Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Checking for malware - Please help, THANKS! [Closed]


  • This topic is locked This topic is locked

#16
L3Nerd

L3Nerd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
 
C:\Users\Owner\Downloads>move C:\Users\Owner\Downloads\FRST64.exe C:\Users\Owner
\Desktop
        1 file(s) moved.
 
C:\Users\Owner\Downloads>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by Owner (administrator) on COMPUTER (31-01-2016 22:31:52)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner & Administrator (Available Profiles: Owner & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Windstream) C:\Program Files (x86)\Windstream\Diagnostic Tools\HsdService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Radialpoint SafeCare Inc.) C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)
HKLM-x32\...\Run: [Windstream Service Agent.exe] => C:\Program Files (x86)\Windstream\Service Agent\Windstream Service Agent.exe [10204472 2011-10-13] (Windstream)
HKLM-x32\...\Run: [DiagnosticTools.exe] => C:\Program Files (x86)\Windstream\Diagnostic Tools\DiagnosticTools.exe [2037048 2011-04-25] (Windstream)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-14] (AVAST Software)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-01-16] (Apple Inc.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2016-01-14] (Google Inc.)
HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\Run: [Inspector] => C:\Users\Owner\AppData\Roaming\Protector-xklf.exe
HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2057531234-2367892702-2072951418-500\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-01-14] (AVAST Software)
ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll [2007-06-15] ()
ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll [2007-06-01] ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll [2007-06-15] ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll [2007-06-01] ()
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-02-13]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2010-12-13]
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk [2011-02-13]
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-02-13]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-02-13]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{770317D9-EA8E-4F6C-B8B1-5C05798825FA}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
URLSearchHook: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000 - (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2057531234-2367892702-2072951418-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-01-14] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2011-11-01] (Yahoo! Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-04-12] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-01-14] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-04-12] (Oracle Corporation)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2011-11-01] (Yahoo! Inc)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-26] ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @radialpoint.com/SPA,version=1 -> C:\Program Files (x86)\Windstream\Service Agent\nprpspa.dll [2011-10-13] (Windstream)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-26] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-11-14] ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-04-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-04-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @radialpoint.com/SPA,version=1 -> C:\Program Files (x86)\Windstream\Service Agent\nprpspa.dll [2011-10-13] (Windstream)
FF Plugin HKU\S-1-5-21-2057531234-2367892702-2072951418-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2016-01-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-2057531234-2367892702-2072951418-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2016-01-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-2057531234-2367892702-2072951418-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-06-05] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-14]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-01-14]
 
Chrome: 
=======
CHR Plugin: (Native Client) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\48.0.2564.97\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\48.0.2564.97\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\48.0.2564.97\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll => No File
CHR Plugin: (Unity Player) - C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\Owner\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-01-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-14]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-01-14]
StartMenuInternet: Google Chrome - C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ADSMService; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.) [File not signed]
R2 AFBAgent; C:\Windows\system32\FBAgent.exe [377264 2010-09-30] (ASUSTeK Computer Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-14] (AVAST Software)
R2 HsdService; C:\Program Files (x86)\Windstream\Diagnostic Tools\HsdService.exe [1393976 2011-04-25] (Windstream)
R2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 ServicepointService; C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe [10315064 2011-10-13] (Radialpoint SafeCare Inc.)
R2 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 DiagTrack; %SystemRoot%\system32\diagtrack.dll [X]
S3 IEEtwCollectorService; %SystemRoot%\system32\IEEtwCollector.exe /V [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2016-01-14] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2016-01-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2016-01-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2016-01-14] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065208 2016-01-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-26] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2016-01-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2016-01-14] (AVAST Software)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-24] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-19] ()
S1 jiucecvv; \??\C:\Windows\system32\drivers\jiucecvv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-31 22:31 - 2016-01-31 22:32 - 00020104 _____ C:\Users\Owner\Desktop\FRST.txt
2016-01-30 16:48 - 2016-01-30 16:48 - 00000000 ____D C:\Users\Owner\jxm
2016-01-30 16:24 - 2016-01-30 16:35 - 00394620 _____ C:\TDSSKiller.3.1.0.9_30.01.2016_16.24.51_log.txt
2016-01-29 23:03 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2016-01-29 18:53 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2016-01-29 18:53 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2016-01-29 18:53 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2016-01-29 18:53 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2016-01-29 18:53 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2016-01-29 18:53 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2016-01-29 18:52 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2016-01-29 18:52 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2016-01-29 18:46 - 2016-01-29 18:46 - 00000000 ____D C:\Users\Administrator\Documents\ASUS
2016-01-29 18:46 - 2016-01-29 18:46 - 00000000 ____D C:\Users\Administrator\AppData\Local\ASUS
2016-01-29 18:46 - 2016-01-29 18:46 - 00000000 ____D C:\ProgramData\ASUS
2016-01-29 18:38 - 2016-01-29 18:38 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2016-01-29 18:38 - 2016-01-29 18:38 - 00000000 ____D C:\Users\Administrator\AppData\Local\SRS Labs
2016-01-27 06:40 - 2015-02-03 22:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2016-01-27 06:40 - 2015-02-03 21:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2016-01-27 06:40 - 2013-08-27 20:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-01-26 21:51 - 2016-01-31 10:51 - 00028852 _____ C:\Users\Owner\Downloads\Addition.txt
2016-01-26 21:47 - 2016-01-26 21:47 - 02370560 _____ (Farbar) C:\Users\Owner\Downloads\FRST64 (1).exe
2016-01-26 20:27 - 2016-01-26 20:27 - 00000000 ____D C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2016-01-26 19:49 - 2016-01-26 19:49 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\Sun
2016-01-26 19:48 - 2016-01-26 19:48 - 00058016 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-26 19:48 - 2016-01-26 19:48 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2016-01-26 19:47 - 2016-01-26 19:47 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Yahoo!
2016-01-26 19:47 - 2016-01-26 19:47 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\Yahoo! Companion
2016-01-26 19:47 - 2016-01-26 19:47 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\Yahoo!
2016-01-26 19:44 - 2016-01-26 19:44 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Windstream
2016-01-26 19:44 - 2016-01-26 19:44 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Radialpoint
2016-01-26 19:43 - 2016-01-30 15:49 - 00001415 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-24 19:59 - 2016-01-30 16:17 - 00001136 _____ C:\Users\Owner\Desktop\JRT.txt
2016-01-24 19:35 - 2016-01-24 19:39 - 01600184 _____ (Malwarebytes) C:\Users\Owner\Downloads\JRT.exe
2016-01-24 19:26 - 2016-01-24 19:35 - 00198084 _____ C:\TDSSKiller.3.1.0.9_24.01.2016_19.26.21_log.txt
2016-01-14 22:34 - 2016-01-30 00:30 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-01-14 22:34 - 2016-01-30 00:30 - 00000000 ___SD C:\Windows\system32\GWX
2016-01-14 22:34 - 2016-01-30 00:30 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-01-14 22:34 - 2016-01-30 00:30 - 00000000 ____D C:\Windows\system32\appraiser
2016-01-14 15:15 - 2016-01-14 15:16 - 00196248 _____ C:\TDSSKiller.3.1.0.9_14.01.2016_15.15.18_log.txt
2016-01-14 15:14 - 2016-01-14 15:14 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Owner\Downloads\tdsskiller.exe
2016-01-14 14:50 - 2016-01-31 10:51 - 00038228 _____ C:\Users\Owner\Downloads\FRST.txt
2016-01-14 13:26 - 2016-01-14 13:26 - 00000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2016-01-14 11:58 - 2016-01-14 11:58 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVAST Software
2016-01-14 11:58 - 2016-01-14 11:58 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2016-01-14 08:15 - 2016-01-14 08:10 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-01-14 08:11 - 2016-01-23 20:45 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-01-14 08:11 - 2016-01-14 08:11 - 00001924 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-01-14 08:11 - 2016-01-14 08:11 - 00000000 ____D C:\Users\Owner\AppData\Roaming\AVAST Software
2016-01-14 08:11 - 2016-01-14 08:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-01-14 08:11 - 2016-01-14 08:11 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-14 08:10 - 2016-01-30 15:50 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-01-14 08:10 - 2016-01-26 19:57 - 01065208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-01-14 08:10 - 2016-01-26 19:57 - 00464256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-01-14 08:10 - 2016-01-14 08:11 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-01-14 08:10 - 2016-01-14 08:10 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-01-14 08:10 - 2016-01-14 08:10 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-01-14 08:10 - 2016-01-14 08:10 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-01-14 08:10 - 2016-01-14 08:10 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-01-14 08:10 - 2016-01-14 08:10 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-01-14 08:10 - 2016-01-14 08:10 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-01-14 08:07 - 2016-01-14 08:07 - 00000000 ____D C:\ProgramData\AVAST Software
2016-01-14 08:07 - 2016-01-14 08:07 - 00000000 ____D C:\Program Files\AVAST Software
2016-01-14 07:26 - 2016-01-24 20:07 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-14 07:26 - 2016-01-14 07:26 - 05065856 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup_online.exe
2016-01-14 07:25 - 2016-01-14 07:25 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-14 07:25 - 2016-01-14 07:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-14 07:25 - 2016-01-14 07:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-14 07:25 - 2016-01-14 07:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-14 07:25 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-14 07:25 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-14 07:25 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-14 00:30 - 2016-01-14 00:32 - 22908888 _____ (Malwarebytes ) C:\Users\Owner\Downloads\mbam-setup-majorgeeks-2.2.0.1024.exe
2016-01-14 00:26 - 2014-05-14 11:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-01-14 00:26 - 2014-05-14 11:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-01-14 00:26 - 2014-05-14 11:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-01-14 00:26 - 2014-05-14 11:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-01-14 00:25 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-01-14 00:25 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-01-14 00:25 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-01-14 00:25 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-01-14 00:14 - 2016-01-14 00:14 - 02660496 _____ (Sysinternals - www.sysinternals.com) C:\Users\Owner\Downloads\procexp.exe
2016-01-14 00:00 - 2016-01-14 00:00 - 00000000 ____D C:\Program Files (x86)\Google
2016-01-13 23:59 - 2016-01-31 22:31 - 00000000 ____D C:\FRST
2016-01-13 23:59 - 2016-01-13 23:59 - 02370560 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2016-01-13 18:17 - 2016-01-28 20:28 - 01416470 _____ C:\Windows\ntbtlog.txt
2016-01-13 16:50 - 2016-01-13 16:50 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2016-01-13 16:50 - 2016-01-13 16:50 - 00000000 _SHDL C:\Users\Administrator\My Documents
2016-01-13 16:50 - 2016-01-13 16:50 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos
2016-01-13 16:50 - 2016-01-13 16:50 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures
2016-01-13 16:50 - 2016-01-13 16:50 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music
2016-01-13 16:49 - 2016-01-26 19:43 - 00000000 ____D C:\Users\Administrator
2016-01-13 16:49 - 2011-05-29 21:32 - 00000000 ____D C:\Users\Administrator\AppData\Local\Power2Go
2016-01-13 16:49 - 2010-12-13 14:53 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2016-01-13 16:49 - 2009-07-14 02:44 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-31 22:28 - 2012-07-28 21:31 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2057531234-2367892702-2072951418-1000UA.job
2016-01-31 22:27 - 2012-07-17 16:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-31 11:15 - 2012-07-17 15:23 - 00000000 ____D C:\ProgramData\Radialpoint
2016-01-31 10:50 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2016-01-31 10:49 - 2012-07-28 21:31 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2057531234-2367892702-2072951418-1000Core.job
2016-01-30 16:48 - 2011-03-24 13:20 - 00000000 ____D C:\Users\Owner
2016-01-30 16:04 - 2012-07-28 21:33 - 00002357 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-30 15:53 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-01-30 15:52 - 2011-03-24 13:21 - 00001419 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-30 15:50 - 2009-07-13 23:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-01-30 00:49 - 2009-07-14 00:13 - 00813270 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-30 00:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-01-30 00:47 - 2009-07-13 23:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-30 00:47 - 2009-07-13 23:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-30 00:42 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-30 00:35 - 2013-03-14 14:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-30 00:35 - 2013-03-14 14:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-30 00:31 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2016-01-30 00:31 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-01-30 00:31 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-01-30 00:31 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\Dism
2016-01-30 00:31 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2016-01-30 00:31 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-01-30 00:30 - 2009-07-14 02:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-01-29 23:18 - 2013-03-14 14:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-29 21:16 - 2013-02-27 18:08 - 00802340 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-01-28 00:05 - 2012-07-17 15:23 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Radialpoint
2016-01-26 23:00 - 2012-07-17 15:21 - 00000000 ____D C:\Windows\pss
2016-01-26 20:32 - 2012-03-03 23:09 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
2016-01-26 19:56 - 2012-07-17 16:01 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-26 19:56 - 2012-07-17 16:01 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-26 19:56 - 2012-03-04 13:06 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-24 19:48 - 2013-02-27 16:10 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Raxco
2016-01-23 20:51 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Microsoft Games
2016-01-23 20:46 - 2010-12-13 15:11 - 00000000 ____D C:\ProgramData\P4G
2016-01-23 20:45 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\servicing
2016-01-23 20:45 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\schemas
2016-01-23 20:45 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-01-23 20:43 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2016-01-23 20:41 - 2011-05-11 19:46 - 00000000 ____D C:\Users\Owner\AppData\Local\Microsoft Games
2016-01-23 20:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2016-01-14 23:00 - 2013-04-22 18:30 - 00000000 ____D C:\Users\Owner\AppData\Local\Windows Live
2016-01-14 22:35 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\tracing
2016-01-14 14:55 - 2011-12-26 17:20 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2016-01-14 14:45 - 2010-12-13 15:13 - 00002104 _____ C:\Windows\system32\AutoRunFilter.ini
2016-01-14 14:45 - 2010-12-13 15:13 - 00001311 _____ C:\Windows\system32\ServiceFilter.ini
2016-01-14 13:14 - 2009-07-13 23:45 - 00000000 ____D C:\Windows\ServiceProfiles
2016-01-14 10:55 - 2012-05-24 10:27 - 00001407 _____ C:\Users\Owner\Desktop\Internet Explorer.lnk
2016-01-14 09:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-01-14 08:07 - 2013-02-27 18:44 - 00001945 _____ C:\Windows\epplauncher.mif
2016-01-14 08:06 - 2009-07-13 22:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-01-14 01:37 - 2012-02-03 20:56 - 00000000 ____D C:\Users\Owner\AppData\Local\Facebook
2016-01-14 00:00 - 2012-07-28 21:31 - 00003882 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2057531234-2367892702-2072951418-1000UA
2016-01-14 00:00 - 2012-07-28 21:31 - 00003486 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2057531234-2367892702-2072951418-1000Core
2016-01-13 22:16 - 2009-07-29 00:20 - 00000000 ____D C:\Windows\Log
 
==================== Files in the root of some directories =======
 
2007-06-12 12:34 - 2007-06-12 12:34 - 0035822 _____ () C:\Program Files (x86)\Common Files\ASPG_icon.ico
2008-05-22 11:35 - 2008-05-22 11:35 - 0051962 _____ () C:\Program Files (x86)\Common Files\banner.jpg
2009-04-08 13:31 - 2009-04-08 13:31 - 0106496 _____ () C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 00:45 - 2008-08-12 00:45 - 0155648 _____ (ASUS) C:\Program Files (x86)\Common Files\MSIactionall.dll
2012-06-16 13:11 - 2013-02-23 18:01 - 0001130 _____ () C:\Users\Owner\AppData\Roaming\result.db
2013-06-21 07:39 - 2013-06-21 07:39 - 0000153 _____ () C:\ProgramData\birz6of.reg
2013-06-21 07:39 - 2015-04-04 20:50 - 0000000 _____ () C:\ProgramData\g252qs.txt
2013-06-21 07:40 - 2013-06-21 07:40 - 0044544 _____ (Microsoft Corporation) C:\ProgramData\sdaksda.txt
2010-12-13 14:52 - 2010-12-13 14:53 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-12-13 14:52 - 2010-12-13 14:52 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
Files to move or delete:
====================
C:\ProgramData\birz6of.reg
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-26 23:37
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by Owner (2016-01-31 22:33:31)
Running from C:\Users\Owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-03-24 18:20:56)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2057531234-2367892702-2072951418-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2057531234-2367892702-2072951418-501 - Limited - Enabled)
Owner (S-1-5-21-2057531234-2367892702-2072951418-1000 - Administrator - Enabled) => C:\Users\Owner
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{343666E2-A059-48AC-AD67-230BF74E2DB2}) (Version: 2.1.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{75104836-CAC7-444E-A39E-3F54151942F5}) (Version: 4.0.0.97 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.23.0 - Ask.com) <==== ATTENTION
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.10 - ASUS)
ASUS CopyProtect (HKLM-x32\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0015 - ASUS)
ASUS Data Security Manager (HKLM-x32\...\{FA2092C5-7979-412D-A962-6485274AE1EE}) (Version: 1.00.0014 - ASUS)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.21 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0021 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.42 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0009 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.20 - asus)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0007 - ASUS)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
Best Buy pc app (HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\48e4cff94f039634) (Version: 3.1.1.0 - Best Buy)
Best Buy pc app (Version: 3.1.1.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.1.1.0 - Best Buy) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.111.0.63 - Conexant)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.9 - ASUS)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ETDWare PS/2-x64 7.0.5.16_WHQL (HKLM\...\Elantech) (Version: 7.0.5.16 - ELAN Microelectronics Corp.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.7 - ASUS)
Free File Viewer 2011 (HKLM-x32\...\FreeFileViewer_is1) (Version:  - Bitberry Software) <==== ATTENTION
Google Chrome (HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\Google Chrome) (Version: 48.0.2564.97 - Google Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2125 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{5E11C972-1E76-45FE-8F92-14E0D1140B1B}) (Version: 10.5.3.3 - Apple Inc.)
Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
JMicron Ethernet Adapter NDIS Driver (HKLM-x32\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.23.4 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.33.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K_Series_ScreenSaver_EN (HKLM-x32\...\K_Series_ScreenSaver_EN) (Version:  - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Radialpoint Security Advisor 2.5.15 (x32 Version: 2.5.15 - Radialpoint SafeCare Inc.) Hidden
Radialpoint Servicepoint Dashboard Extensions version 16.1.12.34309 (HKLM-x32\...\RadialpointServicepointDashboardExtensions_is1) (Version: 16.1.12.34309 - )
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 1.9.10 - Tweaking.com)
Unity Web Player (HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
USB2.0 UVC VGA WebCam (HKLM\...\USB2.0 UVC VGA WebCam) (Version: 5.8.54000.207 - Sonix)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windstream Diagnostic Tools 3.0.21 (x32 Version: 3.0.21 - Windstream) Hidden
Windstream Service Agent 4.1.15 (HKLM-x32\...\RadialpointClientGateway_is1) (Version: 4.1.15 - Windstream)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.30.3 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00E10AF8-C520-43D3-B5A5-F57C68ED0945} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe
Task: {1667EA56-7B87-440E-9C51-B8FBA45ABECD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-01-14] (AVAST Software)
Task: {1FB1A171-2CB2-478E-BFB8-4E687FA741A5} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe
Task: {256EBD91-A7CF-410C-A0B3-A8601432AB6A} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe
Task: {264BF239-0444-4BBE-8388-9ED21A29E96C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe
Task: {2BA6625F-952B-438F-8332-A4E8FDD3347A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {36B6310B-9E8F-4B48-B638-B2F77BB5B1EA} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe [2010-09-30] (asus)
Task: {47764F4D-150F-4077-91C1-6C0DCBD0D5B0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-26] (Adobe Systems Incorporated)
Task: {5495D149-92FB-49CA-BD35-DDD330CA6426} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {73164D51-BDCE-480C-8CC3-9D2E2185446C} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: {826B8D22-7B28-451A-B194-4181C1444E02} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {9724BD46-C78A-4060-8928-3B13DCAEF869} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => C:\Windows\system32\GWX\GWXConfigManager.exe
Task: {974F98DA-E6A4-4514-A9D8-43AE037005BF} - System32\Tasks\ASPG => C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe [2009-06-29] (ASUS)
Task: {A90EAD37-F0A5-431A-AC9E-E49F8F0DF72E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-01-23] (AVAST Software)
Task: {A99E58CF-06B7-43AE-8DD2-87FE7E81BE68} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-11-10] (ASUS)
Task: {AF5F284E-8260-4A77-B3C8-E376BCCC5921} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2057531234-2367892702-2072951418-1000Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2016-01-14] (Google Inc.)
Task: {C401A8AE-0244-4137-BD44-253B3381A1A2} - \Scheduled Update for Ask Toolbar -> No File <==== ATTENTION
Task: {D2C43335-3C76-4815-8BE8-23A1C8E9E4C2} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {DC855D1B-BC8A-42CD-A5EE-195302A6933C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2057531234-2367892702-2072951418-1000UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2016-01-14] (Google Inc.)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {DF0DB457-BDEC-4DFF-9CF2-696429C18639} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)
Task: {FB4E3865-D073-4AEF-A2F4-C515F60B0AC0} - \ProgramUpdateCheck -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2057531234-2367892702-2072951418-1000Core.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2057531234-2367892702-2072951418-1000UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2007-06-15 13:28 - 2007-06-15 13:28 - 00104960 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll
2007-06-01 19:52 - 2007-06-01 19:52 - 00159744 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
2016-01-14 08:10 - 2016-01-14 08:10 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-01-14 08:10 - 2016-01-14 08:10 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-01-29 18:37 - 2016-01-29 18:37 - 02818048 _____ () C:\Program Files\AVAST Software\Avast\defs\16012900\algo.dll
2016-01-14 08:10 - 2016-01-14 08:10 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-01-30 15:50 - 2016-01-30 15:50 - 02819072 _____ () C:\Program Files\AVAST Software\Avast\defs\16013001\algo.dll
2016-01-14 08:10 - 2016-01-14 08:10 - 00241896 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-01-31 10:41 - 2016-01-31 10:41 - 02819072 _____ () C:\Program Files\AVAST Software\Avast\defs\16013100\algo.dll
2016-01-31 22:27 - 2016-01-31 22:27 - 02819072 _____ () C:\Program Files\AVAST Software\Avast\defs\16013101\algo.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-01-14 08:10 - 2016-01-14 08:10 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2007-06-15 13:28 - 2007-06-15 13:28 - 00147456 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
2007-06-01 20:08 - 2007-06-01 20:08 - 00143360 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
2016-01-30 16:04 - 2016-01-27 12:39 - 01632584 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\48.0.2564.97\libglesv2.dll
2016-01-30 16:04 - 2016-01-27 12:39 - 00087880 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\48.0.2564.97\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HsdService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ServicepointService => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\100sexlinks.com -> 100sexlinks.com
 
There are 4788 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2013-02-27 18:10 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2057531234-2367892702-2072951418-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 0) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: ADSMTray => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{A8D957A7-1595-4890-BA3C-6AB78BAD39F3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E35E5C9A-C729-4EC8-A714-26A5B39EF2C9}] => (Allow) LPort=2869
FirewallRules: [{70A47C7B-8C91-45FA-82CB-D2FC2A5A89A5}] => (Allow) LPort=1900
FirewallRules: [{094A58A2-3D90-459D-9ABE-3D98E04639C4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{80E1448D-8492-49A3-8D3B-6478BF3C131D}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{FE4B8318-9643-4B84-A5FD-C7079ED35E20}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{7E779EFD-FDB6-48C4-A568-D624414FEACF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{97243C1D-A241-4E7F-AACB-093DF977BABC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F52FEAFA-99E2-452E-84F8-419884A0082E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4540EBD8-8C2B-41C4-B745-89D16113510F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{15AC4F6D-D39C-4B41-8B5F-E09868170B49}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{FCA5DF2F-17E8-45C5-9353-6138552A1154}] => (Allow) C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
FirewallRules: [{84C5A026-0760-4AF4-8447-1CE8BA2FD640}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
FirewallRules: [TCP Query User{923FE6FB-0C6D-44C6-BF59-00F979A0ADF1}C:\users\owner\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\owner\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{60898521-5636-48B9-8321-D50F8AE41860}C:\users\owner\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\owner\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [{432DD5FE-CED4-47CC-B11D-AFCEEBB76FDB}] => (Allow) C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe
FirewallRules: [{D69990BB-7582-4345-91B1-2E904DFD1166}] => (Allow) C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe
FirewallRules: [{5C3CD27E-D71A-4936-A793-57763005C9F8}] => (Allow) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
24-01-2016 19:44:00 JRT Pre-Junkware Removal
27-01-2016 02:01:36 Windows Update
29-01-2016 18:49:50 Windows Update
30-01-2016 16:09:12 JRT Pre-Junkware Removal
31-01-2016 10:45:55 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/31/2016 11:19:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7426
 
Error: (01/31/2016 11:19:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7426
 
Error: (01/31/2016 11:19:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/31/2016 11:19:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6100
 
Error: (01/31/2016 11:19:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6100
 
Error: (01/31/2016 11:19:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/31/2016 11:18:38 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070020
 
Error: (01/31/2016 11:17:46 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070020
 
Error: (01/31/2016 11:15:29 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.Transactions, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070020
 
Error: (01/31/2016 11:15:14 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.Xml, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070020
 
 
System errors:
=============
Error: (01/31/2016 11:18:46 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2468871).
 
Error: (01/30/2016 05:57:24 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{770317D9-EA8E-4F6C-B8B1-5C05798825FA} because another computer on the network has the same name.  The server could not start.
 
Error: (01/30/2016 12:45:43 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB3020369).
 
Error: (01/30/2016 12:45:43 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Cumulative Security Update for Internet Explorer 10 for Windows 7 for x64-based Systems (KB3124275).
 
Error: (01/30/2016 12:42:15 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The DiagTrack service terminated with the following error: 
%%126
 
Error: (01/30/2016 12:39:56 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0902: Windows Update Aux.
 
Error: (01/30/2016 12:35:55 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The DiagTrack service terminated with the following error: 
%%126
 
Error: (01/30/2016 12:32:58 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.
 
Error: (01/30/2016 12:15:19 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
 
Error: (01/29/2016 11:08:30 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2742595).
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU P6200 @ 2.13GHz
Percentage of memory in use: 44%
Total physical RAM: 2924.38 MB
Available physical RAM: 1629.29 MB
Total Virtual: 5846.94 MB
Available Virtual: 3821.16 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:200 GB) (Free:147.59 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:240.76 GB) (Free:240.36 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: CA1BABAE)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=200 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=240.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

Advertisements


#17
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts

Hi L3Nerd,

 

Your log is currently being reviewed. Please be patient for a little while before I can post my fix to you.


  • 0

#18
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts

Hi L3Nerd,
 
Apologies for the delay. And thanks for the log, before we begin, I have a question for you.
 
Do you know of the application "Radialpoint Security Advisor" that is currently installed on your PC, does it comes with your Internet Service Provider (ISP) when you subscribed for internet services (Broadband/Fibre)?
 
Let's begin with our fix.
 
Remove unwanted programs

Please uninstall the following unwanted programs:

Note: If any of the programs are not listed, proceed to the next one and work through the list.

  • Ask Toolbar
  • Best Buy pc app
  • Free File Viewer 2011

To do this:
Please go to Start Menu -> Control Panel -> Uninstall a program or Programs and Features
In the list of installed programs locate and click on the program to uninstall.
Click uninstall.
Repeat the above steps for all the other programs to remove.

Remove missing Chrome Plugin

  • Open Chrome
  • Copy and paste the following in the address bar and press Enter:

    chrome://plugins
     
  • You will get a page with all the plugins listed.
  • Press "Disable" on the following Plugins.

    Native Client
    Chrome PDF Viewer
    Shockwave Flash
    Silverlight Plug-In
    Best Buy pc app Detector
    Google Update
     
  • Then press "Enable".
  • Close Chrome.

FRST.gifFix with FRST

  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste.
  • Save it on the desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
 


Start
CreateRestorePoint:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ShopAtHomeWatcher] => C:\Users\Owner\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\Run: [Inspector] => C:\Users\Owner\AppData\Roaming\Protector-xklf.exe
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-02-13]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-02-13]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-02-13]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
URLSearchHook: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000 - (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [No File]
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [No File]
S1 jiucecvv; \??\C:\Windows\system32\drivers\jiucecvv.sys [X]
2013-06-21 07:39 - 2013-06-21 07:39 - 0000153 _____ () C:\ProgramData\birz6of.reg
2013-06-21 07:39 - 2015-04-04 20:50 - 0000000 _____ () C:\ProgramData\g252qs.txt
2013-06-21 07:40 - 2013-06-21 07:40 - 0044544 _____ (Microsoft Corporation) C:\ProgramData\sdaksda.txt
Best Buy pc app (Version: 3.1.1.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.1.1.0 - Best Buy) Hidden
Task: {C401A8AE-0244-4137-BD44-253B3381A1A2} - \Scheduled Update for Ask Toolbar -> No File <==== ATTENTION
Task: {FB4E3865-D073-4AEF-A2F4-C515F60B0AC0} - \ProgramUpdateCheck -> No File <==== ATTENTION

C:\Users\Owner\AppData\Roaming\Protector-xklf.exe
C:\Users\Owner\AppData\Roaming\ShopAtHome
C:\ProgramData\Best Buy pc app

Emptytemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.
 
Note: The machine will reboot automatically.
 
FRST.gif Re-Scan with Farbar's Recovery Scan Tool (FRST)

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). 
  • Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • Because you selected the Addition.txt check box this log will be created as well. Please also paste that along with the FRST.txt into your reply.

In your next reply, please include the following:

  • Answer to my query on "Radialpoint Security Advisor"
  • Any issue with uninstallation of the programs
  • FRST Fixlog.txt
  • FRST.txt
  • FRST Addition.txt

  • 0

#19
L3Nerd

L3Nerd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Fix result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by Owner (2016-02-02 22:10:20) Run:1
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ShopAtHomeWatcher] => C:\Users\Owner\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\Run: [Inspector] => C:\Users\Owner\AppData\Roaming\Protector-xklf.exe
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-02-13]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-02-13]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-02-13]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
URLSearchHook: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000 - (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [No File]
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [No File]
S1 jiucecvv; \??\C:\Windows\system32\drivers\jiucecvv.sys [X]
2013-06-21 07:39 - 2013-06-21 07:39 - 0000153 _____ () C:\ProgramData\birz6of.reg
2013-06-21 07:39 - 2015-04-04 20:50 - 0000000 _____ () C:\ProgramData\g252qs.txt
2013-06-21 07:40 - 2013-06-21 07:40 - 0044544 _____ (Microsoft Corporation) C:\ProgramData\sdaksda.txt
Best Buy pc app (Version: 3.1.1.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.1.1.0 - Best Buy) Hidden
Task: {C401A8AE-0244-4137-BD44-253B3381A1A2} - \Scheduled Update for Ask Toolbar -> No File <==== ATTENTION
Task: {FB4E3865-D073-4AEF-A2F4-C515F60B0AC0} - \ProgramUpdateCheck -> No File <==== ATTENTION
 
C:\Users\Owner\AppData\Roaming\Protector-xklf.exe
C:\Users\Owner\AppData\Roaming\ShopAtHome
C:\ProgramData\Best Buy pc app
 
Emptytemp:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ShopAtHomeWatcher => value not found.
HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Inspector => value removed successfully
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk => moved successfully
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe => not found.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk => moved successfully
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe => not found.
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk => not found.
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe => not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} => value removed successfully
"HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0" => key removed successfully
jiucecvv => service removed successfully
C:\ProgramData\birz6of.reg => moved successfully
C:\ProgramData\g252qs.txt => moved successfully
C:\ProgramData\sdaksda.txt => moved successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FBBC4667-2521-4E78-B1BD-8706F774549B}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FBBC4667-2521-4E78-B1BD-8706F774549B}\\SystemComponent => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C401A8AE-0244-4137-BD44-253B3381A1A2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C401A8AE-0244-4137-BD44-253B3381A1A2}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FB4E3865-D073-4AEF-A2F4-C515F60B0AC0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB4E3865-D073-4AEF-A2F4-C515F60B0AC0}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProgramUpdateCheck => key not found. 
"C:\Users\Owner\AppData\Roaming\Protector-xklf.exe" => not found.
"C:\Users\Owner\AppData\Roaming\ShopAtHome" => not found.
"C:\ProgramData\Best Buy pc app" => not found.
EmptyTemp: => 554.6 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 22:12:55 ====

  • 0

#20
L3Nerd

L3Nerd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by Owner (administrator) on COMPUTER (02-02-2016 22:42:59)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Windstream) C:\Program Files (x86)\Windstream\Diagnostic Tools\HsdService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Radialpoint SafeCare Inc.) C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
(Windstream) C:\Program Files (x86)\Windstream\Service Agent\Windstream Service Agent.exe
(Windstream) C:\Program Files (x86)\Windstream\Diagnostic Tools\DiagnosticTools.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)
HKLM-x32\...\Run: [Windstream Service Agent.exe] => C:\Program Files (x86)\Windstream\Service Agent\Windstream Service Agent.exe [10204472 2011-10-13] (Windstream)
HKLM-x32\...\Run: [DiagnosticTools.exe] => C:\Program Files (x86)\Windstream\Diagnostic Tools\DiagnosticTools.exe [2037048 2011-04-25] (Windstream)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-14] (AVAST Software)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-01-16] (Apple Inc.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2016-01-14] (Google Inc.)
HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\Policies\Explorer: [HideSCAHealth] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-01-14] (AVAST Software)
ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll [2007-06-15] ()
ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll [2007-06-01] ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll [2007-06-15] ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll [2007-06-01] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2010-12-13]
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk [2011-02-13]
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{770317D9-EA8E-4F6C-B8B1-5C05798825FA}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-01-14] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2011-11-01] (Yahoo! Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-04-12] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-01-14] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-04-12] (Oracle Corporation)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2011-11-01] (Yahoo! Inc)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-26] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @radialpoint.com/SPA,version=1 -> C:\Program Files (x86)\Windstream\Service Agent\nprpspa.dll [2011-10-13] (Windstream)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-26] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-11-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-04-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-04-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @radialpoint.com/SPA,version=1 -> C:\Program Files (x86)\Windstream\Service Agent\nprpspa.dll [2011-10-13] (Windstream)
FF Plugin HKU\S-1-5-21-2057531234-2367892702-2072951418-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2016-01-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-2057531234-2367892702-2072951418-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2016-01-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-2057531234-2367892702-2072951418-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-06-05] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-14]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-01-14]
 
Chrome: 
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\48.0.2564.97\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-01-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-14]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-01-14]
StartMenuInternet: Google Chrome - C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ADSMService; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.) [File not signed]
R2 AFBAgent; C:\Windows\system32\FBAgent.exe [377264 2010-09-30] (ASUSTeK Computer Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-14] (AVAST Software)
R2 HsdService; C:\Program Files (x86)\Windstream\Diagnostic Tools\HsdService.exe [1393976 2011-04-25] (Windstream)
R2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 ServicepointService; C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe [10315064 2011-10-13] (Radialpoint SafeCare Inc.)
R2 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 DiagTrack; %SystemRoot%\system32\diagtrack.dll [X]
S3 IEEtwCollectorService; %SystemRoot%\system32\IEEtwCollector.exe /V [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2016-01-14] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2016-01-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2016-01-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2016-01-14] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065208 2016-01-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-26] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2016-01-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2016-01-14] (AVAST Software)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-24] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-19] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-02 22:32 - 2016-02-02 22:32 - 00003536 ____N C:\bootsqm.dat
2016-02-02 22:29 - 2016-02-02 22:29 - 00000000 __SHD C:\found.000
2016-02-02 22:10 - 2016-02-02 22:12 - 00006494 _____ C:\Users\Owner\Desktop\Fixlog.txt
2016-02-02 21:38 - 2016-02-02 21:40 - 06871040 _____ C:\Program Files (x86)\GUTFBF4.tmp
2016-02-02 21:38 - 2016-02-02 21:40 - 00000000 ____D C:\Program Files (x86)\GUMFBF3.tmp
2016-02-01 22:12 - 2016-02-01 22:12 - 00290832 _____ C:\Users\Owner\Downloads\2015TurboTaxReturn.pdf
2016-01-31 22:33 - 2016-01-31 22:34 - 00029625 _____ C:\Users\Owner\Desktop\Addition.txt
2016-01-31 22:31 - 2016-02-02 22:44 - 00018245 _____ C:\Users\Owner\Desktop\FRST.txt
2016-01-30 16:48 - 2016-01-30 16:48 - 00000000 ____D C:\Users\Owner\jxm
2016-01-30 16:24 - 2016-01-30 16:35 - 00394620 _____ C:\TDSSKiller.3.1.0.9_30.01.2016_16.24.51_log.txt
2016-01-29 23:03 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2016-01-29 18:53 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2016-01-29 18:53 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2016-01-29 18:53 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2016-01-29 18:53 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2016-01-29 18:53 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2016-01-29 18:53 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2016-01-29 18:52 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2016-01-29 18:52 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2016-01-29 18:46 - 2016-01-29 18:46 - 00000000 ____D C:\Users\Administrator\Documents\ASUS
2016-01-29 18:46 - 2016-01-29 18:46 - 00000000 ____D C:\Users\Administrator\AppData\Local\ASUS
2016-01-29 18:46 - 2016-01-29 18:46 - 00000000 ____D C:\ProgramData\ASUS
2016-01-29 18:38 - 2016-01-29 18:38 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2016-01-29 18:38 - 2016-01-29 18:38 - 00000000 ____D C:\Users\Administrator\AppData\Local\SRS Labs
2016-01-27 08:02 - 2015-02-18 02:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2016-01-27 08:02 - 2015-02-18 02:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-01-27 06:40 - 2015-02-03 22:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2016-01-27 06:40 - 2015-02-03 21:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2016-01-27 06:40 - 2013-08-27 20:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-01-26 21:51 - 2016-01-31 10:51 - 00028852 _____ C:\Users\Owner\Downloads\Addition.txt
2016-01-26 21:47 - 2016-01-26 21:47 - 02370560 _____ (Farbar) C:\Users\Owner\Downloads\FRST64 (1).exe
2016-01-26 20:27 - 2016-01-26 20:27 - 00000000 ____D C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2016-01-26 19:49 - 2016-01-26 19:49 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\Sun
2016-01-26 19:48 - 2016-01-26 19:48 - 00058016 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-26 19:48 - 2016-01-26 19:48 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2016-01-26 19:47 - 2016-01-26 19:47 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Yahoo!
2016-01-26 19:47 - 2016-01-26 19:47 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\Yahoo! Companion
2016-01-26 19:47 - 2016-01-26 19:47 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\Yahoo!
2016-01-26 19:44 - 2016-01-26 19:44 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Windstream
2016-01-26 19:44 - 2016-01-26 19:44 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Radialpoint
2016-01-26 19:43 - 2016-01-30 15:49 - 00001415 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-24 19:59 - 2016-01-30 16:17 - 00001136 _____ C:\Users\Owner\Desktop\JRT.txt
2016-01-24 19:35 - 2016-01-24 19:39 - 01600184 _____ (Malwarebytes) C:\Users\Owner\Downloads\JRT.exe
2016-01-24 19:26 - 2016-01-24 19:35 - 00198084 _____ C:\TDSSKiller.3.1.0.9_24.01.2016_19.26.21_log.txt
2016-01-14 22:34 - 2016-01-30 00:30 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-01-14 22:34 - 2016-01-30 00:30 - 00000000 ___SD C:\Windows\system32\GWX
2016-01-14 22:34 - 2016-01-30 00:30 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-01-14 22:34 - 2016-01-30 00:30 - 00000000 ____D C:\Windows\system32\appraiser
2016-01-14 15:15 - 2016-01-14 15:16 - 00196248 _____ C:\TDSSKiller.3.1.0.9_14.01.2016_15.15.18_log.txt
2016-01-14 15:14 - 2016-01-14 15:14 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Owner\Downloads\tdsskiller.exe
2016-01-14 14:50 - 2016-01-31 10:51 - 00038228 _____ C:\Users\Owner\Downloads\FRST.txt
2016-01-14 13:26 - 2016-01-14 13:26 - 00000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2016-01-14 11:58 - 2016-01-14 11:58 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVAST Software
2016-01-14 11:58 - 2016-01-14 11:58 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2016-01-14 08:15 - 2016-01-14 08:10 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-01-14 08:11 - 2016-01-23 20:45 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-01-14 08:11 - 2016-01-14 08:11 - 00001924 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-01-14 08:11 - 2016-01-14 08:11 - 00000000 ____D C:\Users\Owner\AppData\Roaming\AVAST Software
2016-01-14 08:11 - 2016-01-14 08:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-01-14 08:11 - 2016-01-14 08:11 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-14 08:10 - 2016-02-02 21:36 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-01-14 08:10 - 2016-01-26 19:57 - 01065208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-01-14 08:10 - 2016-01-26 19:57 - 00464256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-01-14 08:10 - 2016-01-14 08:11 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-01-14 08:10 - 2016-01-14 08:10 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-01-14 08:10 - 2016-01-14 08:10 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-01-14 08:10 - 2016-01-14 08:10 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-01-14 08:10 - 2016-01-14 08:10 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-01-14 08:10 - 2016-01-14 08:10 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-01-14 08:10 - 2016-01-14 08:10 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-01-14 08:07 - 2016-01-14 08:07 - 00000000 ____D C:\ProgramData\AVAST Software
2016-01-14 08:07 - 2016-01-14 08:07 - 00000000 ____D C:\Program Files\AVAST Software
2016-01-14 07:26 - 2016-01-24 20:07 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-14 07:26 - 2016-01-14 07:26 - 05065856 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup_online.exe
2016-01-14 07:25 - 2016-01-14 07:25 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-14 07:25 - 2016-01-14 07:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-14 07:25 - 2016-01-14 07:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-14 07:25 - 2016-01-14 07:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-14 07:25 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-14 07:25 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-14 07:25 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-14 00:30 - 2016-01-14 00:32 - 22908888 _____ (Malwarebytes ) C:\Users\Owner\Downloads\mbam-setup-majorgeeks-2.2.0.1024.exe
2016-01-14 00:26 - 2014-05-14 11:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-01-14 00:26 - 2014-05-14 11:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-01-14 00:26 - 2014-05-14 11:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-01-14 00:26 - 2014-05-14 11:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-01-14 00:25 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-01-14 00:25 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-01-14 00:25 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-01-14 00:25 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-01-14 00:14 - 2016-01-14 00:14 - 02660496 _____ (Sysinternals - www.sysinternals.com) C:\Users\Owner\Downloads\procexp.exe
2016-01-14 00:00 - 2016-01-14 00:00 - 00000000 ____D C:\Program Files (x86)\Google
2016-01-13 23:59 - 2016-02-02 22:42 - 00000000 ____D C:\FRST
2016-01-13 23:59 - 2016-01-13 23:59 - 02370560 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2016-01-13 18:17 - 2016-02-02 21:58 - 01516200 _____ C:\Windows\ntbtlog.txt
2016-01-13 16:50 - 2016-01-13 16:50 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2016-01-13 16:50 - 2016-01-13 16:50 - 00000000 _SHDL C:\Users\Administrator\My Documents
2016-01-13 16:50 - 2016-01-13 16:50 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos
2016-01-13 16:50 - 2016-01-13 16:50 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures
2016-01-13 16:50 - 2016-01-13 16:50 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music
2016-01-13 16:49 - 2016-01-26 19:43 - 00000000 ____D C:\Users\Administrator
2016-01-13 16:49 - 2011-05-29 21:32 - 00000000 ____D C:\Users\Administrator\AppData\Local\Power2Go
2016-01-13 16:49 - 2010-12-13 14:53 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2016-01-13 16:49 - 2009-07-14 02:44 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-02 22:37 - 2009-07-13 23:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-02 22:37 - 2009-07-13 23:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-02 22:32 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-02 22:15 - 2012-07-17 15:23 - 00000000 ____D C:\ProgramData\Radialpoint
2016-02-02 22:11 - 2012-07-28 15:54 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Temp
2016-02-02 22:05 - 2012-07-28 21:31 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2057531234-2367892702-2072951418-1000UA.job
2016-02-02 21:55 - 2012-07-17 16:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-02 21:53 - 2009-07-14 00:13 - 00813270 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-02 21:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-02-02 21:40 - 2012-07-28 21:31 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2057531234-2367892702-2072951418-1000Core.job
2016-01-31 22:33 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2016-01-30 16:48 - 2011-03-24 13:20 - 00000000 ____D C:\Users\Owner
2016-01-30 16:04 - 2012-07-28 21:33 - 00002357 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-30 15:53 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-01-30 15:52 - 2011-03-24 13:21 - 00001419 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-30 15:50 - 2009-07-13 23:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-01-30 00:35 - 2013-03-14 14:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-30 00:35 - 2013-03-14 14:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-30 00:31 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2016-01-30 00:31 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-01-30 00:31 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-01-30 00:31 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\Dism
2016-01-30 00:31 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2016-01-30 00:31 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-01-30 00:30 - 2009-07-14 02:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-01-29 23:18 - 2013-03-14 14:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-29 21:16 - 2013-02-27 18:08 - 00802340 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-01-28 00:05 - 2012-07-17 15:23 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Radialpoint
2016-01-26 23:00 - 2012-07-17 15:21 - 00000000 ____D C:\Windows\pss
2016-01-26 20:32 - 2012-03-03 23:09 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
2016-01-26 19:56 - 2012-07-17 16:01 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-26 19:56 - 2012-07-17 16:01 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-26 19:56 - 2012-03-04 13:06 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-24 19:48 - 2013-02-27 16:10 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Raxco
2016-01-23 20:51 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Microsoft Games
2016-01-23 20:46 - 2010-12-13 15:11 - 00000000 ____D C:\ProgramData\P4G
2016-01-23 20:45 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\servicing
2016-01-23 20:45 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\schemas
2016-01-23 20:45 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-01-23 20:43 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2016-01-23 20:41 - 2011-05-11 19:46 - 00000000 ____D C:\Users\Owner\AppData\Local\Microsoft Games
2016-01-23 20:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2016-01-14 23:00 - 2013-04-22 18:30 - 00000000 ____D C:\Users\Owner\AppData\Local\Windows Live
2016-01-14 22:35 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\tracing
2016-01-14 14:55 - 2011-12-26 17:20 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2016-01-14 14:45 - 2010-12-13 15:13 - 00002104 _____ C:\Windows\system32\AutoRunFilter.ini
2016-01-14 14:45 - 2010-12-13 15:13 - 00001311 _____ C:\Windows\system32\ServiceFilter.ini
2016-01-14 13:14 - 2009-07-13 23:45 - 00000000 ____D C:\Windows\ServiceProfiles
2016-01-14 10:55 - 2012-05-24 10:27 - 00001407 _____ C:\Users\Owner\Desktop\Internet Explorer.lnk
2016-01-14 09:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-01-14 08:07 - 2013-02-27 18:44 - 00001945 _____ C:\Windows\epplauncher.mif
2016-01-14 08:06 - 2009-07-13 22:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-01-14 01:37 - 2012-02-03 20:56 - 00000000 ____D C:\Users\Owner\AppData\Local\Facebook
2016-01-14 00:00 - 2012-07-28 21:31 - 00003882 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2057531234-2367892702-2072951418-1000UA
2016-01-14 00:00 - 2012-07-28 21:31 - 00003486 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2057531234-2367892702-2072951418-1000Core
2016-01-13 22:16 - 2009-07-29 00:20 - 00000000 ____D C:\Windows\Log
 
==================== Files in the root of some directories =======
 
2016-02-02 21:38 - 2016-02-02 21:40 - 6871040 _____ () C:\Program Files (x86)\GUTFBF4.tmp
2007-06-12 12:34 - 2007-06-12 12:34 - 0035822 _____ () C:\Program Files (x86)\Common Files\ASPG_icon.ico
2008-05-22 11:35 - 2008-05-22 11:35 - 0051962 _____ () C:\Program Files (x86)\Common Files\banner.jpg
2009-04-08 13:31 - 2009-04-08 13:31 - 0106496 _____ () C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 00:45 - 2008-08-12 00:45 - 0155648 _____ (ASUS) C:\Program Files (x86)\Common Files\MSIactionall.dll
2012-06-16 13:11 - 2013-02-23 18:01 - 0001130 _____ () C:\Users\Owner\AppData\Roaming\result.db
2010-12-13 14:52 - 2010-12-13 14:53 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-12-13 14:52 - 2010-12-13 14:52 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-26 23:37
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by Owner (2016-02-02 22:44:56)
Running from C:\Users\Owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-03-24 18:20:56)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2057531234-2367892702-2072951418-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2057531234-2367892702-2072951418-501 - Limited - Enabled)
Owner (S-1-5-21-2057531234-2367892702-2072951418-1000 - Administrator - Enabled) => C:\Users\Owner
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{343666E2-A059-48AC-AD67-230BF74E2DB2}) (Version: 2.1.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{75104836-CAC7-444E-A39E-3F54151942F5}) (Version: 4.0.0.97 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.10 - ASUS)
ASUS CopyProtect (HKLM-x32\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0015 - ASUS)
ASUS Data Security Manager (HKLM-x32\...\{FA2092C5-7979-412D-A962-6485274AE1EE}) (Version: 1.00.0014 - ASUS)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.21 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0021 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.42 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0009 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.20 - asus)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0007 - ASUS)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
Best Buy pc app (HKLM\...\{FBBC4667-2521-4E78-B1BD-8706F774549B}) (Version: 3.1.1.0 - Best Buy)
Best Buy pc app (HKLM-x32\...\{FBBC4667-2521-4E78-B1BD-8706F774549B}) (Version: 3.1.1.0 - Best Buy)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.111.0.63 - Conexant)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.9 - ASUS)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ETDWare PS/2-x64 7.0.5.16_WHQL (HKLM\...\Elantech) (Version: 7.0.5.16 - ELAN Microelectronics Corp.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.7 - ASUS)
Google Chrome (HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\Google Chrome) (Version: 48.0.2564.97 - Google Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2125 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{5E11C972-1E76-45FE-8F92-14E0D1140B1B}) (Version: 10.5.3.3 - Apple Inc.)
Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
JMicron Ethernet Adapter NDIS Driver (HKLM-x32\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.23.4 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.33.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K_Series_ScreenSaver_EN (HKLM-x32\...\K_Series_ScreenSaver_EN) (Version:  - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Radialpoint Security Advisor 2.5.15 (x32 Version: 2.5.15 - Radialpoint SafeCare Inc.) Hidden
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 1.9.10 - Tweaking.com)
Unity Web Player (HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
USB2.0 UVC VGA WebCam (HKLM\...\USB2.0 UVC VGA WebCam) (Version: 5.8.54000.207 - Sonix)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windstream Diagnostic Tools 3.0.21 (x32 Version: 3.0.21 - Windstream) Hidden
Windstream Service Agent 4.1.15 (HKLM-x32\...\RadialpointClientGateway_is1) (Version: 4.1.15 - Windstream)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.30.3 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00E10AF8-C520-43D3-B5A5-F57C68ED0945} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe
Task: {1667EA56-7B87-440E-9C51-B8FBA45ABECD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-01-14] (AVAST Software)
Task: {1FB1A171-2CB2-478E-BFB8-4E687FA741A5} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe
Task: {256EBD91-A7CF-410C-A0B3-A8601432AB6A} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe
Task: {264BF239-0444-4BBE-8388-9ED21A29E96C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe
Task: {2BA6625F-952B-438F-8332-A4E8FDD3347A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {36B6310B-9E8F-4B48-B638-B2F77BB5B1EA} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe [2010-09-30] (asus)
Task: {47764F4D-150F-4077-91C1-6C0DCBD0D5B0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-26] (Adobe Systems Incorporated)
Task: {5495D149-92FB-49CA-BD35-DDD330CA6426} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {73164D51-BDCE-480C-8CC3-9D2E2185446C} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: {826B8D22-7B28-451A-B194-4181C1444E02} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {9724BD46-C78A-4060-8928-3B13DCAEF869} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => C:\Windows\system32\GWX\GWXConfigManager.exe
Task: {974F98DA-E6A4-4514-A9D8-43AE037005BF} - System32\Tasks\ASPG => C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe [2009-06-29] (ASUS)
Task: {A90EAD37-F0A5-431A-AC9E-E49F8F0DF72E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-01-23] (AVAST Software)
Task: {A99E58CF-06B7-43AE-8DD2-87FE7E81BE68} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-11-10] (ASUS)
Task: {AF5F284E-8260-4A77-B3C8-E376BCCC5921} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2057531234-2367892702-2072951418-1000Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2016-01-14] (Google Inc.)
Task: {D2C43335-3C76-4815-8BE8-23A1C8E9E4C2} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {DC855D1B-BC8A-42CD-A5EE-195302A6933C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2057531234-2367892702-2072951418-1000UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2016-01-14] (Google Inc.)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {DF0DB457-BDEC-4DFF-9CF2-696429C18639} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2057531234-2367892702-2072951418-1000Core.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2057531234-2367892702-2072951418-1000UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2008-10-01 02:02 - 2008-10-01 02:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2007-06-15 13:28 - 2007-06-15 13:28 - 00104960 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll
2007-06-01 19:52 - 2007-06-01 19:52 - 00159744 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
2010-07-14 19:11 - 2010-07-14 19:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll
2010-12-13 15:14 - 2007-11-30 14:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2010-09-23 19:53 - 2010-09-23 19:53 - 01601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2016-01-14 08:10 - 2016-01-14 08:10 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-01-14 08:10 - 2016-01-14 08:10 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-02-02 21:36 - 2016-02-02 21:36 - 02819072 _____ () C:\Program Files\AVAST Software\Avast\defs\16020201\algo.dll
2016-01-14 08:10 - 2016-01-14 08:10 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-01-14 08:10 - 2016-01-14 08:10 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-01-30 16:04 - 2016-01-27 12:39 - 01632584 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\48.0.2564.97\libglesv2.dll
2016-01-30 16:04 - 2016-01-27 12:39 - 00087880 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\48.0.2564.97\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HsdService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ServicepointService => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\100sexlinks.com -> 100sexlinks.com
 
There are 4788 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2013-02-27 18:10 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 0) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: ADSMTray => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{A8D957A7-1595-4890-BA3C-6AB78BAD39F3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E35E5C9A-C729-4EC8-A714-26A5B39EF2C9}] => (Allow) LPort=2869
FirewallRules: [{70A47C7B-8C91-45FA-82CB-D2FC2A5A89A5}] => (Allow) LPort=1900
FirewallRules: [{094A58A2-3D90-459D-9ABE-3D98E04639C4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{80E1448D-8492-49A3-8D3B-6478BF3C131D}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{FE4B8318-9643-4B84-A5FD-C7079ED35E20}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{7E779EFD-FDB6-48C4-A568-D624414FEACF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{97243C1D-A241-4E7F-AACB-093DF977BABC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F52FEAFA-99E2-452E-84F8-419884A0082E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4540EBD8-8C2B-41C4-B745-89D16113510F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{15AC4F6D-D39C-4B41-8B5F-E09868170B49}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{FCA5DF2F-17E8-45C5-9353-6138552A1154}] => (Allow) C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
FirewallRules: [{84C5A026-0760-4AF4-8447-1CE8BA2FD640}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
FirewallRules: [TCP Query User{923FE6FB-0C6D-44C6-BF59-00F979A0ADF1}C:\users\owner\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\owner\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{60898521-5636-48B9-8321-D50F8AE41860}C:\users\owner\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\owner\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [{432DD5FE-CED4-47CC-B11D-AFCEEBB76FDB}] => (Allow) C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe
FirewallRules: [{D69990BB-7582-4345-91B1-2E904DFD1166}] => (Allow) C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe
FirewallRules: [{5C3CD27E-D71A-4936-A793-57763005C9F8}] => (Allow) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
27-01-2016 02:01:36 Windows Update
29-01-2016 18:49:50 Windows Update
30-01-2016 16:09:12 JRT Pre-Junkware Removal
31-01-2016 10:45:55 Windows Update
01-02-2016 20:21:43 Windows Update
02-02-2016 21:40:21 Windows Update
02-02-2016 22:10:27 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/02/2016 10:10:27 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {984491f6-4773-4f51-aa60-b0fc60156421}
 
Error: (02/01/2016 10:58:33 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070020
 
Error: (02/01/2016 10:57:08 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.Data.OracleClient, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070020
 
Error: (02/01/2016 05:30:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13931
 
Error: (02/01/2016 05:30:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13931
 
Error: (02/01/2016 05:30:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/01/2016 05:30:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12605
 
Error: (02/01/2016 05:30:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12605
 
Error: (02/01/2016 05:30:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/01/2016 05:30:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11591
 
 
System errors:
=============
Error: (02/02/2016 10:32:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The DiagTrack service terminated with the following error: 
%%126
 
Error: (02/02/2016 10:22:17 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.
 
Error: (02/02/2016 10:22:13 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.
 
Error: (02/02/2016 10:19:00 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.
 
Error: (02/02/2016 10:18:54 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.
 
Error: (02/02/2016 10:18:47 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
 
Error: (02/02/2016 10:18:41 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.
 
Error: (02/02/2016 10:18:35 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
 
Error: (02/02/2016 10:18:29 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.
 
Error: (02/02/2016 10:18:23 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU P6200 @ 2.13GHz
Percentage of memory in use: 74%
Total physical RAM: 2924.38 MB
Available physical RAM: 749.34 MB
Total Virtual: 5846.94 MB
Available Virtual: 3117.78 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:200 GB) (Free:147.54 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:240.76 GB) (Free:240.36 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: CA1BABAE)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=200 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=240.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 
 
 
 

  • 0

#21
L3Nerd

L3Nerd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Jr0x,

 

 

i am unfamiliar w/ Radialpoint Security Advisor, so i removed it.

 

PC POST and loads to desktop quicker. 

 

Please let me know the next step.

 

Tks!


  • 0

#22
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts

Hi L3Nerd,

 

Thanks for the update. I am currently reviewing your log, and will get back to you as soon as possible.


  • 0

#23
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts
Hi L3Nerd,
 
Glad to hear that your PC is running better now, we still have a little more work to do. 
 
I think you removed "Radialpoint Servicepoint Dashboard Extensions" instead of "Radialpoint Security Advisor" but that's fine. In the instruction below, you will be able to remove "Radialpoint Security Advisor".
 
I also noticed that your current Antivirus - Avast! and Antispyware - Windows Defender definition is outdated, please update both and let me know if you have any issue performing the update.

FRST.gifFix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste.
  • Save it on the desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
 

Start
CreateRestorePoint:
CloseProcesses:

S2 DiagTrack; %SystemRoot%\system32\diagtrack.dll [X]
S3 IEEtwCollectorService; %SystemRoot%\system32\IEEtwCollector.exe /V [X]
2016-01-26 19:44 - 2016-01-26 19:44 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Radialpoint
2016-02-02 22:15 - 2012-07-17 15:23 - 00000000 ____D C:\ProgramData\Radialpoint
2016-01-28 00:05 - 2012-07-17 15:23 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Radialpoint
Radialpoint Security Advisor 2.5.15 (x32 Version: 2.5.15 - Radialpoint SafeCare Inc.) Hidden

Emptytemp:
Hosts:
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.
 
Note: The machine will reboot automatically.

Remove unwanted programs

Please uninstall the following unwanted programs:

Note: If any of the programs are not listed, proceed to the next one and work through the list.
  • Best Buy pc app
  • Radialpoint Security Advisor
To do this:
Please go to Start Menu -> Control Panel -> Uninstall a program or Programs and Features
In the list of installed programs locate and click on the program to uninstall.
Click uninstall.
Repeat the above steps for all the other programs to remove.

adwcleaner_new.png Scan with AdwCleaner

Download AdwCleaner from here or from here. Save the file to the Desktop.

Note: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
    AdwCleaner_Scan_zpsvt1mvqxm.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
  • Do not click the Cleaning button.
  • Click the Logfile button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
In your next reply, please include the following:
  • Any issue with updating Avast! and Windows Defender definition
  • FRST fixlog.txt
  • Any issue with the uninstallation
  • AdwCleaner log

  • 0

#24
L3Nerd

L3Nerd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Fix result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by Owner (2016-02-03 19:48:44) Run:2
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
 
S2 DiagTrack; %SystemRoot%\system32\diagtrack.dll [X]
S3 IEEtwCollectorService; %SystemRoot%\system32\IEEtwCollector.exe /V [X]
2016-01-26 19:44 - 2016-01-26 19:44 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Radialpoint
2016-02-02 22:15 - 2012-07-17 15:23 - 00000000 ____D C:\ProgramData\Radialpoint
2016-01-28 00:05 - 2012-07-17 15:23 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Radialpoint
Radialpoint Security Advisor 2.5.15 (x32 Version: 2.5.15 - Radialpoint SafeCare Inc.) Hidden
 
Emptytemp:
Hosts:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
DiagTrack => service removed successfully
IEEtwCollectorService => service removed successfully
C:\Users\Administrator\AppData\Roaming\Radialpoint => moved successfully
C:\ProgramData\Radialpoint => moved successfully
C:\Users\Owner\AppData\Roaming\Radialpoint => moved successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RadialpointSecurityAdvisorService_is1\\SystemComponent => value removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 77.2 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 19:50:43 ====
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
# AdwCleaner v5.032 - Logfile created 03/02/2016 at 20:03:25
# Updated 31/01/2016 by Xplode
# Database : 2016-02-02.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Owner - COMPUTER
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Program Files (x86)\Yahoo!\Companion
Folder Found : C:\ProgramData\Yahoo! Companion
Folder Found : C:\Users\Administrator\AppData\LocalLow\Yahoo! Companion
Folder Found : C:\Users\Administrator\AppData\LocalLow\Yahoo!\Companion
Folder Found : C:\Users\Administrator\AppData\Roaming\Yahoo!\Companion
Folder Found : C:\Users\Owner\AppData\LocalLow\Yahoo! Companion
Folder Found : C:\Users\Owner\AppData\LocalLow\Yahoo!\Companion
Folder Found : C:\Users\Owner\AppData\Roaming\Yahoo!\Companion
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{067ECE13-6DD2-47C7-8EFE-24DA8BC1D8DA}
Key Found : HKCU\Software\Bitberry
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\incredibar
Key Found : HKCU\Software\Yahoo\Companion
Key Found : HKCU\Software\Yahoo\YFriendsBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\Freecause
Key Found : HKCU\Software\AppDataLow\Software\Yahoo\Companion
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Driver-Soft
Key Found : HKLM\SOFTWARE\W3I
Key Found : HKLM\SOFTWARE\Yahoo\Companion
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Found : HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\Software\Bitberry
Key Found : HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\Software\Cr_Installer
Key Found : HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\Software\IM
Key Found : HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\Software\ImInstaller
Key Found : HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\Software\incredibar
Key Found : HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\Software\Yahoo\Companion
Key Found : HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\Software\Yahoo\YFriendsBar
Key Found : HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\Software\AppDataLow\Toolbar
Key Found : HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\Software\AppDataLow\Software\Conduit
Key Found : HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\Software\AppDataLow\Software\Freecause
Key Found : HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\Software\AppDataLow\Software\Yahoo\Companion
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mmotraffic.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
 
***** [ Web browsers ] *****
 
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [8173 bytes] ##########
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
I removed Radialpoint......was unable to remove Best Buy PC, does not have the uninstall button. I'm going to login as Admin and try to uninstall.
 
