Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Avast help please!

Started by southernbelle1 , Dec 23 2015 01:16 PM

  • This topic is locked This topic is locked

#1
southernbelle1
Posted 23 December 2015 - 01:16 PM

southernbelle1

    Member

  • Member
  • PipPip
  • 14 posts

my free Avast wont let me do anything without adding a password.  I can't even run an update, or scan for viruses. I've tried every password I would have used.I can't even uninstall and reinstall without that password. I have researched every thing I can at their website to reset password but it doesn't work.  Can someone please help me?  


  • 0

Advertisements

#2
zep516
Posted 23 December 2015 - 02:32 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
So what happens when you try this,

Go to my.avast.com and click Forgot your password.
Enter your e-mail address and click Reset password.
Check your inbox for the e-mail account used and open the message Avast antivirus account – password reset.
  • 0

#3
southernbelle1
Posted 23 December 2015 - 09:11 PM

southernbelle1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

I did that! Noting changed! It has me locked out of everything.  I tried to transfer an audio book from overdrive and it blocked my program.

I tried to delete Avast from programs, but it won't delete without the password.  Then I tried to re download over the one I have and it didn't change anything.  Everything I go to do, avast wants a password. 


  • 0

#4
southernbelle1
Posted 23 December 2015 - 09:13 PM

southernbelle1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

I ran malwarebytes and it said I was clean.  Can't run or update avast :(


  • 0

#5
zep516
Posted 24 December 2015 - 10:58 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

Lets take a look at things, post the 2 log reports..

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#6
southernbelle1
Posted 30 December 2015 - 09:54 AM

southernbelle1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Sorry it's been a busy few days with Christmas!  Here is my scan 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-12-2015
Ran by Lisa Manis (administrator) on LISAMANIS-PC (30-12-2015 10:51:12)
Running from C:\Users\Lisa Manis\Downloads
Loaded Profiles: Lisa Manis (Available Profiles: Lisa Manis)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [CnxtCoInstallerDefer] => C:\Program Files\CONEXANT\PREINSTALL\SETUP564238410\KESLYN.EXE [1574528 2010-12-15] (Conexant Systems, Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-23] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-311360127-3291622852-1042216310-1000\...\MountPoints2: {1654bfa4-a987-11e5-ad45-78e3b55c506f} - G:\VZW_Software_upgrade_assistant.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-23] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2015-12-18]
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.203.226 205.171.2.226
Tcpip\..\Interfaces\{4848D22D-C616-40E1-8546-0C6E309B0C0F}: [DhcpNameServer] 67.142.166.10 67.142.166.11
Tcpip\..\Interfaces\{CD1D6664-1187-4454-B092-6AA4538C1F2E}: [DhcpNameServer] 192.168.0.1 205.171.203.226 205.171.2.226
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
HKU\S-1-5-21-311360127-3291622852-1042216310-1000\Software\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-24] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-24] (AVAST Software)
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-23]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-23]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Lisa Manis\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Lisa Manis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-10]
CHR Extension: (YouTube) - C:\Users\Lisa Manis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-10]
CHR Extension: (Google Search) - C:\Users\Lisa Manis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lisa Manis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-10]
CHR Extension: (Gmail) - C:\Users\Lisa Manis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-10]
CHR HKLM-x32\...\Chrome\Extension: [emhginjpijfggbofeediiojmdlmlkoik] - C:\Program Files\AVAST Software\Avast\pam\Chrome\pam.crx [2015-12-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-24]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-23] (AVAST Software)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-23] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [451040 2015-12-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-23] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-30 10:51 - 2015-12-30 10:51 - 00010097 _____ C:\Users\Lisa Manis\Downloads\FRST.txt
2015-12-30 10:49 - 2015-12-30 10:51 - 00000000 ____D C:\FRST
2015-12-30 10:49 - 2015-12-30 10:49 - 02370560 _____ (Farbar) C:\Users\Lisa Manis\Downloads\FRST64.exe
2015-12-23 16:23 - 2015-12-23 16:23 - 00004420 _____ C:\Users\Lisa Manis\Downloads\ChristmasWedding.odm
2015-12-23 16:16 - 2015-12-23 16:16 - 00005365 _____ C:\Users\Lisa Manis\Downloads\CowboyforChristmas.odm
2015-12-23 16:12 - 2015-12-23 16:12 - 00005231 _____ C:\Users\Lisa Manis\Downloads\HisChristmasPleasure.odm
2015-12-23 13:57 - 2015-12-23 10:07 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-12-23 13:53 - 2015-12-23 13:53 - 05066104 _____ (AVAST Software) C:\Users\Lisa Manis\Downloads\avast_free_antivirus_setup_online_cnet2.exe
2015-12-23 13:05 - 2015-12-23 13:05 - 00000000 ____D C:\Users\Public\Documents\Verizon2.0_Log
2015-12-23 13:05 - 2015-12-23 13:05 - 00000000 ____D C:\Users\Lisa Manis\AppData\Roaming\VERIZON
2015-12-23 13:01 - 2015-12-23 13:01 - 00000000 ____D C:\Users\Lisa Manis\Desktop\New folder (2)
2015-12-23 12:59 - 2015-12-23 12:59 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-12-23 10:07 - 2015-12-23 10:07 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-12-23 10:01 - 2015-12-23 10:01 - 05066096 _____ (AVAST Software) C:\Users\Lisa Manis\Downloads\avast_free_antivirus_setup_online (1).exe
2015-12-18 16:38 - 2015-12-18 16:38 - 00000399 _____ C:\Users\Lisa Manis\Downloads\admhelper (3).adh
2015-12-18 16:37 - 2015-12-18 16:37 - 00000399 _____ C:\Users\Lisa Manis\Downloads\BK_RAND_004320_LC_64_22050_ster_z9g3NG7SzBc5VDV5ZcTu_a2oy812bhU0RD1OmdzQRUBXfua_U-hv3zoub6v3Ew.adh
2015-12-18 16:31 - 2015-12-18 16:31 - 00000399 _____ C:\Users\Lisa Manis\Downloads\admhelper (1).adh
2015-12-18 16:21 - 2015-12-18 16:21 - 00000399 _____ C:\Users\Lisa Manis\Downloads\BK_RAND_004320_LC_64_22050_ster_qNv3xXXSUrte7ulDkErT_laanwHO4arMPKDIDXEuNY04nnZtMTq3dDkUhfDxww.adh
2015-12-18 16:21 - 2015-12-18 16:21 - 00000399 _____ C:\Users\Lisa Manis\Downloads\admhelper.adh
2015-12-18 16:15 - 2015-12-18 16:15 - 00000000 ____D C:\Users\Public\Documents\Audible
2015-12-18 16:07 - 2015-12-18 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager
2015-12-18 16:07 - 2015-12-18 16:07 - 00000000 ____D C:\Program Files (x86)\Audible
2015-12-18 16:06 - 2015-12-18 16:06 - 02025792 _____ (Audible, Inc.) C:\Users\Lisa Manis\Downloads\AudibleDM_iTunesSetup.exe
2015-12-18 16:06 - 2015-12-18 16:06 - 02025792 _____ (Audible, Inc.) C:\Users\Lisa Manis\Downloads\AudibleDM_iTunesSetup (1).exe
2015-12-18 16:03 - 2015-12-18 16:03 - 00000399 _____ C:\Users\Lisa Manis\Downloads\admhelper (1)
2015-12-18 15:59 - 2015-12-18 15:59 - 00000399 _____ C:\Users\Lisa Manis\Downloads\admhelper
2015-12-18 13:51 - 2015-12-18 13:51 - 00000000 ____D C:\Users\Lisa Manis\Desktop\New folder
2015-12-16 13:12 - 2015-12-16 13:12 - 00004872 _____ C:\Users\Lisa Manis\Downloads\TroublemakerSurvivingHollywoodandScientology-62185 (1).odm
2015-12-16 13:12 - 2015-12-16 13:12 - 00000000 ____D C:\Users\Lisa Manis\AppData\Roaming\OverDrive
2015-12-16 13:10 - 2015-12-16 13:10 - 00002178 _____ C:\Users\Public\Desktop\Adobe Digital Editions 4.5.lnk
2015-12-16 13:10 - 2015-12-16 13:10 - 00000000 ____D C:\Users\Lisa Manis\AppData\Local\Adobe_Systems_Incorporate
2015-12-16 13:08 - 2015-12-16 13:08 - 08532144 _____ (Adobe Systems Incorporated) C:\Users\Lisa Manis\Downloads\ADE_4.5_Installer.exe
2015-12-16 13:05 - 2015-12-16 13:05 - 00002521 _____ C:\Users\Public\Desktop\OverDrive for Windows.lnk
2015-12-16 13:05 - 2015-12-16 13:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OverDrive for Windows
2015-12-16 13:05 - 2015-12-16 13:05 - 00000000 ____D C:\Program Files (x86)\OverDrive for Windows
2015-12-16 13:00 - 2015-12-16 13:00 - 04405248 _____ C:\Users\Lisa Manis\Downloads\ODMediaConsoleSetup.msi
2015-12-16 12:57 - 2015-12-16 12:57 - 00004872 _____ C:\Users\Lisa Manis\Downloads\TroublemakerSurvivingHollywoodandScientology-62185.odm
2015-12-07 19:07 - 2015-12-07 19:07 - 00000000 ____D C:\Users\Lisa Manis\AppData\Local\ElevatedDiagnostics
2015-12-03 17:11 - 2015-12-03 17:11 - 00001610 _____ C:\Users\Lisa Manis\AppData\Local\recently-used.xbel
2015-12-03 16:37 - 2015-12-03 16:37 - 00000000 ____D C:\Users\Lisa Manis\AppData\Local\webkit
2015-12-03 16:01 - 2015-12-03 17:11 - 00000000 ____D C:\Users\Lisa Manis\AppData\Local\gtk-2.0
2015-12-03 15:59 - 2015-12-03 15:59 - 00000000 ____D C:\Users\Lisa Manis\.thumbnails
2015-12-03 10:33 - 2015-12-03 10:33 - 00000000 ____D C:\Users\Lisa Manis\AppData\Local\AVAST Software
2015-12-03 10:32 - 2015-12-03 10:32 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2015-12-03 10:31 - 2015-12-03 10:31 - 00000000 ____D C:\Program Files\Common Files\AV
2015-11-30 16:24 - 2015-11-30 16:24 - 00014335 _____ C:\Users\Lisa Manis\Downloads\Calvin Lance Mauk (1).pdf
2015-11-30 16:08 - 2015-11-30 16:08 - 00014335 _____ C:\Users\Lisa Manis\Downloads\Calvin Lance Mauk.pdf
2015-11-30 12:32 - 2015-12-23 21:41 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-30 12:31 - 2015-11-30 12:31 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-30 12:31 - 2015-11-30 12:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-30 12:31 - 2015-11-30 12:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-30 12:31 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-30 12:31 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-30 12:31 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-30 12:27 - 2015-11-30 12:27 - 22908888 _____ (Malwarebytes ) C:\Users\Lisa Manis\Downloads\mbam-setup-2.2.0.1024 (1).exe
2015-11-30 12:26 - 2015-11-30 12:27 - 22908888 _____ (Malwarebytes ) C:\Users\Lisa Manis\Downloads\mbam-setup-2.2.0.1024.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-30 10:50 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2015-12-30 10:45 - 2009-07-13 23:45 - 00022544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-30 10:45 - 2009-07-13 23:45 - 00022544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-30 10:43 - 2009-07-14 00:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-30 10:43 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2015-12-30 10:36 - 2015-11-10 11:59 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-30 10:36 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-23 13:57 - 2015-11-24 14:09 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-12-23 13:57 - 2015-11-24 14:09 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-12-23 13:57 - 2015-11-24 14:08 - 00451040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-12-23 13:57 - 2015-11-24 14:08 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-12-23 10:07 - 2015-11-24 14:08 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-12-23 10:07 - 2015-11-24 14:08 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-12-23 10:07 - 2015-11-24 14:08 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-12-23 10:07 - 2015-11-24 14:08 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-12-23 10:07 - 2015-11-24 14:08 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-12-23 10:06 - 2015-11-24 14:08 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-12-16 15:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-12-16 13:09 - 2015-11-10 20:24 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-12-16 13:09 - 2015-11-07 21:23 - 00000000 ____D C:\Users\Lisa Manis\Documents\My Digital Editions
2015-12-11 10:44 - 2015-11-10 12:37 - 00000000 ____D C:\Users\Lisa Manis\.gimp-2.8
2015-12-08 10:59 - 2015-11-10 11:59 - 00000000 ____D C:\Users\Lisa Manis\AppData\Local\Google
2015-12-07 17:05 - 2015-11-10 11:59 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-07 17:05 - 2015-11-10 11:59 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-07 17:05 - 2015-11-10 11:59 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-03 15:59 - 2015-11-09 11:12 - 00000000 ____D C:\Users\Lisa Manis
2015-12-03 11:37 - 2015-11-09 11:15 - 00000000 ____D C:\Users\Lisa Manis\AppData\Local\VirtualStore
2015-11-30 12:10 - 2015-11-10 20:24 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
 
