[Webslinger64]

About a month ago, I installed Kaspersky online scanner to help resolve some spyware issues I was having.  Since then, Kaspersky runs two scans a week as part of it's default settings.  Today's scan found two items:

 

 

Until today, Kaspersky scans have been clean.  Now, I have Avast antivirus installed on this PC and run Malwarebytes and SUPERAntiSpyware Free Edition on a regular basis.  Doing an Internet search on HEUR: Trojan-Downloader.Script.Generic returns some Kaspersky results and several others from websites that seem suspect. 

The actual Kaspersky scan recommends that I install Kaspersky Internet Secruity to eliminate problems, and that after I install the program, "...it will perform an anti-virus scan of my system and neutralize any threats detected..."  The download is free.

So, my questions are 1) Should I follow the recommendation from Kaspersky and install Kaspersky Internet Security? 2) Once installed, will Kaspersky Internet Security interfere with Avast? 3) Is there another or better option to remove the HEUR: Trogjan-Downloader.Script.Generic from my PC (there are several search results that guide you through a manual removal of this infection)? 4) Based on my Internet search for this virus it seems Kaspersky is the only antivirus program that catches it.  Avast, Malwarebytes, and SUPERAntiSpyware have not caught it, so why only Kaspersky?

Here is the Kaspersky window that recommends downloading Kaspersky Internet Security:

 

 

Thank you in advance for your help and I look forward to your replies.

[Advertisements]

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

Should I follow the recommendation from Kaspersky and install Kaspersky Internet Security? 2) Once installed, will Kaspersky Internet Security interfere with Avast? 3) Is there another or better option to remove the HEUR: Trogjan-Downloader.Script.Generic from my PC

Lets look at other options, if you installed Kaspersky you would need to uninstall Avast as you can't have 2 Anti Virus programs running, it's a free download yes but a trial version only after that of course you would need to pay


Everything gets download to the desktop and tools are "Run as administrator."

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

[zep516]

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

Should I follow the recommendation from Kaspersky and install Kaspersky Internet Security? 2) Once installed, will Kaspersky Internet Security interfere with Avast? 3) Is there another or better option to remove the HEUR: Trogjan-Downloader.Script.Generic from my PC

Lets look at other options, if you installed Kaspersky you would need to uninstall Avast as you can't have 2 Anti Virus programs running, it's a free download yes but a trial version only after that of course you would need to pay


Everything gets download to the desktop and tools are "Run as administrator."

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

[Webslinger64]

Thank you for the assistance.  Both logs are posted below.

 

FRST Log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-08-2016
Ran by Helena (administrator) on HELENA-PC (06-08-2016 19:09:25)
Running from C:\Users\Helena\Desktop
Loaded Profiles: Helena (Available Profiles: Helena)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
() C:\Program Files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\IOMonitorSrv.exe
() C:\Program Files (x86)\D-Link\DWA-121 revA\ANIWConnService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-121 revA\AirNCFG.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Helena\Desktop\FRST64(1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-10] (Intel Corporation)
HKLM-x32\...\Run: [D-Link D-Link DWA-121] => C:\Program Files (x86)\D-Link\DWA-121 revA\AirNCFG.exe [1079600 2013-03-19] (D-Link Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8900328 2016-07-11] (AVAST Software)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-08-14] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3746497652-99284834-819367531-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-07-24] (SUPERAntiSpyware)
HKU\S-1-5-21-3746497652-99284834-819367531-1000\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1707632 2012-08-14] (CyberLink Corp.)
HKU\S-1-5-21-3746497652-99284834-819367531-1000\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
HKU\S-1-5-18\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-07-08] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Software Updater Beta.lnk [2016-07-24]
ShortcutTarget: Kaspersky Software Updater Beta.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe (AO Kaspersky Lab)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2014-01-17]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{401FADAA-1C16-4721-9F02-19067E1A1CA8}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\Users\Helena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-04-20]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{84E3B946-060C-44A1-B082-3D7859732B3B}: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{A4E4995F-30E7-4BDF-849C-4FC850F0AC69}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3746497652-99284834-819367531-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3746497652-99284834-819367531-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-07-08] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2015-11-28] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-07-08] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-11-28] (Oracle Corporation)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2015-11-13] (Belarc, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\ju292vok.default-1438795000345
FF DefaultSearchEngine.US: Google
FF Homepage: www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-11-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-11-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-08] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Extension: StumbleUpon - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\ju292vok.default-1438795000345\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2015-09-05]
FF Extension: WOT - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\ju292vok.default-1438795000345\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-03-03]
FF Extension: Zoom Page - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\ju292vok.default-1438795000345\extensions\[email protected] [2016-07-27]
FF Extension: Pin It button - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\ju292vok.default-1438795000345\Extensions\[email protected] [2015-09-03]
FF Extension: WiseStamp Web - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\ju292vok.default-1438795000345\Extensions\[email protected] [2016-06-23]
FF Extension: Shorten URL (bit.ly) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\ju292vok.default-1438795000345\Extensions\{a1109c2a-1187-4027-901d-13097b755625}.xpi [2015-08-05]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-07-10]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-07-10]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-05-06]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-12] (SUPERAntiSpyware.com)
R2 ASRockIOMon; C:\Program Files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\IOMonitorSrv.exe [454656 2013-05-28] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-07-08] (AVAST Software)
R2 D_Link_DWA-121_WPS; C:\Program Files (x86)\D-Link\DWA-121 revA\ANIWConnService.exe [49152 2012-12-24] () [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2010-06-08] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2014-01-17] (ASRock Incorporation)
S3 AsrHidFilter; C:\Windows\System32\DRIVERS\AsrHidFilter.sys [20232 2013-09-09] (ASRock Inc.)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [40200 2013-05-09] (ASRock Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-07-08] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-07-08] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108304 2016-07-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-07-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-07-08] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-07-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [473592 2016-07-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162904 2016-07-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-05] (AVAST Software)
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [67888 2013-02-13] (Qualcomm Atheros, Inc.)
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DRTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-20] (Realtek Semiconductor Corporation                           )
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-08-07] ()
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [154320 2013-03-20] (Qualcomm Atheros, Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-06 19:09 - 2016-08-06 19:09 - 00018136 _____ C:\Users\Helena\Desktop\FRST.txt
2016-08-06 19:08 - 2016-08-06 19:08 - 02393600 _____ (Farbar) C:\Users\Helena\Desktop\FRST64(1).exe
2016-08-06 17:51 - 2016-08-06 17:58 - 00000000 ____D C:\Users\Helena\Desktop\Scripture Power Printout
2016-08-02 20:07 - 2016-08-02 20:07 - 00037325 _____ C:\Users\Helena\Downloads\2012-10-153-scripture-power-eng.pdf
2016-08-01 10:35 - 2016-08-01 11:06 - 00000000 ____D C:\Users\Helena\Desktop\Golden Island Jerky
2016-07-31 13:13 - 2016-07-31 13:13 - 02581653 _____ C:\Users\Helena\Downloads\NEW FILE LIST(1).pdf
2016-07-31 13:09 - 2016-07-31 13:09 - 01760950 _____ C:\Users\Helena\Downloads\Presentation Songs.pdf
2016-07-24 22:32 - 2016-07-24 22:32 - 00001095 _____ C:\Users\Public\Desktop\Kaspersky Software Updater Beta.lnk
2016-07-24 22:32 - 2016-07-24 22:32 - 00001055 _____ C:\Users\Public\Desktop\Kaspersky Security Scan.lnk
2016-07-24 22:32 - 2016-07-24 22:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Software Updater Beta
2016-07-24 22:32 - 2016-07-24 22:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2016-07-24 22:32 - 2016-07-24 22:32 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-07-24 22:32 - 2016-07-24 22:32 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-07-24 22:30 - 2016-07-24 22:30 - 02671128 _____ (Kaspersky Lab) C:\Users\Helena\Downloads\kss16.0.0.1344en_ru_de_fr_es_it_zh-hans_pl_tr_nl_cs_ko_id_pt_ar_vi_hi_zh-hant_fa_10518.exe
2016-07-24 22:28 - 2016-07-24 22:28 - 00000000 ____D C:\Users\Helena\AppData\Roaming\QuickScan
2016-07-22 18:27 - 2016-08-04 11:55 - 00000000 ____D C:\Users\Helena\Desktop\Sticky Blogging Notes
2016-07-15 16:33 - 2016-07-15 16:33 - 00063014 _____ C:\Users\Helena\Downloads\26209009854-529422192-ticket.pdf
2016-07-13 10:08 - 2016-07-13 10:08 - 11438608 _____ (SurfRight B.V.) C:\Users\Helena\Downloads\hitmanpro_x64(1).exe
2016-07-13 10:04 - 2016-07-13 10:04 - 00001879 _____ C:\Users\Helena\Desktop\JRT.txt
2016-07-13 10:02 - 2016-07-13 10:02 - 01610560 _____ (Malwarebytes) C:\Users\Helena\Downloads\JRT.exe
2016-07-13 09:59 - 2016-07-13 10:00 - 03712064 _____ C:\Users\Helena\Downloads\adwcleaner_5.201(1).exe
2016-07-13 09:51 - 2016-07-13 09:52 - 03712064 _____ C:\Users\Helena\Downloads\adwcleaner_5.201.exe
2016-07-13 09:00 - 2016-07-13 10:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-07-12 21:09 - 2016-08-01 10:24 - 00000000 ____D C:\Users\Helena\Desktop\Affiliate Collection
2016-07-10 14:25 - 2016-07-10 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-07-10 14:25 - 2016-07-08 09:39 - 00390984 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-07-08 09:39 - 2016-07-08 09:39 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-06 19:09 - 2016-03-02 16:21 - 00000000 ____D C:\FRST
2016-08-06 18:19 - 2015-10-06 21:22 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-06 17:58 - 2015-07-03 14:42 - 00000000 ____D C:\Users\Helena\Desktop\Primary
2016-08-06 17:23 - 2009-07-13 22:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-06 17:23 - 2009-07-13 22:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-06 17:16 - 2009-07-13 23:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-06 17:16 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2016-08-06 17:09 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-06 08:18 - 2014-01-17 15:50 - 00004180 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-08-05 19:07 - 2014-03-21 14:37 - 00000000 ____D C:\Users\Helena\Documents\Outlook Files
2016-08-05 14:31 - 2015-09-06 09:57 - 00462848 ___SH C:\Users\Helena\Desktop\Thumbs.db
2016-08-05 14:27 - 2014-08-23 14:39 - 00000000 ____D C:\Users\Helena\Desktop\Web pictures
2016-08-05 08:47 - 2014-01-17 15:50 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-08-04 18:22 - 2015-11-10 19:19 - 00000000 ____D C:\Users\Helena\Desktop\Reviews Only
2016-08-04 10:43 - 2015-07-06 11:36 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-08-01 21:07 - 2015-01-03 19:29 - 00000000 ____D C:\Users\Helena\Desktop\A Gal Needs
2016-07-31 10:35 - 2015-04-10 18:23 - 00000000 ____D C:\Users\Helena\Desktop\Insightful
2016-07-30 14:01 - 2015-03-30 18:54 - 00000000 ____D C:\Users\Helena\Desktop\Giveaways
2016-07-26 16:13 - 2014-01-17 16:22 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-07-24 22:40 - 2014-08-29 20:51 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-24 22:31 - 2016-02-27 17:55 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-07-23 21:49 - 2016-07-02 14:24 - 00019604 ____H C:\Users\Helena\Desktop\~WRL0420.tmp
2016-07-16 15:32 - 2014-01-17 19:17 - 00000000 ____D C:\Users\Helena\AppData\Local\Microsoft Help
2016-07-13 15:39 - 2016-06-13 19:07 - 00000000 ____D C:\Users\Helena\Desktop\Sundance
2016-07-13 10:20 - 2014-02-01 23:20 - 00133120 ___SH C:\Users\Helena\Thumbs.db
2016-07-13 10:18 - 2014-01-17 15:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-07-13 10:15 - 2015-12-12 09:24 - 00000000 ____D C:\ProgramData\HitmanPro
2016-07-13 10:00 - 2016-03-03 16:53 - 00000000 ____D C:\AdwCleaner
2016-07-13 08:13 - 2015-07-06 11:36 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-07-13 07:32 - 2014-01-17 15:50 - 00473592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-07-12 10:46 - 2015-10-06 21:22 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-07-12 10:45 - 2014-01-17 16:00 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-12 10:45 - 2014-01-17 16:00 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-12 10:45 - 2014-01-17 16:00 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-12 10:45 - 2014-01-17 15:59 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-10 14:25 - 2016-03-02 18:52 - 00001882 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-07-10 14:25 - 2016-02-12 21:57 - 00003892 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1455335821
2016-07-08 09:39 - 2016-02-11 22:55 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-07-08 09:39 - 2014-04-27 14:37 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-07-08 09:39 - 2014-01-17 15:50 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-07-08 09:39 - 2014-01-17 15:50 - 00473592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.146799242084902
2016-07-08 09:39 - 2014-01-17 15:50 - 00162904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-07-08 09:39 - 2014-01-17 15:50 - 00108304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-07-08 09:39 - 2014-01-17 15:50 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-07-08 09:39 - 2014-01-17 15:50 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys

==================== Files in the root of some directories =======

2014-01-17 15:20 - 2014-01-17 15:20 - 0000000 _____ () C:\Users\Helena\AppData\Local\Driver_LOM_8161Present.flag
2014-01-17 15:14 - 2014-01-17 15:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-06 08:18

==================== End of FRST.txt ============================

 

Addition Log

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-08-2016
Ran by Helena (2016-08-06 19:09:43)
Running from C:\Users\Helena\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-01-17 20:53:42)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3746497652-99284834-819367531-500 - Administrator - Disabled)
Guest (S-1-5-21-3746497652-99284834-819367531-501 - Limited - Disabled)
Helena (S-1-5-21-3746497652-99284834-819367531-1000 - Administrator - Enabled) => C:\Users\Helena
HomeGroupUser$ (S-1-5-21-3746497652-99284834-819367531-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
ASRock HDMI Switch v1.0.25 (HKLM-x32\...\ASRock HDMI Switch_is1) (Version: 1.0.25 - )
ASRock Key Master v1.0.6 (HKLM-x32\...\ASRock Key Master_is1) (Version: 1.0.6 - )
ASRock XFast RAM v3.0.2 (HKLM\...\ASRock XFast RAM_is1) (Version:  - ASRock Inc.)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 6.2.0.0 - Auslogics Labs Pty Ltd)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.1.2272 - AVAST Software)
Belarc Advisor 8.5b (HKLM-x32\...\Belarc Advisor) (Version: 8.5.2.0 - Belarc Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
CollageIt 1.9.3 (HKLM-x32\...\{D9757258-30B2-496E-86F2-84920C5858E1}_is1) (Version: 1.9.3 - PearlMountain Technology Co., Ltd)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.2014 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
D-Link DWA-121 (HKLM-x32\...\{ACB879B8-19A7-4310-BD93-5D745CA6B798}) (Version:  - D-Link Corporation)
E-Hammer (HKLM-x32\...\E-Hammer1.0.0) (Version: 1.0.0 - Asus)
FamilySearch Indexing 3.26.0 (HKLM-x32\...\0591-8077-9297-0833) (Version: 3.26.0 - FamilySearch)
F-Stream Tuning v2.0.39.1 (HKLM-x32\...\F-Stream Tuning_is1) (Version: 2.0.39.1 - )
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP Officejet Pro 8500 A910 Basic Device Software (HKLM\...\{EE7C94CC-BECB-4000-B5E3-D895307B9D5E}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Help (HKLM-x32\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3186 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.102 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 16.0.0.1344 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 16.0.0.1344 - Kaspersky Lab) Hidden
Kaspersky Software Updater Beta (HKLM-x32\...\InstallWIX_{94C8D443-1D07-4E6D-A9EB-FDBA45A839D8}) (Version: 1.5.2.228 - Kaspersky Lab)
Kaspersky Software Updater Beta (x32 Version: 1.5.2.228 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{FE5DFB80-6937-4154-A2C7-EF845C1301F8}) (Version: 1.0.30.1259 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SafeZone Stable 1.48.2066.114 (x32 Version: 1.48.2066.114 - Avast Software) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Speccy (HKLM\...\Speccy) (Version: 1.24 - Piriform)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16432 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05CD5EB4-1357-4D3C-9B4B-7360B9046F1D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {18AAC443-E0DF-4293-9311-E3371C8B285F} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-02] (AVAST Software)
Task: {30FC47DE-1547-4D69-A7FC-C8F8EDF808D1} - \HDMISwitch -> No File <==== ATTENTION
Task: {40270424-2A8D-4B15-84B0-30CE97BEB65D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {4578A731-F52D-490C-B20F-9D41AF761950} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated)
Task: {5A7274C4-F097-4066-A80E-8BDEA9EB560B} - System32\Tasks\AsrKM => C:\Program Files (x86)\ASRock Utility\Key Master\AsrKM.exe
Task: {C7321E26-71C4-4A47-8617-3E49679768C8} - System32\Tasks\SafeZone scheduled Autoupdate 1455335821 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-06-17] (Avast Software)
Task: {DFB30C65-4410-42A5-9475-524CDF4B92E2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-07-08] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-01-17 15:26 - 2013-05-28 19:58 - 00454656 _____ () C:\Program Files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\IOMonitorSrv.exe
2014-01-17 15:38 - 2012-12-24 22:08 - 00049152 _____ () C:\Program Files (x86)\D-Link\DWA-121 revA\ANIWConnService.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-08-08 16:30 - 2013-08-08 16:30 - 00283648 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2016-07-08 09:39 - 2016-07-08 09:39 - 00146232 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-08-06 08:18 - 2016-08-06 08:18 - 03012096 _____ () C:\Program Files\AVAST Software\Avast\defs\16080600\algo.dll
2016-07-08 09:39 - 2016-07-08 09:39 - 00479288 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-12-15 13:38 - 2015-12-15 13:38 - 00326112 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\dblite.dll
2015-10-27 16:44 - 2015-10-27 16:44 - 00404952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\ipm_service.dll
2014-01-17 19:10 - 2012-08-15 06:29 - 00807440 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll
2014-01-17 19:10 - 2012-08-01 04:47 - 01319024 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\Language\ENU\P2GRC.dll
2014-01-17 19:10 - 2012-08-15 06:29 - 00176656 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLVistaAudioMixer.dll
2014-01-17 15:39 - 2014-01-17 15:39 - 00315392 _____ () C:\Program Files (x86)\D-Link\DWA-121 revA\ANPDApi.dll
2014-01-17 15:38 - 2013-01-18 20:21 - 00303104 _____ () C:\Program Files (x86)\D-Link\DWA-121 revA\WlanApp.dll
2016-06-02 18:06 - 2016-06-02 18:06 - 45077376 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\libcef.dll
2016-07-08 09:39 - 2016-07-08 09:39 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-01-17 19:10 - 2012-06-07 21:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2016-06-02 18:06 - 2016-06-02 18:06 - 01650560 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\libglesv2.dll
2016-06-02 18:06 - 2016-06-02 18:06 - 00082304 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\libegl.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-01-17 15:17 - 2013-09-03 18:52 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3746497652-99284834-819367531-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{437AC30D-0F9B-43E7-9D26-C8636D8530B2}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe
FirewallRules: [{2F2ADC61-5CCA-46C3-AF0C-968FBD6DDDC2}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe
FirewallRules: [{E1DE450D-22E1-4515-9185-DEBB16A33A09}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe
FirewallRules: [{4DA3649B-B12B-4F9E-9A76-1DBDA889922D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe
FirewallRules: [{844EF005-C26C-4E6C-B8C2-31A0C370EA96}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{174D4580-3AB8-4A40-9B1E-28C59CF5312A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{1930773D-CE2B-4DFD-AF56-BA12ECF365D7}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{3D90784B-23D8-4111-8376-12FBDD9E0585}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [TCP Query User{8A694256-2763-4166-9A98-A5A27CB75D38}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{080F6635-8C33-401D-8ED9-56E58CBE1763}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe
FirewallRules: [{CBAE2DFC-5892-40D5-8B64-429AEDD90798}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{77980433-A4CD-454B-9590-DC596FD977C5}] => (Allow) LPort=2869
FirewallRules: [{02CD281D-F5FE-4C16-BB5D-770C97885FB1}] => (Allow) LPort=1900
FirewallRules: [{0A6EDCEE-3772-4937-9259-9743EFE90218}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{56591900-419A-4E7F-83C6-5B7E436A5867}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{DE3875E1-1CBD-4B36-A128-98E6BE7B4277}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{42A6BA4A-0B2F-47A4-AFBE-B33EB0EFCE18}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{9C573DF7-AD6D-496C-94B5-36AD74F52831}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{2D85E6BC-B7CC-4B73-BBB4-5B77121C545F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{4398F3A2-C44E-46A8-918B-588811245027}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{C1F7DDBC-9198-4C61-9BA1-250B989ABD0C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{CA3F79F9-4A3F-40EE-93C6-95AD8EE2B646}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C0F79F1B-3D4F-45AD-8477-AE98AB1A9D3B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{20031123-092F-452E-BE60-71A0DE7F51DE}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{ABDB47A6-1625-4321-A12F-A284E0FB870A}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

==================== Restore Points =========================

25-05-2016 19:59:41 Scheduled Checkpoint
02-06-2016 12:29:26 Scheduled Checkpoint
09-06-2016 12:31:06 Scheduled Checkpoint
17-06-2016 14:15:00 Scheduled Checkpoint
25-06-2016 11:38:57 Scheduled Checkpoint
03-07-2016 00:00:01 Scheduled Checkpoint
10-07-2016 17:02:02 Scheduled Checkpoint
13-07-2016 10:03:11 JRT Pre-Junkware Removal
13-07-2016 10:14:23 Checkpoint by HitmanPro
13-07-2016 10:15:17 Checkpoint by HitmanPro
21-07-2016 20:07:44 Scheduled Checkpoint
28-07-2016 20:15:10 Scheduled Checkpoint
05-08-2016 11:43:04 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/06/2016 05:09:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/04/2016 01:29:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/02/2016 11:44:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/27/2016 05:11:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/26/2016 04:13:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/24/2016 04:47:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 47.0.1.6018, time stamp: 0x576c9637
Faulting module name: mozglue.dll, version: 47.0.1.6018, time stamp: 0x576c85ba
Exception code: 0x80000003
Fault offset: 0x0000f02b
Faulting process id: 0x16d0
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (07/23/2016 08:38:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 47.0.1.6018, time stamp: 0x576c85bd
Faulting module name: ntdll.dll, version: 6.1.7601.23418, time stamp: 0x5708a73e
Exception code: 0xc0000374
Fault offset: 0x000ce843
Faulting process id: 0x12f0
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (07/21/2016 09:41:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/16/2016 01:07:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/13/2016 10:48:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/06/2016 05:09:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error:
%%3 = The system cannot find the path specified.

Error: (08/06/2016 05:08:03 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (08/04/2016 01:29:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error:
%%3 = The system cannot find the path specified.

Error: (08/02/2016 11:44:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error:
%%3 = The system cannot find the path specified.

Error: (07/27/2016 05:10:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error:
%%3 = The system cannot find the path specified.

Error: (07/26/2016 04:13:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error:
%%3 = The system cannot find the path specified.

Error: (07/21/2016 04:50:41 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (07/21/2016 09:41:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error:
%%3 = The system cannot find the path specified.

Error: (07/21/2016 09:41:28 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:38:51 AM on ‎7/‎21/‎2016 was unexpected.

Error: (07/21/2016 09:33:56 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}


CodeIntegrity:
===================================
  Date: 2016-08-06 17:09:09.264
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\vpcvmm.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-06 17:09:03.476
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-06 17:09:03.351
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-04 13:29:02.640
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\vpcvmm.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-04 13:28:57.304
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-04 13:28:57.258
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-02 11:43:31.364
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\vpcvmm.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-02 11:43:10.164
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-02 11:43:10.039
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-27 17:09:48.141
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\vpcvmm.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-4670 CPU @ 3.40GHz
Percentage of memory in use: 26%
Total physical RAM: 7856.74 MB
Available physical RAM: 5772.73 MB
Total Virtual: 15711.66 MB
Available Virtual: 12918.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:787.23 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D39C8DFD)
Partition 1: (Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

[zep516]

A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3746497652-99284834-819367531-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3746497652-99284834-819367531-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
Task: {30FC47DE-1547-4D69-A7FC-C8F8EDF808D1} - \HDMISwitch -> No File <==== ATTENTION
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
hosts:
Emptytemp:

• Click Format and ensure Wordwrap is unchecked.
• Save as Fixlist.txt to your Desktop (Must be in this location)
• Run FRST/FRST64 and press the Fix button just once and wait.
• If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
• The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.


Do you have these log files C:\AdwCleaner and the Combofix log at c:\combofix.txt

[Webslinger64]

I have two logs for AdwCleaner - AdwCleaner[S1] and AdwCleaner[S2] both dated a few weeks ago and a ComboFix log dated March, 2016.  Do you want these posted?

 

Fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 03-08-2016
Ran by Helena (2016-08-06 22:46:48) Run:2
Running from C:\Users\Helena\Desktop
Loaded Profiles: Helena (Available Profiles: Helena)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3746497652-99284834-819367531-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3746497652-99284834-819367531-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
Task: {30FC47DE-1547-4D69-A7FC-C8F8EDF808D1} - \HDMISwitch -> No File <==== ATTENTION
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
hosts:
Emptytemp:
*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3746497652-99284834-819367531-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
HKU\S-1-5-21-3746497652-99284834-819367531-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
catchme => service removed successfully
VBoxAswDrv => service could not remove
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{30FC47DE-1547-4D69-A7FC-C8F8EDF808D1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30FC47DE-1547-4D69-A7FC-C8F8EDF808D1}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HDMISwitch => key not found.

========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End ofCMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End ofCMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End ofCMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 79106680 B
Java, Flash, Steam htmlcache => 9528 B
Windows/system/drivers => 563274 B
Edge => 0 B
Chrome => 0 B
Firefox => 418083136 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 21184 B
Helena => 111837284 B

RecycleBin => 31904489 B
EmptyTemp: => 619.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:47:24 ====

[zep516]

Can you just run a new adwcleaner scan now

Here's instructions if needed,

Please download AdwCleaner by Xplode onto your Desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click the Scan button and wait for the process to complete.
• Click the logfile button and the log will open in Notepad.
• Click on the Clean button follow the prompts.
• A log file will automatically open after the scan has finished and the PC has rebooted.
• Please post the content of that log file with your next answer.
• The report will be saved in the C:\AdwCleaner folder.

[Webslinger64]

AdwCleaner Log File

 

# AdwCleaner v5.201 - Logfile created 07/08/2016 at 00:02:06
# Updated 30/06/2016 by ToolsLib
# Database : 2016-08-06.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Helena - HELENA-PC
# Running from : C:\Users\Helena\Downloads\adwcleaner_5.201(1).exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\ju292vok.default-1438795000345\StumbleUpon

***** [ Files ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [866 bytes] - [07/08/2016 00:02:06]
C:\AdwCleaner\AdwCleaner[S1].txt - [918 bytes] - [13/07/2016 09:53:32]
C:\AdwCleaner\AdwCleaner[S2].txt - [993 bytes] - [13/07/2016 10:00:29]
C:\AdwCleaner\AdwCleaner[S3].txt - [1065 bytes] - [07/08/2016 00:00:18]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1155 bytes] ##########
 

[zep516]

Hello,

Need to call it a nite, if you're staying up do this next and I'll check it in the am.
 

Download TFC by OldTimer http://oldtimer.geekstogo.com/TFC.exe to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

Next
Open Malwarebytes and do the following:
[list]

• On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
• Then run a malwarebytes scan
  
  Posting the Malwarebytes log.
• 
  
• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Export'.
• Click 'Text file (*.txt)'
• In the Save File dialog box which appears, click on Desktop.
• In the File name: box type a name for your scan log.
• A message box named 'File Saved' should appear stating "Your file has been successfully exported".
• Click Ok
• post that saved log to your next reply.
  
  

[Webslinger64]

Same here.  Thanks for the help tonight.  I'll jump on this tomorrow.

[Webslinger64]

When I tried to run TFC.exe a window similar to this popped up:

 

 

This isn't the actual window, but the message was similar.  It only popped up for a second or two.  I deleted TFC.exe, then downloaded and reinstalled it.  Same thing happened a second time.  I did it a third time and tried to take a pic of the screen so you could see it, but this time the program worked.  I stopped at that point and did not proceed with the Malwarebytes portion of your instructions.  Wanted to let you know about this issue first and see what you think.

Edited by Webslinger64, 07 August 2016 - 07:56 AM.

[zep516]

Hello,

odd. Run the Malwarebytes scan lets see what it does or shows.

[Webslinger64]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/7/2016
Scan Time: 1:45 PM
Logfile: Malwarebytes Scan Log.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.08.07.04
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Helena

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 314430
Time Elapsed: 11 min, 32 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

[zep516]

Hello,

This scan could take quite a while, if you're using the computer you can wait until you're are finished and then start it, don't wait for it sometimes over an hour it can run.

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

• Please go >>HERE<< then click on:
  
  Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the icon to install.
  
  All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
• Select the option YES, I accept the Terms of Use then click on:
• When prompted allow the Add-On/Active X to install.
• Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
• Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

• Now click on:
• The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt).
• Copy and paste that log as a reply to this topic.
• Now click on:
  (Selecting Uninstall application on close if you so wish)

NOTE: In some instances if no malware is found there will be no log produced.

[Webslinger64]

Wanted to let you know the CPU on this PC was running hot.  I pulled off the heatsink, cleaned off the old compound from the CPU and heatsink, then reapplied paste.  Temperatures are down, but not perfect.  That's an issue I can get to later unless it crops again while we troubleshoot this one. 

 

When following your instructions for the EST Online Scanner, the instructions you provided for using the scanner is different than what I'm seeing from the program.  After clicking on your link, it doesn't appear as though I will need to download esetsmartinstarller_enu.exe as the scanner program appears to work without it.

Also, after accepting the terms, I see no option for making sure "Remove found threats" is NOT checked", but I do see an option to check "Scan archives".  I am hesitant to proceed with the scan in case it might actually remove the found threats.  Have you followed your link and are you seeing it the same way I am?

Edited by Webslinger64, 07 August 2016 - 03:02 PM.

[zep516]

CPU on this PC was running hot.

OK. That's what's causing the blue screen probably, when we run scans or things like that it's using a bit more of cpu, and may blue screen until the heat issue is resolved.

Thanks
Joe