Jump to content

Recommended Posts

I've run the free trial of Malware Premium but it's still there

 

logs below

Additional scan result of Farbar Recovery Scan Tool (x86) Version:30-11-2015
Ran by linda (2015-12-01 14:41:16)
Running from C:\Users\linda\Downloads
Microsoft Windows 8.1 (X86) (2015-09-10 17:46:09)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-760253136-109537072-4231866408-500 - Administrator - Disabled)
Guest (S-1-5-21-760253136-109537072-4231866408-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-760253136-109537072-4231866408-1003 - Limited - Enabled)
linda (S-1-5-21-760253136-109537072-4231866408-1001 - Administrator - Enabled) => C:\Users\linda
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Amazon Kindle (HKU\S-1-5-21-760253136-109537072-4231866408-1001\...\Amazon Kindle) (Version:  - Amazon)
ASUS AC Reminder (HKLM\...\{B002B54C-FFE8-4331-8F9B-90CC9366362A}) (Version: 2.0.0 - ASUS)
ASUS Live Update (HKLM\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.7 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
ASUS Smart Gesture (HKLM\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.10 - ASUS)
ATK Package (HKLM\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)
Avast Free Antivirus (HKLM\...\Avast) (Version: 11.1.2241 - AVAST Software)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.93.99.187.1 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Google Chrome (HKLM\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3417 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office (HKLM\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Realtek I2S Audio (HKLM\...\{89A448AA-3301-46AA-AFC3-34F2D7C670E8}) (Version: 6.2.9600.4055 - Realtek Semiconductor Corp.)
WebStorage (HKLM\...\WebStorage) (Version: 2.0.3.226 - ASUS Cloud Corporation)
Windows Driver Package - ASUS (AsusHID) Mouse  (02/12/2014 3.0.0.23) (HKLM\...\88F3FD439A3012A11FEF853A27C299ED116ABA8D) (Version: 02/12/2014 3.0.0.23 - ASUS)
WinFlash (HKLM\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
30-11-2015 19:03:17 Scheduled Checkpoint
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:13 - 2013-08-22 06:13 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01E2CBEE-7830-4530-B461-C8A185F6FAD6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-11] (Google Inc.)
Task: {12CB44EB-5338-46B2-87FB-96066336F5D0} - System32\Tasks\ASUS Live Update2 => C:\Program Files [2015-12-01] ()
Task: {15E6778A-7940-46AE-9905-E344D96670E0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {173A6AA0-52EB-4C0B-85AF-AFDD3F356D89} - System32\Tasks\ASUS Live Update1 => C:\Program Files [2015-12-01] ()
Task: {198E340C-DAEF-4FBF-9E5E-504EABF1E9C2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-11-30] (AVAST Software)
Task: {66D2EC77-BF3F-4DE5-8A8D-52B6CD34C912} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-11-11] (Microsoft Corporation)
Task: {6A9F8AFA-5C22-4620-8B06-6464D1250461} - System32\Tasks\ASUS AC Reminder => C:\Program Files\ASUS\ASUS AC Reminder\ACReminderSrv.exe [2013-12-23] (ASUSTek Computer INC.)
Task: {6B1282CC-34B1-44D8-A2A5-D24B7971E6B5} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel.exe [2013-01-09] (ASUSTek Computer INC.)
Task: {8053A727-B6F6-4641-A46F-3FED3A88B8BE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-11] (Google Inc.)
Task: {BDF340DF-4D6E-47E6-BABE-62A55E7832A8} - System32\Tasks\Update Checker => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2013-11-27] ()
Task: {EB8E8170-10A7-423C-AA6E-0C096E1BBAB0} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLauncher.exe [2014-02-13] (AsusTek)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-11-30 16:00 - 2015-11-30 16:00 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-11-30 16:00 - 2015-11-30 16:00 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-12-01 11:15 - 2015-12-01 11:15 - 02813440 _____ () C:\Program Files\AVAST Software\Avast\defs\15120101\algo.dll
2015-11-30 16:00 - 2015-11-30 16:00 - 00466448 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-11-30 16:00 - 2015-11-30 16:00 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-11-18 12:47 - 2015-11-07 04:36 - 01532744 _____ () C:\Program Files\Google\Chrome\Application\46.0.2490.86\libglesv2.dll
2015-11-18 12:47 - 2015-11-07 04:36 - 00081224 _____ () C:\Program Files\Google\Chrome\Application\46.0.2490.86\libegl.dll
2015-11-18 12:47 - 2015-11-07 04:36 - 16496456 _____ () C:\Program Files\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-760253136-109537072-4231866408-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\asus\wallpapers\asus.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{CDEF8F61-7EEC-4A24-9C68-8CD57F892510}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/01/2015 02:30:23 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceServiceMainThread:  App specific mode was turned off, but timer was not running.
 
Error: (12/01/2015 01:54:26 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceServiceMainThread:  App specific mode was turned off, but timer was not running.
 
Error: (11/30/2015 06:54:48 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Recovery was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)
 
Error: (11/30/2015 06:45:27 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceServiceMainThread:  App specific mode was turned off, but timer was not running.
 
Error: (11/30/2015 06:45:08 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialised.
 
Details:
The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)
 
Error: (11/30/2015 06:45:08 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialised.
 
Context: Windows Application
 
Details:
The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)
 
Error: (11/30/2015 06:45:08 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialised.
 
Context: Windows Application, SystemIndex Catalogue
 
Details:
The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)
 
Error: (11/30/2015 06:45:08 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialised.
 
Context: Windows Application, SystemIndex Catalogue
 
Details:
The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)
 
Error: (11/30/2015 06:45:08 PM) (Source: Windows Search Service) (EventID: 3057) (User: )
Description: The plug-in manager <Search.TripoliIndexer> cannot be initialised.
 
Context: Windows Application
 
Details:
(HRESULT : 0x8e5e0210) (0x8e5e0210)
 
Error: (11/30/2015 06:45:08 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
Details:
The content index catalogue is corrupt.   0xc0041801 (0xc0041801)
 
 
System errors:
=============
Error: (12/01/2015 01:53:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error: 
%%3
 
Error: (12/01/2015 01:53:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%3
 
Error: (12/01/2015 01:53:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%3
 
Error: (12/01/2015 01:53:12 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\bcmihvsrv.dll
 
Error: (12/01/2015 01:53:12 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\bcmihvsrv.dll
 
Error: (12/01/2015 01:53:11 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\bcmihvsrv.dll
 
Error: (12/01/2015 01:52:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (12/01/2015 01:52:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface service terminated unexpectedly. It has done this 1 time(s).
 
Error: (12/01/2015 01:52:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (12/01/2015 01:52:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel® Capability Licensing Service Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Atom CPU Z3740 @ 1.33GHz
Percentage of memory in use: 80%
Total physical RAM: 1933.15 MB
Available physical RAM: 382.29 MB
Total Virtual: 3213.15 MB
Available Virtual: 1028.49 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:28.22 GB) (Free:5.54 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: 9BE5549D)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-11-2015
Ran by linda (administrator) on LINDAS (01-12-2015 14:40:07)
Running from C:\Users\linda\Downloads
Loaded Profiles: linda (Available Profiles: linda)
Platform: Microsoft Windows 8.1 (X86) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe
(ASUS Cloud Corporation) C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel.exe
(ASUSTek Computer INC.) C:\Program Files\ASUS\ASUS AC Reminder\ACReminderSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLoader.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x86__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16.0.3327.1048_x86__8wekyb3d8bbwe\onenoteim.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.4.9926.17994_x86__8wekyb3d8bbwe\glcnd.exe
(Intel Corporation) C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(ASUS Cloud Corporation) C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSPanel.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\linda\Downloads\FRST (1).exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [3216032 2013-12-13] (ASUSTek Computer Inc.)
HKLM\...\Run: [WebStorage] => C:\Program Files\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe [63296 2013-08-16] ()
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [81360 2014-01-21] (Intel Corporation)
HKLM\...\Run: [RtkNGUI] => C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe [2904064 2013-10-30] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7004376 2015-11-30] (AVAST Software)
HKU\S-1-5-21-760253136-109537072-4231866408-1001\...\Run: [GoogleChromeAutoLaunch_C6C77B47E5A15FA8F3D7B065ED1827CE] => C:\Program Files\Google\Chrome\Application\chrome.exe [811848 2015-11-07] (Google Inc.)
HKU\S-1-5-21-760253136-109537072-4231866408-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6602152 2015-11-16] (Piriform Ltd)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_BN] -> {CC5FC992-B0AA-47CD-9DC2-83445083CBB9} => C:\Program Files\Common Files\AWS\2.0.3.226\ASUSWSShellExt.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_ON] -> {618A47A2-528B-4D9A-AFC8-97D3233511E3} => C:\Program Files\Common Files\AWS\2.0.3.226\ASUSWSShellExt.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_UN] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files\Common Files\AWS\2.0.3.226\ASUSWSShellExt.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-11-30] (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{22EE4D55-1FE6-4F6C-A7B1-24980436F99E}: [DhcpNameServer] 169.254.125.80
Tcpip\..\Interfaces\{919360F4-9B84-4A82-9D40-88C0140F40FF}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\S-1-5-21-760253136-109537072-4231866408-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-760253136-109537072-4231866408-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-760253136-109537072-4231866408-1001 -> OldSearch URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-30] (AVAST Software)
 
FireFox:
========
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2013-07-12] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2013-07-12] (Intel Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-11-30]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggQcwwBB1gVGBgTcV9eTA1IFQUOIgsLABRBFgwQdQxdUwFAEwIFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlEgVFxAK3JWDk4=","hxxp://google.com/","hxxps://www.google.com/"
CHR Profile: C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-11]
CHR Extension: (Google Docs) - C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-11]
CHR Extension: (Google Drive) - C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Google Sheets) - C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-11]
CHR Extension: (Google Docs Offline) - C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Pin It Button) - C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-09-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-11]
CHR Extension: (Gmail) - C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-11]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-30]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AsHidService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [103224 2013-09-09] (ASUSTek Computer Inc.)
R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [111416 2013-09-09] (ASUSTek Computer Inc.)
R2 Asus WebStorage Windows Service; C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [File not signed]
R2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-21] (ASUS)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [174416 2015-11-30] (AVAST Software)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [1677016 2014-04-28] (Broadcom Corporation.)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [277304 2014-02-11] (Intel Corporation)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [83920 2014-01-21] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [96720 2014-01-21] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [90576 2014-01-21] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [586752 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [637912 2013-07-01] (Intel® Corporation)
R2 jhi_service; C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-01-15] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [278264 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22240 2013-08-22] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-02] (ASUS)
S3 AsusHID; C:\Windows\System32\drivers\AsusHID.sys [68376 2014-02-13] (ASUS Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-11-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [81168 2015-11-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-11-30] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-11-30] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [794952 2015-11-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [435464 2015-11-30] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [117200 2015-11-30] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209432 2015-11-30] (AVAST Software)
R1 ATKWMIACPIIO; C:\Program Files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [17720 2013-07-02] (ASUSTek Computer Inc.)
R3 BCMSDH43XX; C:\Windows\system32\DRIVERS\bcmdhd63.sys [304344 2014-04-28] (Broadcom Corp)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [186880 2013-12-04] (Microsoft Corporation)
R3 BthMini; C:\Windows\System32\Drivers\BTHMINI.sys [23552 2014-10-29] (Microsoft Corporation)
S3 btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [144600 2014-04-28] (Broadcom Corporation.)
R3 BtwSerialBus; C:\Windows\system32\DRIVERS\BtwSerialBus.sys [130776 2014-04-28] (Broadcom Corporation.)
R3 camera; C:\Windows\system32\DRIVERS\camera.sys [345088 2013-12-02] (Intel Corporation)
R3 CM3218x; C:\Windows\system32\DRIVERS\WUDFRd.sys [190976 2014-10-29] (Microsoft Corporation)
R3 CPLMACPI; C:\Windows\system32\DRIVERS\CPLMACPI.sys [16488 2013-09-06] (Capella Microsystems, Inc.)
R3 DptfDevDBPT; C:\Windows\system32\DRIVERS\DptfDevPower.sys [25552 2014-01-21] (Intel Corporation)
R3 DptfDevDisplay; C:\Windows\system32\DRIVERS\DptfDevDisplay.sys [28112 2014-01-21] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [36304 2014-01-21] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [80848 2014-01-21] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [181712 2014-01-21] (Intel Corporation)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [23552 2013-12-30] (Intel Corporation)
R3 GpioVirtual; C:\Windows\System32\drivers\iaiogpiovirtual.sys [16896 2013-12-30] (Intel Corporation)
R3 HIDSwitch; C:\Windows\System32\drivers\AsHIDSwitch.sys [17720 2013-10-08] (ASUS)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [58368 2013-11-15] (Intel Corporation)
R3 iaiouart; C:\Windows\System32\drivers\iaiouart.sys [87552 2013-12-30] (Intel Corporation)
S0 iaStorA; C:\Windows\System32\drivers\iaStorA.sys [505192 2013-08-09] (Intel Corporation)
S3 intaud_WaveExtensible; C:\Windows\system32\drivers\intelaud.sys [32664 2014-01-22] (Intel Corporation)
R3 IntelSST; C:\Windows\system32\drivers\isstrtc.sys [254464 2013-12-30] (Intel® Corporation)
R3 INVN_MotionApps; C:\Windows\system32\DRIVERS\WUDFRd.sys [190976 2014-10-29] (Microsoft Corporation)
R3 iwdbus; C:\Windows\System32\drivers\iwdbus.sys [23448 2014-01-22] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2015-12-01] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [21456 2013-12-30] (Intel Corporation)
R3 MT9M114; C:\Windows\System32\drivers\MT9M114.sys [38912 2013-12-02] (Intel Corporation)
S3 NETwNs32; C:\Windows\system32\DRIVERS\Netwsn00.sys [10372096 2013-06-18] (Intel Corporation)
R3 PMIC; C:\Windows\System32\drivers\PMIC.sys [48128 2013-12-30] (Intel Corporation)
R3 rtii2sac; C:\Windows\system32\DRIVERS\rtii2sac.sys [149720 2013-12-05] (Realtek Semiconductor Corp.)
S3 RTLU3E8023-W8-32; C:\Windows\system32\DRIVERS\rtu30x86w8.sys [57856 2013-06-18] (Realtek                                            )
R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [190976 2014-10-29] (Microsoft Corporation)
R3 TXEI; C:\Windows\System32\drivers\TXEI.sys [75792 2014-02-26] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [29128 2013-08-22] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [214368 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [93024 2013-08-22] (Microsoft Corporation)
R3 WUDFSensorLP; C:\Windows\System32\drivers\WUDFRd.sys [190976 2014-10-29] (Microsoft Corporation)
U0 msahci; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-01 14:40 - 2015-12-01 14:40 - 00017433 _____ C:\Users\linda\Downloads\FRST.txt
2015-12-01 14:39 - 2015-12-01 14:40 - 00000000 ____D C:\FRST
2015-12-01 14:39 - 2015-12-01 14:39 - 01721344 _____ (Farbar) C:\Users\linda\Downloads\FRST.exe
2015-12-01 14:39 - 2015-12-01 14:39 - 01721344 _____ (Farbar) C:\Users\linda\Downloads\FRST (1).exe
2015-12-01 14:21 - 2015-12-01 14:29 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-01 14:21 - 2015-12-01 14:21 - 00001072 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-01 14:21 - 2015-12-01 14:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-01 14:21 - 2015-12-01 14:21 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-12-01 14:21 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-01 14:21 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-01 14:21 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-01 14:18 - 2015-12-01 14:19 - 22908888 _____ (Malwarebytes ) C:\Users\linda\Downloads\mbam-setup-2.2.0.1024 (1).exe
2015-11-30 19:30 - 2015-11-30 19:30 - 04729752 _____ (PCSpeedupPro.com ) C:\Users\linda\Downloads\pcspromn1.exe
2015-11-30 17:09 - 2015-11-30 17:09 - 06801752 _____ (Piriform Ltd) C:\Users\linda\Downloads\ccsetup512.exe
2015-11-30 17:09 - 2015-11-30 17:09 - 06801752 _____ (Piriform Ltd) C:\Users\linda\Downloads\ccsetup512 (1).exe
2015-11-30 17:09 - 2015-11-30 17:09 - 00000000 ____D C:\Program Files\CCleaner
2015-11-30 17:02 - 2015-11-30 17:02 - 00000000 ____D C:\Users\linda\AppData\Local\ElevatedDiagnostics
2015-11-30 16:33 - 2015-11-30 16:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-30 16:31 - 2015-11-30 16:32 - 22908888 _____ (Malwarebytes ) C:\Users\linda\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-30 16:25 - 2015-12-01 14:29 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-11-30 16:15 - 2015-12-01 13:52 - 00000000 ____D C:\AdwCleaner
2015-11-30 16:14 - 2015-11-30 16:15 - 01736704 _____ C:\Users\linda\Downloads\adwcleaner_5.023.exe
2015-11-30 16:04 - 2015-11-30 16:00 - 00322760 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-11-30 16:02 - 2015-11-30 16:02 - 00002091 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-11-30 16:02 - 2015-11-30 16:02 - 00000000 ____D C:\Users\linda\AppData\Roaming\AVAST Software
2015-11-30 16:02 - 2015-11-30 16:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-11-30 16:01 - 2015-11-30 16:00 - 00435464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-11-30 16:01 - 2015-11-30 16:00 - 00209432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-11-30 16:01 - 2015-11-30 16:00 - 00117200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-11-30 16:01 - 2015-11-30 16:00 - 00081728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-11-30 16:01 - 2015-11-30 16:00 - 00081168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-11-30 16:01 - 2015-11-30 16:00 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-11-30 16:01 - 2015-11-30 16:00 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-11-30 16:01 - 2015-11-30 15:59 - 00794952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-11-30 16:00 - 2015-11-30 16:00 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-11-30 15:57 - 2015-11-30 15:57 - 00000000 ____D C:\Program Files\AVAST Software
2015-11-30 15:50 - 2015-11-30 15:51 - 00000000 ____D C:\ProgramData\AVAST Software
2015-11-30 15:41 - 2015-11-30 15:52 - 05084256 _____ (AVAST Software) C:\Users\linda\Downloads\avast_free_antivirus_setup_online_cnet2 (3).exe
2015-11-30 15:38 - 2015-11-30 15:52 - 05084256 _____ (AVAST Software) C:\Users\linda\Downloads\avast_free_antivirus_setup_online_cnet2 (2).exe
2015-11-30 15:38 - 2015-11-30 15:51 - 05084256 _____ (AVAST Software) C:\Users\linda\Downloads\avast_free_antivirus_setup_online_cnet2 (1).exe
2015-11-30 15:36 - 2015-11-30 15:36 - 05084256 ____N (AVAST Software) C:\Users\linda\Downloads\avast_free_antivirus_setup_online_cnet2.exe
2015-11-19 19:41 - 2015-11-19 19:41 - 06769664 _____ C:\Users\linda\Downloads\MEMBERSHIP-AWARD2.ppt
2015-11-10 23:32 - 2015-10-20 21:59 - 00128568 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-10 23:32 - 2015-10-20 14:21 - 03066368 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-10 23:32 - 2015-10-20 14:14 - 02175488 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-10 23:32 - 2015-10-20 14:14 - 00721920 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-10 23:32 - 2015-10-20 14:13 - 00334336 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-11-10 23:32 - 2015-10-20 14:13 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-10 23:32 - 2015-10-20 14:13 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-10 23:32 - 2015-10-20 14:13 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-10 23:32 - 2015-10-17 14:00 - 03521536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-10 23:32 - 2015-10-15 15:46 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-10 23:32 - 2015-10-14 23:07 - 05765976 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-10 23:32 - 2015-10-14 23:07 - 01393584 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-11-10 23:32 - 2015-10-14 23:07 - 01282528 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-11-10 23:32 - 2015-10-14 23:07 - 01269072 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-11-10 23:32 - 2015-10-14 23:07 - 01168912 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-11-10 23:32 - 2015-10-13 16:24 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-10 23:32 - 2015-10-13 16:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-10 23:32 - 2015-10-13 15:59 - 00340872 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-10 23:32 - 2015-10-13 15:59 - 00120376 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-10 23:32 - 2015-10-13 15:59 - 00091416 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2015-11-10 23:32 - 2015-10-11 06:41 - 00478800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-10 23:32 - 2015-10-11 06:41 - 00148312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-10 23:32 - 2015-10-10 17:35 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-10 23:32 - 2015-10-10 17:35 - 00153088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-10 23:32 - 2015-10-10 16:46 - 01117696 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-10 23:32 - 2015-10-10 16:45 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-10 23:32 - 2015-10-08 15:45 - 00734208 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-11-10 23:32 - 2015-09-12 13:28 - 00414559 _____ C:\Windows\system32\ApnDatabase.xml
2015-11-10 23:32 - 2015-08-28 22:24 - 00148736 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2015-11-10 23:32 - 2015-08-20 20:01 - 01134168 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-11-10 23:32 - 2015-08-10 17:01 - 00570368 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-11-10 23:32 - 2015-08-10 16:56 - 00272384 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-11-10 23:32 - 2015-08-10 16:46 - 00561664 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-11-10 23:32 - 2014-11-10 17:47 - 00069440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2015-11-10 23:32 - 2014-11-05 01:18 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2015-11-10 23:31 - 2015-10-30 22:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-10 23:31 - 2015-10-30 22:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-10 23:31 - 2015-10-30 22:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-10 23:31 - 2015-10-30 22:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-10 23:31 - 2015-10-30 22:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-10 23:31 - 2015-10-30 22:14 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-11-10 23:31 - 2015-10-30 22:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-10 23:31 - 2015-10-30 22:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-10 23:31 - 2015-10-30 22:09 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-10 23:31 - 2015-10-30 21:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-10 23:31 - 2015-10-30 21:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-10 23:31 - 2015-10-30 21:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-10 23:31 - 2015-09-29 12:30 - 00131416 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2015-11-10 23:31 - 2015-09-04 18:04 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2015-11-10 23:30 - 2015-09-07 15:54 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-11-10 23:30 - 2015-09-07 15:22 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-11-06 03:33 - 2015-11-06 03:33 - 00000000 ___HD C:\$Windows.~BT
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-01 14:40 - 2013-08-22 06:21 - 00000000 ____D C:\Windows
2015-12-01 14:35 - 2013-12-13 20:46 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-01 14:35 - 2013-08-22 06:21 - 00000000 ____D C:\Windows\inf
2015-12-01 14:30 - 2015-09-21 17:29 - 00000000 __RDO C:\Users\linda\OneDrive
2015-12-01 14:29 - 2015-09-11 14:36 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-01 14:29 - 2013-08-22 08:17 - 00000000 ___RD C:\Windows\Offline Web Pages
2015-12-01 14:29 - 2013-08-22 07:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-01 14:29 - 2013-08-22 06:13 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-12-01 13:47 - 2015-09-11 14:36 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-01 11:34 - 2015-09-10 17:46 - 00000000 ____D C:\Users\linda
2015-11-30 17:12 - 2015-09-17 22:48 - 00000000 ____D C:\Windows\Minidump
2015-11-30 17:12 - 2013-12-14 04:21 - 00000000 ____D C:\Windows\Panther
2015-11-30 17:06 - 2015-09-10 17:46 - 00000000 ____D C:\Users\linda\AppData\Local\Packages
2015-11-30 17:06 - 2013-08-22 08:17 - 00000000 ____D C:\Windows\AppReadiness
2015-11-30 16:53 - 2013-08-22 08:17 - 00000000 ____D C:\Windows\MediaViewer
2015-11-29 14:24 - 2013-08-22 08:17 - 00000000 ____D C:\Windows\system32\GroupPolicy
2015-11-29 14:23 - 2015-09-11 14:37 - 00002221 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-29 13:53 - 2015-09-17 21:29 - 00000000 __SHD C:\Users\linda\AppData\LocalLow\EmieUserList
2015-11-29 13:53 - 2015-09-17 21:29 - 00000000 __SHD C:\Users\linda\AppData\LocalLow\EmieSiteList
2015-11-29 13:53 - 2015-09-17 21:29 - 00000000 __SHD C:\Users\linda\AppData\Local\EmieUserList
2015-11-29 13:53 - 2015-09-17 21:29 - 00000000 __SHD C:\Users\linda\AppData\Local\EmieSiteList
2015-11-21 09:52 - 2013-08-22 08:17 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-21 09:26 - 2013-08-22 08:05 - 00000000 ____D C:\Windows\CbsTemp
2015-11-17 15:46 - 2013-08-22 08:17 - 00000000 ____D C:\Windows\rescache
2015-11-17 09:48 - 2013-08-22 08:17 - 00000000 ____D C:\Windows\LiveKernelReports
2015-11-15 10:16 - 2013-08-22 07:22 - 00335400 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-15 10:13 - 2013-08-22 08:17 - 00000000 ___RD C:\Windows\ToastData
2015-11-11 01:33 - 2015-09-13 06:48 - 00000000 ____D C:\Windows\system32\MRT
2015-11-11 01:19 - 2015-09-13 06:48 - 143250520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-03 13:26 - 2015-09-11 14:44 - 00000000 ____D C:\Users\linda\Documents\My Kindle Content
2015-11-03 00:23 - 2015-09-15 18:01 - 00810488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-11-03 00:23 - 2015-09-15 18:01 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2013-12-13 20:38 - 2012-07-30 06:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2013-12-13 20:38 - 2009-07-22 10:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-12-13 20:38 - 2012-09-07 11:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
 
Some files in TEMP:
====================
C:\Users\linda\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-01 04:48
 
==================== End of FRST.txt ===========================
 
 

This is a tablet beloning to a disabled non-techy friend who relies on it for email and shopping

 

any help appreciated

 

tia

 

AC

Link to post
Share on other sites

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • I volunteer to help you, so please, do not ask for help for your company/business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

:excl: There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  warning.gif Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 


FRST.gif Scan with Farbar Recovery Scan Tool

 

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please upload them into your next reply.
Link to post
Share on other sites

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif

icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please attach it to your reply.

fixlist.txt

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.