1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Is this java pop-up malware?

Discussion in 'Virus & Other Malware Removal' started by harry_mossman, Feb 22, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. harry_mossman

    harry_mossman Thread Starter

    Joined:
    Oct 23, 2006
    Messages:
    8
    Chrome opens and this pops up. Avast says I'm clean but it looks suspicious.
     

    Attached Files:

  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,342
    First Name:
    Derek
    it looks like a fake java pop up
    it doesn't mean that anything is on your computer and is very common on many dubious websites
    If you didn't follow the links and didn't run the file it attempts to download you should be ok

    Click on this link to download : ADWCleaner Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop. Do not click on any links in the top Advert.

    See the screenshot where the proper download buttons are highlighted
    [​IMG]

    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

    Close your browser and double click on this icon on your desktop:

    [​IMG]

    You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done, you will get a message saying "PENDING" , Ignore that & click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.
    Please note: the newer versions of Adwcleaner have a pretty colour display on some versions of windows and slightly different icons. The screenshots are from the older version but are basically the same

    [​IMG]
     
  3. harry_mossman

    harry_mossman Thread Starter

    Joined:
    Oct 23, 2006
    Messages:
    8
    # AdwCleaner v4.111 - Logfile created 22/02/2015 at 10:56:06
    # Updated 18/02/2015 by Xplode
    # Database : 2015-02-18.3 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (x64)
    # Username : Harry - HARRY-PC
    # Running from : C:\Users\Harry\Downloads\AdwCleaner.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mipony
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverFinder
    Folder Deleted : C:\Program Files (x86)\DriverFinder
    Folder Deleted : C:\Users\Harry\AppData\Roaming\DigitalSites
    Folder Deleted : C:\Users\Harry\AppData\Roaming\DriverFinder
    File Deleted : C:\Users\Public\Desktop\DriverFinder.lnk
    File Deleted : C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
    File Deleted : C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage

    ***** [ Scheduled tasks ] *****

    Task Deleted : Digital Sites
    Task Deleted : DriverFinder

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
    Key Deleted : HKCU\Software\DriverFinder
    Key Deleted : HKLM\SOFTWARE\Conduit
    Key Deleted : HKLM\SOFTWARE\DriverFinder
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverFinder

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17496


    -\\ Google Chrome v40.0.2214.115

    [C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_dnldstr_15_06&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0AzytDtDzyzz0AzztAzy0DtN0D0Tzu0StCtCtAyEtN1L2XzutAtFyBtFyBtFzztN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0C0E0F0EtBzztDtGtCtB0F0BtGtCtAtD0FtG0DyEyB0AtGtDtAtC0FtCtDtDyCzytDtByE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0C0E0FtAzzzz0AtGzy0D0EzztGyE0A0F0EtG0BzyyB0EtG0DtC0E0ByD0ByC0FtCtD0Azz2Q&cr=1136738820&ir=

    *************************

    AdwCleaner[R0].txt - [2571 bytes] - [22/02/2015 10:42:36]
    AdwCleaner[S0].txt - [2488 bytes] - [22/02/2015 10:56:06]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2547 bytes] ##########
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,342
    First Name:
    Derek
    That got rid of a bit of unwanted junk
    lets see if this finds anything else

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to download and run the 64 bit version

    • Right click to run as administrator. When the tool opens click Yes to disclaimer.
    • under the optional; scans, please also select shorcuts
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
     
  5. harry_mossman

    harry_mossman Thread Starter

    Joined:
    Oct 23, 2006
    Messages:
    8
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-02-2015
    Ran by Harry (administrator) on HARRY-PC on 22-02-2015 14:00:32
    Running from C:\Users\Harry\Desktop
    Loaded Profiles: Harry (Available profiles: Harry)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
    () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
    () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
    (Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
    (Razer, Inc.) C:\Users\Harry\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13764312 2014-10-07] (Realtek Semiconductor)
    HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-02] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-11] (AVAST Software)
    HKU\S-1-5-21-1685430807-3390097585-1825448142-1000\...\RunOnce: [Adobe Speed Launcher] => 1424631499
    HKU\S-1-5-21-1685430807-3390097585-1825448142-1000\...\MountPoints2: G - G:\SETUP.EXE
    HKU\S-1-5-21-1685430807-3390097585-1825448142-1000\...\MountPoints2: {a673e54a-b63e-11e4-9562-001ff3a925dd} - E:\VerizonWirelessUpgradeAssistantSetup.exe -a
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-1685430807-3390097585-1825448142-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/search?q=google...10&sp=1&cvid=6ec80a3a32cc400d894a2aa061211c2f
    HKU\S-1-5-21-1685430807-3390097585-1825448142-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

