Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Possible malware causes file deletions/slow PC

This is a discussion on Possible malware causes file deletions/slow PC within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. Symptoms: 1) Very fast computer (bought so my son could play games) suddenly really slowed down Saturday 2) When I


Closed Thread
 
Thread Tools Search this Thread
Old 02-24-2016, 07:34 PM   #1
Registered Member
 
Join Date: Nov 2009
Posts: 87
OS: Windows 8.1



Symptoms:

1) Very fast computer (bought so my son could play games) suddenly really slowed down Saturday

2) When I was working with files (editing videos) Saturday night I noticed that files started being sent into my recycle bin "on their own"

3) also started getting administrator consent requests to delete the entire contents of my hard drives -- naturally I said no

4) when looking at a file mysteriously moved into my recycle bin, and trying to restore it, instead got a barrage of the same popup asking if I was sure I wanted to permanently delete that file

5) Ran malwarebytes and Windows Defender in normal mode -- nothing

6) Ran Defender in safe mode -- nothing

7) downloaded Avira and ran it in normal mode -- one piece of adware which was quarantined

8) The deletion has stopped but the computer still runs very slowly. Also the PC sometimes randomly starts "powerdirector" without my intervention.

Thank you in advance.

FRST64 log (because DDS "will not run in compatibility mode")

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-02-2016
Ran by Lawrence (administrator) on SABERTOOTHZ97 (24-02-2016 22:31:35)
Running from C:\Users\Lawrence\Desktop
Loaded Profiles: Lawrence & (Available Profiles: Lawrence & Alex)
Platform: Windows 8.1 Pro with Media Center (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7570136 2014-04-14] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-01-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [804168 2016-02-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [14960 2016-02-01] (Avira Operations GmbH & Co. KG)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 167.206.10.178 167.206.10.179
Tcpip\..\Interfaces\{09064FEB-F4F7-44FC-B44B-9115B27931CB}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{09064FEB-F4F7-44FC-B44B-9115B27931CB}: [DhcpNameServer] 167.206.10.178 167.206.10.179

Internet Explorer:
==================
HKU\S-1-5-21-2898730217-3902260506-2628214603-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.msn.com/
HKU\S-1-5-21-2898730217-3902260506-2628214603-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.msn.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

FireFox:
========
FF ProfilePath: C:\Users\Lawrence\AppData\Roaming\Mozilla\Firefox\Profiles\mk2tpf0d.default
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-2898730217-3902260506-2628214603-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-01-03] ()
FF Extension: Avira Browser Safety - C:\Users\Lawrence\AppData\Roaming\Mozilla\Firefox\Profiles\mk2tpf0d.default\Extensions\[email protected] [2016-02-20]
FF Extension: Video DownloadHelper - C:\Users\Lawrence\AppData\Roaming\Mozilla\Firefox\Profiles\mk2tpf0d.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-12-19]

Chrome:
=======
CHR Profile: C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-07]
CHR Extension: (Google Docs) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
CHR Extension: (Google Drive) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Google Search) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-07]
CHR Extension: (Avira Browser Safety) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-02-21]
CHR Extension: (Google Docs Offline) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-01]
CHR Extension: (Gmail) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor13.0; C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe [231120 2015-01-30] (Adobe Systems Incorporated)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [948392 2016-02-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466408 2016-02-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466408 2016-02-17] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1417592 2016-02-17] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-27] ()
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [260456 2016-01-27] (Avira Operations GmbH & Co. KG)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-10-04] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2014-04-01] (CyberLink)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [24224 2016-02-01] (Avira Operations GmbH & Co. KG)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 61883; C:\Windows\System32\drivers\61883.sys [59904 2013-08-22] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-27] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [135880 2016-02-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146704 2016-02-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-02-17] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [73032 2016-02-17] (Avira Operations GmbH & Co. KG)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [457496 2014-03-13] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 jakstaVA; C:\Windows\system32\DRIVERS\jaksta_va.sys [103816 2014-12-08] (e2eSoft)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-24] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46768 2015-05-18] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S2 NEWDRIVER; \??\C:\Windows\SysWow64\WinVDEdrv6.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-24 22:30 - 2016-02-24 22:30 - 02371072 _____ (Farbar) C:\Users\Lawrence\Desktop\FRST64.exe
2016-02-24 22:19 - 2016-02-24 22:19 - 00688992 _____ (Swearware) C:\Users\Lawrence\Desktop\dds.scr
2016-02-24 20:01 - 2016-02-24 20:01 - 05404312 _____ (Avira Operations GmbH & Co. KG) C:\Users\Lawrence\Downloads\avira_en_asu60_3014771554_opgyxyv4bf80vlrypg46_wd.exe
2016-02-24 20:01 - 2016-02-24 20:01 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-24 19:54 - 2016-02-24 20:10 - 00000000 ____D C:\Users\Public\Speedup Sessions
2016-02-24 19:54 - 2016-02-24 19:54 - 00003364 _____ C:\Windows\System32\Tasks\Avira System Speedup Tray
2016-02-24 19:54 - 2016-02-24 19:54 - 00001159 _____ C:\Users\Public\Desktop\Avira System Speedup.lnk
2016-02-24 19:54 - 2016-02-24 19:54 - 00000000 ____D C:\Users\Lawrence\AppData\Local\AviraSpeedup
2016-02-24 19:54 - 2016-02-24 19:54 - 00000000 ____D C:\Users\Lawrence\AppData\Local\Avira
2016-02-24 19:42 - 2016-02-24 19:42 - 02491264 _____ C:\Users\Lawrence\Downloads\GwxControlPanelSetup (1).exe
2016-02-24 19:42 - 2016-02-24 19:42 - 00001094 _____ C:\Users\Public\Desktop\GWX Control Panel.lnk
2016-02-24 19:42 - 2016-02-24 19:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GWX Control Panel
2016-02-24 19:42 - 2016-02-24 19:42 - 00000000 ____D C:\Program Files (x86)\UltimateOutsider
2016-02-24 19:41 - 2016-02-24 19:41 - 02491264 _____ C:\Users\Lawrence\Downloads\GwxControlPanelSetup.exe
2016-02-23 21:09 - 2016-02-23 21:09 - 00000000 ____D C:\Windows\system32\appmgmt
2016-02-21 23:12 - 2016-02-21 23:12 - 00000000 ____D C:\Users\Lawrence\Desktop\beekibeads
2016-02-21 16:00 - 2016-02-21 16:00 - 00509440 _____ (Tech Support Guy System) C:\Users\Lawrence\Downloads\SysInfo.exe
2016-02-21 15:54 - 2016-02-21 15:54 - 00002232 _____ C:\Users\Lawrence\Desktop\aswMBR.txt
2016-02-21 15:54 - 2016-02-21 15:54 - 00000512 _____ C:\Users\Lawrence\Desktop\MBR.dat
2016-02-21 14:53 - 2016-02-21 14:53 - 05198336 _____ (AVAST Software) C:\Users\Lawrence\Desktop\aswMBR.exe
2016-02-21 14:51 - 2016-02-21 14:52 - 00035050 _____ C:\Users\Lawrence\Desktop\Addition.txt
2016-02-21 14:50 - 2016-02-24 22:31 - 00015342 _____ C:\Users\Lawrence\Desktop\FRST.txt
2016-02-21 14:50 - 2016-02-24 22:31 - 00000000 ____D C:\FRST
2016-02-21 13:57 - 2016-02-21 13:59 - 14830935 _____ C:\Users\Lawrence\Downloads\480P_600K_69180901.mp4
2016-02-20 22:07 - 2016-02-20 22:07 - 00000000 ____D C:\Users\Lawrence\AppData\Roaming\Avira
2016-02-20 22:02 - 2016-02-17 08:41 - 00146704 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-02-20 22:02 - 2016-02-17 08:41 - 00135880 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-02-20 22:02 - 2016-02-17 08:41 - 00073032 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2016-02-20 22:02 - 2016-02-17 08:41 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2016-02-20 21:58 - 2016-02-24 20:02 - 00001226 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-02-20 21:58 - 2016-02-24 20:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-02-20 21:57 - 2016-02-24 19:54 - 00000000 ____D C:\ProgramData\Avira
2016-02-20 21:57 - 2016-02-24 19:54 - 00000000 ____D C:\Program Files (x86)\Avira
2016-02-20 21:57 - 2016-02-20 21:57 - 05404312 _____ (Avira Operations GmbH & Co. KG) C:\Users\Lawrence\Downloads\avira_en_av_56c92773e0498__ws.exe
2016-02-20 15:35 - 2016-02-20 15:35 - 00001155 _____ C:\Users\Lawrence\Downloads\vl_480P_505.0k_57627851.mp4
2016-02-14 18:19 - 2016-02-14 18:20 - 13554380 _____ C:\Users\Lawrence\Downloads\vl_240P_294.0k_33149891.mp4
2016-02-14 18:18 - 2016-02-14 18:21 - 28207317 _____ C:\Users\Lawrence\Downloads\vl_480P_378.0k_37989471.mp4
2016-02-13 15:02 - 2016-02-13 15:22 - 00002750 _____
2016-02-11 21:24 - 2016-02-06 05:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-11 21:24 - 2016-02-06 05:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-11 21:24 - 2016-02-06 04:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-11 21:24 - 2016-02-06 04:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-11 21:24 - 2016-02-06 04:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-11 21:24 - 2016-02-06 04:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-11 21:24 - 2016-02-06 03:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-10 20:40 - 2016-01-22 03:01 - 22365992 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-10 20:40 - 2016-01-22 02:11 - 19794896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-10 20:40 - 2016-01-22 01:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-10 20:40 - 2016-01-22 01:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-10 20:40 - 2016-01-22 01:28 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-02-10 20:40 - 2016-01-22 01:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-10 20:40 - 2016-01-22 01:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-02-10 20:40 - 2016-01-22 00:55 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-02-10 20:40 - 2016-01-22 00:52 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-02-10 20:40 - 2016-01-22 00:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-02-10 20:40 - 2016-01-22 00:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-10 20:40 - 2016-01-22 00:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-10 20:40 - 2016-01-22 00:48 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-10 20:40 - 2016-01-22 00:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-10 20:40 - 2016-01-22 00:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-10 20:40 - 2016-01-22 00:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-02-10 20:40 - 2016-01-22 00:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-10 20:40 - 2016-01-22 00:31 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-02-10 20:40 - 2016-01-22 00:28 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-02-10 20:40 - 2016-01-22 00:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-02-10 20:40 - 2016-01-22 00:25 - 14467072 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-02-10 20:40 - 2016-01-22 00:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-02-10 20:40 - 2016-01-22 00:25 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-02-10 20:40 - 2016-01-22 00:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-02-10 20:40 - 2016-01-22 00:14 - 12879360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-02-10 20:40 - 2016-01-22 00:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-10 20:40 - 2016-01-22 00:07 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-10 20:40 - 2016-01-22 00:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-10 20:40 - 2016-01-22 00:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-02-10 20:40 - 2016-01-21 23:58 - 02464256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-02-10 20:40 - 2016-01-19 14:14 - 07453024 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-10 20:40 - 2016-01-19 14:13 - 02175008 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2016-02-10 20:40 - 2016-01-19 14:13 - 01063464 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2016-02-10 20:40 - 2016-01-19 14:12 - 01737088 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-10 20:40 - 2016-01-19 14:12 - 01133744 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-10 20:40 - 2016-01-19 13:23 - 01564496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2016-02-10 20:40 - 2016-01-19 13:23 - 01501496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-10 20:40 - 2016-01-19 13:23 - 00548024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2016-02-10 20:40 - 2016-01-19 13:15 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2016-02-10 20:40 - 2016-01-19 12:30 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-10 20:40 - 2016-01-19 11:37 - 00267776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2016-02-10 20:40 - 2016-01-14 20:42 - 00033472 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-02-10 20:40 - 2016-01-14 15:44 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-02-10 20:40 - 2016-01-14 15:44 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-10 20:40 - 2016-01-14 15:44 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-02-10 20:40 - 2016-01-14 15:44 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-02-10 20:40 - 2016-01-14 15:44 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-02-10 20:40 - 2016-01-14 15:44 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-02-10 20:40 - 2016-01-10 14:37 - 00442720 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-10 20:40 - 2016-01-10 14:37 - 00136912 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-10 20:40 - 2016-01-10 13:39 - 00332640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-10 20:40 - 2016-01-10 13:15 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-10 20:40 - 2016-01-10 13:15 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-10 20:40 - 2016-01-10 12:50 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\cfgbkend.dll
2016-02-10 20:40 - 2016-01-10 12:43 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-02-10 20:40 - 2016-01-10 12:31 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-10 20:40 - 2016-01-10 12:16 - 00898048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-10 20:40 - 2016-01-10 12:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgbkend.dll
2016-02-10 20:40 - 2016-01-10 12:12 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-10 20:40 - 2016-01-10 12:09 - 01442304 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-10 20:40 - 2016-01-10 12:09 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-02-10 20:40 - 2016-01-10 12:02 - 00987648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-10 20:40 - 2016-01-10 11:58 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-10 20:40 - 2016-01-10 11:56 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2016-02-10 20:40 - 2016-01-10 11:51 - 03707392 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-10 20:40 - 2016-01-10 11:51 - 00702976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-10 20:40 - 2016-01-10 11:49 - 00443392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-10 20:40 - 2016-01-10 11:43 - 00801792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-10 20:40 - 2016-01-10 11:40 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-10 20:40 - 2016-01-10 11:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-10 20:40 - 2016-01-10 11:38 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-10 20:40 - 2016-01-10 11:36 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2016-02-10 20:40 - 2016-01-10 11:36 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-10 20:40 - 2016-01-10 11:35 - 02243584 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-10 20:40 - 2016-01-10 11:35 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-10 20:40 - 2016-01-10 11:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-02-10 20:40 - 2016-01-10 11:29 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-02-10 20:40 - 2016-01-10 11:27 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-02-10 20:40 - 2016-01-10 11:26 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-02-10 20:40 - 2016-01-07 13:34 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-10 20:40 - 2016-01-06 13:25 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-10 20:40 - 2015-12-29 10:45 - 07783936 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-02-10 20:40 - 2015-12-29 10:45 - 07075328 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-02-10 20:40 - 2015-12-29 10:43 - 05267968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2016-02-10 20:40 - 2015-12-29 10:42 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-02-10 20:40 - 2015-12-28 16:42 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\WinSync.dll
2016-02-10 20:40 - 2015-12-28 15:31 - 00578048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSync.dll
2016-02-10 20:40 - 2015-12-17 13:29 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-02-10 20:40 - 2015-12-17 11:17 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-02-06 02:20 - 2016-02-06 02:20 - 01117566 _____ C:\Users\Lawrence\Downloads\Ghoul_Turret_STLs.zip
2016-01-28 23:39 - 2016-01-28 23:39 - 59103114 _____

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-24 22:24 - 2014-10-04 20:26 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-24 22:17 - 2014-03-18 05:04 - 00865408 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-24 22:17 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Inf
2016-02-24 21:24 - 2014-10-04 20:26 - 00000930 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-24 21:18 - 2014-09-23 17:02 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2898730217-3902260506-2628214603-1001
2016-02-24 21:12 - 2014-09-23 17:09 - 00003814 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E6D0C200-9FE7-496D-8C5E-B6BCC5A71C4D}
2016-02-24 21:11 - 2014-10-11 06:49 - 00000000 ____D C:\Users\Lawrence\AppData\Roaming\HandBrake
2016-02-24 19:56 - 2016-01-01 19:07 - 00000000 ____D C:\Program Files (x86)\WinPcap
2016-02-24 19:56 - 2015-12-19 19:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-24 19:56 - 2015-12-09 18:07 - 00000000 ____D C:\Windows\Minidump
2016-02-24 19:56 - 2015-07-19 19:14 - 00000000 ____D C:\Users\Alex\AppData\Roaming\FEZ
2016-02-24 19:56 - 2014-10-04 17:48 - 00000000 ____D C:\Program Files (x86)\Steam
2016-02-24 19:56 - 2014-09-23 17:45 - 00000000 ____D C:\Windows\Panther
2016-02-24 19:56 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\MsDtc
2016-02-24 19:16 - 2014-10-16 23:18 - 00000000 ____D C:\Users\Lawrence\AppData\Local\Adobe
2016-02-24 19:14 - 2014-10-04 20:18 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-23 21:19 - 2014-09-23 17:03 - 00000000 ____D C:\ProgramData\NVIDIA
2016-02-23 21:19 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-20 21:27 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-02-20 15:26 - 2014-10-04 20:26 - 00002232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-20 15:26 - 2014-10-04 20:26 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-20 14:55 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\rescache
2016-02-14 18:44 - 2014-09-23 16:48 - 00000000 ____D C:\Users\Lawrence
2016-02-13 13:38 - 2013-08-22 09:44 - 00346856 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-12 00:30 - 2013-08-22 10:36 - 00000000 ___RD C:\Windows\ToastData
2016-02-11 21:58 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
2016-02-11 21:27 - 2014-12-10 00:44 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-11 21:26 - 2014-10-05 05:41 - 00000000 ____D C:\Windows\system32\MRT
2016-02-11 21:26 - 2014-03-18 04:46 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-11 21:24 - 2014-10-05 05:41 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-11 21:24 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
2016-02-10 20:53 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-01 21:37 - 2013-08-22 10:38 - 00828920 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-01 21:37 - 2013-08-22 10:38 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-01 21:19 - 2014-10-04 20:26 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-01 21:19 - 2014-10-04 20:26 - 00003670 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-29 00:02 - 2014-11-23 15:29 - 00001456 _____ C:\Users\Lawrence\AppData\Local\Adobe Save for Web 13.0 Prefs

==================== Files in the root of some directories =======

2014-11-11 14:18 - 2014-12-06 02:12 - 0000132 _____ () C:\Users\Lawrence\AppData\Roaming\Adobe PNG Format CC Prefs
2014-11-23 15:29 - 2016-01-29 00:02 - 0001456 _____ () C:\Users\Lawrence\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-10-11 05:27 - 2014-10-11 05:39 - 0000700 ___SH () C:\Users\Lawrence\AppData\Local\systemFL7.dat
2014-09-23 16:52 - 2014-09-23 16:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-10-10 21:20 - 2015-10-10 21:20 - 0005076 _____ () C:\ProgramData\vczcspay.tpu

Files to move or delete:
====================
C:\Users\Lawrence\PhotoshopElements_13_LS25_win64(2).exe
C:\Users\Lawrence\PhotoshopElements_13_LS25_win64.exe


Some files in TEMP:
====================
C:\Users\Lawrence\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-20 16:42

==================== End of FRST.txt ============================
Attached Files
File Type: txt FRST.txt (36.3 KB, 27 views)
khuminis is offline  
Sponsored Links
Advertisement
 
Old 02-25-2016, 12:34 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

**Note - Please do NOT upgrade your OS to Windows 10 until your machine is clean, and we have uninstalled all our removal tools. Thanks.

------------------------------------------------------

It appears you attach the first log, FRST.txt instead of the second FRST log, Addition.txt, to your initial post.

It should be on your desktop. If not...

Press the Windows "logo" key and "R" key then copy/paste the following into the Run box and click OK:

%temp%\addition.txt

A text file should open. Save it to your desktop then attach that file to your next reply.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 02-26-2016, 09:10 PM   #3
Registered Member
 
Join Date: Nov 2009
Posts: 87
OS: Windows 8.1



I'm very sorry I attached the wrong file. Here's the right one, as well as the AdCleaner text file.
Attached Files
File Type: txt Addition.txt (36.5 KB, 18 views)
File Type: txt AdwCleaner[C1].txt (1.3 KB, 15 views)
khuminis is offline  
Sponsored Links
Advertisement
 
Old 02-27-2016, 02:43 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello khuminis. Not seeing any infection in your logs. Not all problems are due to malware.

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'Run ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan. Here's how
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Once the components have downloaded, tick the option Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked:
    • Scan Archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 02-28-2016, 03:38 PM   #5
Registered Member
 
Join Date: Nov 2009
Posts: 87
OS: Windows 8.1



Thanks, here you go....
Attached Files
File Type: txt eset-results.txt (554 Bytes, 18 views)
khuminis is offline  
Old 02-29-2016, 01:24 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, khuminis. It appears any problems you are having are beyond malware.

Please read the following article: https://www.techsupportforum.com/foru...ow-532075.html

If you still cannot resolve it, you can seek help in our Windows 8 Support Forum

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-26-2016, 01:26 PM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, khuminis. Still having problems?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-31-2016, 11:10 AM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Internet Explorer stops responding or runs slow
I have an older laptop with an Intel processor and 4GB of RAM running Vista. I am having issues which seem mainly to be in Internet Explorer and to a lesser extent in other programs as well. There are times when going into Windwos Mail that I get a message at the top of the page that says not...
jackdup Resolved HJT Threads 61 01-03-2015 03:15 PM
google hijack and other problems
Kk, haven't been able to use google at all for some time. And I have been getting some hot linked random words in web pages that pops up an add when you pass the cursor over them. GMER didn't work for me at all. Went to blue screen with message that they shut windows down. And when I try to zip the...
Cpilot Resolved HJT Threads 35 09-29-2013 12:45 PM
Blue screen and slowdowns.
My laptop just crashes randomly when I'm using it. It's frustrating, and it costs me a lot of time. When it's booting my keyboard becomes unresponsive so I have to wait for the countdown to run out (can't just hit enter into boot normally). Sorry for requesting help as this is my first post, but...
zRebellion BSOD, App Crashes And Hangs 0 06-05-2012 10:15 PM
Win32/Rootkit.Whistler.A
So i got an old computer with xp as OS. My AntiVirus, Eset NOD32 detected this Virus but couldnt remove it. I cant say i have runningproblems with the virus, ok it freezes some times but no problem. But i read they can steal password an so on, so no god at all. :sad: Ive checked out the NEW...
Vallentino Resolved HJT Threads 31 04-04-2012 01:26 PM
NFTS.sys file error?
Windows 7 64 bit OEM Originally installed OS was Windows XP 32 bit Age of hardware about 2-3 years Most recent installation was about a week ago BSOD's kept happening throughout my PC's life, recently installed Windows 7 and deleted the partitions to help stop the BSOD's but they still...
chikenman31 BSOD, App Crashes And Hangs 5 01-16-2012 03:04 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 01:42 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts