Hello there,
I've recently reformatted my hard drive and installed Windows because my computer was acting up and nothing seemed to help. There should be no hardware errors, as that has been checked before.
After I installed the new Windows, I went online (Internet Explorer) and visited a few pages before downloading Chrome and avast antivirus. The computer seemed to be acting slower than before I reformatted the drive, which was odd. Upon further review (I did the ESET Online Scan), there were over 20 viruses found. The ESET scan left 5 variants of 2 viruses - Win32/Toolbar.Linkury.AP and Win32/Kriptik.FBYR.
The problem is that the directory where the scan says the virus is (avast also had a pop-up that said it blocked a process from a file located in a folder I cannot see) looks like it doesn't exist. I can't access it at all. It says the virus is in Users->All Users, but there is no such folder in Users.
So far, I've downloaded and scanned with Avast, as well as Malwarebytes Anti-Malware and Ad-Ware Cleaner. The computer is still running very slowly, and it seems the virus is still in place.
Would really appreciate any help I can on this.
Attaching the FRST log files below:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-07-2016 02
Ran by Matej (administrator) on MATEJ-PC (14-07-2016 11:21:48)
Running from C:\Users\Matej\Desktop
Loaded Profiles: Matej (Available Profiles: Matej)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8900328 2016-07-13] (AVAST Software)
HKU\S-1-5-21-4077201702-1070884018-4249685965-1000\...\Run: [Okfics] => C:\Windows\System32\regsvr32.exe C:\Users\Matej\AppData\Local\YmwbPack\qbbjahmz.dll
HKU\S-1-5-21-4077201702-1070884018-4249685965-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6775512 2016-06-10] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-07-13] (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1BDAA548-3CFF-45D2-B54E-BF7C01257568}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-07-13] (AVAST Software)
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-07-12] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-07-12] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-07-13]
FF HKLM\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-07-13]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-12]
CHR Extension: (Google Docs) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-12]
CHR Extension: (Google Drive) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-12]
CHR Extension: (YouTube) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-12]
CHR Extension: (Avast SafePrice) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-07-13]
CHR Extension: (Google Sheets) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-12]
CHR Extension: (Google Docs Offline) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-12]
CHR Extension: (Avast Online Security) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-07-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-12]
CHR Extension: (Gmail) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-12]
CHR Extension: (Chrome Media Router) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-07-12]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-07-13] (AVAST Software)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2015-05-17] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-07-13] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-07-13] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91680 2016-07-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-07-13] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-07-13] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [816304 2016-07-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [438296 2016-07-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118152 2016-07-13] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [222056 2016-07-13] (AVAST Software)
S3 eapihdrv; C:\Users\Matej\AppData\Local\Temp\ehdrv.sys [135760 2016-07-13] (ESET)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-07-14] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-14 11:21 - 2016-07-14 11:22 - 00008301 _____ C:\Users\Matej\Desktop\FRST.txt
2016-07-14 11:19 - 2016-07-14 11:21 - 00000000 ____D C:\FRST
2016-07-14 11:17 - 2016-07-14 11:18 - 01741312 _____ (Farbar) C:\Users\Matej\Desktop\FRST.exe
2016-07-13 20:54 - 2016-07-14 10:53 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-13 20:50 - 2016-07-13 21:19 - 00001058 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-13 20:50 - 2016-07-13 20:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-13 20:49 - 2016-07-13 20:50 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-07-13 20:49 - 2016-07-13 20:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-07-13 20:49 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-07-13 20:49 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-07-13 20:49 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-07-13 20:45 - 2016-07-13 20:47 - 22851472 _____ (Malwarebytes ) C:\Users\Matej\Downloads\mbam-setup-2.2.1.1043.exe
2016-07-13 20:44 - 2016-07-13 20:52 - 00000000 ____D C:\AdwCleaner
2016-07-13 20:43 - 2016-07-13 20:44 - 03712064 _____ C:\Users\Matej\Downloads\adwcleaner_5.201.exe
2016-07-13 20:29 - 2016-07-13 20:29 - 00005642 _____ C:\Users\Matej\Desktop\eset.txt
2016-07-13 18:25 - 2016-07-13 18:25 - 00000000 ____D C:\Program Files\ESET
2016-07-13 18:24 - 2016-07-13 18:24 - 02870984 _____ (ESET) C:\Users\Matej\Downloads\esetsmartinstaller_sky.exe
2016-07-13 18:12 - 2016-07-13 21:20 - 00001202 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-07-13 18:12 - 2016-07-13 21:19 - 00001196 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-07-13 18:10 - 2016-07-13 21:19 - 00000963 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-07-13 18:10 - 2016-07-13 18:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-07-13 18:10 - 2016-07-13 18:10 - 00000000 ____D C:\Program Files\CCleaner
2016-07-13 18:09 - 2016-07-13 18:08 - 00035096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-07-13 18:06 - 2016-07-13 18:06 - 07991656 _____ (Piriform Ltd) C:\Users\Matej\Downloads\ccsetup519.exe
2016-07-13 18:05 - 2016-07-13 18:05 - 04479336 _____ (globalpcworks.com ) C:\Users\Matej\Downloads\gpcwfhposcwg.exe
2016-07-13 18:01 - 2016-07-13 18:01 - 00000000 ____D C:\Users\Matej\AppData\Local\CEF
2016-07-13 18:00 - 2016-07-13 18:00 - 00000000 ____D C:\Users\Matej\AppData\Roaming\AVAST Software
2016-07-13 17:58 - 2016-07-13 21:19 - 00002073 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-07-13 17:58 - 2016-07-13 17:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-07-13 17:57 - 2016-07-13 17:57 - 00000000 ____D C:\Program Files\Common Files\AV
2016-07-13 17:56 - 2016-07-13 17:57 - 00438296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-07-13 17:56 - 2016-07-13 17:54 - 00222056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-07-13 17:56 - 2016-07-13 17:54 - 00118152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-07-13 17:56 - 2016-07-13 17:54 - 00091680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-07-13 17:56 - 2016-07-13 17:54 - 00091232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-07-13 17:56 - 2016-07-13 17:54 - 00060424 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-07-13 17:56 - 2016-07-13 17:54 - 00034008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-07-13 17:56 - 2016-07-13 17:52 - 00816304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-07-13 17:54 - 2016-07-13 17:53 - 00921280 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll
2016-07-13 17:54 - 2016-07-13 17:53 - 00319248 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-07-13 17:53 - 2016-07-13 17:53 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-07-13 17:49 - 2016-07-13 18:08 - 00000000 ____D C:\Program Files\AVAST Software
2016-07-13 17:48 - 2016-07-13 18:08 - 00000000 ____D C:\ProgramData\AVAST Software
2016-07-12 16:08 - 2016-07-12 16:09 - 06253800 _____ (AVAST Software) C:\Users\Matej\Downloads\avast_free_antivirus_setup_online.exe
2016-07-12 14:50 - 2016-06-21 12:13 - 00400552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-07-12 14:27 - 2016-07-13 21:20 - 00002205 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-12 14:27 - 2016-07-13 21:19 - 00002199 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-07-12 14:24 - 2016-07-14 10:50 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-12 14:24 - 2016-07-13 20:37 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-12 14:24 - 2016-07-12 16:19 - 00000000 ____D C:\Users\Matej\AppData\Local\Google
2016-07-12 14:24 - 2016-07-12 14:26 - 00000000 ____D C:\Program Files\Google
2016-07-12 14:23 - 2016-07-12 14:24 - 00000000 ____D C:\Users\Matej\AppData\Local\Deployment
2016-07-12 14:23 - 2016-07-12 14:23 - 00058016 _____ C:\Users\Matej\AppData\Local\GDIPFONTCACHEV1.DAT
2016-07-12 14:23 - 2016-07-12 14:23 - 00000000 ____D C:\Users\Matej\AppData\Local\Apps\2.0
2016-07-12 14:21 - 2016-07-12 14:21 - 00000000 ____D C:\Users\Matej\AppData\Roaming\Mozilla
2016-07-12 06:30 - 2016-07-13 18:13 - 00000000 ____D C:\Windows\Panther
2016-07-12 05:55 - 2016-07-13 21:20 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-07-12 05:55 - 2016-07-13 21:20 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-07-12 05:53 - 2016-07-12 05:53 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2016-07-11 21:13 - 2016-07-11 21:13 - 07101952 _____ C:\Users\Matej\AppData\Roaming\agent.dat
2016-07-11 21:13 - 2016-07-11 21:13 - 06451784 _____ C:\Users\Matej\Downloads\Windows Loader 2.2.2-Daz.rar
2016-07-11 21:13 - 2016-07-11 21:13 - 00018432 _____ C:\Users\Matej\AppData\Roaming\Main.dat
2016-07-11 21:11 - 2016-07-11 21:11 - 00128512 _____ C:\Users\Matej\AppData\Roaming\Installer.dat
2016-07-11 21:10 - 2016-07-13 20:32 - 00000000 ____D C:\Users\Matej\AppData\Local\Okhics
2016-07-11 21:06 - 2016-07-11 21:06 - 00000000 __SHD C:\Users\Matej\AppData\LocalLow\EmieUserList
2016-07-11 21:06 - 2016-07-11 21:06 - 00000000 __SHD C:\Users\Matej\AppData\LocalLow\EmieSiteList
2016-07-11 21:06 - 2016-07-11 21:06 - 00000000 __SHD C:\Users\Matej\AppData\LocalLow\EmieBrowserModeList
2016-07-11 21:06 - 2016-07-11 21:05 - 01611944 _____ (Secure Download Ltd. ) C:\Users\Matej\Downloads\Registry_Activation
2016-07-11 21:05 - 2016-07-11 21:05 - 00000000 __SHD C:\Users\Matej\AppData\Local\EmieUserList
2016-07-11 21:05 - 2016-07-11 21:05 - 00000000 __SHD C:\Users\Matej\AppData\Local\EmieSiteList
2016-07-11 21:05 - 2016-07-11 21:05 - 00000000 __SHD C:\Users\Matej\AppData\Local\EmieBrowserModeList
2016-07-11 21:04 - 2016-07-13 20:32 - 00000000 ____D C:\Users\Matej\AppData\Local\YmwbPack
2016-07-11 21:04 - 2016-07-13 19:06 - 00000000 ____D C:\Program Files\Windows Loader
2016-07-11 21:03 - 2016-07-13 21:19 - 00001417 _____ C:\Users\Matej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-07-11 21:03 - 2016-07-11 21:10 - 00000000 ____D C:\Users\Matej\AppData\Local\VirtualStore
2016-07-11 21:03 - 2016-07-11 21:03 - 00000020 ___SH C:\Users\Matej\ntuser.ini
2016-07-11 21:03 - 2016-07-11 21:03 - 00000000 _SHDL C:\Users\Matej\My Documents
2016-07-11 21:03 - 2016-07-11 21:03 - 00000000 _SHDL C:\Users\Matej\Documents\My Videos
2016-07-11 21:03 - 2016-07-11 21:03 - 00000000 _SHDL C:\Users\Matej\Documents\My Pictures
2016-07-11 21:03 - 2016-07-11 21:03 - 00000000 _SHDL C:\Users\Matej\Documents\My Music
2016-07-11 21:03 - 2016-07-11 21:03 - 00000000 ____D C:\Users\Matej\AppData\Roaming\Adobe
2016-07-11 21:03 - 2016-07-11 21:03 - 00000000 ____D C:\Users\Matej
2016-07-11 21:03 - 2011-04-12 04:24 - 00000000 ____D C:\Users\Matej\AppData\Roaming\Media Center Programs
2016-07-11 21:02 - 2014-12-11 19:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-14 10:59 - 2010-11-20 23:01 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-14 10:59 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2016-07-14 10:50 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-13 21:26 - 2009-07-14 06:34 - 00016832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-13 21:26 - 2009-07-14 06:34 - 00016832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-13 21:20 - 2009-07-14 06:46 - 00001479 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-07-13 21:20 - 2009-07-14 06:42 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-07-13 21:20 - 2009-07-14 06:42 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-07-13 21:20 - 2009-07-14 06:42 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-07-13 21:20 - 2009-07-14 06:42 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-07-13 21:19 - 2009-07-14 06:46 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-07-13 21:19 - 2009-07-14 06:37 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-07-13 21:17 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\L2Schemas
2016-07-12 06:29 - 2009-07-14 06:52 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2016-07-12 05:56 - 2009-07-14 06:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-07-12 05:55 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\sysprep
2016-07-12 05:50 - 2009-07-14 06:33 - 00267016 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-11 21:03 - 2009-07-14 06:34 - 00000000 ____D C:\Windows\Setup
2016-07-11 21:01 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
==================== Files in the root of some directories =======
2016-07-11 21:13 - 2016-07-11 21:13 - 7101952 _____ () C:\Users\Matej\AppData\Roaming\agent.dat
2016-07-11 21:11 - 2016-07-11 21:11 - 0128512 _____ () C:\Users\Matej\AppData\Roaming\Installer.dat
2016-07-11 21:13 - 2016-07-11 21:13 - 0018432 _____ () C:\Users\Matej\AppData\Roaming\Main.dat
Some files in TEMP:
====================
C:\Users\Matej\AppData\Local\Temp\libeay32.dll
C:\Users\Matej\AppData\Local\Temp\msvcr120.dll
C:\Users\Matej\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-07-12 05:49
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-07-2016 02
Ran by Matej (2016-07-14 11:24:02)
Running from C:\Users\Matej\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2016-07-11 19:02:54)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4077201702-1070884018-4249685965-500 - Administrator - Disabled)
Guest (S-1-5-21-4077201702-1070884018-4249685965-501 - Limited - Disabled)
Matej (S-1-5-21-4077201702-1070884018-4249685965-1000 - Administrator - Enabled) => C:\Users\Matej
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 12.1.2272 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 51.0.2704.106 - Google Inc.)
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
SafeZone Stable 1.48.2066.114 (Version: 1.48.2066.114 - Avast Software) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {01A47669-9095-49A7-BA31-329950F226AC} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-07-13] (AVAST Software)
Task: {2BB8ED0F-FF85-475B-A37E-EB9037674186} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-07-13] (AVAST Software)
Task: {6EC683AC-F0B6-4338-8DC2-31B2C2617AF7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-10] (Piriform Ltd)
Task: {9D73418C-8C22-42CD-94FD-2DB22ED1E795} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-12] (Google Inc.)
Task: {BA54F7D8-51C3-4608-9919-C13A470B462A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-12] (Google Inc.)
Task: {EDE56AB7-8181-4528-A07C-D3935DE5A5DC} - System32\Tasks\SafeZone scheduled Autoupdate 1468426315 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-06-17] (Avast Software)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-07-13 17:53 - 2016-07-13 17:53 - 00146232 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-07-13 17:53 - 2016-07-13 17:53 - 00479288 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-07-14 10:52 - 2016-07-14 10:52 - 03000320 _____ () C:\Program Files\AVAST Software\Avast\defs\16071400\algo.dll
2016-07-13 17:54 - 2016-07-13 17:54 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-07-12 16:20 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Matej\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2016-07-12 16:20 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Matej\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2016-07-13 18:07 - 2016-07-06 18:01 - 17602240 _____ () C:\Users\Matej\AppData\Local\Google\Chrome\User Data\PepperFlash\22.0.0.209\pepflashplayer.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4077201702-1070884018-4249685965-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Matej\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{FD68F25A-0075-4A94-BAFB-9BB7228CBDF8}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
11-07-2016 21:02:04 Windows Update
==================== Faulty Device Manager Devices =============
Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Biometric Coprocessor
Description: Biometric Coprocessor
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/14/2016 10:51:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/13/2016 09:18:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/13/2016 08:54:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/13/2016 08:32:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/13/2016 05:43:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/12/2016 03:42:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/12/2016 02:20:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/11/2016 09:11:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/11/2016 09:07:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program NOTEPAD.EXE version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: af8
Start Time: 01d1dba76ce6fef2
Termination Time: 0
Application Path: C:\Windows\system32\NOTEPAD.EXE
Report Id: b74be44a-479a-11e6-bc3c-00219bd4ef2c
Error: (07/12/2016 06:01:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (07/13/2016 08:53:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Print Spooler service failed to start due to the following error:
%%3 = The system cannot find the path specified.
Error: (07/13/2016 08:52:33 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056 = An instance of the service is already running.
Error: (07/13/2016 08:52:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).
Error: (07/13/2016 08:52:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).
Error: (07/13/2016 08:52:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
Error: (07/13/2016 08:52:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (07/13/2016 08:52:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (07/13/2016 08:32:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Ronzap service failed to start due to the following error:
%%2 = The system cannot find the file specified.
Error: (07/13/2016 08:32:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CloudPrinter service failed to start due to the following error:
%%2 = The system cannot find the file specified.
Error: (07/13/2016 06:13:09 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
CodeIntegrity:
===================================
Date: 2016-07-14 10:52:33.770
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-07-14 10:50:22.978
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-07-14 10:50:22.853
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-07-13 21:21:53.305
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-07-13 21:18:26.545
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-07-13 21:17:22.491
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-07-13 21:17:22.304
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-07-13 20:54:44.645
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-07-13 20:53:27.688
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-07-13 20:53:27.501
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Core2 Duo CPU T8300 @ 2.40GHz
Percentage of memory in use: 82%
Total physical RAM: 2038.04 MB
Available physical RAM: 364.73 MB
Total Virtual: 4076.09 MB
Available Virtual: 1949.97 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:297.99 GB) (Free:284.44 GB) NTFS
Drive e: (MATO'S IPOD) (Removable) (Total:74.41 GB) (Free:38.99 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 5175BD52)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 1.
==================== End of Addition.txt ============================