Jump to content

TRICKY41

Members
 View Profile  See their activity

  • Posts

    1

  • Joined

  • Last visited

 Content Type 

Everything posted by TRICKY41

  1. TRICKY41
    panda scan found system hijack and fireofx keeps not respsonmding i have malware pro version Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015 Ran by Chris at 2015-03-31 08:51:04 Running from C:\Users\Chris\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Leawo Video Converter version 5.1.0.0 (HKLM\...\{331ED3CF-3A1B-467C-9A62-899E2D3B20C4}_is1) (Version: - ) µTorrent (HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\uTorrent) (Version: 3.4.2.39744 - BitTorrent Inc.) Adobe AIR (HKLM\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated) Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.) Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated) Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.) Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 5.3.0.0 - Auslogics Labs Pty Ltd) Avast Internet Security (HKLM\...\Avast) (Version: 10.2.2214 - AVAST Software) CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform) ConvertXtoDVD 4.0.9.322 (HKLM\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.0.9.322 - ) EasyBCD 1.7 (HKLM\...\EasyBCD) (Version: 1.7 - NeoSmart Technologies) ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - ) ffdshow [rev 2180] [2008-10-04] (HKLM\...\ffdshow_is1) (Version: 1.0 - ) Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden HDD Health v4.2 (HKLM\...\HDD Health_is1) (Version: - ) Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation) K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - ) Ladbrokes Casino (HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\Ladbrokes) (Version: - ) Malwarebytes Anti-Exploit version 1.05.1.1016 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1016 - Malwarebytes) Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Excel Viewer 2003 (HKLM\...\{90840409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{A55747C1-4651-433D-B082-478874FF7516}) (Version: 6.3.0 - Motorola Mobility LLC) Mozilla Firefox 36.0.4 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) MPC-HC 1.7.0 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team) MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) Nero 7 Lite 7.10.1.2 (HKLM\...\Nero7Lite_is1) (Version: 7.10.1.2 - UpdatePack.nl) Panda Cloud Cleaner (HKLM\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.107 - Panda Security) RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - ) RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden Samsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.) Secunia PSI (3.0.0.9016) (HKLM\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia) Skitch (HKLM\...\Skitch 1.0.2.0) (Version: 2.2.0.4 - Evernote Corp.) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN) Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) YouTube Downloader App 3.00 (HKLM\...\YouTube Downloader App) (Version: 3.00 - Regensoft) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 10-03-2015 01:00:01 Scheduled Checkpoint 10-03-2015 15:04:45 Windows Update 12-03-2015 01:00:04 Scheduled Checkpoint 12-03-2015 04:00:18 Windows Update 13-03-2015 01:00:01 Scheduled Checkpoint 14-03-2015 01:00:02 Scheduled Checkpoint 15-03-2015 01:00:07 Scheduled Checkpoint 16-03-2015 01:32:55 Scheduled Checkpoint 17-03-2015 01:00:02 Scheduled Checkpoint 17-03-2015 23:47:28 Windows Update 18-03-2015 13:49:36 Scheduled Checkpoint 20-03-2015 18:16:39 avast! antivirus system restore point 21-03-2015 17:18:27 Windows Update 23-03-2015 11:54:29 Scheduled Checkpoint 24-03-2015 02:31:12 Scheduled Checkpoint 24-03-2015 19:22:24 Scheduled Checkpoint 24-03-2015 21:36:37 Windows Update 25-03-2015 10:55:06 Scheduled Checkpoint 26-03-2015 01:09:22 Scheduled Checkpoint 26-03-2015 19:34:18 Scheduled Checkpoint 28-03-2015 01:00:05 Scheduled Checkpoint 29-03-2015 01:00:08 Scheduled Checkpoint 30-03-2015 12:37:11 Scheduled Checkpoint 31-03-2015 04:00:31 Scheduled Checkpoint 31-03-2015 07:46:44 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-01-28 16:22 - 2015-02-12 19:22 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0945E1CB-16D0-411C-8521-E36129FC4CAD} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3299710142-3868310564-1978959094-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {173D4975-2084-4DE0-9118-A5F79C988034} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {5184F028-AA66-498B-8389-8BE4497A3485} - System32\Tasks\avastBCLRestartS-1-5-21-3299710142-3868310564-1978959094-1001 => Firefox.exe Task: {55BCF811-A564-4112-86D0-CE9A15394CF0} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3299710142-3868310564-1978959094-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {6092D648-6209-4D6F-9B67-908F6DA777DD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {677CD573-8156-4B83-8781-B7646D6B0415} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-23] (Adobe Systems Incorporated) Task: {6AB10674-89F8-4900-9832-2CF880C72577} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3299710142-3868310564-1978959094-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {8214B684-CA5F-4C69-89AA-C1D18ACA5CB0} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3299710142-3868310564-1978959094-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {85281012-34B8-4BAA-9EF3-93B5EA5F07FC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-06-02] (Google Inc.) Task: {8A6403D3-82D2-4E66-8DBE-0E6A1517755E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-06-02] (Google Inc.) Task: {C9FE83DC-FBE8-4C22-AF6D-8843F56B350E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-03-20] (Avast Software s.r.o.) Task: {DC0B49E4-3258-40BE-81A6-B40E45F2E425} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-29] (Piriform Ltd) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2015-03-20 18:32 - 2015-03-20 18:32 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-03-20 18:32 - 2015-03-20 18:32 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-03-30 20:00 - 2015-03-30 20:00 - 02924032 _____ () C:\Program Files\AVAST Software\Avast\defs\15033001\algo.dll 2014-03-25 06:27 - 2013-03-08 10:54 - 00017760 _____ () C:\Program Files\HDD Health\HDDHealthService.exe 2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe 2015-03-14 03:20 - 2015-03-20 18:33 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2015-03-20 18:40 - 2015-03-23 05:42 - 16858288 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Chris\Downloads\20120317_142032-trim-03-17-trim-03-18-00-17-38.3gp:TOC.WMV AlternateDataStreams: C:\Users\Chris\Downloads\33.MPG:TOC.WMV AlternateDataStreams: C:\Users\Chris\Downloads\a.3gp:TOC.WMV AlternateDataStreams: C:\Users\Chris\Downloads\meandem.MP4:TOC.WMV AlternateDataStreams: C:\Users\Chris\Downloads\vid2.3gp:TOC.WMV ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-3299710142-3868310564-1978959094-500 - Administrator - Disabled) Chris (S-1-5-21-3299710142-3868310564-1978959094-1001 - Administrator - Enabled) => C:\Users\Chris Guest (S-1-5-21-3299710142-3868310564-1978959094-501 - Limited - Disabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/31/2015 08:23:51 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (03/26/2015 06:39:04 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (03/25/2015 04:53:04 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (03/25/2015 10:10:32 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (03/24/2015 06:43:33 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (03/24/2015 01:25:26 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry <C:\USERS\CHRIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\Y0T440SI.DEFAULT-1422297887428\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (03/23/2015 11:18:30 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (03/23/2015 11:18:30 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (03/21/2015 04:47:15 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (03/21/2015 04:47:14 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. System errors: ============= Error: (03/31/2015 08:28:57 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Windows Update Error: (03/31/2015 08:25:11 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: 30000Eventlog Error: (03/31/2015 08:25:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: AvastVBox COM Service%%1053 Error: (03/31/2015 08:25:11 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: 30000AvastVBox COM Service Error: (03/31/2015 08:24:12 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1053AvastVBoxSvc{F319F1B8-7587-4146-AF9C-0D6D77819BF1} Error: (03/30/2015 11:57:20 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 11:56:06 on 30/03/2015 was unexpected. Error: (03/26/2015 06:35:37 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 15:58:20 on 26/03/2015 was unexpected. Error: (03/25/2015 04:51:23 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 12:17:34 on 25/03/2015 was unexpected. Error: (03/25/2015 10:09:03 AM) (Source: Dhcp) (EventID: 1002) (User: ) Description: The IP address lease 192.168.1.3 for the Network Card with network address 001EC982BAAF has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Error: (03/25/2015 10:08:55 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 07:45:25 on 25/03/2015 was unexpected. Microsoft Office Sessions: ========================= Error: (03/31/2015 08:23:51 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe Error: (03/26/2015 06:39:04 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe Error: (03/25/2015 04:53:04 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe Error: (03/25/2015 10:10:32 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe Error: (03/24/2015 06:43:33 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe Error: (03/24/2015 01:25:26 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\USERS\CHRIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\Y0T440SI.DEFAULT-1422297887428\SAFEBROWSING-TO_DELETE Error: (03/23/2015 11:18:30 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe Error: (03/23/2015 11:18:30 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe Error: (03/21/2015 04:47:15 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe Error: (03/21/2015 04:47:14 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe CodeIntegrity Errors: =================================== Date: 2015-03-31 08:50:55.823 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-03-31 08:50:55.620 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-03-31 08:50:55.402 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-03-31 08:50:55.183 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-03-31 08:50:24.086 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-03-31 08:50:23.883 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-03-31 08:50:23.696 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-03-31 08:50:23.430 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-03-31 08:36:57.700 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\DasPtct.SYS because the set of per-page image hashes could not be found on the system. Date: 2015-03-31 08:36:57.434 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\DasPtct.SYS because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU E6750 @ 2.66GHz Percentage of memory in use: 50% Total physical RAM: 3060.45 MB Available physical RAM: 1510.15 MB Total Pagefile: 6355.91 MB Available Pagefile: 4458.46 MB Total Virtual: 2047.88 MB Available Virtual: 1914.75 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:288.32 GB) (Free:154.82 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Recovery) (Fixed) (Total:9.77 GB) (Free:3.88 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 5ED7C68A) Partition 1: (Active) - (Size=288.3 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015 Ran by Chris (administrator) on DELL-530 on 31-03-2015 08:50:02 Running from C:\Users\Chris\Desktop Loaded Profiles: Chris (Available profiles: Chris) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe (Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe () C:\Program Files\HDD Health\HDDHealthService.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Secunia) C:\Program Files\Secunia\PSI\psia.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (PANTERASoft) C:\Program Files\HDD Health\hddhealth.exe (Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia) C:\Program Files\Secunia\PSI\sua.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-10] (Malwarebytes Corporation) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5511352 2015-03-20] (Avast Software s.r.o.) HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4826904 2014-10-29] (Piriform Ltd) HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HDDHealth.lnk ShortcutTarget: HDDHealth.lnk -> C:\Program Files\HDD Health\hddhealth.exe (PANTERASoft) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (Avast Software s.r.o.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com?fr=hp-avast&type=avastbcl HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com?fr=hp-avast&type=avastbcl BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-20] (Avast Software s.r.o.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0 FireFox: ======== FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\y0t440si.default-1422297887428 FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006 FF SearchEngineOrder.1: FF SelectedSearchEngine: FF Homepage: https://www.google.com/?trackid=sp-006 FF Keyword.URL: https://www.google.com/search/?trackid=sp-006 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-23] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1214154.dll [2014-11-07] (Adobe Systems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2013-09-08] (RealNetworks, Inc.) FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-08-16] (RealNetworks, Inc.) FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-08-16] (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2013-09-08] (RealPlayer) FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2013-09-08] (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2013-09-08] (RealPlayer) FF Extension: NoScript - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\y0t440si.default-1422297887428\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-03-26] FF Extension: Adblock Plus - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\y0t440si.default-1422297887428\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-26] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-02-04] FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-08-16] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-08] FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-02] Chrome: ======= CHR HomePage: Default -> https://uk.yahoo.com?fr=hp-avast&type=avastbcl CHR StartupUrls: Default -> "https://uk.yahoo.com?fr=hp-avast&type=avastbcl" CHR Profile: C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-16] CHR Extension: (Google Drive) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-16] CHR Extension: (No Name) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-16] CHR Extension: (YouTube) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-16] CHR Extension: (Google Search) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-16] CHR Extension: (AdBlock) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-17] CHR Extension: (avast! Online Security) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-02] CHR Extension: (RealDownloader) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-04-16] CHR Extension: (No Name) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-02] CHR Extension: (ScriptSafe) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2014-08-17] CHR Extension: (Gmail) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-16] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-20] CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-20] (Avast Software s.r.o.) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-03-20] (Avast Software s.r.o.) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2015-03-20] (Avast Software) R2 HDDHealth; C:\Program Files\HDD Health\HDDHealthService.exe [17760 2013-03-08] () [File not signed] R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-10] (Malwarebytes Corporation) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia) R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-03-20] () R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26096 2015-03-20] (Avast Software s.r.o.) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73440 2015-03-20] (Avast Software s.r.o.) R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2014-08-02] (ALWIL Software) R0 aswNdis2; C:\Windows\system32\Drivers\aswNdis2.sys [253728 2015-03-20] (Avast Software s.r.o.) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-03-20] (Avast Software s.r.o.) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-03-20] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788272 2015-03-20] (Avast Software s.r.o.) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427480 2015-03-20] (Avast Software s.r.o.) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-03-20] (Avast Software s.r.o.) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206976 2015-03-20] () R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47928 2014-12-10] () R3 gttap1; C:\Windows\System32\DRIVERS\gttap1.sys [32552 2013-09-12] (The OpenVPN Project) R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2015-03-17] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-03-31] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation) S3 MOSUMAC; C:\Windows\System32\DRIVERS\MOSUMAC.SYS [43520 2009-12-10] (--) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia) S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2015-03-20] (Avast Software) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-31 08:50 - 2015-03-31 08:50 - 00016688 _____ () C:\Users\Chris\Desktop\FRST.txt 2015-03-31 08:31 - 2015-03-31 08:31 - 01135104 _____ (Farbar) C:\Users\Chris\Desktop\FRST.exe 2015-03-30 23:54 - 2013-04-29 10:17 - 00047632 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys 2015-03-30 21:39 - 2015-03-31 08:19 - 00001041 _____ () C:\Users\Chris\AppData\Roaming\vso_ts_preview.xml 2015-03-30 21:39 - 2015-03-31 08:19 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Vso 2015-03-30 20:15 - 2015-03-30 23:53 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\uTorrent 2015-03-30 20:15 - 2015-03-30 20:15 - 00000737 _____ () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2015-03-24 18:22 - 2015-03-24 18:22 - 06693152 _____ (Auslogics Labs Pty Ltd ) C:\Users\Chris\Downloads\disk-defrag-setup.exe 2015-03-24 18:22 - 2015-03-24 18:22 - 00000922 _____ () C:\Users\Chris\Desktop\Auslogics DiskDefrag.lnk 2015-03-24 18:22 - 2015-03-24 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics 2015-03-24 18:22 - 2015-03-24 18:22 - 00000000 ____D () C:\Program Files\Auslogics 2015-03-24 13:28 - 2015-03-24 13:28 - 00001653 _____ () C:\Users\Chris\Desktop\Ladbrokes Casino.lnk 2015-03-23 05:17 - 2015-03-23 05:18 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-03-20 19:14 - 2015-03-20 19:15 - 00000000 ____D () C:\44e3d12e142a0353867416372d 2015-03-20 18:48 - 2015-03-23 11:14 - 00001730 _____ () C:\Windows\PFRO.log 2015-03-20 18:35 - 2015-03-20 18:32 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe 2015-03-20 18:32 - 2015-03-20 18:32 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr 2015-03-20 18:04 - 2015-03-20 18:05 - 00000197 _____ () C:\Windows\system32\2015-03-20-17-04-52.036-AvastVBoxSVC.exe-1368.log 2015-03-19 13:52 - 2015-03-19 13:52 - 00000197 _____ () C:\Windows\system32\2015-03-19-12-52-23.034-AvastVBoxSVC.exe-2648.log 2015-03-18 13:13 - 2015-03-18 13:13 - 00000247 _____ () C:\Windows\system32\2015-03-18-12-13-02.070-aswFe.exe-4108.log 2015-03-18 12:58 - 2015-03-18 12:58 - 00000197 _____ () C:\Windows\system32\2015-03-18-11-58-22.057-AvastVBoxSVC.exe-3416.log 2015-03-12 04:12 - 2015-02-26 01:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-03-12 04:12 - 2015-01-29 02:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-12 04:12 - 2015-01-29 02:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-03-12 04:06 - 2015-02-20 03:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-03-12 04:06 - 2015-02-20 01:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-03-12 04:05 - 2015-02-26 03:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-03-12 04:05 - 2015-02-26 03:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-12 04:05 - 2015-01-21 03:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-03-12 04:05 - 2015-01-09 03:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-03-12 04:05 - 2015-01-09 01:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-03-12 04:04 - 2015-03-06 05:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-12 04:03 - 2014-10-13 02:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2015-03-12 04:02 - 2015-02-18 03:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-03-11 09:41 - 2015-02-21 18:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-11 09:41 - 2015-02-21 18:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-03-11 09:41 - 2015-02-21 18:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-11 09:41 - 2015-02-21 18:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-03-11 09:41 - 2015-02-21 18:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-11 09:41 - 2015-02-21 18:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-11 09:41 - 2015-02-21 18:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-11 09:41 - 2015-02-21 18:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2015-03-11 09:41 - 2015-02-21 18:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-03-11 09:41 - 2015-02-21 18:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-11 09:41 - 2015-02-21 18:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-03-11 09:41 - 2015-02-21 18:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-11 09:41 - 2015-02-21 18:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-11 09:41 - 2015-02-21 18:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-03-11 09:41 - 2015-02-21 18:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-03-11 09:41 - 2015-02-21 18:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-03-11 09:41 - 2015-02-21 18:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-11 09:41 - 2015-02-21 18:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-11 09:41 - 2015-02-21 18:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2015-03-11 09:41 - 2015-02-21 18:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2015-03-11 09:41 - 2015-02-21 18:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2015-03-11 09:41 - 2015-02-21 18:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-03-05 15:27 - 2015-03-05 15:28 - 00000247 _____ () C:\Windows\system32\2015-03-05-14-27-51.039-aswFe.exe-5188.log 2015-03-05 15:15 - 2015-03-05 15:27 - 00000247 _____ () C:\Windows\system32\2015-03-05-14-15-28.038-aswFe.exe-4032.log 2015-03-05 15:15 - 2015-03-05 15:15 - 00000197 _____ () C:\Windows\system32\2015-03-05-14-15-15.080-AvastVBoxSVC.exe-916.log ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-31 08:50 - 2015-02-14 09:57 - 00000000 ____D () C:\FRST 2015-03-31 08:47 - 2012-12-13 20:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-31 08:44 - 2014-06-02 22:04 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-31 08:32 - 2012-06-09 17:42 - 01794051 _____ () C:\Windows\WindowsUpdate.log 2015-03-31 08:30 - 2014-07-29 23:31 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit 2015-03-31 08:29 - 2006-11-02 11:33 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-31 08:25 - 2014-06-02 22:10 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2015-03-31 08:22 - 2014-06-02 22:04 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-31 08:22 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-31 08:22 - 2006-11-02 13:47 - 00005184 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-31 08:22 - 2006-11-02 13:47 - 00005184 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-31 08:21 - 2006-11-02 14:01 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-03-31 08:19 - 2012-06-03 09:55 - 00051200 _____ () C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-03-31 03:32 - 2011-12-28 15:53 - 00000000 ____D () C:\Users\Chris\Documents\ConvertXToDVD 2015-03-30 21:48 - 2013-07-23 22:29 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\vlc 2015-03-30 20:35 - 2012-12-19 19:53 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\dvdcss 2015-03-26 18:41 - 2015-02-27 23:47 - 00000000 ____D () C:\Users\Chris\AppData\Local\Ladbrokes Casino 2015-03-24 18:39 - 2014-06-02 22:10 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2015-03-24 18:05 - 2014-06-02 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-03-24 18:05 - 2013-08-23 17:11 - 00000859 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-03-24 13:28 - 2015-02-27 23:47 - 00001655 _____ () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Ladbrokes Casino.lnk 2015-03-23 11:14 - 2013-10-31 01:26 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-03-23 11:14 - 2008-10-23 13:07 - 00000000 ____D () C:\Program Files\WinRAR 2015-03-23 05:59 - 2014-08-27 21:55 - 00000000 ____D () C:\Users\Chris\AppData\Local\Adobe 2015-03-23 05:42 - 2012-12-13 20:48 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-03-23 05:42 - 2012-12-13 20:48 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-03-23 01:03 - 2012-10-25 16:53 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-03-23 01:03 - 2012-10-25 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-03-23 01:02 - 2013-08-17 03:35 - 00000819 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2015-03-23 01:02 - 2012-03-30 08:47 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR 2015-03-21 18:51 - 2014-06-02 22:05 - 00001931 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-03-20 18:34 - 2014-08-02 22:53 - 00427480 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys 2015-03-20 18:34 - 2014-08-02 22:53 - 00206976 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2015-03-20 18:34 - 2014-08-02 22:53 - 00073440 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-03-20 18:34 - 2014-08-02 22:53 - 00057888 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswTdi.sys 2015-03-20 18:34 - 2014-08-02 22:53 - 00055200 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr.sys 2015-03-20 18:34 - 2014-08-02 22:53 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2015-03-20 18:34 - 2014-08-02 22:53 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2015-03-20 18:31 - 2014-08-02 22:53 - 00788272 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys 2015-03-20 18:31 - 2014-08-02 22:53 - 00026096 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswKbd.sys 2015-03-20 18:28 - 2014-08-02 22:53 - 00253728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswNdis2.sys 2015-03-17 07:15 - 2014-06-02 22:10 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-17 07:15 - 2013-10-21 09:52 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-17 07:15 - 2013-08-23 17:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-17 03:08 - 2011-12-31 14:09 - 00000000 ____D () C:\Users\Chris\AppData\Local\CrashDumps 2015-03-12 04:33 - 2013-01-13 18:03 - 03612480 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-12 04:12 - 2013-08-14 03:08 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-12 04:06 - 2006-11-02 11:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe ==================== Files in the root of some directories ======= 2011-12-28 15:52 - 2011-12-28 15:52 - 0007887 _____ () C:\Users\Chris\AppData\Roaming\pcouffin.cat 2011-12-28 15:52 - 2011-12-28 15:52 - 0001144 _____ () C:\Users\Chris\AppData\Roaming\pcouffin.inf 2011-12-28 15:53 - 2011-12-28 15:53 - 0000034 _____ () C:\Users\Chris\AppData\Roaming\pcouffin.log 2011-12-28 15:52 - 2011-12-28 15:52 - 0047360 _____ (VSO Software) C:\Users\Chris\AppData\Roaming\pcouffin.sys 2013-06-10 19:39 - 2013-06-10 19:39 - 0029239 _____ () C:\Users\Chris\AppData\Roaming\UserTile.png 2015-03-30 21:39 - 2015-03-31 08:19 - 0001041 _____ () C:\Users\Chris\AppData\Roaming\vso_ts_preview.xml 2012-01-13 09:09 - 2013-04-28 22:18 - 0163945 _____ () C:\Users\Chris\AppData\Local\ars.cache 2012-01-13 09:10 - 2013-04-28 22:18 - 0910996 _____ () C:\Users\Chris\AppData\Local\census.cache 2013-05-06 12:27 - 2014-07-30 00:10 - 0000680 _____ () C:\Users\Chris\AppData\Local\d3d9caps.dat 2012-06-03 09:55 - 2015-03-31 08:19 - 0051200 _____ () C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-01-13 08:12 - 2012-01-13 08:12 - 0000036 _____ () C:\Users\Chris\AppData\Local\housecall.guid.cache 2014-11-06 22:03 - 2014-11-06 22:03 - 0000000 _____ () C:\Users\Chris\AppData\Local\{58A3253E-0601-4F77-827A-75E8523B55B2} ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-31 08:38 ==================== End Of Log ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.