Is this java pop-up malware?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
it looks like a fake java pop up
it doesn't mean that anything is on your computer and is very common on many dubious websites
If you didn't follow the links and didn't run the file it attempts to download you should be ok

Click on this link to download : ADWCleaner Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop. Do not click on any links in the top Advert.

See the screenshot where the proper download buttons are highlighted


NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop:



You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done, you will get a message saying "PENDING" , Ignore that & click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.
Please note: the newer versions of Adwcleaner have a pretty colour display on some versions of windows and slightly different icons. The screenshots are from the older version but are basically the same

 

harry_mossman

Thread Starter
Joined
Oct 23, 2006
Messages
8
# AdwCleaner v4.111 - Logfile created 22/02/2015 at 10:56:06
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Harry - HARRY-PC
# Running from : C:\Users\Harry\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mipony
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverFinder
Folder Deleted : C:\Program Files (x86)\DriverFinder
Folder Deleted : C:\Users\Harry\AppData\Roaming\DigitalSites
Folder Deleted : C:\Users\Harry\AppData\Roaming\DriverFinder
File Deleted : C:\Users\Public\Desktop\DriverFinder.lnk
File Deleted : C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
File Deleted : C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage

***** [ Scheduled tasks ] *****

Task Deleted : Digital Sites
Task Deleted : DriverFinder

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKCU\Software\DriverFinder
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DriverFinder
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverFinder

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Google Chrome v40.0.2214.115

[C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_dnldstr_15_06&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0AzytDtDzyzz0AzztAzy0DtN0D0Tzu0StCtCtAyEtN1L2XzutAtFyBtFyBtFzztN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0C0E0F0EtBzztDtGtCtB0F0BtGtCtAtD0FtG0DyEyB0AtGtDtAtC0FtCtDtDyCzytDtByE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0C0E0FtAzzzz0AtGzy0D0EzztGyE0A0F0EtG0BzyyB0EtG0DtC0E0ByD0ByC0FtCtD0Azz2Q&cr=1136738820&ir=

*************************

AdwCleaner[R0].txt - [2571 bytes] - [22/02/2015 10:42:36]
AdwCleaner[S0].txt - [2488 bytes] - [22/02/2015 10:56:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2547 bytes] ##########
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
That got rid of a bit of unwanted junk
lets see if this finds anything else

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to download and run the 64 bit version

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • under the optional; scans, please also select shorcuts
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
 

harry_mossman

Thread Starter
Joined
Oct 23, 2006
Messages
8
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-02-2015
Ran by Harry (administrator) on HARRY-PC on 22-02-2015 14:00:32
Running from C:\Users\Harry\Desktop
Loaded Profiles: Harry (Available profiles: Harry)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Harry\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13764312 2014-10-07] (Realtek Semiconductor)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-11] (AVAST Software)
HKU\S-1-5-21-1685430807-3390097585-1825448142-1000\...\RunOnce: [Adobe Speed Launcher] => 1424631499
HKU\S-1-5-21-1685430807-3390097585-1825448142-1000\...\MountPoints2: G - G:\SETUP.EXE
HKU\S-1-5-21-1685430807-3390097585-1825448142-1000\...\MountPoints2: {a673e54a-b63e-11e4-9562-001ff3a925dd} - E:\VerizonWirelessUpgradeAssistantSetup.exe -a
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1685430807-3390097585-1825448142-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/search?q=google...10&sp=1&cvid=6ec80a3a32cc400d894a2aa061211c2f
HKU\S-1-5-21-1685430807-3390097585-1825448142-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-11]

Chrome:
=======
CHR HomePage: Default -> https://ixquick.com/eng/advanced-search.html?&cat=web&query=
CHR Profile: C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-09]
CHR Extension: (Google Docs) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-09]
CHR Extension: (Google Drive) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-09]
CHR Extension: (YouTube) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-09]
CHR Extension: (X New Tab Page) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmbfafhdccfgdgnbkgogehiklmemkoh [2014-12-24]
CHR Extension: (Google Search) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-09]
CHR Extension: (微度新标签页(APP)) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmmfcbpgflaeiipmbhelananakfcodj [2015-01-02]
CHR Extension: (Google Sheets) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-09]
CHR Extension: (Avast Online Security) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-12]
CHR Extension: (Tabs to the Front) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiembaoomcehoiehhdldabfgnmphappc [2014-12-24]
CHR Extension: (Start!) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\iniabgbbmccaomaocmhcfioahgipigbh [2015-01-05]
CHR Extension: (Adblock Super) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-01-31]
CHR Extension: (Bookmarked tabs to the front) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmllilpdpplbmjdjhlkagmimpgdflphb [2014-12-24]
CHR Extension: (Google Wallet) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-09]
CHR Extension: (Image Color Picker) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocamglfcdanjnilooepglpjfmjabcgii [2014-12-09]
CHR Extension: (Gmail) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-09]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-11] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2015-02-11] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-02-11] (Avast Software)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-10-31] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-11] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2015-02-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-02-11] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2015-02-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-02-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-11] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-02-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-11] ()
S3 rzjstk; C:\Windows\System32\DRIVERS\rzjstk.sys [27816 2014-09-04] (Razer Inc)
S3 rzkeypadendpt; C:\Windows\System32\DRIVERS\rzkeypadendpt.sys [33448 2014-09-04] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-11-17] (Razer, Inc.)
U4 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-02-11] (Avast Software)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-22 14:00 - 2015-02-22 14:01 - 00011273 _____ () C:\Users\Harry\Desktop\FRST.txt
2015-02-22 14:00 - 2015-02-22 14:00 - 00000000 ____D () C:\FRST
2015-02-22 13:59 - 2015-02-22 13:59 - 02087424 _____ (Farbar) C:\Users\Harry\Desktop\FRST64.exe
2015-02-22 10:42 - 2015-02-22 10:56 - 00000000 ____D () C:\AdwCleaner
2015-02-22 10:41 - 2015-02-22 10:41 - 02126848 _____ () C:\Users\Harry\Downloads\AdwCleaner.exe
2015-02-22 10:25 - 2015-02-22 10:29 - 00051231 _____ () C:\Users\Harry\Downloads\022015 Daily Catch Summary (2) (2) (1).xlsx
2015-02-20 05:26 - 2015-02-20 05:26 - 00000000 ____D () C:\Users\Harry\Desktop\New folder
2015-02-20 01:47 - 2015-02-20 01:47 - 00051280 _____ () C:\Users\Harry\Downloads\021915 Daily Catch Summary (2) (2).xlsx
2015-02-18 15:56 - 2015-02-18 15:56 - 00050011 _____ () C:\Users\Harry\Downloads\021715 Daily Catch Summary .xlsx
2015-02-17 16:41 - 2015-02-17 16:41 - 00048658 _____ () C:\Users\Harry\Downloads\021615 Daily Catch Summary .xlsx
2015-02-17 04:03 - 2015-02-17 16:36 - 00000000 ____D () C:\Users\Harry\Documents\Recipes
2015-02-16 17:14 - 2015-02-16 17:14 - 00047745 _____ () C:\Users\Harry\Downloads\021515 Daily Catch Summary .xlsx
2015-02-16 16:55 - 2015-02-16 16:55 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-02-14 05:15 - 2015-02-14 05:17 - 39739064 _____ (Microsoft Corporation) C:\Users\Harry\Downloads\Windows-KB890830-x64-V5.21.exe
2015-02-13 20:39 - 2015-02-13 20:38 - 00003916 _____ () C:\Users\Public\IBM member addresses.txt
2015-02-13 00:47 - 2015-02-13 00:47 - 00437129 _____ () C:\Users\Harry\Downloads\XENU.ZIP
2015-02-13 00:47 - 2015-02-13 00:47 - 00001002 _____ () C:\Users\Harry\Desktop\Xenu.lnk
2015-02-13 00:47 - 2015-02-13 00:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xenu's Link Sleuth
2015-02-13 00:47 - 2015-02-13 00:47 - 00000000 ____D () C:\Program Files (x86)\Xenu
2015-02-13 00:40 - 2015-02-13 00:40 - 00000000 ____D () C:\Users\Public\website review
2015-02-11 16:35 - 2015-02-11 16:35 - 00000247 _____ () C:\Windows\system32\2015-02-12-00-35-02.040-aswFe.exe-2964.log
2015-02-11 16:34 - 2015-02-11 16:34 - 00000197 _____ () C:\Windows\system32\2015-02-12-00-34-56.096-AvastVBoxSVC.exe-4128.log
2015-02-11 16:30 - 2015-02-11 16:30 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\AVAST Software
2015-02-11 16:29 - 2015-02-11 16:29 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-02-11 16:29 - 2015-02-11 16:29 - 00000000 ____D () C:\Windows\system32\vbox
2015-02-11 16:28 - 2015-02-11 16:28 - 00002077 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk
2015-02-11 16:28 - 2015-02-11 16:28 - 00002017 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk
2015-02-11 16:28 - 2015-02-11 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-02-11 16:27 - 2015-02-22 08:35 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-11 16:27 - 2015-02-11 16:27 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-02-11 16:27 - 2015-02-11 16:27 - 00087912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-02-11 16:27 - 2015-02-11 16:26 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-02-11 16:27 - 2015-02-11 16:26 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-02-11 16:27 - 2015-02-11 16:26 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-02-11 16:27 - 2015-02-11 16:26 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-02-11 16:27 - 2015-02-11 16:26 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-02-11 16:27 - 2015-02-11 16:26 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-02-11 16:27 - 2015-02-11 16:26 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-02-11 16:27 - 2015-02-11 16:26 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2015-02-11 16:26 - 2015-02-11 16:26 - 00449936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2015-02-11 16:26 - 2015-02-11 16:26 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-02-11 16:23 - 2015-02-11 16:23 - 00000000 ____D () C:\Program Files\AVAST Software
2015-02-11 16:22 - 2015-02-11 16:23 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-02-11 16:22 - 2015-02-11 16:22 - 04978536 _____ (AVAST Software) C:\Users\Harry\Downloads\avast_internet_security_setup_online.exe
2015-02-11 16:21 - 2015-02-11 16:21 - 00000000 ____D () C:\Users\Harry\Documents\avast
2015-02-10 07:03 - 2015-02-10 07:03 - 00001764 _____ () C:\Users\Harry\License.avastlic
2015-02-10 07:02 - 2015-02-10 07:03 - 04978536 _____ (AVAST Software) C:\Users\Harry\avast_internet_security_setup_online.exe
2015-02-05 15:46 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-02-05 15:45 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-02-05 15:45 - 2014-12-11 21:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-05 15:45 - 2014-12-11 21:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-05 15:45 - 2014-12-11 21:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-05 15:45 - 2014-12-11 21:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-05 15:45 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-05 15:45 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-05 15:45 - 2014-12-11 21:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-05 15:45 - 2014-12-11 09:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-02-05 15:45 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-02-05 15:45 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-02-05 15:45 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-02-05 15:45 - 2014-11-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-05 15:45 - 2014-11-10 19:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-05 15:45 - 2014-11-10 18:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-05 15:45 - 2013-12-24 15:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-02-05 15:45 - 2013-12-24 14:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-02-05 15:45 - 2013-11-26 00:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-02-05 15:45 - 2013-11-22 14:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-02-05 15:45 - 2012-10-03 09:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-02-05 15:45 - 2012-10-03 09:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-02-05 15:43 - 2011-04-27 19:55 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2015-02-05 15:43 - 2011-04-27 19:54 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2015-01-23 18:45 - 2015-01-23 18:45 - 01145151 _____ () C:\Users\Harry\Downloads\Attachments_2015123.zip
2015-01-23 18:38 - 2015-02-22 13:03 - 00019456 _____ () C:\Users\Harry\Documents\pwds.xlsx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-22 13:15 - 2014-12-09 17:04 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-22 12:26 - 2014-12-07 18:46 - 01111652 _____ () C:\Windows\WindowsUpdate.log
2015-02-22 11:05 - 2009-07-13 20:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-22 11:05 - 2009-07-13 20:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-22 10:58 - 2014-12-09 17:04 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-22 10:57 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-22 10:57 - 2009-07-13 20:51 - 00045993 _____ () C:\Windows\setupact.log
2015-02-22 09:15 - 2015-01-19 05:10 - 00000098 _____ () C:\Users\Harry\AppData\Roaming\WB.CFG
2015-02-22 08:31 - 2010-11-20 19:47 - 00006458 _____ () C:\Windows\PFRO.log
2015-02-21 22:56 - 2014-12-09 11:58 - 00000000 ____D () C:\Users\Harry\AppData\Local\FirestormOS_x64
2015-02-19 17:17 - 2014-12-09 17:05 - 00002230 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-17 19:51 - 2009-07-13 21:13 - 00778834 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-14 22:38 - 2014-12-09 17:50 - 00000000 ____D () C:\Users\Harry\AppData\Local\Microsoft Help
2015-02-14 18:57 - 2014-12-09 19:23 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-02-14 18:05 - 2014-12-09 18:30 - 00000000 ____D () C:\Users\Harry\Documents\magic
2015-02-13 22:08 - 2014-12-07 19:05 - 00000000 ____D () C:\Users\Harry\AppData\Local\VirtualStore
2015-02-13 00:41 - 2014-12-09 18:31 - 00000000 ____D () C:\Users\Harry\Documents\Websites
2015-02-13 00:33 - 2014-12-30 19:50 - 00000000 ____D () C:\Users\Public\from lenova
2015-02-10 07:03 - 2014-12-07 19:05 - 00000000 ____D () C:\Users\Harry
2015-02-07 19:07 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2015-02-05 17:47 - 2014-12-20 03:27 - 00772214 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-05 17:44 - 2014-12-09 17:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-05 17:23 - 2014-12-09 17:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-02-05 15:54 - 2014-12-10 09:59 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-05 04:10 - 2014-12-09 17:04 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 04:10 - 2014-12-09 17:04 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 02:34 - 2009-07-13 21:08 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-29 17:49 - 2014-12-10 09:59 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-12-22 05:16 - 2014-12-22 05:16 - 0000000 _____ () C:\Users\Harry\AppData\Roaming\METAbolt8a42b2d5-ef7f-4cfd-9091-8ba5f05530d3_fr_groups.ini
2015-01-19 05:10 - 2015-02-22 09:15 - 0000098 _____ () C:\Users\Harry\AppData\Roaming\WB.CFG
2014-12-09 13:14 - 2014-12-09 13:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Users\Harry\avast_internet_security_setup_online.exe


Some content of TEMP:
====================
C:\Users\Harry\AppData\Local\Temp\ose00000.exe
C:\Users\Harry\AppData\Local\Temp\Quarantine.exe
C:\Users\Harry\AppData\Local\Temp\readSTILog.dll
C:\Users\Harry\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-14 21:20

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-02-2015
Ran by Harry at 2015-02-22 14:01:21
Running from C:\Users\Harry\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Dreamweaver CS5 (HKLM-x32\...\{C79312BD-3E76-4474-A10C-1435D1856A4B}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
ATI Catalyst Install Manager (HKLM\...\{3EB2D627-3883-3D49-7AD1-227C96509958}) (Version: 3.0.808.0 - ATI Technologies, Inc.)
ATI Problem Report Wizard (Version: 3.0.808.0 - ATI Technologies) Hidden
Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
EyeDefender 1.08 (HKU\S-1-5-21-1685430807-3390097585-1825448142-1000\...\EyeDefender) (Version: - )
Firestorm SecondLife and OpenSim viewer (Version: 4.6.42398 - Phoenix Viewer Project) Hidden
Firestorm-Releasex64 x64 (HKLM-x32\...\{5b0b9787-398d-46f9-ab2c-4f0ad6671f84}) (Version: 4.6.42398 - Phoenix Firestorm Project Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
METAbolt (HKU\S-1-5-21-1685430807-3390097585-1825448142-1000\...\METAbolt 0.9.71) (Version: 0.9.53.0 - www.metabolt.net)
METAbolt (x32 Version: 0.9.71 - CasperTech Ltd) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.18.23036 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7368 - Realtek Semiconductor Corp.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Xenu's Link Sleuth (HKLM-x32\...\Xenu's Link Sleuth) (Version: 1.3.8 - Tilman Hausherr)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

09-12-2014 11:36:52 Installed Adobe Photoshop Elements 10.
09-12-2014 12:07:46 Windows Update
09-12-2014 13:12:48 Installed Realtek High Definition Audio Driver
09-12-2014 17:49:40 Installed Microsoft Office Home and Student 2007
09-12-2014 18:00:22 Firestorm-Releasex64 x64
09-12-2014 19:24:36 Windows Update
09-12-2014 19:31:23 Windows Update
10-12-2014 09:22:52 Windows Update
13-12-2014 17:00:24 Windows Update
16-12-2014 20:35:00 Windows Update
20-12-2014 03:13:42 Windows Update
20-12-2014 03:20:30 Windows Update
20-12-2014 03:29:49 Installed Razer Synapse 2.0.
22-12-2014 04:36:06 Installed METAbolt
24-12-2014 02:23:54 Windows Update
27-12-2014 18:35:24 Windows Update
31-12-2014 02:56:50 Windows Update
03-01-2015 04:06:18 Windows Update
06-01-2015 17:13:19 Windows Update
10-01-2015 02:22:48 Windows Update
13-01-2015 23:56:02 Windows Update
18-01-2015 03:26:11 Windows Update
21-01-2015 04:17:56 Windows Update
24-01-2015 21:02:57 Windows Update
28-01-2015 14:57:19 Windows Update
01-02-2015 09:03:37 Windows Update
05-02-2015 15:46:33 Windows Update
08-02-2015 18:29:51 Windows Update
11-02-2015 16:23:32 avast! antivirus system restore point
11-02-2015 16:27:56 Device Driver Package Install: Avast Network Service
12-02-2015 17:42:53 Windows Update
17-02-2015 19:56:02 Windows Backup
22-02-2015 10:34:00 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1DA33F4C-ECED-4706-A8F4-CA941A9C0E28} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-09] (Google Inc.)
Task: {52362A42-44FD-4584-BD5E-62F03BE8C189} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-02-11] (AVAST Software)
Task: {7C9EA6B7-37BB-4F36-AA2A-2788B72AD8F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-09] (Google Inc.)
Task: {CE2F4755-6AC3-436C-89B2-068083C04741} - System32\Tasks\AdobeAAMUpdater-1.0-Harry-PC-Harry => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-10-31 15:27 - 2014-10-31 15:27 - 00183488 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2014-11-20 00:23 - 2014-11-20 00:23 - 00289792 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2015-02-22 08:36 - 2015-02-22 08:36 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15022201\algo.dll
2015-02-11 16:26 - 2015-02-11 16:26 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-20 03:48 - 2014-01-03 16:20 - 34755072 _____ () C:\Users\Harry\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2014-11-19 22:02 - 2014-11-19 22:02 - 00193024 _____ () C:\ProgramData\Razer\Synapse\RzStats\RigWrapper.dll
2014-12-20 03:48 - 2014-01-03 16:20 - 00970240 _____ () C:\Users\Harry\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\ffmpegsumo.dll
2015-02-19 17:17 - 2015-02-17 14:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-19 17:17 - 2015-02-17 14:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-19 17:17 - 2015-02-17 14:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Harry\Documents\cats.txt:AFP_Resource

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1685430807-3390097585-1825448142-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-1685430807-3390097585-1825448142-500 - Administrator - Disabled)
Guest (S-1-5-21-1685430807-3390097585-1825448142-501 - Limited - Enabled)
Harry (S-1-5-21-1685430807-3390097585-1825448142-1000 - Administrator - Enabled) => C:\Users\Harry

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Built-in iSight
Description: Built-in iSight
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/22/2015 10:58:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/22/2015 08:33:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/22/2015 02:08:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/19/2015 09:10:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/19/2015 04:29:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/19/2015 04:36:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/18/2015 03:53:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/18/2015 03:49:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/17/2015 11:31:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/17/2015 04:35:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (02/22/2015 10:56:11 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Razer Game Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (02/22/2015 10:56:11 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (02/22/2015 10:56:11 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/22/2015 10:56:10 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/22/2015 10:56:10 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Active File Monitor V10 service terminated unexpectedly. It has done this 1 time(s).

Error: (02/22/2015 10:56:10 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/22/2015 10:56:10 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).

Error: (02/19/2015 11:42:32 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

Error: (02/19/2015 11:42:31 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (02/19/2015 09:10:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Razer Game Scanner service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E8335 @ 2.66GHz
Percentage of memory in use: 40%
Total physical RAM: 4076.8 MB
Available physical RAM: 2434.46 MB
Total Pagefile: 8151.79 MB
Available Pagefile: 6063.53 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.77 GB) (Free:8.15 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 00007EEA)

Partition: GPT Partition Type.
Partition 2: (Not Active) - (Size=149 GB) - (Type=AF)
Partition 3: (Active) - (Size=148.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
nothing showing wrong there
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top