Jump to content


Photo

Avast cannot complete a full scan without crashing


  • This topic is locked This topic is locked
22 replies to this topic

#1 zaria12

zaria12

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 06 February 2016 - 09:20 PM

Hi

 

For quite a while now, I haven't been able to get Avast to complete a full scan without crashing. It will freeze at about the same point every time and then eventually I'll get a bsod. Here are the things I've tried:

 

1. Uninstalled and reinstalled Avast.

2. Started my computer without any startup programs and I can't remember if it was in safe mode or not. This actually worked but it still had some trouble completing.

3. Turned off Windows Defender.

4. Restarted without Spybot

5. Updated everything I could think of.

 

I use Zone Alarm as my firewall.

 

Mbam works just fine, so does Spybot. And I suppose Avast would work if I only ran it without startups and/or in safe mode every time but I'd like to get to the bottom of this, its bothering me. Here are my logs.

 

Mbam:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/6/2016
Scan Time: 6:43 PM
Logfile: mbam2-6.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.02.06.07
Rootkit Database: v2016.01.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kathy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 359000
Time Elapsed: 12 min, 31 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


Edited by zaria12, 06 February 2016 - 09:24 PM.


#2 zaria12

zaria12

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 06 February 2016 - 09:21 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18163  BrowserJavaVersion: 11.74.2
Run by Kathy at 18:58:24 on 2016-02-06
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.6135.4182 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Kathy\AppData\Roaming\Dashlane\DashlanePlugin.exe
C:\Users\Kathy\AppData\Roaming\Dashlane\Dashlane.exe
C:\Users\Kathy\AppData\Local\Amazon Music\Amazon Music Helper.exe
C:\Users\Kathy\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Kathy\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
uSearch Bar = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
uSearch Page = hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
mStart Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
uProxyOverride = <local>;*.local
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Dashlane BHO: {42D79B50-CC4A-4A8E-860F-BE674AF053A2} - C:\Users\Kathy\AppData\Roaming\Dashlane\ie\Dashlanei.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_74\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_74\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Dashlane Toolbar: {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Kathy\AppData\Roaming\Dashlane\ie\KWIEBar.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [EssentialPIM] "C:\Program Files (x86)\EssentialPIM\EssentialPIM.exe" /autorun
uRun: [DashlanePlugin] "C:\Users\Kathy\AppData\Roaming\Dashlane\DashlanePlugin.exe" ws
uRun: [Dashlane] "C:\Users\Kathy\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup
uRun: [Amazon Music] "C:\Users\Kathy\AppData\Local\Amazon Music\Amazon Music Helper.exe"
uRun: [Akamai NetSession Interface] "C:\Users\Kathy\AppData\Local\Akamai\netsession_win.exe"
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [ZoneAlarm Windows 10 Upgrader] "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay
StartupFolder: C:\Users\Kathy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AMAZON~1.LNK - C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IMAGEB~1.LNK - C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 206.123.129.1 206.123.129.2 192.168.0.1
TCP: Interfaces\{1B76C213-B76F-49A7-8DB6-25FC119A1AF2} : DHCPNameServer = 206.123.129.1 206.123.129.2 192.168.0.1
SSODL: WebCheck - <orphaned>
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-Run: [ShadowPlay] "C:\Windows\System32\rundll32.exe" C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\q61q95pn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://us.yhs4.search.yahoo.com/yhs/search
FF - prefs.js: browser.search.selectedEngine - Yahoo! (Avast)
FF - prefs.js: browser.startup.homepage - hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
FF - prefs.js: keyword.URL - hxxp://us.yhs4.search.yahoo.com/yhs/search
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.29.2\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_74\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_74\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2015-12-6 65224]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2015-12-6 273784]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2015-12-6 1065208]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2015-12-6 464256]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-10-7 77104]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2015-12-6 28656]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswmonflt.sys [2015-12-6 97648]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2015-12-6 155304]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-12-6 226440]
R2 Fitbit Connect;Fitbit Connect Service;C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [2014-1-10 1435680]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-7-29 1156400]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-7-29 1872688]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2015-8-21 5915440]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-1-11 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-12-6 416432]
R2 ZAPrivacyService;ZoneAlarm Privacy Service;C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [2014-4-9 92176]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-1-25 25816]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-7-29 19760]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2015-8-21 8133424]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2015-8-21 50472]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-1-25 1135416]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-2-5 114688]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2015-1-25 63704]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-23 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-9 1255736]
.
=============== Created Last 30 ================
.
2016-02-06 21:40:48    --------    d-----w-    C:\Program Files\iTunes
2016-02-06 21:40:48    --------    d-----w-    C:\Program Files\iPod
2016-02-06 21:40:48    --------    d-----w-    C:\Program Files (x86)\iTunes
2016-02-06 21:31:09    --------    d-----w-    C:\Program Files\Bonjour
2016-02-06 21:31:09    --------    d-----w-    C:\Program Files (x86)\Bonjour
2016-02-06 21:20:50    75888    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AEBDF89C-F468-4C6D-AC8F-2D2300C4B8F0}\offreg.5684.dll
2016-02-05 09:44:46    1866752    ----a-w-    C:\Windows\System32\ExplorerFrame.dll
2016-02-05 09:44:45    1498624    ----a-w-    C:\Windows\SysWow64\ExplorerFrame.dll
2016-02-05 09:44:44    624640    ----a-w-    C:\Windows\System32\qedit.dll
2016-02-05 09:44:44    509952    ----a-w-    C:\Windows\SysWow64\qedit.dll
2016-02-05 09:44:34    3211264    ----a-w-    C:\Windows\System32\win32k.sys
2016-02-05 09:14:01    692672    ----a-w-    C:\Windows\System32\winload.efi
2016-02-05 09:14:01    63488    ----a-w-    C:\Windows\System32\setbcdlocale.dll
2016-02-05 09:14:01    616360    ----a-w-    C:\Windows\System32\winresume.efi
2016-02-05 09:14:01    61440    ----a-w-    C:\Windows\System32\drivers\appid.sys
2016-02-05 09:14:01    59392    ----a-w-    C:\Windows\System32\appidapi.dll
2016-02-05 09:14:01    50688    ----a-w-    C:\Windows\SysWow64\appidapi.dll
2016-02-05 09:14:01    32768    ----a-w-    C:\Windows\System32\appidsvc.dll
2016-02-05 09:14:01    17920    ----a-w-    C:\Windows\System32\appidcertstorecheck.exe
2016-02-05 09:14:01    147456    ----a-w-    C:\Windows\System32\appidpolicyconverter.exe
2016-02-05 09:04:24    70656    ----a-w-    C:\Windows\SysWow64\fontsub.dll
2016-02-05 09:04:24    46080    ----a-w-    C:\Windows\System32\atmlib.dll
2016-02-05 09:04:24    41984    ----a-w-    C:\Windows\System32\lpk.dll
2016-02-05 09:04:24    372736    ----a-w-    C:\Windows\System32\atmfd.dll
2016-02-05 09:04:24    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
2016-02-05 09:04:24    299520    ----a-w-    C:\Windows\SysWow64\atmfd.dll
2016-02-05 09:04:24    25600    ----a-w-    C:\Windows\SysWow64\lpk.dll
2016-02-05 09:04:24    14336    ----a-w-    C:\Windows\System32\dciman32.dll
2016-02-05 09:04:24    10240    ----a-w-    C:\Windows\SysWow64\dciman32.dll
2016-02-05 09:04:24    100864    ----a-w-    C:\Windows\System32\fontsub.dll
.
==================== Find3M  ====================
.
2016-02-07 02:43:53    192216    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2016-02-07 00:21:12    97888    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2016-01-20 21:02:00    1065208    ----a-w-    C:\Windows\System32\drivers\aswsnx.sys
2016-01-20 08:39:20    796864    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2016-01-20 08:39:20    142528    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-12-30 19:08:35    5572544    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2015-12-30 19:08:34    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2015-12-30 19:08:34    154560    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2015-12-30 19:05:33    1730496    ----a-w-    C:\Windows\System32\ntdll.dll
2015-12-30 19:02:28    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2015-12-30 19:02:28    243712    ----a-w-    C:\Windows\System32\wow64.dll
2015-12-30 19:02:28    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2015-12-30 19:02:17    215040    ----a-w-    C:\Windows\System32\winsrv.dll
2015-12-30 19:02:13    210432    ----a-w-    C:\Windows\System32\wdigest.dll
2015-12-30 19:02:03    86528    ----a-w-    C:\Windows\System32\TSpkg.dll
2015-12-30 19:01:56    28672    ----a-w-    C:\Windows\System32\sspisrv.dll
2015-12-30 19:01:56    135680    ----a-w-    C:\Windows\System32\sspicli.dll
2015-12-30 19:01:55    503808    ----a-w-    C:\Windows\System32\srcore.dll
2015-12-30 19:01:55    50176    ----a-w-    C:\Windows\System32\srclient.dll
2015-12-30 19:01:14    28160    ----a-w-    C:\Windows\System32\secur32.dll
2015-12-30 19:01:12    344064    ----a-w-    C:\Windows\System32\schannel.dll
2015-12-30 19:01:10    1214464    ----a-w-    C:\Windows\System32\rpcrt4.dll
2015-12-30 19:00:23    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2015-12-30 18:59:11    312320    ----a-w-    C:\Windows\System32\ncrypt.dll
2015-12-30 18:59:07    315392    ----a-w-    C:\Windows\System32\msv1_0.dll
2015-12-30 18:59:02    60416    ----a-w-    C:\Windows\System32\msobjs.dll
2015-12-30 18:58:31    146432    ----a-w-    C:\Windows\System32\msaudite.dll
2015-12-30 18:58:00    1461248    ----a-w-    C:\Windows\System32\lsasrv.dll
2015-12-30 18:57:55    729600    ----a-w-    C:\Windows\System32\kerberos.dll
2015-12-30 18:57:55    424448    ----a-w-    C:\Windows\System32\KernelBase.dll
2015-12-30 18:55:46    43520    ----a-w-    C:\Windows\System32\csrsrv.dll
2015-12-30 18:55:45    43520    ----a-w-    C:\Windows\System32\cryptbase.dll
2015-12-30 18:55:44    22016    ----a-w-    C:\Windows\System32\credssp.dll
2015-12-30 18:47:23    3993536    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2015-12-30 18:47:23    3938240    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2015-12-30 18:44:26    1311768    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2015-12-30 18:41:32    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2015-12-30 18:41:31    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2015-12-30 18:41:31    665088    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2015-12-30 18:41:31    274944    ----a-w-    C:\Windows\SysWow64\KernelBase.dll
2015-12-30 18:41:17    171520    ----a-w-    C:\Windows\SysWow64\wdigest.dll
2015-12-30 18:41:11    65536    ----a-w-    C:\Windows\SysWow64\TSpkg.dll
2015-12-30 18:41:03    43008    ----a-w-    C:\Windows\SysWow64\srclient.dll
2015-12-30 18:40:29    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2015-12-30 18:40:28    251392    ----a-w-    C:\Windows\SysWow64\schannel.dll
2015-12-30 18:39:38    223232    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2015-12-30 18:39:35    259584    ----a-w-    C:\Windows\SysWow64\msv1_0.dll
2015-12-30 18:39:32    60416    ----a-w-    C:\Windows\SysWow64\msobjs.dll
2015-12-30 18:39:17    146432    ----a-w-    C:\Windows\SysWow64\msaudite.dll
2015-12-30 18:38:56    552960    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2015-12-30 18:38:11    17408    ----a-w-    C:\Windows\SysWow64\credssp.dll
2015-12-30 17:57:51    64000    ----a-w-    C:\Windows\System32\auditpol.exe
2015-12-30 17:50:50    338432    ----a-w-    C:\Windows\System32\conhost.exe
2015-12-30 17:49:09    296960    ----a-w-    C:\Windows\System32\rstrui.exe
2015-12-30 17:44:49    50176    ----a-w-    C:\Windows\SysWow64\auditpol.exe
2015-12-30 17:43:39    159232    ----a-w-    C:\Windows\System32\drivers\mrxsmb.sys
2015-12-30 17:42:48    290816    ----a-w-    C:\Windows\System32\drivers\mrxsmb10.sys
2015-12-30 17:42:41    129024    ----a-w-    C:\Windows\System32\drivers\mrxsmb20.sys
2015-12-30 17:41:07    30720    ----a-w-    C:\Windows\System32\lsass.exe
2015-12-30 17:41:00    112640    ----a-w-    C:\Windows\System32\smss.exe
2015-12-30 17:32:54    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2015-12-30 17:32:53    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2015-12-30 17:32:52    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2015-12-30 17:32:51    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2015-12-30 17:30:55    36352    ----a-w-    C:\Windows\SysWow64\cryptbase.dll
2015-12-30 17:30:40    6144    ---ha-w-    C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-12-30 17:30:40    4608    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2015-12-30 17:30:40    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2015-12-30 17:30:40    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2015-12-18 20:57:04    97648    ----a-w-    C:\Windows\System32\drivers\aswmonflt.sys
2015-12-12 18:31:10    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2015-12-12 18:30:59    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2015-12-12 18:16:29    66560    ----a-w-    C:\Windows\System32\iesetup.dll
2015-12-12 18:15:46    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2015-12-12 18:15:40    417792    ----a-w-    C:\Windows\System32\html.iec
2015-12-12 18:15:09    571904    ----a-w-    C:\Windows\System32\vbscript.dll
2015-12-12 18:14:59    88064    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2015-12-12 18:07:27    6051328    ----a-w-    C:\Windows\System32\jscript9.dll
2015-12-12 18:02:34    144384    ----a-w-    C:\Windows\System32\ieUnatt.exe
2015-12-12 18:02:34    114688    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2015-12-12 18:02:19    814080    ----a-w-    C:\Windows\System32\jscript9diag.dll
2015-12-12 17:55:26    968704    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2015-12-12 17:49:57    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2015-12-12 17:44:06    77824    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-12-12 17:37:41    62464    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2015-12-12 17:37:39    496640    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2015-12-12 17:37:05    47616    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2015-12-12 17:36:57    341504    ----a-w-    C:\Windows\SysWow64\html.iec
2015-12-12 17:36:04    64000    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2015-12-12 17:27:24    115712    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2015-12-12 17:27:04    620032    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2015-12-12 17:21:12    1359360    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2015-12-12 17:20:50    2123264    ----a-w-    C:\Windows\System32\inetcpl.cpl
2015-12-12 17:14:57    60416    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-12-12 17:09:47    4610560    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2015-12-12 17:06:02    2487808    ----a-w-    C:\Windows\System32\wininet.dll
2015-12-12 17:00:20    2050560    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2015-12-12 17:00:09    1155072    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2015-12-12 16:41:25    2011136    ----a-w-    C:\Windows\SysWow64\wininet.dll
2015-12-09 21:59:36    94208    ----a-w-    C:\Windows\SysWow64\QuickTimeVR.qtx
.
============= FINISH: 19:02:09.18 ===============
 



#3 zaria12

zaria12

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 06 February 2016 - 09:23 PM

 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 Spybot - Search & Destroy
 Java 8 Update 71  
 Java 8 Update 73  
 Java 8 Update 74  
 Java version 32-bit out of Date!
 Adobe Flash Player 20.0.0.286  
 Mozilla Firefox (44.0)
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
 CheckPoint ZoneAlarm vsmon.exe  
 CheckPoint ZoneAlarm ZAPrivacyService.exe  
 CheckPoint ZoneAlarm zatray.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

I hope I did this right, let me know if I used the wrong reply and I'll do it over. Thanks for  your help :)


Edited by zaria12, 06 February 2016 - 09:25 PM.


#4 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,276 posts

Posted 08 February 2016 - 06:55 AM

Hello, Welcome to SpywareInfoForum.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 
What I suggest first is that you remove Avast using their uninstaller.
Follow the instructions on this site.
 
When done restart the computer normally.
Close all running programs and reinstall the application.
 
If the problem persists please run the follow tools and post the logs for my review.
 
 
Download Malwarebytes' Anti-Malware from Here
 
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  •  
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
 
POST THE LOG FOR MY REVIEW.
 
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.
===
 
=======
 
Please download AdwCleaner by Xplode onto your Desktop.
 
  •  
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
 
IMPORTANT
  •  
  • If you click the Clean button all items listed in the report will be removed.
 
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  •  
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
 
===
 
Download the version of this tool for your operating system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
 
How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png
 
Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
 
Click the Add reply button.
===
 
Let me know what problems persists.
 
p.s.
 
If present remove these old version(s) in bold of Java via the Control Panel > Programs and Features applet.
 Java 8 Update 71  
 Java 8 Update 73
 Java 8 Update 74  <- this is the latest version.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#5 zaria12

zaria12

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 09 February 2016 - 09:05 PM

Blah, yeah its still crashing. Two times it didn't cause the blue screen, it just gave me an error box that said a process was not responding and giving me the option to end it. It didn't specify what process, but the first time I ended it, I got a real quick screen saying Avast was off and my system was unprotected, and then Avast reported a complete scan with no errors.

 

I tried it again today after running the Adwcleaner and cleaning some stuff and it went to blue screen.

 

Here's a new Mbam:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/9/2016
Scan Time: 5:36 PM
Logfile: mbam2-9.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.02.09.05
Rootkit Database: v2016.02.08.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kathy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 359982
Time Elapsed: 17 min, 59 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

And the Adwcleaner:

 

# AdwCleaner v5.033 - Logfile created 09/02/2016 at 02:14:57
# Updated 07/02/2016 by Xplode
# Database : 2016-02-07.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Kathy - KATHY-PC
# Running from : C:\Downloads\adwcleaner_5.033.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : YahooAUService

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Yahoo!\Companion
[-] Folder Deleted : C:\ProgramData\Yahoo! Companion
[-] Folder Deleted : C:\Users\Kathy\AppData\LocalLow\Yahoo! Companion
[-] Folder Deleted : C:\Users\Kathy\AppData\LocalLow\Yahoo!\Companion
[-] Folder Deleted : C:\Users\Kathy\AppData\Roaming\Yahoo!\Companion

***** [ Files ] *****

[-] File Deleted : C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\q61q95pn.default\Extensions\abb@amazon.com.xpi

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Uniblue
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
[-] Key Deleted : [x64] HKLM\SOFTWARE\CheckPoint\ISW
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]

***** [ Web browsers ] *****

[-] [C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\q61q95pn.default\prefs.js] [Preference] Deleted : user_pref("browser.search.defaulturl", "hxxp://us.yhs4.search.yahoo.com/yhs/search");
[-] [C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\q61q95pn.default\prefs.js] [Preference] Deleted : user_pref("extensions.dashlane.safesearchcapable", false);
[-] [C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\q61q95pn.default\prefs.js] [Preference] Deleted : user_pref("keyword.URL", "hxxp://us.yhs4.search.yahoo.com/yhs/search");

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4061 bytes] ##########
 



#6 zaria12

zaria12

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 09 February 2016 - 09:08 PM

And here's the Farbar frst.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by Kathy (administrator) on KATHY-PC (09-02-2016 02:23:30)
Running from C:\Users\Kathy\Desktop\scanlog
Loaded Profiles: Kathy (Available Profiles: Kathy)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Users\Kathy\AppData\Roaming\Dashlane\DashlanePlugin.exe
() C:\Users\Kathy\AppData\Roaming\Dashlane\Dashlane.exe
() C:\Users\Kathy\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Akamai Technologies, Inc.) C:\Users\Kathy\AppData\Local\Akamai\netsession_win.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Akamai Technologies, Inc.) C:\Users\Kathy\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Nikon Corporation) C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2757424 2015-11-12] (NVIDIA Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [652624 2007-10-25] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1840720 2007-09-13] (CANON INC.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-04-24] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-09-29] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-17] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-11-20] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595504 2016-01-29] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139768 2016-02-09] (AVAST Software)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2929191742-4233368518-2043344364-1000\...\Run: [EssentialPIM] => C:\Program Files (x86)\EssentialPIM\EssentialPIM.exe [17853296 2015-11-18] (Astonsoft)
HKU\S-1-5-21-2929191742-4233368518-2043344364-1000\...\Run: [DashlanePlugin] => C:\Users\Kathy\AppData\Roaming\Dashlane\DashlanePlugin.exe [285568 2016-01-19] ()
HKU\S-1-5-21-2929191742-4233368518-2043344364-1000\...\Run: [Dashlane] => C:\Users\Kathy\AppData\Roaming\Dashlane\Dashlane.exe [227712 2016-01-19] ()
HKU\S-1-5-21-2929191742-4233368518-2043344364-1000\...\Run: [Amazon Music] => C:\Users\Kathy\AppData\Local\Amazon Music\Amazon Music Helper.exe [5890368 2015-11-18] ()
HKU\S-1-5-21-2929191742-4233368518-2043344364-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Kathy\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2929191742-4233368518-2043344364-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2929191742-4233368518-2043344364-1000\...\MountPoints2: {1a1985c3-03ca-11e0-8249-806e6f6e6963} - D:\AutoRun\AutoRun.exe
HKU\S-1-5-21-2929191742-4233368518-2043344364-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [ZoneAlarm Windows 10 Upgrader] => C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe [3998952 2015-10-25] (Check Point Software Technologies Ltd.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-09] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk [2011-11-20]
ShortcutTarget: Amazon Unbox.lnk -> C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe (Amazon.com)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2014-05-31]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk [2011-02-19]
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-02-26]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 206.123.129.1 206.123.129.2 192.168.0.1
Tcpip\..\Interfaces\{1B76C213-B76F-49A7-8DB6-25FC119A1AF2}: [DhcpNameServer] 206.123.129.1 206.123.129.2 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2929191742-4233368518-2043344364-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-2929191742-4233368518-2043344364-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
HKU\S-1-5-21-2929191742-4233368518-2043344364-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-09] (AVAST Software)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\Kathy\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2016-01-19] (Dashlane)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\ssv.dll [2016-02-06] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-09] (AVAST Software)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-03-03] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\jp2ssv.dll [2016-02-06] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Kathy\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2016-01-19] (Dashlane)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

FireFox:
========
FF ProfilePath: C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\q61q95pn.default
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
FF Keyword.URL: hxxp://us.yhs4.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.74.2 -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\dtplugin\npDeployJava1.dll [2016-02-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.74.2 -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\plugin2\npjp2.dll [2016-02-06] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2010-06-01] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2010-12-16] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.2\npGoogleUpdate3.dll [2016-01-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.2\npGoogleUpdate3.dll [2016-01-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2929191742-4233368518-2043344364-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2010-12-16] (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\q61q95pn.default\searchplugins\yahoo-avast.xml [2014-06-07]
FF Extension: WOT - C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\q61q95pn.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-10]
FF Extension: NoScript - C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\q61q95pn.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-02-02]
FF Extension: 20-20 3D Viewer - C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\q61q95pn.default\Extensions\2020Player@2020Technologies.com [2011-01-29] [not signed]
FF Extension: Dashlane - C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\q61q95pn.default\Extensions\jetpack-extension@dashlane.com.xpi [2015-12-22]
FF Extension: Pin It Button - C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\q61q95pn.default\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2015-01-02] [not signed]
FF Extension: Todoist: To-Do list and Task Manager - C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\q61q95pn.default\Extensions\support@todoist.com.xpi [2015-11-07]
FF Extension: Evernote Web Clipper - C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\q61q95pn.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}.xpi [2015-11-24]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-09]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker => not found
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-09]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2010-09-13] (Amazon.com) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-09] (AVAST Software)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1435680 2014-01-10] (Fitbit, Inc.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156400 2015-11-12] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-11-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8133424 2015-11-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5915440 2015-11-12] (NVIDIA Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [271760 2009-04-15] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3592120 2014-04-24] (Check Point Software Technologies Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [92176 2014-04-09] (Check Point Software Technologies, Ltd.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-02-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-09] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065720 2016-02-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-09] (AVAST Software)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19760 2015-11-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [53760 2012-09-28] (Apple, Inc.) [File not signed]
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450968 2014-04-24] (Check Point Software Technologies Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-09 02:23 - 2016-02-09 02:23 - 00000000 ____D C:\FRST
2016-02-09 02:21 - 2016-02-09 02:23 - 00000000 ____D C:\Users\Kathy\Desktop\scanlog
2016-02-09 02:19 - 2016-02-09 02:19 - 00004144 _____ C:\Users\Kathy\Desktop\AdwCleaner[C1].txt
2016-02-09 02:07 - 2016-02-09 02:14 - 00000000 ____D C:\AdwCleaner
2016-02-09 00:34 - 2016-02-09 00:30 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-02-09 00:31 - 2016-02-09 00:31 - 00001882 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-02-09 00:31 - 2016-02-09 00:31 - 00000000 ____D C:\Users\Kathy\AppData\Roaming\AVAST Software
2016-02-09 00:31 - 2016-02-09 00:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-02-09 00:30 - 2016-02-09 00:31 - 00287016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-02-09 00:30 - 2016-02-09 00:30 - 01065720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-02-09 00:30 - 2016-02-09 00:30 - 00463744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-02-09 00:30 - 2016-02-09 00:30 - 00165344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-02-09 00:30 - 2016-02-09 00:30 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-02-09 00:30 - 2016-02-09 00:30 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-02-09 00:30 - 2016-02-09 00:30 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-02-09 00:30 - 2016-02-09 00:30 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-02-09 00:30 - 2016-02-09 00:30 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-02-09 00:26 - 2016-02-09 00:26 - 00000000 ____D C:\ProgramData\AVAST Software
2016-02-09 00:26 - 2016-02-09 00:26 - 00000000 ____D C:\Program Files\AVAST Software
2016-02-08 23:50 - 2016-02-08 23:50 - 00767488 _____ C:\Users\Kathy\Documents\TEST.backup_20160208_2350.epim
2016-02-07 14:13 - 2016-02-07 14:13 - 00767488 _____ C:\Users\Kathy\Documents\TEST.backup_20160207_1413.epim
2016-02-06 19:07 - 2016-02-06 19:07 - 00001037 _____ C:\Users\Kathy\Desktop\checkup.txt
2016-02-06 19:02 - 2016-02-06 19:02 - 00026595 _____ C:\Users\Kathy\Desktop\dds.txt
2016-02-06 19:02 - 2016-02-06 19:02 - 00010602 _____ C:\Users\Kathy\Desktop\attach.txt
2016-02-06 18:57 - 2016-02-06 18:57 - 00001052 _____ C:\Users\Kathy\Desktop\mbam2-6.txt
2016-02-06 18:39 - 2016-02-06 18:39 - 00262144 _____ C:\Windows\Minidump\020616-21028-01.dmp
2016-02-06 17:07 - 2016-02-06 17:07 - 00262144 _____ C:\Windows\Minidump\020616-19297-01.dmp
2016-02-06 15:16 - 2016-02-06 15:16 - 00262144 _____ C:\Windows\Minidump\020616-18330-01.dmp
2016-02-06 14:25 - 2016-02-06 14:25 - 00262144 _____ C:\Windows\Minidump\020616-20732-01.dmp
2016-02-06 13:40 - 2016-02-06 13:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-02-06 13:40 - 2016-02-06 13:40 - 00000000 ____D C:\Program Files\iTunes
2016-02-06 13:40 - 2016-02-06 13:40 - 00000000 ____D C:\Program Files\iPod
2016-02-06 13:40 - 2016-02-06 13:40 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-02-06 13:32 - 2016-02-06 13:32 - 00767488 _____ C:\Users\Kathy\Documents\TEST.backup_20160206_1332.epim
2016-02-06 13:32 - 2016-02-06 13:32 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2016-02-06 13:32 - 2016-02-06 13:32 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-02-06 13:31 - 2016-02-06 13:31 - 00000000 ____D C:\Program Files\Bonjour
2016-02-06 13:31 - 2016-02-06 13:31 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-02-06 13:20 - 2016-02-06 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-02-06 13:20 - 2016-02-06 13:20 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-02-05 01:44 - 2015-12-08 13:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-02-05 01:44 - 2015-12-08 11:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-02-05 01:44 - 2015-12-08 09:58 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-05 01:44 - 2015-08-06 10:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-05 01:44 - 2015-08-06 10:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-02-05 01:44 - 2015-08-06 09:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-05 01:44 - 2015-08-06 09:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-02-05 01:15 - 2015-12-23 15:13 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-05 01:15 - 2015-12-23 14:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-02-05 01:15 - 2015-12-12 10:54 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-05 01:15 - 2015-12-12 10:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-05 01:15 - 2015-12-12 10:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-02-05 01:15 - 2015-12-12 10:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-02-05 01:15 - 2015-12-12 10:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-05 01:15 - 2015-12-12 10:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-05 01:15 - 2015-12-12 10:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-02-05 01:15 - 2015-12-12 10:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-02-05 01:15 - 2015-12-12 10:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-02-05 01:15 - 2015-12-12 10:07 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-05 01:15 - 2015-12-12 10:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-02-05 01:15 - 2015-12-12 10:07 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-02-05 01:15 - 2015-12-12 10:03 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-05 01:15 - 2015-12-12 10:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-05 01:15 - 2015-12-12 10:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-05 01:15 - 2015-12-12 10:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-02-05 01:15 - 2015-12-12 10:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-05 01:15 - 2015-12-12 10:02 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-02-05 01:15 - 2015-12-12 09:55 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-02-05 01:15 - 2015-12-12 09:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-02-05 01:15 - 2015-12-12 09:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-02-05 01:15 - 2015-12-12 09:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-02-05 01:15 - 2015-12-12 09:40 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-02-05 01:15 - 2015-12-12 09:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-02-05 01:15 - 2015-12-12 09:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-02-05 01:15 - 2015-12-12 09:37 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-02-05 01:15 - 2015-12-12 09:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-02-05 01:15 - 2015-12-12 09:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-02-05 01:15 - 2015-12-12 09:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-02-05 01:15 - 2015-12-12 09:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-02-05 01:15 - 2015-12-12 09:35 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-02-05 01:15 - 2015-12-12 09:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-05 01:15 - 2015-12-12 09:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-02-05 01:15 - 2015-12-12 09:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-02-05 01:15 - 2015-12-12 09:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-02-05 01:15 - 2015-12-12 09:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-02-05 01:15 - 2015-12-12 09:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-02-05 01:15 - 2015-12-12 09:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-02-05 01:15 - 2015-12-12 09:25 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-05 01:15 - 2015-12-12 09:23 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-05 01:15 - 2015-12-12 09:22 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-05 01:15 - 2015-12-12 09:21 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-02-05 01:15 - 2015-12-12 09:20 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-05 01:15 - 2015-12-12 09:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-02-05 01:15 - 2015-12-12 09:18 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-05 01:15 - 2015-12-12 09:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-02-05 01:15 - 2015-12-12 09:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-02-05 01:15 - 2015-12-12 09:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-02-05 01:15 - 2015-12-12 09:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-02-05 01:15 - 2015-12-12 09:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-02-05 01:15 - 2015-12-12 09:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-02-05 01:15 - 2015-12-12 09:06 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-05 01:15 - 2015-12-12 09:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-02-05 01:15 - 2015-12-12 09:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-05 01:15 - 2015-12-12 09:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-02-05 01:15 - 2015-12-12 09:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-02-05 01:15 - 2015-12-12 09:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-02-05 01:15 - 2015-12-12 08:54 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-05 01:15 - 2015-12-12 08:42 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-05 01:15 - 2015-12-12 08:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-05 01:15 - 2015-12-12 08:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-05 01:15 - 2015-12-12 08:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-02-05 01:14 - 2015-10-01 10:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-02-05 01:14 - 2015-10-01 10:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-02-05 01:14 - 2015-10-01 10:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-02-05 01:14 - 2015-10-01 10:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-02-05 01:14 - 2015-10-01 10:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-02-05 01:14 - 2015-10-01 10:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-02-05 01:14 - 2015-10-01 10:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-02-05 01:14 - 2015-10-01 09:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-02-05 01:14 - 2015-10-01 09:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-02-05 01:13 - 2015-12-30 11:08 - 05572544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-05 01:13 - 2015-12-30 11:08 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-05 01:13 - 2015-12-30 11:08 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-05 01:13 - 2015-12-30 11:05 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-05 01:13 - 2015-12-30 11:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-02-05 01:13 - 2015-12-30 11:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-02-05 01:13 - 2015-12-30 11:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-05 01:13 - 2015-12-30 11:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-05 01:13 - 2015-12-30 11:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-05 01:13 - 2015-12-30 11:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-02-05 01:13 - 2015-12-30 11:01 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-05 01:13 - 2015-12-30 11:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-05 01:13 - 2015-12-30 11:01 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-05 01:13 - 2015-12-30 11:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-05 01:13 - 2015-12-30 11:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-02-05 01:13 - 2015-12-30 11:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-05 01:13 - 2015-12-30 11:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-05 01:13 - 2015-12-30 11:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-02-05 01:13 - 2015-12-30 10:59 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-05 01:13 - 2015-12-30 10:59 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-05 01:13 - 2015-12-30 10:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-02-05 01:13 - 2015-12-30 10:58 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-05 01:13 - 2015-12-30 10:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-02-05 01:13 - 2015-12-30 10:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-05 01:13 - 2015-12-30 10:57 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-05 01:13 - 2015-12-30 10:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-05 01:13 - 2015-12-30 10:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-05 01:13 - 2015-12-30 10:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-05 01:13 - 2015-12-30 10:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-05 01:13 - 2015-12-30 10:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-02-05 01:13 - 2015-12-30 10:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-05 01:13 - 2015-12-30 10:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-02-05 01:13 - 2015-12-30 10:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-02-05 01:13 - 2015-12-30 10:44 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-05 01:13 - 2015-12-30 10:41 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-02-05 01:13 - 2015-12-30 10:41 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-02-05 01:13 - 2015-12-30 10:41 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-05 01:13 - 2015-12-30 10:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-02-05 01:13 - 2015-12-30 10:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-02-05 01:13 - 2015-12-30 10:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-02-05 01:13 - 2015-12-30 10:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-02-05 01:13 - 2015-12-30 10:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-02-05 01:13 - 2015-12-30 10:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-02-05 01:13 - 2015-12-30 10:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-02-05 01:13 - 2015-12-30 10:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-05 01:13 - 2015-12-30 10:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-02-05 01:13 - 2015-12-30 10:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-02-05 01:13 - 2015-12-30 10:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-02-05 01:13 - 2015-12-30 10:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-05 01:13 - 2015-12-30 10:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-02-05 01:13 - 2015-12-30 10:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-02-05 01:13 - 2015-12-30 10:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-02-05 01:13 - 2015-12-30 10:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 09:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-02-05 01:13 - 2015-12-30 09:50 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-02-05 01:13 - 2015-12-30 09:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-02-05 01:13 - 2015-12-30 09:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-02-05 01:13 - 2015-12-30 09:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-05 01:13 - 2015-12-30 09:42 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-05 01:13 - 2015-12-30 09:42 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-05 01:13 - 2015-12-30 09:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-05 01:13 - 2015-12-30 09:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-05 01:13 - 2015-12-30 09:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-02-05 01:13 - 2015-12-30 09:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-02-05 01:13 - 2015-12-30 09:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-02-05 01:13 - 2015-12-30 09:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-02-05 01:13 - 2015-12-30 09:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-02-05 01:13 - 2015-12-30 09:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 09:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 09:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-05 01:13 - 2015-12-30 09:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-02-05 01:13 - 2015-12-08 13:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-02-05 01:13 - 2015-12-08 13:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-02-05 01:13 - 2015-12-08 13:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-02-05 01:13 - 2015-12-08 13:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-02-05 01:13 - 2015-12-08 13:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-02-05 01:13 - 2015-12-08 13:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-02-05 01:13 - 2015-12-08 13:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-02-05 01:13 - 2015-12-08 13:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-02-05 01:13 - 2015-12-08 13:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-02-05 01:13 - 2015-12-08 13:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-02-05 01:13 - 2015-12-08 13:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-02-05 01:13 - 2015-12-08 13:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-02-05 01:13 - 2015-12-08 13:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-02-05 01:13 - 2015-12-08 13:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-02-05 01:13 - 2015-12-08 13:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-02-05 01:13 - 2015-12-08 13:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-02-05 01:13 - 2015-12-08 13:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-02-05 01:13 - 2015-12-08 13:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-02-05 01:13 - 2015-12-08 13:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-02-05 01:13 - 2015-12-08 13:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-02-05 01:13 - 2015-12-08 13:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-02-05 01:13 - 2015-12-08 13:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-02-05 01:13 - 2015-12-08 13:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-02-05 01:13 - 2015-12-08 13:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-02-05 01:13 - 2015-12-08 13:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-02-05 01:13 - 2015-12-08 13:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-02-05 01:13 - 2015-12-08 13:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-02-05 01:13 - 2015-12-08 13:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-02-05 01:13 - 2015-12-08 13:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-02-05 01:13 - 2015-12-08 13:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-02-05 01:13 - 2015-12-08 13:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-02-05 01:13 - 2015-12-08 13:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-02-05 01:13 - 2015-12-08 13:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-02-05 01:13 - 2015-12-08 13:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-02-05 01:13 - 2015-12-08 13:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-02-05 01:13 - 2015-12-08 13:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-02-05 01:13 - 2015-12-08 13:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-02-05 01:13 - 2015-12-08 11:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-02-05 01:13 - 2015-12-08 11:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-02-05 01:13 - 2015-12-08 11:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-02-05 01:13 - 2015-12-08 11:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-02-05 01:13 - 2015-12-08 11:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-02-05 01:13 - 2015-12-08 11:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-02-05 01:13 - 2015-12-08 11:07 - 01393152 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-02-05 01:13 - 2015-12-08 11:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-02-05 01:13 - 2015-12-08 11:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-02-05 01:13 - 2015-12-08 11:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-02-05 01:13 - 2015-12-08 11:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-02-05 01:13 - 2015-12-08 11:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-02-05 01:13 - 2015-12-08 11:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-02-05 01:13 - 2015-12-08 11:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-02-05 01:13 - 2015-12-08 11:07 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-05 01:13 - 2015-12-08 11:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-02-05 01:13 - 2015-12-08 11:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-02-05 01:13 - 2015-12-08 11:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-02-05 01:13 - 2015-12-08 11:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-02-05 01:13 - 2015-12-08 11:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-02-05 01:13 - 2015-12-08 11:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-02-05 01:13 - 2015-12-08 11:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-02-05 01:13 - 2015-12-08 11:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-02-05 01:13 - 2015-12-08 11:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-02-05 01:13 - 2015-12-08 11:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-02-05 01:13 - 2015-12-08 11:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-02-05 01:13 - 2015-12-08 11:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-02-05 01:13 - 2015-12-08 11:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-02-05 01:13 - 2015-12-08 11:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-02-05 01:13 - 2015-12-08 11:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-02-05 01:13 - 2015-12-08 11:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-02-05 01:13 - 2015-12-08 11:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-02-05 01:13 - 2015-12-08 11:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-02-05 01:13 - 2015-12-08 11:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-02-05 01:13 - 2015-12-08 11:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-02-05 01:13 - 2015-12-08 11:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-02-05 01:13 - 2015-12-08 11:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-02-05 01:13 - 2015-12-08 11:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-02-05 01:13 - 2015-12-08 11:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-02-05 01:13 - 2015-12-08 11:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-02-05 01:13 - 2015-12-08 10:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-02-05 01:13 - 2015-12-08 10:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-02-05 01:13 - 2015-12-08 10:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-02-05 01:13 - 2015-11-20 10:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-05 01:13 - 2015-11-20 10:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-05 01:13 - 2015-11-20 10:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-05 01:13 - 2015-11-20 10:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-05 01:13 - 2015-11-20 10:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-05 01:13 - 2015-11-20 10:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-05 01:13 - 2015-11-20 10:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-02-05 01:13 - 2015-11-20 10:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-02-05 01:13 - 2015-11-20 10:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-05 01:13 - 2015-11-20 10:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-05 01:13 - 2015-11-20 10:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-02-05 01:13 - 2015-11-20 10:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-02-05 01:13 - 2015-11-20 10:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-02-05 01:13 - 2015-11-20 10:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-02-05 01:13 - 2015-11-20 10:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-02-05 01:13 - 2015-11-20 10:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-02-05 01:13 - 2015-11-13 15:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-02-05 01:13 - 2015-11-13 15:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-02-05 01:13 - 2015-11-13 15:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-02-05 01:13 - 2015-11-13 14:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-02-05 01:13 - 2015-11-13 14:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-02-05 01:13 - 2015-11-13 14:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-02-05 01:13 - 2015-11-11 10:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2016-02-05 01:13 - 2015-11-11 10:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2016-02-05 01:13 - 2015-11-11 10:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2016-02-05 01:13 - 2015-11-11 10:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2016-02-05 01:13 - 2015-11-10 10:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-02-05 01:13 - 2015-11-10 10:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-02-05 01:13 - 2015-11-10 10:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-02-05 01:13 - 2015-11-10 10:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-02-05 01:13 - 2015-11-10 10:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-02-05 01:13 - 2015-11-05 11:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2016-02-05 01:13 - 2015-11-05 11:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2016-02-05 01:13 - 2015-11-05 01:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2016-02-05 01:13 - 2015-11-03 11:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2016-02-05 01:13 - 2015-11-03 11:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2016-02-05 01:13 - 2015-11-03 10:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2016-02-05 01:13 - 2015-11-03 10:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2016-02-05 01:13 - 2015-10-13 08:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2016-02-05 01:13 - 2015-10-13 08:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2016-02-05 01:13 - 2015-10-12 20:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2016-02-05 01:13 - 2015-10-01 10:00 - 00275456 _____


#7 zaria12

zaria12

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 09 February 2016 - 09:11 PM

Oh, and to be clear, I did use the Avast uninstall and then reinstalled as instructed :)

 

edit: omg, I should proofread. Also, to be clear, when i ran the adwcleaner and cleaned some stuff, I ran avast again and THEN it blue screened, not after the adwcleaner. Sorry, I'm a goober.


Edited by zaria12, 09 February 2016 - 09:14 PM.


#8 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,276 posts

Posted 10 February 2016 - 06:19 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

[B]HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-2929191742-4233368518-2043344364-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-2929191742-4233368518-2043344364-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF SearchPlugin: C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\q61q95pn.default\searchplugins\yahoo-avast.xml [2014-06-07]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker => not found
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-09][/B]
C:\Users\Kathy\AppData\Local\Temp\First15.exe
C:\Users\Kathy\AppData\Local\Temp\jre-8u74-windows-au.exe
C:\Users\Kathy\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Kathy\AppData\Local\Temp\nvStInst.exe
C:\Users\Kathy\AppData\Local\Temp\sqlite3.dll
C:\Users\Kathy\AppData\Local\Temp\VP6Install.exe
C:\Users\Kathy\AppData\Local\Temp\VP6VFW.dll
C:\Users\Kathy\AppData\Local\Temp\_isC449.exe
C:\Users\Kathy\AppData\Local\Temp\_isDE2F.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

====

The addition.txt file was not attached correctly.

Please repeat the process. Look at my instructions. Take your time.

===

While I check your logs please run the SFC.EXe

Check the integrity of the operating system files.
How to run sfc /Scannow
http://support.microsoft.com/kb/929833
===

Check to make sure you have all the Latest Security Updates.

Go to this page.
https://www.microsof...ty/updates.aspx

Follow the instructions for the Windows 7 operating system.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#9 zaria12

zaria12

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 12 February 2016 - 02:17 AM

Here you go:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by Kathy (2016-02-12 00:05:15) Run:1
Running from C:\Users\Kathy\Desktop\scanlog
Loaded Profiles: Kathy (Available Profiles: Kathy)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-2929191742-4233368518-2043344364-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-2929191742-4233368518-2043344364-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF SearchPlugin: C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\q61q95pn.default\searchplugins\yahoo-avast.xml [2014-06-07]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker => not found
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-09]

C:\Users\Kathy\AppData\Local\Temp\First15.exe
C:\Users\Kathy\AppData\Local\Temp\jre-8u74-windows-au.exe
C:\Users\Kathy\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Kathy\AppData\Local\Temp\nvStInst.exe
C:\Users\Kathy\AppData\Local\Temp\sqlite3.dll
C:\Users\Kathy\AppData\Local\Temp\VP6Install.exe
C:\Users\Kathy\AppData\Local\Temp\VP6VFW.dll
C:\Users\Kathy\AppData\Local\Temp\_isC449.exe
C:\Users\Kathy\AppData\Local\Temp\_isDE2F.exe

End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2929191742-4233368518-2043344364-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2929191742-4233368518-2043344364-1000\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found.
Firefox SearchEngineOrder.1 removed successfully
Firefox SelectedSearchEngine removed successfully
Firefox "homepage" removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\q61q95pn.default\searchplugins\yahoo-avast.xml => moved successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} => value removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
C:\Users\Kathy\AppData\Local\Temp\First15.exe => moved successfully
C:\Users\Kathy\AppData\Local\Temp\jre-8u74-windows-au.exe => moved successfully
C:\Users\Kathy\AppData\Local\Temp\nvSCPAPI.dll => moved successfully
C:\Users\Kathy\AppData\Local\Temp\nvStInst.exe => moved successfully
C:\Users\Kathy\AppData\Local\Temp\sqlite3.dll => moved successfully
C:\Users\Kathy\AppData\Local\Temp\VP6Install.exe => moved successfully
C:\Users\Kathy\AppData\Local\Temp\VP6VFW.dll => moved successfully
C:\Users\Kathy\AppData\Local\Temp\_isC449.exe => moved successfully
C:\Users\Kathy\AppData\Local\Temp\_isDE2F.exe => moved successfully
EmptyTemp: => 2.6 GB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-02-12 00:10:27)

"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Could not move

==== End of Fixlog 00:10:27 ====

Attached Files



#10 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,276 posts

Posted 12 February 2016 - 06:56 AM

Remove this program in bold via the Control Panel > Programs and Features applet.
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.3.5.2 - Pando Networks Inc.)

If you do not use this Yahoo messenger you can delete it also.
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)

These are old versions of Java. If not needed for development purposes remove the them as well.
Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingc...best-practices/
===
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#11 zaria12

zaria12

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 13 February 2016 - 07:20 PM

Sheesh, still happening. I removed the Pando thing, not Yahoo though. I removed the old Java. I did the operating system scan and it didn't find a problem(thank god). Windows updates are all up to date. Do you think there's some conflict somewhere? The avast page says to restart with one program at a time to isolate a conflict but yikes, that will take forever. Any more suggestions? Thanks again for your time and help.

#12 zaria12

zaria12

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 14 February 2016 - 03:53 AM

I also just ran F-Secure, which ran fine and found nothing, and ESET online scan that crashed near the end of the scan, like avast does.

#13 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,276 posts

Posted 14 February 2016 - 06:44 AM

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

===
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#14 zaria12

zaria12

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 14 February 2016 - 07:05 PM

Ok, I ran the script and then tried to run avast again and it crashed. So I turned off avast and tried running the Eset one and it also crashed, earlier than it did yesterday. I should say that yesterday I did try to restart the computer with only avast using the msconfig thing, to see if I could get it to complete alone. But even though it was on the list of programs to load, this time I couldn't get it to run at all.

 

Also, I had problems getting my computer back to normal, specifically the networking didn't seem to come back correctly as I couldn't connect to the internet. I tried to use a restore point and that failed. To say the least, I was a little freaked out. So I redid the msconfig thing again, in safe mode again, and it worked the second time. Not sure I want to mess with that crap anymore! Anyway, log attached.

 

I x'd out my email, I'm a little paranoid.

Attached Files


Edited by zaria12, 14 February 2016 - 07:13 PM.


#15 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,276 posts

Posted 15 February 2016 - 05:54 AM

I suggest you restore your Windows 7 to the Last good configuration
Follow the instructions on this page.

http://windows.micro...n#1TC=windows-7

Keep me posted.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#16 zaria12

zaria12

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 16 February 2016 - 02:40 AM

Before I do that, because I'm scared to do that, I just noticed that all those restore points that were created when we did all that stuff are gone. I have no restore points. Do you know why that would happen?

#17 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,276 posts

Posted 16 February 2016 - 06:07 AM

I just noticed that all those restore points that were created when we did all that stuff are gone. I have no restore points. Do you know why that would happen?


No, the last restore point was created on Feb 14 when you used the Zoek tool.

2/14/2016 3:07:11 PM Zoek.exe System Restore Point Created Successfully.

Create one now.
Create a restore point. Windows 7.
http://windows.micro...a-restore-point

---

There could be some RAM problems Check it out.

http://windows.micro...n-your-computer

If not problems found please run the Farbar tool again. Makes sure that the box to create an Addition.txt file is checked.
Post post logs for my review.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#18 zaria12

zaria12

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 16 February 2016 - 03:52 PM

Yeah thats the thing, the restore point that you referenced was not there. I did create one today and that is the only one there now. \


I did the memory test, twice, and it said there were no errors\


After the memory test, two programs that auto load were acting up. My PIM (essentialpim) directed me to update the program. Dashlane, the password database, did not load at all. When I tried to start it manually, the executable didn't work. When I went to programs to delete it, it said that it was already gone and asked me if I wanted to remove it from the list. This really freaks me out! That program had alot of sensitive info in it. I reinstalled it and then uninstalled it and had it remove all the data.


Have you seen anything suspicious in any of my logs? Do you think this is all computer glitching or is it possible there is some monster malware in my system that is messing with everything? Blah, I really don't want to reinstall windows if I don't have to, because that is way outside of my skillset and I would have to bring it in to the place I bought it to do that. A big pain. Anyway, thanks for any information or opinion you may have.

Edited by zaria12, 16 February 2016 - 03:54 PM.


#19 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,276 posts

Posted 17 February 2016 - 08:00 AM

Check the integrity of the Hard Disk.

Navigate to this page (link below) and run the Chkdsk with the following command as explained on the page.

chkdsk /f /r C: Leave a spaces as shown.

The link.
http://www.howtogeek...-windows-vista/

keep me posted.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#20 zaria12

zaria12

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 21 February 2016 - 01:04 AM

WOOOOOOHOOOOOOOO avast scan: COMPLETED


the chkdsk did find some bad sectors and then when i ran avast again it got further but died again(which almost killed me) but it was a different error that indicated a video card error. I think that crash was caused by the screen saver coming on. So I ran it again and babied it through the last 20%. After much praying to the computer gods, it finally worked.

Also I read up about the system restore points disappearing and it looks like other people get that too. There's a fix, something to do with the paging file but I'm just gonna be happy with what I have right now. I think my video card is about to crap out on me but at least its not a virus or a keylogger or something horrible. I don't think? Did you see anything? Does it look clear?

thank you thank you for your help.

Edited by zaria12, 21 February 2016 - 01:06 AM.


#21 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,276 posts

Posted 21 February 2016 - 06:14 AM

System Restore points are deleted after you restart your Windows 7-based computer

check your Protection settings.
https://support.micr...n-us/kb/2506576

----

Your system is clean.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingc...best-practices/
===
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#22 zaria12

zaria12

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 21 February 2016 - 03:44 PM

Thank you again for all of your help. You guys are the best.

#23 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,276 posts

Posted 22 February 2016 - 07:37 AM

Since the issue appears to be resolved this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




Member of UNITE
Support SpywareInfo Forum - click the button