    FireFox:
    ========
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-11]

    Chrome:
    =======
    CHR HomePage: Default -> https://ixquick.com/eng/advanced-search.html?&cat=web&query=
    CHR Profile: C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-09]
    CHR Extension: (Google Docs) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-09]
    CHR Extension: (Google Drive) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-09]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-09]
    CHR Extension: (YouTube) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-09]
    CHR Extension: (X New Tab Page) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmbfafhdccfgdgnbkgogehiklmemkoh [2014-12-24]
    CHR Extension: (Google Search) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-09]
    CHR Extension: (微度新标签页(APP)) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmmfcbpgflaeiipmbhelananakfcodj [2015-01-02]
    CHR Extension: (Google Sheets) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-09]
    CHR Extension: (Avast Online Security) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-12]
    CHR Extension: (Tabs to the Front) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiembaoomcehoiehhdldabfgnmphappc [2014-12-24]
    CHR Extension: (Start!) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\iniabgbbmccaomaocmhcfioahgipigbh [2015-01-05]
    CHR Extension: (Adblock Super) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-01-31]
    CHR Extension: (Bookmarked tabs to the front) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmllilpdpplbmjdjhlkagmimpgdflphb [2014-12-24]
    CHR Extension: (Google Wallet) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-09]
    CHR Extension: (Image Color Picker) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocamglfcdanjnilooepglpjfmjabcgii [2014-12-09]
    CHR Extension: (Gmail) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-09]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-11]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-11] (AVAST Software)
    R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2015-02-11] (AVAST Software)
    S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-02-11] (Avast Software)
    R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-10-31] ()
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-11] ()
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2015-02-11] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-02-11] (AVAST Software)
    R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2015-02-11] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-02-11] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-11] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-11] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-11] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-02-11] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-11] ()
    S3 rzjstk; C:\Windows\System32\DRIVERS\rzjstk.sys [27816 2014-09-04] (Razer Inc)
    S3 rzkeypadendpt; C:\Windows\System32\DRIVERS\rzkeypadendpt.sys [33448 2014-09-04] (Razer Inc)
    R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.)
    R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-11-17] (Razer, Inc.)
    U4 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-02-11] (Avast Software)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-22 14:00 - 2015-02-22 14:01 - 00011273 _____ () C:\Users\Harry\Desktop\FRST.txt
    2015-02-22 14:00 - 2015-02-22 14:00 - 00000000 ____D () C:\FRST
    2015-02-22 13:59 - 2015-02-22 13:59 - 02087424 _____ (Farbar) C:\Users\Harry\Desktop\FRST64.exe
    2015-02-22 10:42 - 2015-02-22 10:56 - 00000000 ____D () C:\AdwCleaner
    2015-02-22 10:41 - 2015-02-22 10:41 - 02126848 _____ () C:\Users\Harry\Downloads\AdwCleaner.exe
    2015-02-22 10:25 - 2015-02-22 10:29 - 00051231 _____ () C:\Users\Harry\Downloads\022015 Daily Catch Summary (2) (2) (1).xlsx
    2015-02-20 05:26 - 2015-02-20 05:26 - 00000000 ____D () C:\Users\Harry\Desktop\New folder
    2015-02-20 01:47 - 2015-02-20 01:47 - 00051280 _____ () C:\Users\Harry\Downloads\021915 Daily Catch Summary (2) (2).xlsx
    2015-02-18 15:56 - 2015-02-18 15:56 - 00050011 _____ () C:\Users\Harry\Downloads\021715 Daily Catch Summary .xlsx
    2015-02-17 16:41 - 2015-02-17 16:41 - 00048658 _____ () C:\Users\Harry\Downloads\021615 Daily Catch Summary .xlsx
    2015-02-17 04:03 - 2015-02-17 16:36 - 00000000 ____D () C:\Users\Harry\Documents\Recipes
    2015-02-16 17:14 - 2015-02-16 17:14 - 00047745 _____ () C:\Users\Harry\Downloads\021515 Daily Catch Summary .xlsx
    2015-02-16 16:55 - 2015-02-16 16:55 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    2015-02-14 05:15 - 2015-02-14 05:17 - 39739064 _____ (Microsoft Corporation) C:\Users\Harry\Downloads\Windows-KB890830-x64-V5.21.exe
    2015-02-13 20:39 - 2015-02-13 20:38 - 00003916 _____ () C:\Users\Public\IBM member addresses.txt
    2015-02-13 00:47 - 2015-02-13 00:47 - 00437129 _____ () C:\Users\Harry\Downloads\XENU.ZIP
    2015-02-13 00:47 - 2015-02-13 00:47 - 00001002 _____ () C:\Users\Harry\Desktop\Xenu.lnk
    2015-02-13 00:47 - 2015-02-13 00:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xenu's Link Sleuth
    2015-02-13 00:47 - 2015-02-13 00:47 - 00000000 ____D () C:\Program Files (x86)\Xenu
    2015-02-13 00:40 - 2015-02-13 00:40 - 00000000 ____D () C:\Users\Public\website review
    2015-02-11 16:35 - 2015-02-11 16:35 - 00000247 _____ () C:\Windows\system32\2015-02-12-00-35-02.040-aswFe.exe-2964.log
    2015-02-11 16:34 - 2015-02-11 16:34 - 00000197 _____ () C:\Windows\system32\2015-02-12-00-34-56.096-AvastVBoxSVC.exe-4128.log
    2015-02-11 16:30 - 2015-02-11 16:30 - 00000000 ____D () C:\Users\Harry\AppData\Roaming\AVAST Software
    2015-02-11 16:29 - 2015-02-11 16:29 - 00000000 ____D () C:\Windows\SysWOW64\vbox
    2015-02-11 16:29 - 2015-02-11 16:29 - 00000000 ____D () C:\Windows\system32\vbox
    2015-02-11 16:28 - 2015-02-11 16:28 - 00002077 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk
    2015-02-11 16:28 - 2015-02-11 16:28 - 00002017 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk
    2015-02-11 16:28 - 2015-02-11 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2015-02-11 16:27 - 2015-02-22 08:35 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2015-02-11 16:27 - 2015-02-11 16:27 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
    2015-02-11 16:27 - 2015-02-11 16:27 - 00087912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
    2015-02-11 16:27 - 2015-02-11 16:26 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2015-02-11 16:27 - 2015-02-11 16:26 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2015-02-11 16:27 - 2015-02-11 16:26 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2015-02-11 16:27 - 2015-02-11 16:26 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2015-02-11 16:27 - 2015-02-11 16:26 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2015-02-11 16:27 - 2015-02-11 16:26 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2015-02-11 16:27 - 2015-02-11 16:26 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2015-02-11 16:27 - 2015-02-11 16:26 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
    2015-02-11 16:26 - 2015-02-11 16:26 - 00449936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
    2015-02-11 16:26 - 2015-02-11 16:26 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2015-02-11 16:23 - 2015-02-11 16:23 - 00000000 ____D () C:\Program Files\AVAST Software
    2015-02-11 16:22 - 2015-02-11 16:23 - 00000000 ____D () C:\ProgramData\AVAST Software
    2015-02-11 16:22 - 2015-02-11 16:22 - 04978536 _____ (AVAST Software) C:\Users\Harry\Downloads\avast_internet_security_setup_online.exe
    2015-02-11 16:21 - 2015-02-11 16:21 - 00000000 ____D () C:\Users\Harry\Documents\avast
    2015-02-10 07:03 - 2015-02-10 07:03 - 00001764 _____ () C:\Users\Harry\License.avastlic
    2015-02-10 07:02 - 2015-02-10 07:03 - 04978536 _____ (AVAST Software) C:\Users\Harry\avast_internet_security_setup_online.exe
    2015-02-05 15:46 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-02-05 15:45 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-02-05 15:45 - 2014-12-11 21:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-02-05 15:45 - 2014-12-11 21:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-02-05 15:45 - 2014-12-11 21:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-02-05 15:45 - 2014-12-11 21:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-02-05 15:45 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-02-05 15:45 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-02-05 15:45 - 2014-12-11 21:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-02-05 15:45 - 2014-12-11 09:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-02-05 15:45 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-02-05 15:45 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2015-02-05 15:45 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2015-02-05 15:45 - 2014-11-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-02-05 15:45 - 2014-11-10 19:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-02-05 15:45 - 2014-11-10 18:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2015-02-05 15:45 - 2013-12-24 15:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
    2015-02-05 15:45 - 2013-12-24 14:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
    2015-02-05 15:45 - 2013-11-26 00:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
    2015-02-05 15:45 - 2013-11-22 14:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
    2015-02-05 15:45 - 2012-10-03 09:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
    2015-02-05 15:45 - 2012-10-03 09:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
    2015-02-05 15:43 - 2011-04-27 19:55 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
    2015-02-05 15:43 - 2011-04-27 19:54 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
    2015-01-23 18:45 - 2015-01-23 18:45 - 01145151 _____ () C:\Users\Harry\Downloads\Attachments_2015123.zip
    2015-01-23 18:38 - 2015-02-22 13:03 - 00019456 _____ () C:\Users\Harry\Documents\pwds.xlsx