I updated Avast
 
I will update MS Defender later tonight.

  • 0

#25
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts
Hi L3Nerd,

I am currently reviewing your log, will get back to you shortly.
  • 0

Advertisements


#26
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts

Hi L3Nerd,

Are you able to uninstall "Best Buy pc app" yet? If not, let's try the following the method.

Revo Uninstaller

  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on Best Buy pc app
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • When prompted click on Yes and then on next.
  • Put a check on any folders that are found and select delete
  • When prompted select yes then on next
  • Once done click Finish.

Once finished, please let me know if it was successful.


adwcleaner_new.pngRe-run AdwCleaner

Close all open windows and browsers.

Re-open AdwCleaner

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to finish.
  • Everything left checked will be deleted.
  • Now click the Cleaning button.
  • Once done it will ask to reboot, allow this.
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C1].txt

 

JHlUMFt.png Re-scan with Malwarebytes Anti-Malware

  • Launch Malwarebytes from your Desktop
  • In Database version section, click Update Now
  • Once the update is done, click Settings>Detection and Protection
  • Make sure that all three boxes under Detection Options are checked
    vG7pLOy.png
  • Go back to Dashboard and click the big, green Scan Now button.
  • Wait for Malwarebytes Anti-Malware to finish the scan
  • If the program will detect anything, click Remove Selected. The program might want to reboot the system. Allow it it wants to.
  • Once the deletion is done (or after reboot), go to History, select Application Logs and click the latest Scan Log.
  • Click Export, then click Copy to Clipboard.
  • Paste (CTRL+V) the log into your next reply.

 

Scan with ESET Online Scanner
This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.

If using Internet Explorer:

  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:

  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.

To perform the scan:

  • Make sure that Enable detection of potentially unwanted applications is checked.
  • In the Advanced Settings dropdown menu:
    • Make sure that Remove found threats is unchecked.
    • Scan archives is checked.
    • Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
    • Use custom proxy settings is unchecked.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt. Open it using Notepad.

Please include this logfile in your next reply.
Don't forget to re-enable previously switched-off protection software!
 

FRST.gif Re-Scan with Farbar's Recovery Scan Tool (FRST)

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File).
  • Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • Because you selected the Addition.txt check box this log will be created as well. Please also paste that along with the FRST.txt into your reply.

In your next reply, please include the following:

  • Able to uninstall "Best Buy pc app"?
  • AdwCleaner log
  • MalwareBytes log
  • ESET log
  • FRST log
  • FRST Addition log
  • How is your system running now?

  • 0

#27
L3Nerd

L3Nerd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
# AdwCleaner v5.032 - Logfile created 06/02/2016 at 15:25:35
# Updated 31/01/2016 by Xplode
# Database : 2016-02-05.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Owner - COMPUTER
# Running from : C:\Users\Owner\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Program Files (x86)\Yahoo!\Companion
Folder Found : C:\ProgramData\Yahoo! Companion
Folder Found : C:\ProgramData\Best Buy pc app
Folder Found : C:\Users\Administrator\AppData\LocalLow\Yahoo! Companion
Folder Found : C:\Users\Administrator\AppData\LocalLow\Yahoo!\Companion
Folder Found : C:\Users\Administrator\AppData\Roaming\Yahoo!\Companion
Folder Found : C:\Users\Owner\AppData\Local\PackageAware
Folder Found : C:\Users\Owner\AppData\LocalLow\Yahoo! Companion
Folder Found : C:\Users\Owner\AppData\LocalLow\Yahoo!\Companion
Folder Found : C:\Users\Owner\AppData\Roaming\Yahoo!\Companion
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9A1A857D-41B0-4122-9DB2-B5A9B21DE0B2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A60671D2-CC17-4FDB-8CB7-87EFC561FB2C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{067ECE13-6DD2-47C7-8EFE-24DA8BC1D8DA}
Key Found : HKCU\Software\Bitberry
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\incredibar
Key Found : HKCU\Software\Yahoo\Companion
Key Found : HKCU\Software\Yahoo\YFriendsBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\Freecause
Key Found : HKCU\Software\AppDataLow\Software\Yahoo\Companion
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Driver-Soft
Key Found : HKLM\SOFTWARE\W3I
Key Found : HKLM\SOFTWARE\Yahoo\Companion
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Found : HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\Software\Bitberry
Key Found : HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\Software\Cr_Installer
Key Found : HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\Software\IM
Key Found : HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\Software\ImInstaller
Key Found : HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\Software\incredibar
Key Found : HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\Software\Yahoo\Companion
Key Found : HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\Software\Yahoo\YFriendsBar
Key Found : HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\Software\AppDataLow\Toolbar
Key Found : HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\Software\AppDataLow\Software\Conduit
Key Found : HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\Software\AppDataLow\Software\Freecause
Key Found : HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\Software\AppDataLow\Software\Yahoo\Companion
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mmotraffic.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
 
***** [ Web browsers ] *****
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [8226 bytes] ##########
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/5/2016
Scan Time: 6:47 AM
Logfile: MB.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.02.05.02
Rootkit Database: v2016.01.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Owner
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 376230
Time Elapsed: 28 min, 3 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
 
 
 
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by Owner (administrator) on COMPUTER (06-02-2016 10:45:24)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Windstream) C:\Program Files (x86)\Windstream\Diagnostic Tools\HsdService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Radialpoint SafeCare Inc.) C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
(Windstream) C:\Program Files (x86)\Windstream\Service Agent\Windstream Service Agent.exe
(Windstream) C:\Program Files (x86)\Windstream\Diagnostic Tools\DiagnosticTools.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe.1454719820241
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)
HKLM-x32\...\Run: [Windstream Service Agent.exe] => C:\Program Files (x86)\Windstream\Service Agent\Windstream Service Agent.exe [10204472 2011-10-13] (Windstream)
HKLM-x32\...\Run: [DiagnosticTools.exe] => C:\Program Files (x86)\Windstream\Diagnostic Tools\DiagnosticTools.exe [2037048 2011-04-25] (Windstream)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139768 2016-02-05] (AVAST Software)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-01-16] (Apple Inc.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2016-01-14] (Google Inc.)
HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\Run: [] => C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs.appref-ms
HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\Policies\Explorer: [HideSCAHealth] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-03] (AVAST Software)
ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll [2007-06-15] ()
ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll [2007-06-01] ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll [2007-06-15] ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll [2007-06-01] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2010-12-13]
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk [2011-02-13]
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2016-02-04]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2016-02-04]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{770317D9-EA8E-4F6C-B8B1-5C05798825FA}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-03] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2011-11-01] (Yahoo! Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-04-12] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-03] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-04-12] (Oracle Corporation)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2011-11-01] (Yahoo! Inc)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-26] ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2010-10-26] (Best Buy)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @radialpoint.com/SPA,version=1 -> C:\Program Files (x86)\Windstream\Service Agent\nprpspa.dll [2011-10-13] (Windstream)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-26] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-11-14] ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2010-10-26] (Best Buy)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-04-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-04-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @radialpoint.com/SPA,version=1 -> C:\Program Files (x86)\Windstream\Service Agent\nprpspa.dll [2011-10-13] (Windstream)
FF Plugin HKU\S-1-5-21-2057531234-2367892702-2072951418-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-2057531234-2367892702-2072951418-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-2057531234-2367892702-2072951418-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-06-05] (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-03]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-03]
 
Chrome: 
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\48.0.2564.103\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-01-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-14]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-03]
StartMenuInternet: Google Chrome - C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ADSMService; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.) [File not signed]
R2 AFBAgent; C:\Windows\system32\FBAgent.exe [377264 2010-09-30] (ASUSTeK Computer Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-03] (AVAST Software)
R2 HsdService; C:\Program Files (x86)\Windstream\Diagnostic Tools\HsdService.exe [1393976 2011-04-25] (Windstream)
R2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 ServicepointService; C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe [10315064 2011-10-13] (Radialpoint SafeCare Inc.)
R2 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-02-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-03] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065720 2016-02-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-03] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [286440 2016-02-03] (AVAST Software)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-19] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-06 08:42 - 2016-02-06 08:42 - 00001048 _____ C:\Users\Owner\Desktop\MB.txt
2016-02-04 21:59 - 2016-02-04 21:59 - 00000000 ____D C:\Program Files (x86)\ESET
2016-02-04 21:57 - 2016-02-04 21:59 - 02870984 _____ (ESET) C:\Users\Owner\Downloads\esetsmartinstaller_enu.exe
2016-02-04 21:50 - 2016-02-04 21:50 - 00000000 ____D C:\ProgramData\Best Buy pc app
2016-02-04 21:49 - 2016-02-04 21:49 - 00000000 ____D C:\Users\Owner\AppData\Local\PackageAware
2016-02-04 21:46 - 2016-02-04 21:46 - 00001270 _____ C:\Users\Owner\Desktop\Revo Uninstaller.lnk
2016-02-04 21:46 - 2016-02-04 21:46 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-02-04 21:46 - 2016-02-04 21:46 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2016-02-04 21:45 - 2016-02-04 21:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Owner\Downloads\revosetup.exe
2016-02-03 20:02 - 2016-02-05 03:23 - 00000000 ____D C:\AdwCleaner
2016-02-03 20:00 - 2016-02-03 20:00 - 01508352 _____ C:\Users\Owner\Desktop\AdwCleaner.exe
2016-02-03 19:52 - 2016-02-06 01:11 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Radialpoint
2016-02-03 19:50 - 2016-02-06 10:30 - 00000000 ____D C:\ProgramData\Radialpoint
2016-02-03 19:49 - 2016-02-03 19:49 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-02-03 19:48 - 2016-02-03 19:48 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-02-02 23:10 - 2016-02-02 23:10 - 00000000 ____D C:\Users\Owner\Documents\ASUS
2016-02-02 23:10 - 2016-02-02 23:10 - 00000000 ____D C:\Users\Owner\AppData\Local\ASUS
2016-02-02 22:29 - 2016-02-02 22:29 - 00000000 __SHD C:\found.000
2016-02-02 22:10 - 2016-02-03 19:50 - 00001648 _____ C:\Users\Owner\Desktop\Fixlog.txt
2016-02-02 21:38 - 2016-02-02 21:40 - 06871040 _____ C:\Program Files (x86)\GUTFBF4.tmp
2016-02-02 21:38 - 2016-02-02 21:40 - 00000000 ____D C:\Program Files (x86)\GUMFBF3.tmp
2016-02-01 22:12 - 2016-02-01 22:12 - 00290832 _____ C:\Users\Owner\Downloads\2015TurboTaxReturn.pdf
2016-01-31 22:33 - 2016-02-02 22:46 - 00027944 _____ C:\Users\Owner\Desktop\Addition.txt
2016-01-31 22:31 - 2016-02-06 10:45 - 00019308 _____ C:\Users\Owner\Desktop\FRST.txt
2016-01-30 16:48 - 2016-01-30 16:48 - 00000000 ____D C:\Users\Owner\jxm
2016-01-30 16:24 - 2016-01-30 16:35 - 00394620 _____ C:\TDSSKiller.3.1.0.9_30.01.2016_16.24.51_log.txt
2016-01-29 23:03 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2016-01-29 18:53 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2016-01-29 18:53 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2016-01-29 18:53 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2016-01-29 18:53 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2016-01-29 18:53 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2016-01-29 18:53 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2016-01-29 18:52 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2016-01-29 18:52 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2016-01-29 18:46 - 2016-01-29 18:46 - 00000000 ____D C:\Users\Administrator\Documents\ASUS
2016-01-29 18:46 - 2016-01-29 18:46 - 00000000 ____D C:\Users\Administrator\AppData\Local\ASUS
2016-01-29 18:46 - 2016-01-29 18:46 - 00000000 ____D C:\ProgramData\ASUS
2016-01-29 18:38 - 2016-01-29 18:38 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2016-01-29 18:38 - 2016-01-29 18:38 - 00000000 ____D C:\Users\Administrator\AppData\Local\SRS Labs
2016-01-27 08:02 - 2015-02-18 02:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2016-01-27 08:02 - 2015-02-18 02:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-01-27 07:58 - 2015-12-30 14:08 - 05572544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-27 07:58 - 2015-12-30 14:08 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-27 07:58 - 2015-12-30 14:08 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-01-27 07:58 - 2015-12-30 14:05 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-27 07:58 - 2015-12-30 14:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-01-27 07:58 - 2015-12-30 14:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-01-27 07:58 - 2015-12-30 14:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-01-27 07:58 - 2015-12-30 14:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-01-27 07:58 - 2015-12-30 14:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-01-27 07:58 - 2015-12-30 14:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-01-27 07:58 - 2015-12-30 14:01 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-01-27 07:58 - 2015-12-30 14:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-01-27 07:58 - 2015-12-30 14:01 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-27 07:58 - 2015-12-30 14:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-01-27 07:58 - 2015-12-30 14:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-01-27 07:58 - 2015-12-30 14:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-01-27 07:58 - 2015-12-30 14:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-01-27 07:58 - 2015-12-30 14:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-01-27 07:58 - 2015-12-30 13:59 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-01-27 07:58 - 2015-12-30 13:59 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-27 07:58 - 2015-12-30 13:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-01-27 07:58 - 2015-12-30 13:58 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-27 07:58 - 2015-12-30 13:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-01-27 07:58 - 2015-12-30 13:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-01-27 07:58 - 2015-12-30 13:57 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-01-27 07:58 - 2015-12-30 13:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-01-27 07:58 - 2015-12-30 13:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-01-27 07:58 - 2015-12-30 13:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-01-27 07:58 - 2015-12-30 13:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-01-27 07:58 - 2015-12-30 13:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-01-27 07:58 - 2015-12-30 13:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-01-27 07:58 - 2015-12-30 13:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-01-27 07:58 - 2015-12-30 13:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-01-27 07:58 - 2015-12-30 13:44 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-27 07:58 - 2015-12-30 13:41 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-01-27 07:58 - 2015-12-30 13:41 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-01-27 07:58 - 2015-12-30 13:41 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-01-27 07:58 - 2015-12-30 13:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-01-27 07:58 - 2015-12-30 13:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-01-27 07:58 - 2015-12-30 13:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-01-27 07:58 - 2015-12-30 13:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-01-27 07:58 - 2015-12-30 13:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-01-27 07:58 - 2015-12-30 13:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-27 07:58 - 2015-12-30 13:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-01-27 07:58 - 2015-12-30 13:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-01-27 07:58 - 2015-12-30 13:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-27 07:58 - 2015-12-30 13:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-01-27 07:58 - 2015-12-30 13:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-01-27 07:58 - 2015-12-30 13:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-01-27 07:58 - 2015-12-30 13:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-01-27 07:58 - 2015-12-30 13:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-01-27 07:58 - 2015-12-30 13:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-01-27 07:58 - 2015-12-30 13:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 12:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-01-27 07:58 - 2015-12-30 12:50 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-01-27 07:58 - 2015-12-30 12:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-01-27 07:58 - 2015-12-30 12:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-01-27 07:58 - 2015-12-30 12:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-27 07:58 - 2015-12-30 12:42 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-01-27 07:58 - 2015-12-30 12:42 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-27 07:58 - 2015-12-30 12:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-01-27 07:58 - 2015-12-30 12:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-01-27 07:58 - 2015-12-30 12:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-01-27 07:58 - 2015-12-30 12:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-01-27 07:58 - 2015-12-30 12:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-01-27 07:58 - 2015-12-30 12:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-01-27 07:58 - 2015-12-30 12:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-01-27 07:58 - 2015-12-30 12:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 12:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-01-27 07:58 - 2015-12-30 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-01-27 07:58 - 2015-09-23 08:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-01-27 07:58 - 2015-09-23 08:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-01-27 07:58 - 2015-09-23 08:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-01-27 06:40 - 2015-02-03 22:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2016-01-27 06:40 - 2015-02-03 21:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2016-01-27 06:40 - 2013-08-27 20:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-01-26 21:51 - 2016-01-31 10:51 - 00028852 _____ C:\Users\Owner\Downloads\Addition.txt
2016-01-26 21:47 - 2016-01-26 21:47 - 02370560 _____ (Farbar) C:\Users\Owner\Downloads\FRST64 (1).exe
2016-01-26 20:27 - 2016-01-26 20:27 - 00000000 ____D C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2016-01-26 19:49 - 2016-01-26 19:49 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\Sun
2016-01-26 19:48 - 2016-01-26 19:48 - 00058016 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-26 19:48 - 2016-01-26 19:48 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2016-01-26 19:47 - 2016-01-26 19:47 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Yahoo!
2016-01-26 19:47 - 2016-01-26 19:47 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\Yahoo! Companion
2016-01-26 19:47 - 2016-01-26 19:47 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\Yahoo!
2016-01-26 19:44 - 2016-01-26 19:44 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Windstream
2016-01-26 19:43 - 2016-01-30 15:49 - 00001415 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-24 19:59 - 2016-01-30 16:17 - 00001136 _____ C:\Users\Owner\Desktop\JRT.txt
2016-01-24 19:35 - 2016-01-24 19:39 - 01600184 _____ (Malwarebytes) C:\Users\Owner\Downloads\JRT.exe
2016-01-24 19:26 - 2016-01-24 19:35 - 00198084 _____ C:\TDSSKiller.3.1.0.9_24.01.2016_19.26.21_log.txt
2016-01-14 22:34 - 2016-01-30 00:30 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-01-14 22:34 - 2016-01-30 00:30 - 00000000 ___SD C:\Windows\system32\GWX
2016-01-14 22:34 - 2016-01-30 00:30 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-01-14 22:34 - 2016-01-30 00:30 - 00000000 ____D C:\Windows\system32\appraiser
2016-01-14 15:15 - 2016-01-14 15:16 - 00196248 _____ C:\TDSSKiller.3.1.0.9_14.01.2016_15.15.18_log.txt
2016-01-14 15:14 - 2016-01-14 15:14 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Owner\Downloads\tdsskiller.exe
2016-01-14 14:50 - 2016-01-31 10:51 - 00038228 _____ C:\Users\Owner\Downloads\FRST.txt
2016-01-14 13:26 - 2016-01-14 13:26 - 00000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2016-01-14 11:58 - 2016-01-14 11:58 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVAST Software
2016-01-14 11:58 - 2016-01-14 11:58 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2016-01-14 08:11 - 2016-01-23 20:45 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-01-14 08:11 - 2016-01-14 08:11 - 00001924 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-01-14 08:11 - 2016-01-14 08:11 - 00000000 ____D C:\Users\Owner\AppData\Roaming\AVAST Software
2016-01-14 08:11 - 2016-01-14 08:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-01-14 08:11 - 2016-01-14 08:11 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-14 08:10 - 2016-02-03 19:50 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-01-14 08:10 - 2016-02-03 19:49 - 00463744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-01-14 08:10 - 2016-02-03 19:49 - 00286440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-01-14 08:10 - 2016-02-03 19:49 - 00165344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-01-14 08:10 - 2016-02-03 19:49 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-01-14 08:10 - 2016-02-03 19:49 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-01-14 08:10 - 2016-02-03 19:49 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-01-14 08:10 - 2016-02-03 19:49 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-01-14 08:10 - 2016-02-03 19:48 - 01065720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-01-14 08:07 - 2016-01-14 08:07 - 00000000 ____D C:\ProgramData\AVAST Software
2016-01-14 08:07 - 2016-01-14 08:07 - 00000000 ____D C:\Program Files\AVAST Software
2016-01-14 07:26 - 2016-02-05 06:47 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-14 07:26 - 2016-01-14 07:26 - 05065856 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup_online.exe
2016-01-14 07:25 - 2016-01-14 07:25 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-14 07:25 - 2016-01-14 07:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-14 07:25 - 2016-01-14 07:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-14 07:25 - 2016-01-14 07:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-14 07:25 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-14 07:25 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-14 07:25 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-14 00:30 - 2016-01-14 00:32 - 22908888 _____ (Malwarebytes ) C:\Users\Owner\Downloads\mbam-setup-majorgeeks-2.2.0.1024.exe
2016-01-14 00:26 - 2014-05-14 11:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-01-14 00:26 - 2014-05-14 11:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-01-14 00:26 - 2014-05-14 11:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-01-14 00:26 - 2014-05-14 11:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-01-14 00:25 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-01-14 00:25 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-01-14 00:25 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-01-14 00:25 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-01-14 00:14 - 2016-01-14 00:14 - 02660496 _____ (Sysinternals - www.sysinternals.com) C:\Users\Owner\Downloads\procexp.exe
2016-01-14 00:00 - 2016-01-14 00:00 - 00000000 ____D C:\Program Files (x86)\Google
2016-01-13 23:59 - 2016-02-06 10:45 - 00000000 ____D C:\FRST
2016-01-13 23:59 - 2016-01-13 23:59 - 02370560 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2016-01-13 18:17 - 2016-02-02 21:58 - 01516200 _____ C:\Windows\ntbtlog.txt
2016-01-13 16:50 - 2016-01-13 16:50 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2016-01-13 16:50 - 2016-01-13 16:50 - 00000000 _SHDL C:\Users\Administrator\My Documents
2016-01-13 16:50 - 2016-01-13 16:50 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos
2016-01-13 16:50 - 2016-01-13 16:50 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures
2016-01-13 16:50 - 2016-01-13 16:50 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music
2016-01-13 16:49 - 2016-01-26 19:43 - 00000000 ____D C:\Users\Administrator
2016-01-13 16:49 - 2011-05-29 21:32 - 00000000 ____D C:\Users\Administrator\AppData\Local\Power2Go
2016-01-13 16:49 - 2010-12-13 14:53 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2016-01-13 16:49 - 2009-07-14 02:44 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-06 10:18 - 2012-07-28 21:31 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2057531234-2367892702-2072951418-1000UA.job
2016-02-06 09:55 - 2012-07-17 16:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-06 04:18 - 2012-07-28 21:31 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2057531234-2367892702-2072951418-1000Core.job
2016-02-04 21:54 - 2011-02-13 20:17 - 00000000 __HDC C:\ProgramData\{FEC7DA28-87AB-47BB-8C6C-FFE15BF1037D}
2016-02-04 16:22 - 2012-07-28 21:33 - 00002357 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-03 22:51 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-02-03 19:57 - 2009-07-13 23:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-03 19:57 - 2009-07-13 23:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-03 19:52 - 2011-12-26 17:20 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2016-02-03 19:52 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-03 19:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2016-02-03 04:13 - 2012-07-28 21:31 - 00003882 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2057531234-2367892702-2072951418-1000UA
2016-02-03 04:13 - 2012-07-28 21:31 - 00003486 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2057531234-2367892702-2072951418-1000Core
2016-02-03 04:01 - 2013-02-27 18:08 - 00805884 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-02-03 04:01 - 2009-07-14 00:13 - 00805884 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-03 04:01 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-02-02 22:11 - 2012-07-28 15:54 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Temp
2016-01-30 16:48 - 2011-03-24 13:20 - 00000000 ____D C:\Users\Owner
2016-01-30 15:53 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-01-30 15:52 - 2011-03-24 13:21 - 00001419 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-30 15:50 - 2009-07-13 23:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-01-30 00:35 - 2013-03-14 14:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-30 00:35 - 2013-03-14 14:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-30 00:31 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2016-01-30 00:31 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-01-30 00:31 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-01-30 00:31 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\Dism
2016-01-30 00:31 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2016-01-30 00:31 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-01-30 00:30 - 2009-07-14 02:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-01-29 23:18 - 2013-03-14 14:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-26 23:00 - 2012-07-17 15:21 - 00000000 ____D C:\Windows\pss
2016-01-26 20:32 - 2012-03-03 23:09 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
2016-01-26 19:56 - 2012-07-17 16:01 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-26 19:56 - 2012-07-17 16:01 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-26 19:56 - 2012-03-04 13:06 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-24 19:48 - 2013-02-27 16:10 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Raxco
2016-01-23 20:51 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Microsoft Games
2016-01-23 20:46 - 2010-12-13 15:11 - 00000000 ____D C:\ProgramData\P4G
2016-01-23 20:45 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\servicing
2016-01-23 20:45 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\schemas
2016-01-23 20:45 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-01-23 20:43 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2016-01-23 20:41 - 2011-05-11 19:46 - 00000000 ____D C:\Users\Owner\AppData\Local\Microsoft Games
2016-01-23 20:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2016-01-14 23:00 - 2013-04-22 18:30 - 00000000 ____D C:\Users\Owner\AppData\Local\Windows Live
2016-01-14 22:35 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\tracing
2016-01-14 14:45 - 2010-12-13 15:13 - 00002104 _____ C:\Windows\system32\AutoRunFilter.ini
2016-01-14 14:45 - 2010-12-13 15:13 - 00001311 _____ C:\Windows\system32\ServiceFilter.ini
2016-01-14 13:14 - 2009-07-13 23:45 - 00000000 ____D C:\Windows\ServiceProfiles
2016-01-14 10:55 - 2012-05-24 10:27 - 00001407 _____ C:\Users\Owner\Desktop\Internet Explorer.lnk
2016-01-14 08:07 - 2013-02-27 18:44 - 00001945 _____ C:\Windows\epplauncher.mif
2016-01-14 08:06 - 2009-07-13 22:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-01-14 01:37 - 2012-02-03 20:56 - 00000000 ____D C:\Users\Owner\AppData\Local\Facebook
2016-01-13 22:16 - 2009-07-29 00:20 - 00000000 ____D C:\Windows\Log
 
==================== Files in the root of some directories =======
 
2016-02-02 21:38 - 2016-02-02 21:40 - 6871040 _____ () C:\Program Files (x86)\GUTFBF4.tmp
2007-06-12 12:34 - 2007-06-12 12:34 - 0035822 _____ () C:\Program Files (x86)\Common Files\ASPG_icon.ico
2008-05-22 11:35 - 2008-05-22 11:35 - 0051962 _____ () C:\Program Files (x86)\Common Files\banner.jpg
2009-04-08 13:31 - 2009-04-08 13:31 - 0106496 _____ () C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 00:45 - 2008-08-12 00:45 - 0155648 _____ (ASUS) C:\Program Files (x86)\Common Files\MSIactionall.dll
2012-06-16 13:11 - 2013-02-23 18:01 - 0001130 _____ () C:\Users\Owner\AppData\Roaming\result.db
2010-12-13 14:52 - 2010-12-13 14:53 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-12-13 14:52 - 2010-12-13 14:52 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-03 22:44
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by Owner (2016-02-06 10:46:30)
Running from C:\Users\Owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-03-24 18:20:56)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2057531234-2367892702-2072951418-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2057531234-2367892702-2072951418-501 - Limited - Enabled)
Owner (S-1-5-21-2057531234-2367892702-2072951418-1000 - Administrator - Enabled) => C:\Users\Owner
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{343666E2-A059-48AC-AD67-230BF74E2DB2}) (Version: 2.1.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{75104836-CAC7-444E-A39E-3F54151942F5}) (Version: 4.0.0.97 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.10 - ASUS)
ASUS CopyProtect (HKLM-x32\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0015 - ASUS)
ASUS Data Security Manager (HKLM-x32\...\{FA2092C5-7979-412D-A962-6485274AE1EE}) (Version: 1.00.0014 - ASUS)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.21 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0021 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.42 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0009 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.20 - asus)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0007 - ASUS)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
Best Buy pc app (Version: 3.1.1.0 - Best Buy) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.111.0.63 - Conexant)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.9 - ASUS)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ETDWare PS/2-x64 7.0.5.16_WHQL (HKLM\...\Elantech) (Version: 7.0.5.16 - ELAN Microelectronics Corp.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.7 - ASUS)
Google Chrome (HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\Google Chrome) (Version: 48.0.2564.103 - Google Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2125 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{5E11C972-1E76-45FE-8F92-14E0D1140B1B}) (Version: 10.5.3.3 - Apple Inc.)
Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
JMicron Ethernet Adapter NDIS Driver (HKLM-x32\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.23.4 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.33.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K_Series_ScreenSaver_EN (HKLM-x32\...\K_Series_ScreenSaver_EN) (Version:  - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Radialpoint Security Advisor 2.5.15 (x32 Version: 2.5.15 - Radialpoint SafeCare Inc.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 1.9.10 - Tweaking.com)
Unity Web Player (HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
USB2.0 UVC VGA WebCam (HKLM\...\USB2.0 UVC VGA WebCam) (Version: 5.8.54000.207 - Sonix)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windstream Diagnostic Tools 3.0.21 (x32 Version: 3.0.21 - Windstream) Hidden
Windstream Service Agent 4.1.15 (HKLM-x32\...\RadialpointClientGateway_is1) (Version: 4.1.15 - Windstream)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.30.3 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00E10AF8-C520-43D3-B5A5-F57C68ED0945} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe
Task: {1FB1A171-2CB2-478E-BFB8-4E687FA741A5} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe
Task: {256EBD91-A7CF-410C-A0B3-A8601432AB6A} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe
Task: {264BF239-0444-4BBE-8388-9ED21A29E96C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe
Task: {2BA6625F-952B-438F-8332-A4E8FDD3347A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {36B6310B-9E8F-4B48-B638-B2F77BB5B1EA} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe [2010-09-30] (asus)
Task: {47764F4D-150F-4077-91C1-6C0DCBD0D5B0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-26] (Adobe Systems Incorporated)
Task: {5495D149-92FB-49CA-BD35-DDD330CA6426} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {73164D51-BDCE-480C-8CC3-9D2E2185446C} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: {826B8D22-7B28-451A-B194-4181C1444E02} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {9724BD46-C78A-4060-8928-3B13DCAEF869} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => C:\Windows\system32\GWX\GWXConfigManager.exe
Task: {974F98DA-E6A4-4514-A9D8-43AE037005BF} - System32\Tasks\ASPG => C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe [2009-06-29] (ASUS)
Task: {A0356FCA-6CAE-4112-8005-E8A3FF1DAD01} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-03] (AVAST Software)
Task: {A90EAD37-F0A5-431A-AC9E-E49F8F0DF72E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-01-23] (AVAST Software)
Task: {A99E58CF-06B7-43AE-8DD2-87FE7E81BE68} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-11-10] (ASUS)
Task: {AF5F284E-8260-4A77-B3C8-E376BCCC5921} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2057531234-2367892702-2072951418-1000Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2016-01-14] (Google Inc.)
Task: {D2C43335-3C76-4815-8BE8-23A1C8E9E4C2} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {DC855D1B-BC8A-42CD-A5EE-195302A6933C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2057531234-2367892702-2072951418-1000UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2016-01-14] (Google Inc.)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {DF0DB457-BDEC-4DFF-9CF2-696429C18639} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2057531234-2367892702-2072951418-1000Core.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2057531234-2367892702-2072951418-1000UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-12-13 15:14 - 2007-11-30 14:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2007-06-15 13:28 - 2007-06-15 13:28 - 00104960 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll
2007-06-01 19:52 - 2007-06-01 19:52 - 00159744 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
2008-10-01 02:02 - 2008-10-01 02:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-07-14 19:11 - 2010-07-14 19:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll
2010-09-23 19:53 - 2010-09-23 19:53 - 01601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2016-02-03 19:48 - 2016-02-03 19:48 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-02-03 19:48 - 2016-02-03 19:48 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-02-03 19:42 - 2016-02-03 19:42 - 02819072 _____ () C:\Program Files\AVAST Software\Avast\defs\16020301\algo.dll
2016-02-03 19:48 - 2016-02-03 19:48 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-02-06 07:59 - 2016-02-06 07:59 - 02819072 _____ () C:\Program Files\AVAST Software\Avast\defs\16020600\algo.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-01-14 08:10 - 2016-01-14 08:10 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2009-11-02 17:20 - 2009-11-02 17:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 17:23 - 2009-11-02 17:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2007-06-15 13:28 - 2007-06-15 13:28 - 00147456 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
2007-06-01 20:08 - 2007-06-01 20:08 - 00143360 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
2016-02-04 16:22 - 2016-02-03 02:27 - 01632584 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\48.0.2564.103\libglesv2.dll
2016-02-04 16:22 - 2016-02-03 02:27 - 00087880 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\48.0.2564.103\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HsdService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ServicepointService => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\...\100sexlinks.com -> 100sexlinks.com
 
There are 4788 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2016-02-03 19:50 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2057531234-2367892702-2072951418-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 0) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: ADSMTray => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{A8D957A7-1595-4890-BA3C-6AB78BAD39F3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E35E5C9A-C729-4EC8-A714-26A5B39EF2C9}] => (Allow) LPort=2869
FirewallRules: [{70A47C7B-8C91-45FA-82CB-D2FC2A5A89A5}] => (Allow) LPort=1900
FirewallRules: [{094A58A2-3D90-459D-9ABE-3D98E04639C4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{80E1448D-8492-49A3-8D3B-6478BF3C131D}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{FE4B8318-9643-4B84-A5FD-C7079ED35E20}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{7E779EFD-FDB6-48C4-A568-D624414FEACF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{97243C1D-A241-4E7F-AACB-093DF977BABC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F52FEAFA-99E2-452E-84F8-419884A0082E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4540EBD8-8C2B-41C4-B745-89D16113510F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{15AC4F6D-D39C-4B41-8B5F-E09868170B49}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{FCA5DF2F-17E8-45C5-9353-6138552A1154}] => (Allow) C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
FirewallRules: [{84C5A026-0760-4AF4-8447-1CE8BA2FD640}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
FirewallRules: [TCP Query User{923FE6FB-0C6D-44C6-BF59-00F979A0ADF1}C:\users\owner\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\owner\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{60898521-5636-48B9-8321-D50F8AE41860}C:\users\owner\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\owner\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [{432DD5FE-CED4-47CC-B11D-AFCEEBB76FDB}] => (Allow) C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe
FirewallRules: [{D69990BB-7582-4345-91B1-2E904DFD1166}] => (Allow) C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe
FirewallRules: [{2E8E2BB9-EE7D-4A7F-9EA4-D0CD1203C2BF}] => (Allow) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
03-02-2016 03:03:09 Windows Update
03-02-2016 19:48:53 Restore Point Created by FRST
04-02-2016 03:00:10 Windows Update
04-02-2016 21:48:48 Revo Uninstaller's restore point - Best Buy pc app
05-02-2016 03:00:11 Windows Update
06-02-2016 03:00:10 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/06/2016 10:07:39 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070020
 
Error: (02/06/2016 10:04:43 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: PresentationFramework, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020
 
Error: (02/06/2016 09:46:04 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070020
 
Error: (02/06/2016 09:09:16 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070020
 
Error: (02/06/2016 08:39:20 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070020
 
Error: (02/06/2016 08:34:16 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070020
 
Error: (02/06/2016 08:28:56 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.Data.SqlXml, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070020
 
Error: (02/06/2016 08:13:20 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.DirectoryServices.Protocols, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070020
 
Error: (02/06/2016 08:00:20 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.Runtime.Serialization.Formatters.Soap, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070020
 
Error: (02/06/2016 07:42:20 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070020
 
 
System errors:
=============
Error: (02/06/2016 03:07:11 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2468871).
 
Error: (02/05/2016 03:07:37 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2468871).
 
Error: (02/04/2016 10:28:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (02/04/2016 10:28:24 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Owner\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (02/04/2016 10:28:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (02/04/2016 10:28:23 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Owner\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (02/04/2016 10:28:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (02/04/2016 10:28:23 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Owner\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (02/04/2016 10:03:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (02/04/2016 10:03:23 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Owner\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU P6200 @ 2.13GHz
Percentage of memory in use: 56%
Total physical RAM: 2924.38 MB
Available physical RAM: 1264.49 MB
Total Virtual: 5846.96 MB
Available Virtual: 3534.38 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:200 GB) (Free:144.99 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:240.76 GB) (Free:240.36 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: CA1BABAE)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=200 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=240.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 
 
 
 
 
 
i was able to remove Best buy software.
 
ESET scanner didn't provide a log, or i missed it, but ESET didn't find anything.
 

  • 0

#28
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts
Hi L3Nerd,
 
I am currently reviewing your log, will get back to you shortly. 

  • 0

#29
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts

Hi L3Nerd,

 

Just want to let you know that you're not forgotten. There is some delay but I will get back to you as soon as possible.


  • 0

#30
L3Nerd

L3Nerd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

ok thanks


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP