Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Pre-emptive clean just to be sure...

4K views 26 replies 2 participants last post by  askey127 
#1 ·
It's a pretty recent new laptop, used it for not long, it's pretty clean but I want to make sure it's without any malicious code lurking around that can't be found before I further upgrade my security. I don't think I did anything problematic with it except use torrents for a bit to get some videos (which is kinda bad security wise, I know) so it overall behaves ok but it has slowed down lately kind of. I realise the problem with torrents is that some code for BD and such might be left behind, so I want to root out all if possible.

Avast free anti scanning in general didn't turn up much. Last week I did an ESET Online scanner that found 4 problem threats and were cleanned, I then did some Panda Cloud Cleaner scans since, nothing new or threatening turned up just usual site malaware. I made disk image, system restore point and registry backup. I didn't want to just use ComboFix blindly, I wanted someone who can maybe interpret data to see if there is anything there so here I am.

I don't think there is much, but some things behave suspiciously damaged, like how Window's IE behaves much slower and weirder, and sometimes Win startup, but that might be performance. I kept Win drive as free as possible however, so I don't see why it slows down even if slightly.

It's a Lenovo IDEPAD series with Windows 7 Ultimate. So getting straight into it here are the FRST SCAN results and Addition....

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-01-2016
Ran by salty-san (administrator) on SALTYSKY (27-01-2016 19:36:16)
Running from C:\Users\salty-san\Desktop
Loaded Profiles: salty-san (Available Profiles: salty-san)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Visicom Media Inc.) C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe
(TorchMedia Inc.) C:\Users\salty-san\AppData\Local\Torch\Update\TorchCrashHandler.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Lenovo) C:\Windows\System32\LenovoUpdate.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-06-09] (Intel Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-07-23] (Power Software Ltd)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-04] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-10-06] (Oracle Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-01-04] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{BB2A1C55-6917-4C3A-8770-C53876319A70}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nyaa.se/
HKU\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://anichart.net/fall
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-01-04] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll [2015-10-05] ()
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-01-04] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-01-04] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-04] (Oracle Corporation)
Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll [2015-10-05] ()
Toolbar: HKLM-x32 - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\salty-san\AppData\Roaming\Mozilla\Firefox\Profiles\kl9fv1vt.default
FF DefaultSearchEngine: DuckDuckGo
FF Session Restore: -> is enabled.
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-384921765-1548902971-3406650631-1000: TorchVLC -> C:\Users\salty-san\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll [2013-07-31] (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Extension: Panda Security Toolbar - C:\Users\salty-san\AppData\Roaming\Mozilla\Firefox\Profiles\kl9fv1vt.default\Extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}.xpi [2015-09-30] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-04]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-01-04]

Chrome:
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\salty-san\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\salty-san\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-07]
CHR Extension: (Google Docs) - C:\Users\salty-san\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-07]
CHR Extension: (Google Drive) - C:\Users\salty-san\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-07]
CHR Extension: (YouTube) - C:\Users\salty-san\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-07]
CHR Extension: (Google Search) - C:\Users\salty-san\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-07]
CHR Extension: (Google Sheets) - C:\Users\salty-san\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-07]
CHR Extension: (Google Docs Offline) - C:\Users\salty-san\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Avast Online Security) - C:\Users\salty-san\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-01-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\salty-san\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-07]
CHR Extension: (Gmail) - C:\Users\salty-san\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-07]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-01-04]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-04] (AVAST Software)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-10-10] (Intel Corporation)
R3 LenovoUpdate; C:\Windows\System32\LenovoUpdate.exe [26608 2016-01-27] (Lenovo)
R2 panda_url_filtering; C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe [287752 2015-10-02] (Visicom Media Inc.)
R2 TorchCrashHandler; C:\Users\salty-san\AppData\Local\Torch\Update\TorchCrashHandler.exe [1217400 2015-12-26] (TorchMedia Inc.) <==== ATTENTION
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2970424 2015-06-29] (AVG Technologies)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-08-05] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2016-01-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2016-01-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2016-01-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2016-01-04] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065208 2016-01-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2016-01-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2016-01-04] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 panda_url_filteringd; C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [51288 2014-03-19] (Visicom Media Inc.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [294104 2014-12-10] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [3513048 2015-03-23] (Realtek Semiconductor Corporation )
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [31144 2015-06-25] (TuneUp Software)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-27 19:36 - 2016-01-27 19:36 - 00013811 _____ C:\Users\salty-san\Desktop\FRST.txt
2016-01-27 19:12 - 2016-01-27 19:36 - 00000000 ____D C:\FRST
2016-01-27 19:07 - 2016-01-27 19:07 - 02370560 _____ (Farbar) C:\Users\salty-san\Desktop\FRST64.exe
2016-01-27 17:46 - 2016-01-27 17:46 - 00000322 _____ C:\Users\salty-san\Desktop\New Text Document.txt
2016-01-21 15:04 - 2016-01-21 15:04 - 00000000 ___HD C:\ProgramData\CanonBJ
2016-01-20 21:33 - 2016-01-20 21:33 - 00000000 ____D C:\Program Files (x86)\ESET
2016-01-20 18:11 - 2016-01-20 18:11 - 00637139 _____ C:\Users\salty-san\Downloads\Nietzsche-The-Birth-of-Tragedy.pdf
2016-01-20 17:35 - 2016-01-20 17:35 - 00291788 _____ C:\Users\salty-san\Downloads\documents.tips_186269803-nietzsche-nasterea-tragediei-estetica-lui-nietzsche.pdf
2016-01-19 19:50 - 2016-01-19 19:57 - 00001803 _____ C:\Users\salty-san\Desktop\Pup.txt
2016-01-14 12:23 - 2016-01-27 18:03 - 00000000 ____D C:\ProgramData\TorchCrashHandler
2016-01-14 12:23 - 2016-01-14 12:24 - 00002237 _____ C:\Users\salty-san\Desktop\Free Music.lnk
2016-01-14 12:23 - 2016-01-14 12:24 - 00002237 _____ C:\Users\salty-san\Desktop\Free Games.lnk
2016-01-14 12:23 - 2016-01-14 12:24 - 00001407 _____ C:\Users\salty-san\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
2016-01-14 12:23 - 2016-01-14 12:24 - 00001382 _____ C:\Users\salty-san\Desktop\Torch.lnk
2016-01-14 12:20 - 2016-01-14 12:23 - 00000000 ____D C:\Users\salty-san\AppData\Local\Torch
2016-01-09 04:19 - 2016-01-09 04:19 - 00000000 ____D C:\Users\salty-san\Desktop\Start Your Friday With This Animal Collective Acid Trip_files
2016-01-09 04:18 - 2016-01-09 04:19 - 00264562 _____ C:\Users\salty-san\Desktop\Start Your Friday With This Animal Collective Acid Trip.html
2016-01-08 19:04 - 2016-01-08 19:04 - 00000000 ____D C:\Users\salty-san\AppData\Roaming\Opera Software
2016-01-08 19:04 - 2016-01-08 19:04 - 00000000 ____D C:\Users\salty-san\AppData\Local\Opera Software
2016-01-08 19:03 - 2016-01-25 17:09 - 00000000 ____D C:\Program Files (x86)\Opera
2016-01-08 19:03 - 2016-01-21 17:08 - 00003846 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1452272629
2016-01-08 19:03 - 2016-01-08 19:03 - 00001135 _____ C:\Users\Public\Desktop\Opera.lnk
2016-01-08 19:03 - 2016-01-08 19:03 - 00001135 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-01-07 20:32 - 2015-09-14 13:03 - 00039672 _____ C:\Windows\system32\Drivers\DasPtct.SYS
2016-01-07 20:32 - 2015-01-29 18:21 - 00050320 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2016-01-07 03:49 - 2016-01-07 03:49 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
2016-01-07 03:46 - 2016-01-07 03:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-01-07 03:45 - 2016-01-07 03:45 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-07 03:45 - 2016-01-07 03:45 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-01-07 03:45 - 2016-01-07 03:45 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-01-07 03:44 - 2016-01-07 03:45 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-01-07 03:44 - 2016-01-07 03:44 - 00000000 ____D C:\Windows\PCHEALTH
2016-01-07 03:41 - 2016-01-07 03:41 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2016-01-07 03:41 - 2016-01-07 03:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-01-07 03:41 - 2016-01-07 03:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2016-01-07 03:39 - 2016-01-07 03:39 - 00000000 __RHD C:\MSOCache
2016-01-04 21:53 - 2016-01-04 21:53 - 00000000 ____D C:\Users\salty-san\AppData\Roaming\AVAST Software
2016-01-04 21:53 - 2016-01-04 21:52 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-01-04 21:52 - 2016-01-23 23:34 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-01-04 21:52 - 2016-01-20 15:47 - 01065208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-01-04 21:52 - 2016-01-20 15:47 - 00464256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-01-04 21:52 - 2016-01-04 21:52 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-01-04 21:52 - 2016-01-04 21:52 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-01-04 21:52 - 2016-01-04 21:52 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-01-04 21:52 - 2016-01-04 21:52 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-01-04 21:52 - 2016-01-04 21:52 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-01-04 21:52 - 2016-01-04 21:52 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-01-04 21:52 - 2016-01-04 21:52 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-01-04 21:52 - 2016-01-04 21:52 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-01-04 21:52 - 2016-01-04 21:52 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-01-04 21:52 - 2016-01-04 21:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-01-04 21:52 - 2016-01-04 21:52 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-04 21:51 - 2016-01-04 21:51 - 00000000 ____D C:\Program Files\AVAST Software
2016-01-04 21:35 - 2016-01-04 21:35 - 00000000 ____D C:\ProgramData\AVAST Software
2016-01-04 21:24 - 2016-01-04 21:24 - 00001848 _____ C:\Users\Public\Desktop\IrfanView 64 Thumbnails.lnk
2016-01-04 21:24 - 2016-01-04 21:24 - 00000974 _____ C:\Users\Public\Desktop\IrfanView 64.lnk
2016-01-04 21:24 - 2016-01-04 21:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
2016-01-04 21:23 - 2016-01-04 21:23 - 00000000 ____D C:\Users\salty-san\AppData\Roaming\IrfanView
2016-01-04 21:23 - 2016-01-04 21:23 - 00000000 ____D C:\Program Files\IrfanView
2016-01-04 21:20 - 2016-01-04 21:25 - 00000000 ____D C:\Program Files\Irfan View
2016-01-03 22:35 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2016-01-03 22:35 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2016-01-03 22:35 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2016-01-03 22:35 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2016-01-03 22:35 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2016-01-03 22:35 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2016-01-03 22:35 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2016-01-03 22:35 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2016-01-03 22:35 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2016-01-03 22:35 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2016-01-03 22:35 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2016-01-03 22:35 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2016-01-03 22:35 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2016-01-03 22:35 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2016-01-03 22:35 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2016-01-03 22:35 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2016-01-03 22:35 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2016-01-03 22:35 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2016-01-03 22:27 - 2016-01-26 19:07 - 00001332 _____ C:\Users\salty-san\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Call of Duty 2 SinglePlayer.lnk
2016-01-03 22:27 - 2016-01-26 19:07 - 00001332 _____ C:\Users\salty-san\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Call of Duty 2 MultiPlayer.lnk
2016-01-03 22:27 - 2016-01-26 19:07 - 00001300 _____ C:\Users\salty-san\Desktop\Call of Duty 2 MultiPlayer.lnk
2016-01-03 22:27 - 2016-01-22 12:39 - 00001300 _____ C:\Users\salty-san\Desktop\Call of Duty 2 SinglePlayer.lnk
2016-01-03 22:27 - 2016-01-03 22:27 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-01-03 21:46 - 2016-01-03 22:44 - 00000000 ____D C:\Users\salty-san\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-01-03 13:08 - 2016-01-03 13:08 - 00000000 ____D C:\Users\salty-san\AppData\LocalLow\Adobe
2016-01-03 13:08 - 2016-01-03 13:08 - 00000000 ____D C:\Users\salty-san\AppData\Local\CEF
2016-01-03 01:38 - 2016-01-12 21:22 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-03 01:37 - 2016-01-12 21:22 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-03 01:37 - 2016-01-03 01:37 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-01-03 01:36 - 2016-01-03 02:48 - 00000000 ____D C:\ProgramData\Adobe
2016-01-03 01:36 - 2016-01-03 01:36 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-01-03 01:35 - 2016-01-03 13:08 - 00000000 ____D C:\Users\salty-san\AppData\Local\Adobe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-27 19:12 - 2009-07-14 05:20 - 00000000 ____D C:\Windows
2016-01-27 18:41 - 2015-11-07 23:30 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-27 18:11 - 2009-07-14 06:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-27 18:11 - 2009-07-14 06:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-27 18:04 - 2015-11-07 23:30 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-27 18:03 - 2015-11-01 22:10 - 00097264 _____ (Lenovo (Beijing) Limited) C:\Windows\system32\LenovoCheck.exe
2016-01-27 18:03 - 2015-11-01 22:10 - 00026608 _____ (Lenovo) C:\Windows\system32\LenovoUpdate.exe
2016-01-27 18:03 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-27 18:02 - 2015-11-30 21:24 - 00000000 ____D C:\ProgramData\panda_url_filtering
2016-01-26 23:23 - 2015-12-04 11:06 - 00000000 ____D C:\Users\salty-san\AppData\Roaming\vlc
2016-01-26 19:03 - 2015-11-05 13:53 - 00000000 ____D C:\Users\salty-san\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OCTGN
2016-01-21 17:01 - 2015-11-29 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-01-21 17:01 - 2015-11-29 12:06 - 00000000 ____D C:\Program Files\7-Zip
2016-01-21 11:44 - 2015-11-07 23:30 - 00002212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-21 11:44 - 2015-11-07 23:30 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-21 00:51 - 2015-11-30 21:24 - 00000000 ____D C:\Program Files (x86)\pandasecuritytb
2016-01-20 21:33 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-01-19 21:38 - 2009-07-14 07:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-19 21:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-01-19 21:35 - 2015-12-01 16:28 - 00000440 __RSH C:\ProgramData\ntuser.pol
2016-01-17 01:48 - 2015-12-21 20:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-11 21:21 - 2015-11-29 14:24 - 00000000 ____D C:\Users\salty-san\AppData\Roaming\Azureus
2016-01-07 04:41 - 2009-07-14 06:45 - 00432840 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-07 03:49 - 2015-11-04 00:17 - 00111520 _____ C:\Users\salty-san\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-07 03:48 - 2015-12-18 19:11 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-07 03:46 - 2011-04-12 10:28 - 00000000 ____D C:\Windows\ShellNew
2016-01-07 03:46 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-01-07 03:44 - 2015-12-18 19:11 - 00000000 ____D C:\Program Files\Microsoft Office
2016-01-07 03:42 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\System
2016-01-07 03:42 - 2009-07-14 04:34 - 00000478 _____ C:\Windows\win.ini
2016-01-04 22:03 - 2015-11-01 15:58 - 00000000 ____D C:\Users\salty-san\.oracle_jre_usage
2016-01-04 22:02 - 2015-11-01 15:57 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-01-04 22:02 - 2015-11-01 15:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-04 22:02 - 2015-11-01 15:57 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-04 21:42 - 2015-11-30 21:23 - 00000000 ____D C:\Program Files (x86)\Panda Security
2016-01-04 21:40 - 2015-11-30 21:22 - 00000000 ____D C:\ProgramData\Panda Security
2016-01-04 21:39 - 2015-11-30 21:24 - 00000000 ____D C:\Users\salty-san\AppData\Roaming\Panda Security
2016-01-03 13:08 - 2015-11-01 12:22 - 00000000 ____D C:\Users\salty-san\AppData\Roaming\Adobe

Some files in TEMP:
====================
C:\Users\salty-san\AppData\Local\Temp\i4jdel0.exe
C:\Users\salty-san\AppData\Local\Temp\iv_uninstall.exe
C:\Users\salty-san\AppData\Local\Temp\ose00000.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-01-19 18:55

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-01-2016
Ran by salty-san (2016-01-27 19:37:13)
Running from C:\Users\salty-san\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2015-11-01 10:20:21)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-384921765-1548902971-3406650631-500 - Administrator - Disabled)
Guest (S-1-5-21-384921765-1548902971-3406650631-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-384921765-1548902971-3406650631-1002 - Limited - Enabled)
salty-san (S-1-5-21-384921765-1548902971-3406650631-1000 - Administrator - Enabled) => C:\Users\salty-san

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
7-Zip 15.14 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1514-000001000000}) (Version: 15.14.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
AVG PC TuneUp 2015 (en-US) (x32 Version: 15.0.1001.604 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (HKLM-x32\...\AVG PC TuneUp) (Version: 15.0.1001.604 - AVG Technologies)
AVG PC TuneUp 2015 (x32 Version: 15.0.1001.604 - AVG Technologies) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
foobar2000 v1.3.9 (HKLM-x32\...\foobar2000) (Version: 1.3.9 - Peter Pawlowski)
Free Virtual Keyboard 3.0.1.0 (HKLM-x32\...\{CA4F9519-1A83-4907-8651-F17073A0E1CE}_is1) (Version: 3.0 - Comfort Software Group)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.82 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.33 - Intel Corporation)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.41 - Irfan Skiljan)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.17 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.9 - Thibaut Lauziere)
Malware Protection Live (HKLM-x32\...\MalwareProtectionLive) (Version: - )
Microsoft .NET Framework 4.6 (HKLM\...\{94A631D5-B30A-3DD8-B65C-1117C09DA73E}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team)
Opera Stable 34.0.2036.50 (HKLM-x32\...\Opera 34.0.2036.50) (Version: 34.0.2036.50 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.5 - Panda Security)
Panda Security Toolbar (HKLM-x32\...\pandasecuritytb) (Version: 4.3.1.9 - Panda Security and Visicom Media Inc.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.3 - Power Software Ltd)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29084 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.92.115.2015 - Realtek)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0263 - REALTEK Semiconductor Corp.)
Torch (HKU\S-1-5-21-384921765-1548902971-3406650631-1000\...\Torch) (Version: 45.0.0.10802 - Torch Media, Inc) <==== ATTENTION
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.7.0.0 - Azureus Software, Inc.)
Wasteland 2 Directors Cut (HKLM-x32\...\Wasteland 2 Directors Cut_is1) (Version: - )
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00809CEB-983E-4655-913E-27A11EA54648} - System32\Tasks\Opera scheduled Autoupdate 1452272629 => C:\Program Files (x86)\Opera\launcher.exe [2016-01-18] (Opera Software)
Task: {0C38AE2D-18A0-48F0-B68B-E17B888171DD} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-01-04] (AVAST Software)
Task: {214B53EA-5A02-4CBC-B0A5-3C678EC43A48} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2015-06-29] (AVG Technologies)
Task: {439ADCDD-9069-427F-BA0A-FDAB1AD5F6DA} - System32\Tasks\{229E9532-8EC8-4310-8097-EDD225B446C7} => pcalua.exe -a C:\Users\salty-san\Desktop\unetbootin-windows-613.exe -d C:\Users\salty-san\Desktop
Task: {53E146DF-FA82-4BA4-BCB9-409B6E2C0C41} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-10-06] (Oracle Corporation)
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {72FCCA83-504A-4CE8-881D-4DD1C857395E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-07] (Google Inc.)
Task: {834A589D-850C-4622-8DEC-0A2633A53246} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-01-04] (AVAST Software)
Task: {8E7113DE-1211-4F7A-B164-C3F35E10312D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {A37295E0-5544-4BDE-AAB5-9F122D4E6FC7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-07] (Google Inc.)
Task: {C673A044-1E70-4CC0-85C5-F079F0C6596C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {CA4A6E7F-6B77-414B-B595-97CDD1B0B259} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {CE4E4352-61BE-4AEA-B41F-74A61CC1BA25} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\salty-san\Desktop\Free Games.lnk -> C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe (Torch Media Inc.) -> --run-by-tg hxxp://games.torchbrowser.com
ShortcutWithArgument: C:\Users\salty-san\Desktop\Free Music.lnk -> C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe (Torch Media Inc.) -> --run-by-tm hxxp://music.torchbrowser.com

==================== Loaded Modules (Whitelisted) ==============

2015-06-29 10:24 - 2015-06-29 10:24 - 00718136 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2012-10-01 20:36 - 2012-10-01 20:36 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-06-29 10:24 - 2015-06-29 10:24 - 00862008 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\tulnga.dll
2016-01-04 21:52 - 2016-01-04 21:52 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-01-04 21:52 - 2016-01-04 21:52 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-01-27 11:05 - 2016-01-27 11:05 - 02818048 _____ () C:\Program Files\AVAST Software\Avast\defs\16012700\algo.dll
2016-01-04 21:52 - 2016-01-04 21:52 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-01-27 18:46 - 2016-01-27 18:46 - 02818048 _____ () C:\Program Files\AVAST Software\Avast\defs\16012701\algo.dll
2016-01-04 21:52 - 2016-01-04 21:52 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-10-01 20:37 - 2012-10-01 20:37 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-12-18 17:42 - 2015-12-18 17:42 - 21848248 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll
2015-03-17 01:34 - 2015-03-17 01:34 - 00322208 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll
2015-12-18 17:42 - 2015-12-18 17:42 - 50708664 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\salty-san\Desktop\rufus-2.4.exe:xdg.origin.url
AlternateDataStreams: C:\Users\salty-san\Desktop\rufus-2.4.exe:xdg.referrer.url
AlternateDataStreams: C:\Users\salty-san\Desktop\unetbootin-windows-613.exe:xdg.origin.url

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-384921765-1548902971-3406650631-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\salty-san\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{01DD5918-283F-4F3C-AC26-AF593412DF9F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4C05ACD7-2D66-4535-9966-F85B04F67719}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{508DDC13-5096-41A1-BE2C-A24C77183C13}] => (Block) D:\WASTELAND!\Wasteland 2 Directors Cut\Build\WL2.exe
FirewallRules: [TCP Query User{EEB53623-0283-483F-B645-04DD48C46786}C:\users\salty-san\documents\octgn\octgn\octgn.exe] => (Allow) C:\users\salty-san\documents\octgn\octgn\octgn.exe
FirewallRules: [UDP Query User{14C2698F-42A4-41BB-9169-2211FDC0ECB1}C:\users\salty-san\documents\octgn\octgn\octgn.exe] => (Allow) C:\users\salty-san\documents\octgn\octgn\octgn.exe
FirewallRules: [TCP Query User{DF6BC443-CABE-4E5A-9F0E-F4C4A78535F6}C:\users\salty-san\documents\octgn\octgn\octgn.exe] => (Allow) C:\users\salty-san\documents\octgn\octgn\octgn.exe
FirewallRules: [UDP Query User{0D9DECF9-7EE8-4932-81B6-5AA519CD2957}C:\users\salty-san\documents\octgn\octgn\octgn.exe] => (Allow) C:\users\salty-san\documents\octgn\octgn\octgn.exe
FirewallRules: [{F89C0384-F502-44A5-B00A-9826C8B9E172}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BB9DFD0F-5CC0-4A92-A4C5-E4DE9031F0C6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0F1506A7-0B4D-403B-82D5-6AE0FCD64A81}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{5AD605EC-0ACE-410F-AF39-F69403A72C74}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{8F66185E-5F8E-400B-A15A-8F8DA6CEBB58}] => (Allow) C:\Program Files (x86)\pandasecuritytb\cleanupie.exe
FirewallRules: [{7C1364C0-55B2-4E6A-BDBE-946DEF92421B}] => (Allow) C:\Program Files (x86)\pandasecuritytb\cleanupie.exe
FirewallRules: [{AB398789-6E10-407F-87BF-5842378F1A5D}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{B2461A95-D1B5-499E-9E34-DADFF19513C5}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{19FBF323-28DA-4563-9196-790954D5F72D}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{5D4FF2EB-07A6-4F96-AFF0-58616E255410}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{95B66243-C6D0-4B85-90F6-547B69CE822E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{BCFAED00-B5EE-4558-AFC6-E54BC68D9562}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{B247EA9C-0A1B-4E95-8AC0-562403FC4950}C:\users\salty-san\documents\octgn\octgn\octgn.online.standaloneserver.exe] => (Allow) C:\users\salty-san\documents\octgn\octgn\octgn.online.standaloneserver.exe
FirewallRules: [UDP Query User{260782A1-34CD-4BA2-9F89-72C24BA3BF7B}C:\users\salty-san\documents\octgn\octgn\octgn.online.standaloneserver.exe] => (Allow) C:\users\salty-san\documents\octgn\octgn\octgn.online.standaloneserver.exe
FirewallRules: [TCP Query User{AD90B0F5-5A10-4C62-A7A3-3CBA144F4692}D:\playboard\call of duty 2 full game mp - sp -=aviara=-\call of duty 2\cod2mp_s.exe] => (Block) D:\playboard\call of duty 2 full game mp - sp -=aviara=-\call of duty 2\cod2mp_s.exe
FirewallRules: [UDP Query User{E45AB548-5CA2-49FC-BCAA-420157AA80F9}D:\playboard\call of duty 2 full game mp - sp -=aviara=-\call of duty 2\cod2mp_s.exe] => (Block) D:\playboard\call of duty 2 full game mp - sp -=aviara=-\call of duty 2\cod2mp_s.exe
FirewallRules: [{9D79CD9D-1138-4471-9107-72DC3CDE88B1}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{3BFEB175-5043-44EA-B2C6-7D52F51741EE}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{2E2BBFA3-FB0B-479D-85AD-963E99B02215}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2BEE2144-B70C-4420-BC9E-5A25585FF686}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D12BA3CC-44A7-459F-A64F-35CFFEAEEE25}] => (Allow) C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe
FirewallRules: [{61A9AB3D-FFAC-4CC7-AD78-4CD094336EE2}] => (Allow) C:\Users\salty-san\AppData\Local\Torch\Plugins\Hola\hola_plugin.exe
FirewallRules: [{033D788F-5880-45BB-BBD6-7D561EA3B327}] => (Allow) C:\Users\salty-san\AppData\Local\Torch\Plugins\Hola\hola_plugin_x64.exe
FirewallRules: [{72627C8F-FBC7-4D33-ABED-39D18C97D4BF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

24-01-2016 19:00:33 Windows Backup
26-01-2016 19:06:34 PreForum

==================== Faulty Device Manager Devices =============

Name: PCI Encryption/Decryption Controller
Description: PCI Encryption/Decryption Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/27/2016 06:20:51 PM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopTime is failed w/err 0x00003106

Error: (01/27/2016 06:20:51 PM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopNum1++, loopNum1 is failed w/err 0x00000001

Error: (01/27/2016 06:10:17 PM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopTime is failed w/err 0x00000270

Error: (01/27/2016 06:04:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/27/2016 03:17:23 PM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopTime is failed w/err 0x0000335e

Error: (01/27/2016 03:17:23 PM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopNum1++, loopNum1 is failed w/err 0x00000002

Error: (01/27/2016 11:22:35 AM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopTime is failed w/err 0x000036ec

Error: (01/27/2016 11:22:35 AM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopNum1++, loopNum1 is failed w/err 0x00000001

Error: (01/27/2016 11:06:46 AM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopTime is failed w/err 0x000003b3

Error: (01/27/2016 11:05:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17937 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1750

Start Time: 01d158e1cb06be6c

Termination Time: 480

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

System errors:
=============
Error: (01/27/2016 06:07:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024809

Error: (01/27/2016 06:07:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024809

Error: (01/27/2016 04:32:41 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\System32\DRIVERS\PSKMAD.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (01/27/2016 04:31:40 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (01/27/2016 04:31:40 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (01/26/2016 07:18:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
%%1053

Error: (01/26/2016 07:18:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error: (01/26/2016 06:27:35 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\System32\DRIVERS\PSKMAD.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (01/26/2016 06:20:46 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\System32\DRIVERS\PSKMAD.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (01/26/2016 06:14:04 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\System32\DRIVERS\PSKMAD.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

CodeIntegrity:
===================================
Date: 2016-01-14 19:28:38.733
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-01-14 19:28:38.591
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-01-14 19:28:38.368
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-01-14 19:28:38.201
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-12-17 10:29:48.300
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-12-17 10:29:48.191
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-12-17 10:29:48.082
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-12-16 03:51:45.976
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-12-16 03:51:45.867
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-12-16 03:51:45.773
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU N2840 @ 2.16GHz
Percentage of memory in use: 54%
Total physical RAM: 3981.36 MB
Available physical RAM: 1821.27 MB
Total Virtual: 7960.93 MB
Available Virtual: 5415.19 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:122.07 GB) (Free:71.35 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (East) (Fixed) (Total:343.69 GB) (Free:15.98 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D9FA2484)
Partition 1: (Not Active) - (Size=343.7 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=122.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
See less See more
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top