==================== Files in the root of some directories =======
 
2015-12-03 17:11 - 2015-12-03 17:11 - 0001610 _____ () C:\Users\Lisa Manis\AppData\Local\recently-used.xbel
 
Some files in TEMP:
====================
C:\Users\Lisa Manis\AppData\Local\Temp\AudibleDM_iTunesSetup.exe
C:\Users\Lisa Manis\AppData\Local\Temp\NetFramework45.exe
C:\Users\Lisa Manis\AppData\Local\Temp\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-23 12:45
 
==================== End of FRST.txt ============================

  • 0

#7
southernbelle1
Posted 30 December 2015 - 09:55 AM

southernbelle1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-12-2015
Ran by Lisa Manis (2015-12-30 10:51:48)
Running from C:\Users\Lisa Manis\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2015-11-09 16:12:47)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-311360127-3291622852-1042216310-500 - Administrator - Disabled)
Guest (S-1-5-21-311360127-3291622852-1042216310-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-311360127-3291622852-1042216310-1002 - Limited - Enabled)
Lisa Manis (S-1-5-21-311360127-3291622852-1042216310-1000 - Administrator - Enabled) => C:\Users\Lisa Manis
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{70F55D70-7E5F-6291-4924-2F7640F19BFE}) (Version: 3.0.838.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
calibre (HKLM-x32\...\{00A9870A-DA5A-4825-BEC9-F93FD41DE157}) (Version: 2.43.0 - Kovid Goyal)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.0.30.219 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT)
Intel® Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
OverDrive for Windows (HKLM-x32\...\{6D84D59B-38CD-41B1-A73A-9AB4C4C009BF}) (Version: 3.4.2 - OverDrive, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.84 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02D82F8C-F134-4EDF-9331-41EC39A6C9E5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-23] (AVAST Software)
Task: {22CA225A-4F66-4F61-BB57-60A6824376DB} - System32\Tasks\{6C4D28B8-EAFE-4AC6-B845-5092130BEC7F} => pcalua.exe -a "C:\Users\Lisa Manis\Desktop\HP Drivers\sp54841.exe" -d "C:\Users\Lisa Manis\Desktop\HP Drivers"
Task: {32DBF440-8528-443F-B74A-A7E8D7DED3BF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {348C170B-6BB3-413D-9AB3-C7E45656D9A5} - System32\Tasks\{C37A8689-BDB7-4A81-8CB2-C16858E675D3} => pcalua.exe -a "C:\Users\Lisa Manis\Desktop\HP Drivers\sp53261.exe" -d "C:\Users\Lisa Manis\Desktop\HP Drivers"
Task: {37C5B331-745C-4F0F-9746-03781872C421} - System32\Tasks\{B9AE15D4-2B53-4677-AFFF-48781E5C1F5B} => pcalua.exe -a "C:\Users\Lisa Manis\Desktop\HP Drivers\sp54900.exe" -d "C:\Users\Lisa Manis\Desktop\HP Drivers"
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {5E98EAB6-7676-4BD6-9F6D-0F602018D2EC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {6FEA60E9-0FE1-4DCA-A735-68A09C8DF989} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-10] (Google Inc.)
Task: {869650A8-FB90-4975-B647-BD90F400DC85} - System32\Tasks\{E8D0CF7A-AD0C-42DF-811B-E0AF5C764989} => pcalua.exe -a "C:\Users\Lisa Manis\Desktop\HP Drivers\sp53838.exe" -d "C:\Users\Lisa Manis\Desktop\HP Drivers"
Task: {884C9BBD-DF59-40DE-B6E2-9A0DDE2A0579} - System32\Tasks\{4D53AE11-1033-4BA5-BFB6-6D25ECE6A08A} => pcalua.exe -a "C:\Users\Lisa Manis\Desktop\HP Drivers\sp51605.exe" -d "C:\Users\Lisa Manis\Desktop\HP Drivers"
Task: {89A15247-24F1-4A63-AEA4-D6F6D53FFC8F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {9F73D8F8-3952-4D8A-8563-93E4DFEB0AD7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-10] (Google Inc.)
Task: {BF229249-67A9-4776-81E0-EDED9D32F0D6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-11-04] (HP Inc.)
Task: {C7C1C690-2D9C-4E97-9D65-8901D2C7894B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {CA976BF8-C095-4B9C-A70B-00F632241E43} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-16] (AVAST Software)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {EB2BDF4D-4668-45C9-A0E3-C3D8542431E0} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {ED9844EA-DBDC-4C80-B5BE-620B6B587CEA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-11-04] (HP Inc.)
Task: {F40367CC-A17B-4463-8EBA-AB60B51CABCA} - System32\Tasks\{A1AEA180-878C-413C-AFE8-F2E5FCE5563E} => pcalua.exe -a C:\Windows\system32\RT7LitePIlaunch.exe -d C:\Windows\system32
Task: {F79CF7BE-6C6F-4350-9F3F-0C3EA9977650} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-28] (Hewlett-Packard)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-13 08:45 - 2015-10-13 08:45 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 08:45 - 2015-10-13 08:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-01-08 00:57 - 2011-01-08 00:57 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-12-23 10:07 - 2015-12-23 10:07 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-12-23 10:07 - 2015-12-23 10:07 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-12-23 13:45 - 2015-12-23 13:45 - 02806272 _____ () C:\Program Files\AVAST Software\Avast\defs\15122302\algo.dll
2015-12-23 10:07 - 2015-12-23 10:07 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-12-30 10:38 - 2015-12-30 10:38 - 02808832 _____ () C:\Program Files\AVAST Software\Avast\defs\15123000\algo.dll
2015-12-23 10:07 - 2015-12-23 10:07 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-12-18 11:10 - 2015-12-10 22:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-18 11:10 - 2015-12-10 22:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
2015-11-10 20:35 - 2015-11-10 20:35 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b2363cf94faf59386ab4778a39c16e2b\IsdiInterop.ni.dll
2015-11-10 11:45 - 2011-05-20 13:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-311360127-3291622852-1042216310-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Lisa Manis\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1 - 205.171.203.226
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{363C7FFF-2B1F-400C-8F58-C97192404CBB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{574A23E8-6A97-4A32-B1CE-5C3A73FDB8EA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D225EB41-EC95-4876-836E-032CC2CA01BD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{773E8002-AF39-4177-9BE2-605929D11924}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1733A50B-1F09-4C19-87EA-920CAA64C313}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{09328B59-F91E-444D-882A-12A68CC9FF4E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
10-11-2015 17:14:51 Windows Update
10-11-2015 20:45:50 Windows Update
10-11-2015 21:14:56 Windows Update
24-11-2015 14:49:27 Scheduled Checkpoint
16-12-2015 13:04:48 Installed OverDrive for Windows
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/30/2015 10:37:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/23/2015 09:37:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18064, time stamp: 0x56042d8f
Faulting module name: ntdll.dll, version: 6.1.7601.19045, time stamp: 0x56259295
Exception code: 0xc0000005
Fault offset: 0x000000000004ac04
Faulting process id: 0x1144
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
 
Error: (12/23/2015 09:26:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/23/2015 04:06:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/23/2015 02:27:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/23/2015 02:03:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/23/2015 01:57:50 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Avast.VC110.DebugCRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".
Dependent Assembly Avast.VC110.DebugCRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/23/2015 01:49:14 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Avast.VC110.DebugCRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".
Dependent Assembly Avast.VC110.DebugCRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/23/2015 01:45:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/23/2015 01:43:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18064, time stamp: 0x56042d8f
Faulting module name: ntdll.dll, version: 6.1.7601.19045, time stamp: 0x56259295
Exception code: 0xc0000005
Fault offset: 0x000000000004ac04
Faulting process id: 0xb7c
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
 
 
System errors:
=============
Error: (12/18/2015 04:17:34 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (12/18/2015 04:17:34 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (12/18/2015 04:17:33 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (12/18/2015 04:17:33 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (12/16/2015 10:14:53 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{CD1D6664-1187-4454-B092-6AA4538C1F2E} because another computer on the network has the same name.  The server could not start.
 
Error: (11/24/2015 08:42:31 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:13:40 PM on ‎11/‎24/‎2015 was unexpected.
 
Error: (11/10/2015 08:23:12 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Internet Explorer 8 Compatibility View List for Windows 7 for x64-based Systems (KB2598845).
 
Error: (11/10/2015 08:17:53 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
%%16405
 
Error: (11/10/2015 08:15:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
%%16405
 
Error: (11/10/2015 08:07:44 PM) (Source: Application Popup) (EventID: 877) (User: )
Description: There was error [DATABASE OPEN FAILED] processing the driver database.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 26%
Total physical RAM: 8139.86 MB
Available physical RAM: 6015.23 MB
Total Virtual: 16277.93 MB
Available Virtual: 13903.52 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:447.28 GB) (Free:120.09 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery) (Fixed) (Total:14.32 GB) (Free:1.59 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
Drive h: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0AFF17D5)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=447.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
 
==================== End of Addition.txt ============================

  • 0

#8
zep516
Posted 30 December 2015 - 03:29 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

Right click on frst, "Run as administrator"

When frst opens copy this=> license.avastlic <= and paste it into the search field then click on search files let frst scan for it,

Then

Please post the search.txt log. It may be located here==>C:\Users\Lisa Manis\Downloads
  • 0

#9
southernbelle1
Posted 03 January 2016 - 09:44 PM

southernbelle1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I hope this is what you were looking for  :) .  I pasted license.avastlic then clicked on search files.
 
Farbar Recovery Scan Tool (x64) Version:31-12-2015
Ran by Lisa Manis (2016-01-03 22:18:33)
Running from C:\Users\Lisa Manis\Downloads
Boot Mode: Normal
 
================== Search Files: "license.avastlic
" =============
 
====== End of Search ======

Edited by southernbelle1, 03 January 2016 - 11:01 PM.

  • 0

#10
southernbelle1
Posted 03 January 2016 - 09:58 PM

southernbelle1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

The above I clicked in search files.  Below i clicked on scan:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015
Ran by Lisa Manis (administrator) on LISAMANIS-PC (03-01-2016 22:54:54)
Running from C:\Users\Lisa Manis\Downloads
Loaded Profiles: Lisa Manis (Available Profiles: Lisa Manis)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Lisa Manis\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [CnxtCoInstallerDefer] => C:\Program Files\CONEXANT\PREINSTALL\SETUP564238410\KESLYN.EXE [1574528 2010-12-15] (Conexant Systems, Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-23] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-311360127-3291622852-1042216310-1000\...\MountPoints2: {1654bfa4-a987-11e5-ad45-78e3b55c506f} - G:\VZW_Software_upgrade_assistant.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-23] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2015-12-18]
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 67.142.166.10 67.142.166.11
Tcpip\..\Interfaces\{4848D22D-C616-40E1-8546-0C6E309B0C0F}: [DhcpNameServer] 67.142.166.10 67.142.166.11
Tcpip\..\Interfaces\{CD1D6664-1187-4454-B092-6AA4538C1F2E}: [DhcpNameServer] 67.142.166.10 67.142.166.11
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
HKU\S-1-5-21-311360127-3291622852-1042216310-1000\Software\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-24] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-24] (AVAST Software)
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-30]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-30]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Lisa Manis\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Lisa Manis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-10]
CHR Extension: (YouTube) - C:\Users\Lisa Manis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-10]
CHR Extension: (Google Search) - C:\Users\Lisa Manis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lisa Manis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-10]
CHR Extension: (Gmail) - C:\Users\Lisa Manis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-10]
CHR HKLM-x32\...\Chrome\Extension: [emhginjpijfggbofeediiojmdlmlkoik] - C:\Program Files\AVAST Software\Avast\pam\Chrome\pam.crx [2015-12-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-24]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-23] (AVAST Software)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-23] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [451040 2015-12-30] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-23] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-03 22:34 - 2016-01-03 22:34 - 02370560 _____ (Farbar) C:\Users\Lisa Manis\Downloads\FRST64 (2).exe
2016-01-03 22:18 - 2016-01-03 22:43 - 00000257 _____ C:\Users\Lisa Manis\Downloads\Search.txt
2016-01-03 22:16 - 2016-01-03 22:17 - 02370560 _____ (Farbar) C:\Users\Lisa Manis\Downloads\FRST64 (1).exe
2015-12-30 11:15 - 2015-12-23 10:07 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-12-30 11:12 - 2015-12-30 11:12 - 05080352 _____ (AVAST Software) C:\Users\Lisa Manis\Downloads\avast_free_antivirus_setup_online (2).exe
2015-12-30 10:51 - 2016-01-03 22:54 - 00010067 _____ C:\Users\Lisa Manis\Downloads\FRST.txt
2015-12-30 10:51 - 2015-12-30 10:52 - 00021188 _____ C:\Users\Lisa Manis\Downloads\Addition.txt
2015-12-30 10:49 - 2016-01-03 22:54 - 00000000 ____D C:\FRST
2015-12-30 10:49 - 2015-12-30 10:49 - 02370560 _____ (Farbar) C:\Users\Lisa Manis\Downloads\FRST64.exe
2015-12-23 16:23 - 2015-12-23 16:23 - 00004420 _____ C:\Users\Lisa Manis\Downloads\ChristmasWedding.odm
2015-12-23 16:16 - 2015-12-23 16:16 - 00005365 _____ C:\Users\Lisa Manis\Downloads\CowboyforChristmas.odm
2015-12-23 16:12 - 2015-12-23 16:12 - 00005231 _____ C:\Users\Lisa Manis\Downloads\HisChristmasPleasure.odm
2015-12-23 13:53 - 2015-12-23 13:53 - 05066104 _____ (AVAST Software) C:\Users\Lisa Manis\Downloads\avast_free_antivirus_setup_online_cnet2.exe
2015-12-23 13:05 - 2015-12-23 13:05 - 00000000 ____D C:\Users\Public\Documents\Verizon2.0_Log
2015-12-23 13:05 - 2015-12-23 13:05 - 00000000 ____D C:\Users\Lisa Manis\AppData\Roaming\VERIZON
2015-12-23 13:01 - 2015-12-23 13:01 - 00000000 ____D C:\Users\Lisa Manis\Desktop\New folder (2)
2015-12-23 12:59 - 2015-12-23 12:59 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-12-23 10:07 - 2015-12-23 10:07 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-12-23 10:01 - 2015-12-23 10:01 - 05066096 _____ (AVAST Software) C:\Users\Lisa Manis\Downloads\avast_free_antivirus_setup_online (1).exe
2015-12-18 16:38 - 2015-12-18 16:38 - 00000399 _____ C:\Users\Lisa Manis\Downloads\admhelper (3).adh
2015-12-18 16:37 - 2015-12-18 16:37 - 00000399 _____ C:\Users\Lisa Manis\Downloads\BK_RAND_004320_LC_64_22050_ster_z9g3NG7SzBc5VDV5ZcTu_a2oy812bhU0RD1OmdzQRUBXfua_U-hv3zoub6v3Ew.adh
2015-12-18 16:31 - 2015-12-18 16:31 - 00000399 _____ C:\Users\Lisa Manis\Downloads\admhelper (1).adh
2015-12-18 16:21 - 2015-12-18 16:21 - 00000399 _____ C:\Users\Lisa Manis\Downloads\BK_RAND_004320_LC_64_22050_ster_qNv3xXXSUrte7ulDkErT_laanwHO4arMPKDIDXEuNY04nnZtMTq3dDkUhfDxww.adh
2015-12-18 16:21 - 2015-12-18 16:21 - 00000399 _____ C:\Users\Lisa Manis\Downloads\admhelper.adh
2015-12-18 16:15 - 2015-12-18 16:15 - 00000000 ____D C:\Users\Public\Documents\Audible
2015-12-18 16:07 - 2015-12-18 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager
2015-12-18 16:07 - 2015-12-18 16:07 - 00000000 ____D C:\Program Files (x86)\Audible
2015-12-18 16:06 - 2015-12-18 16:06 - 02025792 _____ (Audible, Inc.) C:\Users\Lisa Manis\Downloads\AudibleDM_iTunesSetup.exe
2015-12-18 16:06 - 2015-12-18 16:06 - 02025792 _____ (Audible, Inc.) C:\Users\Lisa Manis\Downloads\AudibleDM_iTunesSetup (1).exe
2015-12-18 16:03 - 2015-12-18 16:03 - 00000399 _____ C:\Users\Lisa Manis\Downloads\admhelper (1)
2015-12-18 15:59 - 2015-12-18 15:59 - 00000399 _____ C:\Users\Lisa Manis\Downloads\admhelper
2015-12-18 13:51 - 2015-12-18 13:51 - 00000000 ____D C:\Users\Lisa Manis\Desktop\New folder
2015-12-16 13:12 - 2015-12-16 13:12 - 00004872 _____ C:\Users\Lisa Manis\Downloads\TroublemakerSurvivingHollywoodandScientology-62185 (1).odm
2015-12-16 13:12 - 2015-12-16 13:12 - 00000000 ____D C:\Users\Lisa Manis\AppData\Roaming\OverDrive
2015-12-16 13:10 - 2015-12-16 13:10 - 00002178 _____ C:\Users\Public\Desktop\Adobe Digital Editions 4.5.lnk
2015-12-16 13:10 - 2015-12-16 13:10 - 00000000 ____D C:\Users\Lisa Manis\AppData\Local\Adobe_Systems_Incorporate
2015-12-16 13:08 - 2015-12-16 13:08 - 08532144 _____ (Adobe Systems Incorporated) C:\Users\Lisa Manis\Downloads\ADE_4.5_Installer.exe
2015-12-16 13:05 - 2015-12-16 13:05 - 00002521 _____ C:\Users\Public\Desktop\OverDrive for Windows.lnk
2015-12-16 13:05 - 2015-12-16 13:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OverDrive for Windows
2015-12-16 13:05 - 2015-12-16 13:05 - 00000000 ____D C:\Program Files (x86)\OverDrive for Windows
2015-12-16 13:00 - 2015-12-16 13:00 - 04405248 _____ C:\Users\Lisa Manis\Downloads\ODMediaConsoleSetup.msi
2015-12-16 12:57 - 2015-12-16 12:57 - 00004872 _____ C:\Users\Lisa Manis\Downloads\TroublemakerSurvivingHollywoodandScientology-62185.odm
2015-12-07 19:07 - 2015-12-07 19:07 - 00000000 ____D C:\Users\Lisa Manis\AppData\Local\ElevatedDiagnostics
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-03 22:10 - 2009-07-13 23:45 - 00022544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-03 22:10 - 2009-07-13 23:45 - 00022544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-03 22:05 - 2009-07-14 00:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-03 22:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-01-03 22:04 - 2015-11-10 11:59 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-03 21:58 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-30 11:16 - 2015-11-24 14:09 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-12-30 11:16 - 2015-11-24 14:09 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-12-30 11:16 - 2015-11-24 14:08 - 00451040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-12-30 11:16 - 2015-11-24 14:08 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-12-30 11:15 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2015-12-23 21:41 - 2015-11-30 12:32 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-23 10:07 - 2015-11-24 14:08 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-12-23 10:07 - 2015-11-24 14:08 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-12-23 10:07 - 2015-11-24 14:08 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-12-23 10:07 - 2015-11-24 14:08 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-12-23 10:07 - 2015-11-24 14:08 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-12-23 10:06 - 2015-11-24 14:08 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-12-16 15:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-12-16 13:09 - 2015-11-10 20:24 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-12-16 13:09 - 2015-11-07 21:23 - 00000000 ____D C:\Users\Lisa Manis\Documents\My Digital Editions
2015-12-11 10:44 - 2015-11-10 12:37 - 00000000 ____D C:\Users\Lisa Manis\.gimp-2.8
2015-12-08 10:59 - 2015-11-10 11:59 - 00000000 ____D C:\Users\Lisa Manis\AppData\Local\Google
2015-12-07 17:05 - 2015-11-10 11:59 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-07 17:05 - 2015-11-10 11:59 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-07 17:05 - 2015-11-10 11:59 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
 
==================== Files in the root of some directories =======
 
2015-12-03 17:11 - 2015-12-03 17:11 - 0001610 _____ () C:\Users\Lisa Manis\AppData\Local\recently-used.xbel
 
Some files in TEMP:
====================
C:\Users\Lisa Manis\AppData\Local\Temp\AudibleDM_iTunesSetup.exe
C:\Users\Lisa Manis\AppData\Local\Temp\NetFramework45.exe
C:\Users\Lisa Manis\AppData\Local\Temp\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-23 12:45
 
==================== End of FRST.txt ============================

  • 0

Advertisements

#11
zep516
Posted 04 January 2016 - 07:58 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

Have you followed these instructions linked below ? If not please try it.

https://www.avast.co...install-utility

How to boot to Safe mode:
Restart your computer
During restart keep tapping the f8 Key wait for the windows advanced boot options menu (Black screen with white letters)
Using your arrow keys select Safe Mode>Hit enter, let the computer boot into safe mode and run the the avast clean tool.

Thanks
Joe
  • 0

#12
southernbelle1
Posted 08 January 2016 - 02:47 PM

southernbelle1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

YAY!!!! This worked! Avast has been deleted.  Now the big question. Could you give me some advice on antivirus?  I really liked avast and am not sure what I did to lock myself out.  I could have set a password not realizing it would lock me completely out of it. I was using Microsoft Security Essentials before, but picked up  3 really bad Trojans.  So bad in fact, I had restore my whole system.  I'm using windows 7.  I don't do any gaming just your normal surfing, lots of youtubes and shopping online.

Thank you sooooo much for the help!


  • 0

#13
zep516
Posted 08 January 2016 - 04:19 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

You liked Avast then reinstall it and lets see what occurs. Get avast here===> https://www.avast.com/index

Let me know when that is done.

Thanks
Joe
  • 1

#14
southernbelle1
Posted 15 January 2016 - 10:31 AM

southernbelle1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Hi there :),

So I went ahead and just went with Microsoft Security Essentials.  I used it for years and didn't have a problem until about a month ago.  But I really like the simplicity of it.  So thank you very much for your advice.  So is there anything else I need to do?


  • 0

#15
zep516
Posted 15 January 2016 - 12:27 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Lets take a look at things,

When time permits for you.

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
Thanks
Joe
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP