype
2015-08-07 05:45 - 2014-12-30 18:25 - 00000912 ____C C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-07 05:39 - 2014-03-18 03:40 - 00878630 ____C C:\Windows\system32\PerfStringBackup.INI
2015-08-07 05:35 - 2014-12-30 17:50 - 00000093 _____ C:\Users\tania_000\AppData\Roaming\sp_data.sys
2015-08-07 05:33 - 2015-07-06 06:54 - 00000000 __RDC C:\Users\tania_000\OneDrive
2015-08-07 05:33 - 2014-12-30 18:25 - 00000908 ____C C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-07 05:33 - 2014-12-30 17:48 - 00000000 ___DC C:\Users\tania_000
2015-08-07 05:33 - 2013-08-22 03:23 - 00000006 ___HC C:\Windows\Tasks\SA.DAT
2015-08-06 15:06 - 2015-03-02 19:08 - 00000000 ____D C:\Users\tania_000\AppData\Roaming\Apple Computer
2015-08-06 14:19 - 2015-03-02 19:03 - 00000000 ____D C:\ProgramData\Apple
2015-08-06 08:41 - 2013-08-22 04:17 - 00000000 ___DC C:\Windows\AppReadiness
2015-08-04 20:21 - 2013-08-22 02:13 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-08-04 16:42 - 2013-08-22 04:17 - 00000000 ___DC C:\Windows\Microsoft.NET
2015-08-02 14:01 - 2015-05-10 22:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2015-08-02 14:01 - 2015-04-19 19:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-02 14:01 - 2015-01-30 13:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2015-08-02 14:01 - 2015-01-02 21:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
2015-08-02 14:01 - 2015-01-02 14:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-08-02 14:01 - 2015-01-02 14:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-08-02 14:01 - 2014-12-30 19:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-08-02 14:01 - 2014-12-30 18:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-02 14:01 - 2014-11-25 15:57 - 00000000 ____D C:\ProgramData\Intel
2015-08-02 14:01 - 2014-11-25 15:53 - 00000000 ___DC C:\Program Files\ASUS
2015-08-02 14:01 - 2014-05-30 18:35 - 00000000 ___DC C:\Windows\Log
2015-08-02 10:16 - 2014-05-30 19:06 - 00000000 ___DC C:\Windows\Panther
2015-08-02 08:13 - 2013-08-22 04:17 - 00000000 ___DC C:\Windows\Registration
2015-08-02 05:54 - 2013-08-22 02:13 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-08-01 18:39 - 2013-08-22 04:05 - 00000000 ___DC C:\Windows\CbsTemp
2015-08-01 10:01 - 2015-01-02 14:26 - 00788784 ____C (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-08-01 10:01 - 2015-01-02 14:26 - 00433264 ____C (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-08-01 10:01 - 2015-01-02 14:26 - 00208664 ____C (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-08-01 10:01 - 2015-01-02 14:26 - 00113592 ____C (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-08-01 10:01 - 2015-01-02 14:26 - 00081728 ____C (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-08-01 10:01 - 2015-01-02 14:26 - 00076000 ____C (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-08-01 10:01 - 2015-01-02 14:26 - 00049776 ____C (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-08-01 10:01 - 2015-01-02 14:26 - 00024016 ____C (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-07-27 20:15 - 2014-12-30 19:42 - 00000000 ____D C:\ProgramData\Skype
2015-07-26 08:01 - 2014-12-30 19:21 - 00000000 ___DC C:\Program Files\Microsoft Office 15
2015-07-25 12:58 - 2015-04-19 20:14 - 00000000 __SDC C:\Windows\system32\GWX
2015-07-23 13:20 - 2013-08-22 04:17 - 00000000 ___DC C:\Windows\system32\NDF
2015-07-22 05:37 - 2013-08-22 03:22 - 00474392 ____C C:\Windows\system32\FNTCACHE.DAT
2015-07-20 06:48 - 2015-04-19 19:36 - 00000000 __RDC C:\Program Files\Skype
2015-07-19 06:35 - 2015-01-02 19:17 - 00000000 ___DC C:\Windows\system32\MRT
2015-07-16 07:22 - 2015-03-02 19:08 - 00000000 ___DC C:\Users\tania_000\AppData\Local\Apple Computer
2015-07-15 05:32 - 2015-01-02 19:49 - 00000000 __SDC C:\Windows\system32\CompatTel
2015-07-15 05:32 - 2015-01-02 19:49 - 00000000 ___DC C:\Windows\system32\appraiser
2015-07-15 05:32 - 2013-08-22 04:17 - 00000000 ___RD C:\Windows\ToastData
2015-07-15 05:32 - 2013-08-22 04:17 - 00000000 ___DC C:\Windows\WinStore
2015-07-13 17:10 - 2015-01-02 19:54 - 00792568 ____C (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-13 17:10 - 2015-01-02 19:54 - 00178168 ____C (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2015-06-13 17:59 - 2015-06-13 18:03 - 0000154 _____ () C:\Users\tania_000\AppData\Roaming\settings.xml
2014-12-30 17:50 - 2015-08-07 05:35 - 0000093 _____ () C:\Users\tania_000\AppData\Roaming\sp_data.sys
2014-05-30 18:11 - 2012-07-30 02:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2014-05-30 18:11 - 2009-07-22 06:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-05-30 18:11 - 2012-09-07 07:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
 
Some files in TEMP:
====================
C:\Users\tania_000\AppData\Local\Temp\ICReinstall_apple-application-support.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-02 15:09
 
==================== End of log ============================

  • 0

#3
confused_goose
Posted 07 August 2015 - 04:05 AM

confused_goose

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Additional scan result of Farbar Recovery Scan Tool (x86) Version:06-08-2015
Ran by tania_000 (2015-08-07 06:02:23)
Running from E:\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2489842463-321880632-3367131723-500 - Administrator - Disabled)
Guest (S-1-5-21-2489842463-321880632-3367131723-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2489842463-321880632-3367131723-1003 - Limited - Enabled)
tania_000 (S-1-5-21-2489842463-321880632-3367131723-1001 - Administrator - Enabled) => C:\Users\tania_000
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2489842463-321880632-3367131723-1001\...\uTorrent) (Version: 3.4.3.40760 - BitTorrent Inc.)
Apple Application Support (32-bit) (HKLM\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{538227C6-C74B-4A74-99E1-2C0B4F9DA5E1}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Smart Gesture (HKLM\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.19 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.02.0001 - ASUS)
ATK Package (HKLM\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0036 - ASUS)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.3.2225 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.93.103.4 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.3.76.410 - Foxit Software Inc.)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 7.1.5.425 - Foxit Software Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3643 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
iTunes (HKLM\...\{9DBBE7B8-EE7A-4FD9-9C7F-35E69A4C19D8}) (Version: 12.2.1.16 - Apple Inc.)
K-Lite Codec Pack 11.3.6 Full (HKLM\...\KLiteCodecPack_is1) (Version: 11.3.6 - )
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4737.1003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
PDFMate Free PDF Merger 1.0.9 (HKLM\...\PDFMate Free PDF Merger_is1) (Version:  - pdfmate.com)
QuickTime 7 (HKLM\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek I2S Audio (HKLM\...\{89A448AA-3301-46AA-AFC3-34F2D7C670E8}) (Version: 6.2.9600.4172 - Realtek Semiconductor Corp.)
Seagate Dashboard (HKLM\...\{F1D8690F-06B3-4100-9949-398EA253AC61}) (Version: 3.2.1802.2 - Seagate)
Skype™ 7.7 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.102 - Skype Technologies S.A.)
Windows Driver Package - ASUS (AsusHID) Mouse  (07/01/2014 3.0.0.33) (HKLM\...\F702FA7BC14FCDE2F71BCDC3E7305536832742C1) (Version: 07/01/2014 3.0.0.33 - ASUS)
WinFlash (HKLM\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
05-08-2015 13:52:27 Windows Update
06-08-2015 14:21:51 Installed iTunes
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 02:13 - 2013-08-22 02:13 - 00000824 ___AC C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0A431715-5059-492A-9B5C-6A4667F9195A} - System32\Tasks\{00DD06A5-5EA7-4079-989B-E474B7982E63} => Chrome.exe http://www.skype.com...8;LastError=404
Task: {0EF8E321-8F2E-433E-8FE1-F60D2D459BF2} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {13614D3A-A5BA-4829-A7A8-23373F87708F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {1901F2F7-0AE9-4F5B-9BF1-F7D53901023F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-30] (Google Inc.)
Task: {29803A79-D2C6-45F2-8F50-847B6E4764B9} - System32\Tasks\tania_000 Merge => C:\Program Files\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-09-17] (Seagate Technology LLC)
Task: {3C550320-6C40-4354-B94E-29E240D7C71D} - System32\Tasks\Seagate_Install_Launch => C:\Program Files\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2014-09-17] (Seagate Technology LLC)
Task: {42C9572D-E860-4D96-8583-3F06F65020D9} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {42D79843-A443-42A0-8B60-247916476E57} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files\ASUS\Splendid\ACMON.exe [2014-06-04] (ASUS)
Task: {54069077-9A34-41BE-A3EC-295C8F7B8393} - System32\Tasks\tania_000 => C:\Program Files\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-09-17] (Seagate Technology LLC)
Task: {673574C9-0B26-49A4-AE15-19A0DAEB4A66} - System32\Tasks\tania_000 DBAgent 2 0 => C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2014-09-17] (Seagate Technology LLC)
Task: {68A68AA7-E120-482D-93F9-423466F93412} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLauncher.exe [2014-07-29] (AsusTek)
Task: {7230FCA1-144C-4D4A-A04A-3CD80BF4AECF} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {77601F07-41E4-4FDF-B3E8-6D3CEF493115} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {88D3168D-ED59-452D-BEA0-69852ABC9045} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {8CFC92A2-AB33-471D-B366-E861DA6411A9} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.)
Task: {8E554AE1-4FFD-468B-BD07-EC4562B6FA8B} - System32\Tasks\Run_Browser => C:\Users\tania_000\AppData\Local\UnicoBrowser\Application\unicobrowser.exe <==== ATTENTION
Task: {A2545508-051A-4D69-887F-D9D94031AD71} - System32\Tasks\Microsoft Office 15 Sync Maintenance for TEA_ASUS-tania_000 Tea_Asus => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-06-02] (Microsoft Corporation)
Task: {A495D3BF-2775-48A7-A9A3-801D19F4397F} - System32\Tasks\PostPoneInstall => C:\Users\TANIA_~1\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe <==== ATTENTION
Task: {AD2D252C-5B5E-48E1-BC14-6B5DC04050EE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {BD7A3050-3669-48C1-A5A0-99677E2C626C} - \Microsoft\Windows\TaskScheduler\Idle Maintenance No Task File <==== ATTENTION
Task: {C3710122-B7AC-4788-AB64-2869FDD391CC} - System32\Tasks\klcp_update => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-08-03] ()
Task: {DD223B09-BCE3-453A-974F-EBF8E7C7B259} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {E0BF5486-D49A-4FDB-A6A4-6440CDCE529A} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {F2DBA23C-C412-4120-B7C7-C13141683F5D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {F349730C-2203-445A-A291-07B8180299C4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-01] (AVAST Software)
Task: {F5CD84AC-1A7D-44FF-AFDC-4F1CDFFE967E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-30] (Google Inc.)
Task: {F69CDA8E-A702-44E3-A0DB-50F55190E983} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-06-09] (Microsoft Corporation)
Task: {F78A431B-6C44-4B6D-BD3A-38F96C982E5B} - \Microsoft\Windows\TaskScheduler\Regular Maintenance No Task File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-08-01 10:01 - 2015-08-01 10:01 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-08-01 10:01 - 2015-08-01 10:01 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-08-06 11:11 - 2015-08-06 11:11 - 02960384 _____ () C:\Program Files\AVAST Software\Avast\defs\15080602\algo.dll
2015-08-07 05:33 - 2015-08-07 05:33 - 02960384 _____ () C:\Program Files\AVAST Software\Avast\defs\15080700\algo.dll
2015-05-15 16:27 - 2015-05-15 16:27 - 00073544 ____C () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:27 - 2015-05-15 16:27 - 01044776 ____C () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-30 19:21 - 2014-05-20 03:11 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
2014-06-04 00:01 - 2014-06-04 00:01 - 00117248 _____ () C:\Program Files\ASUS\Splendid\CCTAdjust.dll
2014-06-04 00:01 - 2014-06-04 00:01 - 00037936 _____ () C:\Program Files\ASUS\Splendid\DetectDisplayDC.dll
2014-06-04 00:01 - 2014-06-04 00:01 - 00018992 _____ () C:\Program Files\ASUS\Splendid\AMDColorEnhance.dll
2014-06-04 00:01 - 2014-06-04 00:01 - 00020528 _____ () C:\Program Files\ASUS\Splendid\AMDRegammaAndGamut.dll
2015-03-24 13:42 - 2015-03-24 13:42 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-08-05 13:02 - 2015-07-31 02:19 - 01405768 ____C () C:\Program Files\Google\Chrome\Application\44.0.2403.130\libglesv2.dll
2015-08-05 13:02 - 2015-07-31 02:19 - 00081224 ____C () C:\Program Files\Google\Chrome\Application\44.0.2403.130\libegl.dll
2015-08-05 13:02 - 2015-07-31 02:19 - 16308040 ____C () C:\Program Files\Google\Chrome\Application\44.0.2403.130\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\bootmgr:WofCompressedData
AlternateDataStreams: C:\Users\tania_000\OneDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2489842463-321880632-3367131723-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\tania_000\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "DBAgent"
HKU\S-1-5-21-2489842463-321880632-3367131723-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_622834A2EA5AFFCAC390CB14C1AE4BB5"
HKU\S-1-5-21-2489842463-321880632-3367131723-1001\...\StartupApproved\Run: => "Uploader"
HKU\S-1-5-21-2489842463-321880632-3367131723-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2489842463-321880632-3367131723-1001\...\StartupApproved\Run: => "Google Update"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{1A916C4F-F20D-4916-993C-AF75880252BB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [TCP Query User{51F0226A-606A-4C8B-BD03-13E6A20227A5}C:\program files\skype\phone\skype.exe] => (Allow) C:\program files\skype\phone\skype.exe
FirewallRules: [UDP Query User{0D1DEF9D-A981-479D-A599-F19B7504221C}C:\program files\skype\phone\skype.exe] => (Allow) C:\program files\skype\phone\skype.exe
FirewallRules: [TCP Query User{8F1E93A5-D190-4BE2-B82F-15ADBCA15F89}C:\program files\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{F129BB67-900B-4F0B-9C40-5CFDE597EDEB}C:\program files\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{B25B1EA1-13A3-4A11-8241-FA7100BD5035}] => (Allow) LPort=8888
FirewallRules: [{95DC8CEE-6BCC-4E5D-9A13-5197342B654B}] => (Allow) LPort=8888
FirewallRules: [TCP Query User{6DE9CA73-A81F-45D8-A4B7-F6A34ED5866E}C:\program files\skype\phone\skype.exe] => (Block) C:\program files\skype\phone\skype.exe
FirewallRules: [UDP Query User{F4A75B32-9FE2-43C2-9628-F0295EEC48EA}C:\program files\skype\phone\skype.exe] => (Block) C:\program files\skype\phone\skype.exe
FirewallRules: [TCP Query User{13278958-966E-4C7A-848C-8DD2C7B7831A}C:\program files\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{BA7F51D9-2E54-4478-AEF1-9CBC296059CE}C:\program files\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [TCP Query User{4C9D6244-FC62-4C94-9A78-08FA0B1FF95D}C:\windows\system32\rundll32.exe] => (Allow) C:\windows\system32\rundll32.exe
FirewallRules: [UDP Query User{D7E58B4A-7BC1-443B-81B3-A2D81DC1DB8B}C:\windows\system32\rundll32.exe] => (Allow) C:\windows\system32\rundll32.exe
FirewallRules: [{B2B9F8ED-B5E8-4BF4-9DA1-5681D323D263}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{66426EFC-3C1C-43E7-A591-F604FDCF9583}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{4CA132E4-87AA-46F9-A4DE-B65658F46049}E:\downloads\utorrent.exe] => (Block) E:\downloads\utorrent.exe
FirewallRules: [UDP Query User{54F57AF7-860A-4D40-A235-04860E858142}E:\downloads\utorrent.exe] => (Block) E:\downloads\utorrent.exe
FirewallRules: [{443EE1B7-87E1-40AF-9DF1-DAA1B68FC43B}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{58041F53-638C-4B12-8C6A-E22769AFE341}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{17B90E89-393C-4A7F-AD54-7C0DE839A245}E:\downloads\utorrent (1).exe] => (Allow) E:\downloads\utorrent (1).exe
FirewallRules: [UDP Query User{6F06AACF-5C84-4C82-99EA-FDD405FFB835}E:\downloads\utorrent (1).exe] => (Allow) E:\downloads\utorrent (1).exe
FirewallRules: [{9E3A155F-A77C-4498-8578-B1314D806B70}] => (Allow) C:\Program Files\Popcorn Time\Updater.exe
FirewallRules: [{FCC02ED3-50C5-4A31-A168-8614EF9A1E71}] => (Allow) C:\Program Files\Popcorn Time\Updater.exe
FirewallRules: [TCP Query User{1ACCB3A6-BA2B-42DC-A8AD-ABC9ABD480E2}C:\program files\popcorn time\chromecast\node.exe] => (Allow) C:\program files\popcorn time\chromecast\node.exe
FirewallRules: [UDP Query User{34AE5FE9-6D21-4ECF-9159-B43086231711}C:\program files\popcorn time\chromecast\node.exe] => (Allow) C:\program files\popcorn time\chromecast\node.exe
FirewallRules: [{F306EE7F-E988-41F9-9C38-69C811BCEFA6}] => (Block) C:\program files\popcorn time\chromecast\node.exe
FirewallRules: [{6F7944F6-A285-48BE-9799-2B70D11682D7}] => (Block) C:\program files\popcorn time\chromecast\node.exe
FirewallRules: [{A85769D2-7A5A-4227-95E1-D2FDA161CBBE}] => (Allow) C:\Users\tania_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{11B0FD82-D985-48FD-BF98-219BA2BF1FE0}] => (Allow) C:\Users\tania_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{28668D40-7BAB-4C84-82A8-B510ACB0121F}] => (Allow) C:\Users\tania_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9BD5A0A2-744E-41CC-9172-E5FD7C517B9C}] => (Allow) C:\Users\tania_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B433BADD-EC0E-4E63-B538-1B3F56304401}] => (Allow) C:\Users\tania_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BA045C58-1D70-4E99-B857-7785F037DB5D}] => (Allow) C:\Users\tania_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AA71E55D-F13A-48DA-9532-B41C6EF0D593}] => (Allow) C:\Users\tania_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9EC390EE-3391-4033-8309-C41B6795574A}] => (Allow) C:\Users\tania_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C90E3BD4-CD47-4E5E-A565-81D6FCACA33E}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{742824EF-1862-48AD-B14A-CF1CFBB4A0C2}] => (Allow) C:\Program Files\iTunes\iTunes.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/06/2015 03:51:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 44.0.2403.125, time stamp: 0x55b32311
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f42bd
Exception code: 0xc0000018
Fault offset: 0x00097751
Faulting process id: 0x1900
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
Error: (08/06/2015 03:06:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TEA_ASUS)
Description: Activation of app AFF540DC.FLVMediaPlayer_v7353qx4kg3sa!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/06/2015 03:06:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: f28
 
Start Time: 01d0d07ae7e3da76
 
Termination Time: 4294967295
 
Application Path: C:\Windows\system32\wwahost.exe
 
Report Id: 2edde1a7-3c6e-11e5-9797-6cfaa738e561
 
Faulting package full name: AFF540DC.FLVMediaPlayer_1.0.10.17_x86__v7353qx4kg3sa
 
Faulting package-relative application ID: App
 
Error: (08/06/2015 03:06:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: TEA_ASUS)
Description: App AFF540DC.FLVMediaPlayer_1.0.10.17_x86__v7353qx4kg3sa+App did not launch within its allotted time.
 
Error: (08/06/2015 03:05:41 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TEA_ASUS)
Description: Activation of app AFF540DC.FLVMediaPlayer_v7353qx4kg3sa!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/06/2015 01:12:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsiExec.exe, version: 5.0.9600.17905, time stamp: 0x557f40b9
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xfe0
Faulting application start time: 0xMsiExec.exe0
Faulting application path: MsiExec.exe1
Faulting module path: MsiExec.exe2
Report Id: MsiExec.exe3
Faulting package full name: MsiExec.exe4
Faulting package-relative application ID: MsiExec.exe5
 
Error: (08/05/2015 06:37:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1250
 
Start Time: 01d0cf17a00779be
 
Termination Time: 44
 
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
 
Report Id: 7af13aa7-3bc2-11e5-9797-6cfaa738e561
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (08/05/2015 12:11:15 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {6EAECA0B-7909-4BB5-A846-28CDC736FF1B}
 
Error: (08/05/2015 12:11:15 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {6EAECA0B-7909-4BB5-A846-28CDC736FF1B}
 
Error: (08/04/2015 08:33:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 121c
 
Start Time: 01d0cf15ae48265f
 
Termination Time: 15
 
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
 
Report Id: 82a603e8-3b09-11e5-9797-6cfaa738e561
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (08/07/2015 06:02:33 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (08/07/2015 05:33:10 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:29:19 AM on ‎2015-‎08-‎07 was unexpected.
 
Error: (08/06/2015 03:19:25 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR5.
 
Error: (08/06/2015 02:19:59 PM) (Source: DCOM) (EventID: 10010) (User: TEA_ASUS)
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}
 
Error: (08/05/2015 11:02:39 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WMPNetworkSvc service.
 
Error: (08/05/2015 08:46:46 AM) (Source: DCOM) (EventID: 10010) (User: TEA_ASUS)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (08/05/2015 08:45:15 AM) (Source: DCOM) (EventID: 10010) (User: TEA_ASUS)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (08/05/2015 08:43:43 AM) (Source: DCOM) (EventID: 10010) (User: TEA_ASUS)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (08/05/2015 08:42:11 AM) (Source: DCOM) (EventID: 10010) (User: TEA_ASUS)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (08/05/2015 08:40:39 AM) (Source: DCOM) (EventID: 10010) (User: TEA_ASUS)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
 
Microsoft Office:
=========================
Error: (08/06/2015 03:51:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe44.0.2403.12555b32311ntdll.dll6.3.9600.17736550f42bdc000001800097751190001d0d0815333dc8eC:\Program Files\Google\Chrome\Application\chrome.exeC:\Windows\SYSTEM32\ntdll.dll90ff0b0e-3c74-11e5-9797-6cfaa738e561
 
Error: (08/06/2015 03:06:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TEA_ASUS)
Description: AFF540DC.FLVMediaPlayer_v7353qx4kg3sa!App-2144927142
 
Error: (08/06/2015 03:06:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.17415f2801d0d07ae7e3da764294967295C:\Windows\system32\wwahost.exe2edde1a7-3c6e-11e5-9797-6cfaa738e561AFF540DC.FLVMediaPlayer_1.0.10.17_x86__v7353qx4kg3saApp
 
Error: (08/06/2015 03:06:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: TEA_ASUS)
Description: AFF540DC.FLVMediaPlayer_1.0.10.17_x86__v7353qx4kg3sa+App
 
Error: (08/06/2015 03:05:41 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TEA_ASUS)
Description: AFF540DC.FLVMediaPlayer_v7353qx4kg3sa!App-2144927142
 
Error: (08/06/2015 01:12:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MsiExec.exe5.0.9600.17905557f40b9unknown0.0.0.000000000c000000500000000fe001d0d06b1f941d4fC:\Windows\system32\MsiExec.exeunknown5dd9d6f2-3c5e-11e5-9797-6cfaa738e561
 
Error: (08/05/2015 06:37:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.17840125001d0cf17a00779be44C:\Program Files\Internet Explorer\iexplore.exe7af13aa7-3bc2-11e5-9797-6cfaa738e561
 
Error: (08/05/2015 12:11:15 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {6EAECA0B-7909-4BB5-A846-28CDC736FF1B}
 
Error: (08/05/2015 12:11:15 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {6EAECA0B-7909-4BB5-A846-28CDC736FF1B}
 
Error: (08/04/2015 08:33:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.17840121c01d0cf15ae48265f15C:\Program Files\Internet Explorer\iexplore.exe82a603e8-3b09-11e5-9797-6cfaa738e561
 
 
==================== Memory info =========================== 
 
Processor: Intel® Atom™ CPU Z3735F @ 1.33GHz
Percentage of memory in use: 71%
Total physical RAM: 1983.15 MB
Available physical RAM: 565.88 MB
Total Virtual: 3966.3 MB
Available Virtual: 1020.52 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:20.9 GB) (Free:2.68 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: () (Removable) (Total:59.45 GB) (Free:52.1 GB) exFAT
Drive f: () (Removable) (Total:15.61 GB) (Free:15.14 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: 64985234)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 59.5 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 3 (Size: 15.6 GB) (Disk ID: 6F20736B)
No partition Table on disk 3.
Disk 3 is a removable device.
 
==================== End of log ============================

  • 0

#4
Essexboy
Posted 07 August 2015 - 08:32 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you let me know if this stops it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
Task: {8E554AE1-4FFD-468B-BD07-EC4562B6FA8B} - System32\Tasks\Run_Browser => C:\Users\tania_000\AppData\Local\UnicoBrowser\Application\unicobrowser.exe <==== ATTENTION
Task: {A495D3BF-2775-48A7-A9A3-801D19F4397F} - System32\Tasks\PostPoneInstall => C:\Users\TANIA_~1\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe <==== ATTENTION
Task: {BD7A3050-3669-48C1-A5A0-99677E2C626C} - \Microsoft\Windows\TaskScheduler\Idle Maintenance No Task File <==== ATTENTION
Task: {F78A431B-6C44-4B6D-BD3A-38F96C982E5B} - \Microsoft\Windows\TaskScheduler\Regular Maintenance No Task File <==== ATTENTION
C:\Users\TANIA_~1\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe
C:\Users\tania_000\AppData\Local\UnicoBrowser
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 1

#5
confused_goose
Posted 07 August 2015 - 08:53 AM

confused_goose

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

Thank you very much for your help! I will post the two logs as soon as they are done! :)


  • 0

#6
confused_goose
Posted 07 August 2015 - 08:59 AM

confused_goose

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

I don't know if this matters but after the fixlog was created, my laptop restarted. Also, here's the fixlog:

 

Fix result of Farbar Recovery Scan Tool (x86) Version:06-08-2015
Ran by tania_000 (2015-08-07 10:53:35) Run:1
Running from E:\Desktop
Loaded Profiles: tania_000 (Available Profiles: tania_000)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
Task: {8E554AE1-4FFD-468B-BD07-EC4562B6FA8B} - System32\Tasks\Run_Browser => C:\Users\tania_000\AppData\Local\UnicoBrowser\Application\unicobrowser.exe <==== ATTENTION
Task: {A495D3BF-2775-48A7-A9A3-801D19F4397F} - System32\Tasks\PostPoneInstall => C:\Users\TANIA_~1\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe <==== ATTENTION
Task: {BD7A3050-3669-48C1-A5A0-99677E2C626C} - \Microsoft\Windows\TaskScheduler\Idle Maintenance No Task File <==== ATTENTION
Task: {F78A431B-6C44-4B6D-BD3A-38F96C982E5B} - \Microsoft\Windows\TaskScheduler\Regular Maintenance No Task File <==== ATTENTION
C:\Users\TANIA_~1\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe
C:\Users\tania_000\AppData\Local\UnicoBrowser
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E554AE1-4FFD-468B-BD07-EC4562B6FA8B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E554AE1-4FFD-468B-BD07-EC4562B6FA8B}" => key removed successfully.
C:\Windows\System32\Tasks\Run_Browser => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Run_Browser" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A495D3BF-2775-48A7-A9A3-801D19F4397F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A495D3BF-2775-48A7-A9A3-801D19F4397F}" => key removed successfully.
C:\Windows\System32\Tasks\PostPoneInstall => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PostPoneInstall" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BD7A3050-3669-48C1-A5A0-99677E2C626C}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD7A3050-3669-48C1-A5A0-99677E2C626C}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Idle Maintenance" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F78A431B-6C44-4B6D-BD3A-38F96C982E5B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F78A431B-6C44-4B6D-BD3A-38F96C982E5B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Regular Maintenance" => key removed successfully.
"C:\Users\TANIA_~1\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe" => File/Folder not found.
"C:\Users\tania_000\AppData\Local\UnicoBrowser" => File/Folder not found.
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-2489842463-321880632-3367131723-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-2489842463-321880632-3367131723-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
 
 
========= End of RemoveProxy: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => 259.2 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 10:54:39 ====

  • 0

#7
confused_goose
Posted 07 August 2015 - 09:11 AM

confused_goose

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

AdW Cleaner Log

 

# AdwCleaner v4.208 - Logfile created 07/08/2015 at 11:05:16
# Updated 09/07/2015 by Xplode
# Database : 2015-07-09.2 [Local]
# Operating system : Windows 8.1 Connected  (x86)
# Username : tania_000 - TEA_ASUS
# Running from : E:\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DD4C66B8-F943-4B10-8053-7E9EE39BBA4A}
Key Deleted : HKLM\SOFTWARE\Clara
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Google Chrome v44.0.2403.130
 
 
*************************
 
AdwCleaner[R0].txt - [947 bytes] - [07/08/2015 11:02:58]
AdwCleaner[S0].txt - [879 bytes] - [07/08/2015 11:05:16]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [937  bytes] ##########

  • 0

#8
confused_goose
Posted 07 August 2015 - 09:21 AM

confused_goose

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

Unfortunately that sneaky icon is still there

 

YwvcmvL.jpg


  • 0

#9
Essexboy
Posted 07 August 2015 - 10:09 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ah I think I know how to remove that .... What it is, is that windows does not clear that area of notifications even if a programme is no longer present

Right click this link https://dl.dropboxus...ation-items.vbsand select save target as.... to your desktop
Windows smartscreen may give a warning. Select run anyway
Double click the vbs programme and allow it to run
Once it has run then reboot and let me know if it has gone
  • 1

#10
confused_goose
Posted 07 August 2015 - 10:35 AM

confused_goose

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

I am getting the following error message when I double-click the program

 

PsFam7I.jpg


  • 0

Advertisements

#11
Essexboy
Posted 07 August 2015 - 10:43 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm it worked on my windows 8 .. Curious

Ok there is a batch file that does the same job here http://www.sevenforu...cons-reset.html
  • 1

#12
confused_goose
Posted 07 August 2015 - 10:50 AM

confused_goose

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

It worked! Thank you so so soooo much!!!  :rockon:


  • 0

#13
Essexboy
Posted 07 August 2015 - 11:02 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Any further problems ?


  • 0

#14
confused_goose
Posted 07 August 2015 - 11:06 AM

confused_goose

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

None at all. Thank you once again for all your help!


  • 0

#15
Essexboy
Posted 07 August 2015 - 11:09 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Delete the VBS and Batch file from your desktop

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP