grandadis64
2016-03-15, 18:07
Hi
I hope this is the right place to get help. You have helped me before, but I can't remember exactly how to go about asking.
I was using Chrome some while ago and I suddenly started to get ads and popups asking me to do a survey apparently relevant to the site I was on. I used Spybot and Malwarebytes, but they didn't go away. So I uninstalled Chrome.
This was several months ago. I just tried reinstalling Chrome to see if the problem had gone, but it hasn't. I now also get a popup and a woman's voice telling me to ring a number in the US because I have a bug in my system. This seems amazingly suspicious so I haven't rung the number. I tried to uninstall Chrome but it won't let me.
I'm really hoping you guys can help me.
Thanks in advance - I am in UK.
Grandadis64 (Malcolm)
Hi Tashi
I hope this is ok? I couldn't find an Additional.txt log!!
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Owner (administrator) on PC (15-03-2016 15:56:26)
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner & Paulin & Elliott & Hell Boy)
Platform: Windows 8 (X64) Language: English (United Kingdom)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\windows\System32\atiesrxx.exe
(AMD) C:\windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
() C:\Program Files (x86)\Knowhow Cloud\VSSService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Gemalto N.V.) C:\Users\Owner\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
(DSG Retail Limited) C:\Program Files (x86)\Knowhow Cloud\KnowhowCloud.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\windows\System32\dllhost.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Quick Start\HPQuickstart.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [607584 2015-03-18] (Copyright 2013 SAMSUNG)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7137664 2016-03-12] (AVAST Software)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Owner\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\Owner\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-02-15] (Gemalto N.V.)
HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.)
HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [Nero MediaHome 4] => "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [Amazon Music] => C:\Users\Owner\AppData\Local\Amazon Music\Amazon Music Helper.exe [5890368 2015-12-15] ()
HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [KnowhowCloud] => C:\Program Files (x86)\Knowhow Cloud\KnowhowCloud.exe [4171400 2015-10-29] (DSG Retail Limited)
HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\MountPoints2: E - "E:\Phillimore_interface.exe"
HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\MountPoints2: {9dfeebe6-34cb-11e3-be71-78e3b5c3d2fb} - "G:\IVDApp.exe"
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-03-12] (AVAST Software)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll [2012-11-10] (EldoS Corporation)
ShellIconOverlayIdentifiers: [LivedriveDownloadOverlay] -> {CBCDB610-6B68-4EE9-B7A2-1282FD0C9292} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2015-10-29] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveSharedOverlay] -> {84CEF1E4-1356-4063-845F-05047F4DD52C} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2015-10-29] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveSyncedOverlay] -> {42058329-2FBF-4B33-8E52-3BE5754DE0C1} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2015-10-29] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveUploadOverlay] -> {39A1715A-E4CD-4F1E-B5C4-36B5DB80124E} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2015-10-29] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWow64\CbFsMntNtf3.dll [2012-11-10] (EldoS Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKU\S-1-5-21-893019987-3953130637-173789047-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6CC60F6A-BA2E-4D5F-87CC-9ADD2452CC5B}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DE133B73-3209-454D-90B4-11304963094A}: [DhcpNameServer] 192.168.1.1
ManualProxies:
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/2
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-893019987-3953130637-173789047-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-893019987-3953130637-173789047-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/2
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM -> {E1F0BD2A-6CF3-4003-ACC1-5D3668553346} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {E1F0BD2A-6CF3-4003-ACC1-5D3668553346} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-893019987-3953130637-173789047-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-02-23] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-03-12] (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02] ()
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2012-06-14] (CANON INC.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-03-12] (AVAST Software)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09] (Hewlett-Packard)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2012-06-14] (CANON INC.)
Toolbar: HKU\S-1-5-21-893019987-3953130637-173789047-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-893019987-3953130637-173789047-1001 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Toolbar: HKU\S-1-5-21-893019987-3953130637-173789047-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ng6qpgwi.default
FF Homepage: hxxps://dub113.mail.live.com/default.aspx?n=1474583332&fid=1
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-12] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-10-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-15] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\7\NP_wtapp.dll [2015-03-02] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-893019987-3953130637-173789047-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Owner\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-893019987-3953130637-173789047-1001: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2013-08-27] (Sony Network Entertainment International LLC)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-12]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-03-12]
Chrome:
=======
CHR StartupUrls: Default -> "hxxps://dub113.mail.live.com/default.aspx?id=64855&owa=1&owasuffix=owa%2f"
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-15]
CHR Extension: (Rapport) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-03-15]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-14]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Avast Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-03-15]
CHR Extension: (Skype) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-03-15]
CHR Extension: (Oxford Dictionary Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhpfdikbjedijhgpmdcenknobonaafbi [2015-09-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-05]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-14]
CHR HKU\S-1-5-21-893019987-3953130637-173789047-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-12]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-12] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [119128 2016-03-12] (AVAST Software)
R2 CLHNServiceForPowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [89864 2013-06-10] (CyberLink Corp.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2809072 2016-01-20] (Microsoft Corporation)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-06-10] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-06-10] (CyberLink)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373824 2015-05-16] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-06-07] (Hewlett-Packard Company) [File not signed]
R2 LivedriveVSSService; C:\Program Files (x86)\Knowhow Cloud\VSSService.exe [212104 2015-10-29] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2374704 2016-02-28] (IBM Corp.)
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [616288 2015-03-18] (Copyright 2013 SAMSUNG)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [333824 2013-06-04] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
S0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-03-12] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-03-12] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-12] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [552880 2016-03-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-03-12] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-03-12] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-03-12] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-03-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-03-12] (AVAST Software)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [129536 2013-07-06] (Advanced Micro Devices)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352008 2012-11-10] (EldoS Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-15] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2013-04-09] (Broadcom Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-15] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R2 ntk_PowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [84168 2013-03-12] (Cyberlink Corp.)
R1 RapportCerberus_1609031; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609031.sys [1156256 2016-03-08] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [544512 2016-02-28] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [215616 2016-02-28] (IBM Corp.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [470112 2016-02-28] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [523168 2016-02-28] (IBM Corp.)
S3 RTL8192cu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1576080 2012-09-17] (Realtek Semiconductor Corporation )
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1576080 2012-09-17] (Realtek Semiconductor Corporation )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-15 15:56 - 2016-03-15 15:56 - 00024319 _____ C:\Users\Owner\Downloads\FRST.txt
2016-03-15 15:53 - 2016-03-15 15:56 - 00000000 ____D C:\FRST
2016-03-15 15:52 - 2016-03-15 15:52 - 02374144 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2016-03-15 15:50 - 2016-03-15 15:50 - 01725440 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe
2016-03-15 15:49 - 2016-03-15 15:49 - 00000207 _____ C:\windows\tweaking.com-regbackup-PC-Windows-8-(64-bit).dat
2016-03-15 15:49 - 2016-03-15 15:49 - 00000000 ____D C:\RegBackup
2016-03-15 15:48 - 2016-03-15 15:48 - 00000000 ____D C:\Users\Owner\Desktop\color_presets
2016-03-15 15:47 - 2016-03-15 15:47 - 00000000 ____D C:\Users\Owner\Desktop\files
2016-03-15 15:39 - 2016-03-15 15:39 - 02118566 _____ C:\Users\Owner\Downloads\tweaking.com_registry_backup_portable(1).zip
2016-03-15 15:38 - 2016-03-15 15:38 - 02118566 _____ C:\Users\Owner\Downloads\tweaking.com_registry_backup_portable.zip
2016-03-15 11:04 - 2016-03-15 11:04 - 00079064 _____ (Malwarebytes) C:\windows\system32\Drivers\atnsflbm.sys
2016-03-15 11:04 - 2016-03-15 11:04 - 00001742 _____ C:\Windows\Profiles\rpequpn
2016-03-15 10:28 - 2016-03-15 10:28 - 00002234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-15 10:27 - 2016-03-15 14:32 - 00000902 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-15 10:27 - 2016-03-15 11:11 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-15 10:27 - 2016-03-15 10:27 - 00003638 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-03-15 10:26 - 2016-03-15 10:26 - 00987728 _____ (Google Inc.) C:\Users\Owner\Downloads\ChromeSetup(4).exe
2016-03-15 10:25 - 2016-03-15 10:25 - 00987728 _____ (Google Inc.) C:\Users\Owner\Downloads\ChromeSetup(3).exe
2016-03-13 14:24 - 2016-03-13 14:24 - 00000000 ____D C:\Users\Owner\Documents\Custom Office Templates
2016-03-12 09:57 - 2016-03-12 09:57 - 00552880 _____ (AVAST Software) C:\windows\system32\Drivers\aswnetsec.sys
2016-03-12 09:56 - 2016-03-12 09:56 - 00398152 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2016-03-12 09:56 - 2016-03-12 09:56 - 00052184 _____ (AVAST Software) C:\windows\avastSS.scr
2016-03-09 16:13 - 2016-02-21 05:23 - 00046768 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-03-09 16:13 - 2016-02-21 03:43 - 01373184 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-03-09 16:13 - 2016-02-21 03:43 - 00696832 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-03-09 16:13 - 2016-02-21 03:43 - 00689152 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-03-09 16:13 - 2016-02-21 03:43 - 00499200 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-03-09 16:13 - 2016-02-21 03:43 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-03-09 16:13 - 2016-02-05 14:09 - 01168896 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-03-01 10:38 - 2016-03-01 10:38 - 00002907 _____ C:\Users\Owner\Downloads\Statement Download 2016-Mar-01 10-38-37.csv
2016-02-28 18:44 - 2016-02-28 18:44 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2016-02-28 18:44 - 2016-02-28 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-02-28 18:42 - 2016-02-28 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-02-28 18:42 - 2016-02-28 18:42 - 00000000 ____D C:\Program Files\7-Zip
2016-02-17 10:08 - 2016-02-17 10:25 - 1417515874 _____ C:\Users\Owner\Desktop\xcw37COMPLETEFINAL.mp4
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-15 15:50 - 2015-07-28 01:37 - 00000797 _____ C:\Users\Owner\Desktop\Settings.ini
2016-03-15 15:49 - 2014-07-04 17:59 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-15 15:48 - 2015-10-13 08:47 - 00324864 _____ (Tweaking.com) C:\Users\Owner\Desktop\TweakingRegistryBackup.exe
2016-03-15 15:48 - 2015-10-13 07:40 - 00900864 _____ (Tweaking.com) C:\Users\Owner\Desktop\TweakingFormControls.ocx
2016-03-15 15:48 - 2015-10-09 06:35 - 00088832 _____ (Tweaking.com) C:\Users\Owner\Desktop\Tweaking_Tabsv2.ocx
2016-03-15 15:48 - 2015-10-05 17:11 - 00376064 _____ (Tweaking.com) C:\Users\Owner\Desktop\TweakingImgCtl.ocx
2016-03-15 15:48 - 2014-10-07 18:04 - 00078816 _____ (PcWinTech.com) C:\Users\Owner\Desktop\pcwintech_tasksch.dll
2016-03-15 15:48 - 2014-10-07 17:56 - 00271328 _____ (Tweaking.com) C:\Users\Owner\Desktop\tweaking_com_treeview.ocx
2016-03-15 15:48 - 2014-04-15 15:05 - 00000224 _____ C:\Users\Owner\Desktop\keywords.txt
2016-03-15 15:48 - 2010-02-16 15:22 - 00136008 _____ (Microsoft Corporation) C:\Users\Owner\Desktop\MSINET.Ocx
2016-03-15 15:48 - 2003-01-26 13:41 - 00040960 _____ (vbAccelerator) C:\Users\Owner\Desktop\SSubTmr6.dll
2016-03-15 15:47 - 2015-10-13 03:36 - 00021204 _____ C:\Users\Owner\Desktop\change_log.txt
2016-03-15 15:47 - 2012-05-17 12:26 - 00000001 _____ C:\Users\Owner\Desktop\data.dat
2016-03-15 15:38 - 2015-10-14 12:43 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-03-15 11:57 - 2015-05-30 14:03 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-15 11:08 - 2012-07-26 07:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-03-15 10:28 - 2013-10-15 18:49 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-15 10:27 - 2014-07-05 06:36 - 00003874 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-03-15 10:27 - 2013-10-15 21:11 - 00000000 ____D C:\Users\Owner\Documents\FINANCE
2016-03-15 10:22 - 2013-10-15 21:21 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2016-03-14 21:48 - 2012-07-26 05:26 - 00524288 ___SH C:\windows\system32\config\BBI
2016-03-14 16:30 - 2013-10-24 18:54 - 03417214 _____ C:\Users\Owner\Documents\Lottery.xlsx
2016-03-14 16:24 - 2014-09-27 10:30 - 00038746 _____ C:\Users\Owner\Documents\Book Catalogue.xlsx
2016-03-13 19:15 - 2012-07-26 07:59 - 00000000 ____D C:\windows\CbsTemp
2016-03-13 14:44 - 2016-01-25 11:41 - 00000000 ____D C:\Users\Owner\Documents\Health
2016-03-13 14:21 - 2014-05-07 18:28 - 00000000 ____D C:\Users\Owner\Documents\QUIZ
2016-03-12 10:38 - 2015-10-14 12:43 - 00003718 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-03-12 10:20 - 2013-10-14 12:39 - 00000000 ____D C:\windows\system32\MRT
2016-03-12 10:12 - 2013-10-14 12:39 - 143659408 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-03-12 10:02 - 2016-01-20 10:34 - 00003036 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1453286043
2016-03-12 10:02 - 2016-01-20 10:34 - 00001004 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-03-12 09:58 - 2013-10-15 18:49 - 01070904 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2016-03-12 09:58 - 2013-10-15 17:50 - 00107792 _____ (AVAST Software) C:\windows\system32\Drivers\aswmonflt.sys
2016-03-12 09:57 - 2013-11-01 19:32 - 00003924 _____ C:\windows\System32\Tasks\avast! Emergency Update
2016-03-12 09:57 - 2013-10-15 18:49 - 00463744 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2016-03-12 09:57 - 2013-10-15 18:49 - 00287016 _____ (AVAST Software) C:\windows\system32\Drivers\aswvmm.sys
2016-03-12 09:57 - 2012-07-26 05:37 - 00000000 ____D C:\windows\Inf
2016-03-12 09:56 - 2014-04-20 11:23 - 00037656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2016-03-12 09:56 - 2013-12-27 22:45 - 00165344 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2016-03-12 09:56 - 2013-11-01 19:32 - 00037144 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2016-03-12 09:56 - 2013-10-15 18:49 - 00103064 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2016-03-12 09:56 - 2013-10-15 18:49 - 00074544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2016-03-12 09:46 - 2012-07-26 08:12 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-12 09:46 - 2012-07-26 08:12 - 00000000 ____D C:\windows\AUInstallAgent
2016-03-10 16:44 - 2013-10-15 20:58 - 00003594 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-893019987-3953130637-173789047-1005
2016-03-10 08:51 - 2013-10-13 08:50 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-893019987-3953130637-173789047-1001
2016-03-10 07:20 - 2014-12-11 07:19 - 00000000 ____D C:\windows\system32\appraiser
2016-03-08 10:37 - 2014-07-06 08:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2016-03-04 12:09 - 2016-02-08 12:06 - 00010245 _____ C:\Users\Owner\Documents\Quizclash top 50.xlsx
2016-02-28 20:46 - 2014-07-06 08:15 - 00470112 _____ (IBM Corp.) C:\windows\system32\Drivers\RapportKE64.sys
2016-02-28 20:46 - 2014-07-06 08:15 - 00215616 _____ (IBM Corp.) C:\windows\system32\Drivers\RapportHades64.sys
2016-02-28 18:45 - 2014-11-13 16:11 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2016-02-28 18:44 - 2014-11-13 16:11 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-02-28 18:43 - 2014-11-13 16:11 - 00000000 ____D C:\ProgramData\Skype
2016-02-23 10:24 - 2012-07-26 08:12 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-23 10:23 - 2013-10-13 09:38 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-02-23 10:17 - 2012-07-26 07:28 - 00847336 _____ C:\windows\system32\PerfStringBackup.INI
2016-02-17 10:25 - 2013-10-27 13:20 - 00512000 ___SH C:\Users\Owner\Desktop\Thumbs.db
2016-02-15 12:49 - 2016-01-19 14:38 - 00010496 _____ C:\Users\Owner\Documents\Gym Jan16.xlsx
==================== Files in the root of some directories =======
2015-07-16 06:09 - 2015-07-16 06:09 - 6420480 _____ () C:\Program Files (x86)\GUT4C6B.tmp
2016-02-03 19:44 - 2016-02-03 19:44 - 0000866 _____ () C:\Users\Owner\AppData\Local\recently-used.xbel
2015-11-10 20:05 - 2015-11-10 20:05 - 0000131 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
2013-10-13 09:52 - 2013-10-13 09:52 - 0000046 _____ () C:\ProgramData\Temp.cmd
Files to move or delete:
====================
C:\ProgramData\Temp.cmd
Some files in TEMP:
====================
C:\Users\Paulin\AppData\Local\Temp\Delta.exe
C:\Users\Paulin\AppData\Local\Temp\propsys.dll
C:\Users\Paulin\AppData\Local\Temp\WSSetup.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-03-13 14:49
==================== End of FRST.txt =================
Hello Malcolm, https://forums.spybot.info/images/smilies/animated/greeting.gif
Please see the FAQ which includes instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are the logs used in the preliminary analysis.
http://forums.spybot.info/showthread.php?t=288
Once you provide the logs in this topic I will remove my post and merge yours. https://forums.spybot.info/images/smilies/smile.png
Best regards.
I hope this is the right place to get help. You have helped me before, but I can't remember exactly how to go about asking.
I was using Chrome some while ago and I suddenly started to get ads and popups asking me to do a survey apparently relevant to the site I was on. I used Spybot and Malwarebytes, but they didn't go away. So I uninstalled Chrome.
This was several months ago. I just tried reinstalling Chrome to see if the problem had gone, but it hasn't. I now also get a popup and a woman's voice telling me to ring a number in the US because I have a bug in my system. This seems amazingly suspicious so I haven't rung the number. I tried to uninstall Chrome but it won't let me.
I'm really hoping you guys can help me.
Thanks in advance - I am in UK.
Grandadis64 (Malcolm)
Hi Tashi
I hope this is ok? I couldn't find an Additional.txt log!!
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Owner (administrator) on PC (15-03-2016 15:56:26)
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner & Paulin & Elliott & Hell Boy)
Platform: Windows 8 (X64) Language: English (United Kingdom)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\windows\System32\atiesrxx.exe
(AMD) C:\windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
() C:\Program Files (x86)\Knowhow Cloud\VSSService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Gemalto N.V.) C:\Users\Owner\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
(DSG Retail Limited) C:\Program Files (x86)\Knowhow Cloud\KnowhowCloud.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\windows\System32\dllhost.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Quick Start\HPQuickstart.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [607584 2015-03-18] (Copyright 2013 SAMSUNG)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7137664 2016-03-12] (AVAST Software)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Owner\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\Owner\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-02-15] (Gemalto N.V.)
HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.)
HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [Nero MediaHome 4] => "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [Amazon Music] => C:\Users\Owner\AppData\Local\Amazon Music\Amazon Music Helper.exe [5890368 2015-12-15] ()
HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\Run: [KnowhowCloud] => C:\Program Files (x86)\Knowhow Cloud\KnowhowCloud.exe [4171400 2015-10-29] (DSG Retail Limited)
HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\MountPoints2: E - "E:\Phillimore_interface.exe"
HKU\S-1-5-21-893019987-3953130637-173789047-1001\...\MountPoints2: {9dfeebe6-34cb-11e3-be71-78e3b5c3d2fb} - "G:\IVDApp.exe"
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-03-12] (AVAST Software)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll [2012-11-10] (EldoS Corporation)
ShellIconOverlayIdentifiers: [LivedriveDownloadOverlay] -> {CBCDB610-6B68-4EE9-B7A2-1282FD0C9292} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2015-10-29] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveSharedOverlay] -> {84CEF1E4-1356-4063-845F-05047F4DD52C} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2015-10-29] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveSyncedOverlay] -> {42058329-2FBF-4B33-8E52-3BE5754DE0C1} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2015-10-29] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveUploadOverlay] -> {39A1715A-E4CD-4F1E-B5C4-36B5DB80124E} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2015-10-29] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWow64\CbFsMntNtf3.dll [2012-11-10] (EldoS Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKU\S-1-5-21-893019987-3953130637-173789047-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6CC60F6A-BA2E-4D5F-87CC-9ADD2452CC5B}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DE133B73-3209-454D-90B4-11304963094A}: [DhcpNameServer] 192.168.1.1
ManualProxies:
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/2
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-893019987-3953130637-173789047-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-893019987-3953130637-173789047-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/2
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM -> {E1F0BD2A-6CF3-4003-ACC1-5D3668553346} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {E1F0BD2A-6CF3-4003-ACC1-5D3668553346} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-893019987-3953130637-173789047-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-02-23] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-03-12] (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02] ()
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2012-06-14] (CANON INC.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-03-12] (AVAST Software)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09] (Hewlett-Packard)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2012-06-14] (CANON INC.)
Toolbar: HKU\S-1-5-21-893019987-3953130637-173789047-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-893019987-3953130637-173789047-1001 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Toolbar: HKU\S-1-5-21-893019987-3953130637-173789047-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ng6qpgwi.default
FF Homepage: hxxps://dub113.mail.live.com/default.aspx?n=1474583332&fid=1
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-12] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-10-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-15] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\7\NP_wtapp.dll [2015-03-02] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-893019987-3953130637-173789047-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Owner\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-893019987-3953130637-173789047-1001: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2013-08-27] (Sony Network Entertainment International LLC)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-12]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-03-12]
Chrome:
=======
CHR StartupUrls: Default -> "hxxps://dub113.mail.live.com/default.aspx?id=64855&owa=1&owasuffix=owa%2f"
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-15]
CHR Extension: (Rapport) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-03-15]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-14]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Avast Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-03-15]
CHR Extension: (Skype) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-03-15]
CHR Extension: (Oxford Dictionary Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhpfdikbjedijhgpmdcenknobonaafbi [2015-09-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-05]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-14]
CHR HKU\S-1-5-21-893019987-3953130637-173789047-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-12]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-12] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [119128 2016-03-12] (AVAST Software)
R2 CLHNServiceForPowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [89864 2013-06-10] (CyberLink Corp.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2809072 2016-01-20] (Microsoft Corporation)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-06-10] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-06-10] (CyberLink)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373824 2015-05-16] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-06-07] (Hewlett-Packard Company) [File not signed]
R2 LivedriveVSSService; C:\Program Files (x86)\Knowhow Cloud\VSSService.exe [212104 2015-10-29] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2374704 2016-02-28] (IBM Corp.)
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [616288 2015-03-18] (Copyright 2013 SAMSUNG)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [333824 2013-06-04] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
S0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-03-12] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-03-12] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-12] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [552880 2016-03-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-03-12] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-03-12] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-03-12] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-03-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-03-12] (AVAST Software)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [129536 2013-07-06] (Advanced Micro Devices)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352008 2012-11-10] (EldoS Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-15] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2013-04-09] (Broadcom Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-15] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R2 ntk_PowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [84168 2013-03-12] (Cyberlink Corp.)
R1 RapportCerberus_1609031; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609031.sys [1156256 2016-03-08] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [544512 2016-02-28] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [215616 2016-02-28] (IBM Corp.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [470112 2016-02-28] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [523168 2016-02-28] (IBM Corp.)
S3 RTL8192cu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1576080 2012-09-17] (Realtek Semiconductor Corporation )
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1576080 2012-09-17] (Realtek Semiconductor Corporation )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-15 15:56 - 2016-03-15 15:56 - 00024319 _____ C:\Users\Owner\Downloads\FRST.txt
2016-03-15 15:53 - 2016-03-15 15:56 - 00000000 ____D C:\FRST
2016-03-15 15:52 - 2016-03-15 15:52 - 02374144 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2016-03-15 15:50 - 2016-03-15 15:50 - 01725440 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe
2016-03-15 15:49 - 2016-03-15 15:49 - 00000207 _____ C:\windows\tweaking.com-regbackup-PC-Windows-8-(64-bit).dat
2016-03-15 15:49 - 2016-03-15 15:49 - 00000000 ____D C:\RegBackup
2016-03-15 15:48 - 2016-03-15 15:48 - 00000000 ____D C:\Users\Owner\Desktop\color_presets
2016-03-15 15:47 - 2016-03-15 15:47 - 00000000 ____D C:\Users\Owner\Desktop\files
2016-03-15 15:39 - 2016-03-15 15:39 - 02118566 _____ C:\Users\Owner\Downloads\tweaking.com_registry_backup_portable(1).zip
2016-03-15 15:38 - 2016-03-15 15:38 - 02118566 _____ C:\Users\Owner\Downloads\tweaking.com_registry_backup_portable.zip
2016-03-15 11:04 - 2016-03-15 11:04 - 00079064 _____ (Malwarebytes) C:\windows\system32\Drivers\atnsflbm.sys
2016-03-15 11:04 - 2016-03-15 11:04 - 00001742 _____ C:\Windows\Profiles\rpequpn
2016-03-15 10:28 - 2016-03-15 10:28 - 00002234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-15 10:27 - 2016-03-15 14:32 - 00000902 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-15 10:27 - 2016-03-15 11:11 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-15 10:27 - 2016-03-15 10:27 - 00003638 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-03-15 10:26 - 2016-03-15 10:26 - 00987728 _____ (Google Inc.) C:\Users\Owner\Downloads\ChromeSetup(4).exe
2016-03-15 10:25 - 2016-03-15 10:25 - 00987728 _____ (Google Inc.) C:\Users\Owner\Downloads\ChromeSetup(3).exe
2016-03-13 14:24 - 2016-03-13 14:24 - 00000000 ____D C:\Users\Owner\Documents\Custom Office Templates
2016-03-12 09:57 - 2016-03-12 09:57 - 00552880 _____ (AVAST Software) C:\windows\system32\Drivers\aswnetsec.sys
2016-03-12 09:56 - 2016-03-12 09:56 - 00398152 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2016-03-12 09:56 - 2016-03-12 09:56 - 00052184 _____ (AVAST Software) C:\windows\avastSS.scr
2016-03-09 16:13 - 2016-02-21 05:23 - 00046768 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-03-09 16:13 - 2016-02-21 03:43 - 01373184 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-03-09 16:13 - 2016-02-21 03:43 - 00696832 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-03-09 16:13 - 2016-02-21 03:43 - 00689152 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-03-09 16:13 - 2016-02-21 03:43 - 00499200 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-03-09 16:13 - 2016-02-21 03:43 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-03-09 16:13 - 2016-02-05 14:09 - 01168896 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-03-01 10:38 - 2016-03-01 10:38 - 00002907 _____ C:\Users\Owner\Downloads\Statement Download 2016-Mar-01 10-38-37.csv
2016-02-28 18:44 - 2016-02-28 18:44 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2016-02-28 18:44 - 2016-02-28 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-02-28 18:42 - 2016-02-28 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-02-28 18:42 - 2016-02-28 18:42 - 00000000 ____D C:\Program Files\7-Zip
2016-02-17 10:08 - 2016-02-17 10:25 - 1417515874 _____ C:\Users\Owner\Desktop\xcw37COMPLETEFINAL.mp4
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-15 15:50 - 2015-07-28 01:37 - 00000797 _____ C:\Users\Owner\Desktop\Settings.ini
2016-03-15 15:49 - 2014-07-04 17:59 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-15 15:48 - 2015-10-13 08:47 - 00324864 _____ (Tweaking.com) C:\Users\Owner\Desktop\TweakingRegistryBackup.exe
2016-03-15 15:48 - 2015-10-13 07:40 - 00900864 _____ (Tweaking.com) C:\Users\Owner\Desktop\TweakingFormControls.ocx
2016-03-15 15:48 - 2015-10-09 06:35 - 00088832 _____ (Tweaking.com) C:\Users\Owner\Desktop\Tweaking_Tabsv2.ocx
2016-03-15 15:48 - 2015-10-05 17:11 - 00376064 _____ (Tweaking.com) C:\Users\Owner\Desktop\TweakingImgCtl.ocx
2016-03-15 15:48 - 2014-10-07 18:04 - 00078816 _____ (PcWinTech.com) C:\Users\Owner\Desktop\pcwintech_tasksch.dll
2016-03-15 15:48 - 2014-10-07 17:56 - 00271328 _____ (Tweaking.com) C:\Users\Owner\Desktop\tweaking_com_treeview.ocx
2016-03-15 15:48 - 2014-04-15 15:05 - 00000224 _____ C:\Users\Owner\Desktop\keywords.txt
2016-03-15 15:48 - 2010-02-16 15:22 - 00136008 _____ (Microsoft Corporation) C:\Users\Owner\Desktop\MSINET.Ocx
2016-03-15 15:48 - 2003-01-26 13:41 - 00040960 _____ (vbAccelerator) C:\Users\Owner\Desktop\SSubTmr6.dll
2016-03-15 15:47 - 2015-10-13 03:36 - 00021204 _____ C:\Users\Owner\Desktop\change_log.txt
2016-03-15 15:47 - 2012-05-17 12:26 - 00000001 _____ C:\Users\Owner\Desktop\data.dat
2016-03-15 15:38 - 2015-10-14 12:43 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-03-15 11:57 - 2015-05-30 14:03 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-15 11:08 - 2012-07-26 07:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-03-15 10:28 - 2013-10-15 18:49 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-15 10:27 - 2014-07-05 06:36 - 00003874 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-03-15 10:27 - 2013-10-15 21:11 - 00000000 ____D C:\Users\Owner\Documents\FINANCE
2016-03-15 10:22 - 2013-10-15 21:21 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2016-03-14 21:48 - 2012-07-26 05:26 - 00524288 ___SH C:\windows\system32\config\BBI
2016-03-14 16:30 - 2013-10-24 18:54 - 03417214 _____ C:\Users\Owner\Documents\Lottery.xlsx
2016-03-14 16:24 - 2014-09-27 10:30 - 00038746 _____ C:\Users\Owner\Documents\Book Catalogue.xlsx
2016-03-13 19:15 - 2012-07-26 07:59 - 00000000 ____D C:\windows\CbsTemp
2016-03-13 14:44 - 2016-01-25 11:41 - 00000000 ____D C:\Users\Owner\Documents\Health
2016-03-13 14:21 - 2014-05-07 18:28 - 00000000 ____D C:\Users\Owner\Documents\QUIZ
2016-03-12 10:38 - 2015-10-14 12:43 - 00003718 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-03-12 10:20 - 2013-10-14 12:39 - 00000000 ____D C:\windows\system32\MRT
2016-03-12 10:12 - 2013-10-14 12:39 - 143659408 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-03-12 10:02 - 2016-01-20 10:34 - 00003036 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1453286043
2016-03-12 10:02 - 2016-01-20 10:34 - 00001004 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-03-12 09:58 - 2013-10-15 18:49 - 01070904 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2016-03-12 09:58 - 2013-10-15 17:50 - 00107792 _____ (AVAST Software) C:\windows\system32\Drivers\aswmonflt.sys
2016-03-12 09:57 - 2013-11-01 19:32 - 00003924 _____ C:\windows\System32\Tasks\avast! Emergency Update
2016-03-12 09:57 - 2013-10-15 18:49 - 00463744 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2016-03-12 09:57 - 2013-10-15 18:49 - 00287016 _____ (AVAST Software) C:\windows\system32\Drivers\aswvmm.sys
2016-03-12 09:57 - 2012-07-26 05:37 - 00000000 ____D C:\windows\Inf
2016-03-12 09:56 - 2014-04-20 11:23 - 00037656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2016-03-12 09:56 - 2013-12-27 22:45 - 00165344 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2016-03-12 09:56 - 2013-11-01 19:32 - 00037144 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2016-03-12 09:56 - 2013-10-15 18:49 - 00103064 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2016-03-12 09:56 - 2013-10-15 18:49 - 00074544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2016-03-12 09:46 - 2012-07-26 08:12 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-12 09:46 - 2012-07-26 08:12 - 00000000 ____D C:\windows\AUInstallAgent
2016-03-10 16:44 - 2013-10-15 20:58 - 00003594 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-893019987-3953130637-173789047-1005
2016-03-10 08:51 - 2013-10-13 08:50 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-893019987-3953130637-173789047-1001
2016-03-10 07:20 - 2014-12-11 07:19 - 00000000 ____D C:\windows\system32\appraiser
2016-03-08 10:37 - 2014-07-06 08:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2016-03-04 12:09 - 2016-02-08 12:06 - 00010245 _____ C:\Users\Owner\Documents\Quizclash top 50.xlsx
2016-02-28 20:46 - 2014-07-06 08:15 - 00470112 _____ (IBM Corp.) C:\windows\system32\Drivers\RapportKE64.sys
2016-02-28 20:46 - 2014-07-06 08:15 - 00215616 _____ (IBM Corp.) C:\windows\system32\Drivers\RapportHades64.sys
2016-02-28 18:45 - 2014-11-13 16:11 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2016-02-28 18:44 - 2014-11-13 16:11 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-02-28 18:43 - 2014-11-13 16:11 - 00000000 ____D C:\ProgramData\Skype
2016-02-23 10:24 - 2012-07-26 08:12 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-23 10:23 - 2013-10-13 09:38 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-02-23 10:17 - 2012-07-26 07:28 - 00847336 _____ C:\windows\system32\PerfStringBackup.INI
2016-02-17 10:25 - 2013-10-27 13:20 - 00512000 ___SH C:\Users\Owner\Desktop\Thumbs.db
2016-02-15 12:49 - 2016-01-19 14:38 - 00010496 _____ C:\Users\Owner\Documents\Gym Jan16.xlsx
==================== Files in the root of some directories =======
2015-07-16 06:09 - 2015-07-16 06:09 - 6420480 _____ () C:\Program Files (x86)\GUT4C6B.tmp
2016-02-03 19:44 - 2016-02-03 19:44 - 0000866 _____ () C:\Users\Owner\AppData\Local\recently-used.xbel
2015-11-10 20:05 - 2015-11-10 20:05 - 0000131 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
2013-10-13 09:52 - 2013-10-13 09:52 - 0000046 _____ () C:\ProgramData\Temp.cmd
Files to move or delete:
====================
C:\ProgramData\Temp.cmd
Some files in TEMP:
====================
C:\Users\Paulin\AppData\Local\Temp\Delta.exe
C:\Users\Paulin\AppData\Local\Temp\propsys.dll
C:\Users\Paulin\AppData\Local\Temp\WSSetup.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-03-13 14:49
==================== End of FRST.txt =================
Hello Malcolm, https://forums.spybot.info/images/smilies/animated/greeting.gif
Please see the FAQ which includes instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are the logs used in the preliminary analysis.
http://forums.spybot.info/showthread.php?t=288
Once you provide the logs in this topic I will remove my post and merge yours. https://forums.spybot.info/images/smilies/smile.png
Best regards.