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-22 13:15 - 2014-12-09 17:04 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-02-22 12:26 - 2014-12-07 18:46 - 01111652 _____ () C:\Windows\WindowsUpdate.log
    2015-02-22 11:05 - 2009-07-13 20:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-02-22 11:05 - 2009-07-13 20:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-02-22 10:58 - 2014-12-09 17:04 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-02-22 10:57 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-02-22 10:57 - 2009-07-13 20:51 - 00045993 _____ () C:\Windows\setupact.log
    2015-02-22 09:15 - 2015-01-19 05:10 - 00000098 _____ () C:\Users\Harry\AppData\Roaming\WB.CFG
    2015-02-22 08:31 - 2010-11-20 19:47 - 00006458 _____ () C:\Windows\PFRO.log
    2015-02-21 22:56 - 2014-12-09 11:58 - 00000000 ____D () C:\Users\Harry\AppData\Local\FirestormOS_x64
    2015-02-19 17:17 - 2014-12-09 17:05 - 00002230 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-02-17 19:51 - 2009-07-13 21:13 - 00778834 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-02-14 22:38 - 2014-12-09 17:50 - 00000000 ____D () C:\Users\Harry\AppData\Local\Microsoft Help
    2015-02-14 18:57 - 2014-12-09 19:23 - 00001945 _____ () C:\Windows\epplauncher.mif
    2015-02-14 18:05 - 2014-12-09 18:30 - 00000000 ____D () C:\Users\Harry\Documents\magic
    2015-02-13 22:08 - 2014-12-07 19:05 - 00000000 ____D () C:\Users\Harry\AppData\Local\VirtualStore
    2015-02-13 00:41 - 2014-12-09 18:31 - 00000000 ____D () C:\Users\Harry\Documents\Websites
    2015-02-13 00:33 - 2014-12-30 19:50 - 00000000 ____D () C:\Users\Public\from lenova
    2015-02-10 07:03 - 2014-12-07 19:05 - 00000000 ____D () C:\Users\Harry
    2015-02-07 19:07 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
    2015-02-05 17:47 - 2014-12-20 03:27 - 00772214 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2015-02-05 17:44 - 2014-12-09 17:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-02-05 17:23 - 2014-12-09 17:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
    2015-02-05 15:54 - 2014-12-10 09:59 - 00000000 ____D () C:\Windows\system32\MRT
    2015-02-05 04:10 - 2014-12-09 17:04 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-02-05 04:10 - 2014-12-09 17:04 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-02-05 02:34 - 2009-07-13 21:08 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-01-29 17:49 - 2014-12-10 09:59 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

    ==================== Files in the root of some directories =======

    2014-12-22 05:16 - 2014-12-22 05:16 - 0000000 _____ () C:\Users\Harry\AppData\Roaming\METAbolt8a42b2d5-ef7f-4cfd-9091-8ba5f05530d3_fr_groups.ini
    2015-01-19 05:10 - 2015-02-22 09:15 - 0000098 _____ () C:\Users\Harry\AppData\Roaming\WB.CFG
    2014-12-09 13:14 - 2014-12-09 13:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

    Files to move or delete:
    ====================
    C:\Users\Harry\avast_internet_security_setup_online.exe


    Some content of TEMP:
    ====================
    C:\Users\Harry\AppData\Local\Temp\ose00000.exe
    C:\Users\Harry\AppData\Local\Temp\Quarantine.exe
    C:\Users\Harry\AppData\Local\Temp\readSTILog.dll
    C:\Users\Harry\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-02-14 21:20

    ==================== End Of Log ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-02-2015
    Ran by Harry at 2015-02-22 14:01:21
    Running from C:\Users\Harry\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
    Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
    Adobe Dreamweaver CS5 (HKLM-x32\...\{C79312BD-3E76-4474-A10C-1435D1856A4B}) (Version: 11.0 - Adobe Systems Incorporated)
    Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
    Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
    Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    ATI Catalyst Install Manager (HKLM\...\{3EB2D627-3883-3D49-7AD1-227C96509958}) (Version: 3.0.808.0 - ATI Technologies, Inc.)
    ATI Problem Report Wizard (Version: 3.0.808.0 - ATI Technologies) Hidden
    Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
    Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    EyeDefender 1.08 (HKU\S-1-5-21-1685430807-3390097585-1825448142-1000\...\EyeDefender) (Version: - )
    Firestorm SecondLife and OpenSim viewer (Version: 4.6.42398 - Phoenix Viewer Project) Hidden
    Firestorm-Releasex64 x64 (HKLM-x32\...\{5b0b9787-398d-46f9-ab2c-4f0ad6671f84}) (Version: 4.6.42398 - Phoenix Firestorm Project Inc)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    METAbolt (HKU\S-1-5-21-1685430807-3390097585-1825448142-1000\...\METAbolt 0.9.71) (Version: 0.9.53.0 - www.metabolt.net)
    METAbolt (x32 Version: 0.9.71 - CasperTech Ltd) Hidden
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.18.23036 - Razer Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7368 - Realtek Semiconductor Corp.)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Xenu's Link Sleuth (HKLM-x32\...\Xenu's Link Sleuth) (Version: 1.3.8 - Tilman Hausherr)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    09-12-2014 11:36:52 Installed Adobe Photoshop Elements 10.
    09-12-2014 12:07:46 Windows Update
    09-12-2014 13:12:48 Installed Realtek High Definition Audio Driver
    09-12-2014 17:49:40 Installed Microsoft Office Home and Student 2007
    09-12-2014 18:00:22 Firestorm-Releasex64 x64
    09-12-2014 19:24:36 Windows Update
    09-12-2014 19:31:23 Windows Update
    10-12-2014 09:22:52 Windows Update
    13-12-2014 17:00:24 Windows Update
    16-12-2014 20:35:00 Windows Update
    20-12-2014 03:13:42 Windows Update
    20-12-2014 03:20:30 Windows Update
    20-12-2014 03:29:49 Installed Razer Synapse 2.0.
    22-12-2014 04:36:06 Installed METAbolt
    24-12-2014 02:23:54 Windows Update
    27-12-2014 18:35:24 Windows Update
    31-12-2014 02:56:50 Windows Update
    03-01-2015 04:06:18 Windows Update
    06-01-2015 17:13:19 Windows Update
    10-01-2015 02:22:48 Windows Update
    13-01-2015 23:56:02 Windows Update
    18-01-2015 03:26:11 Windows Update
    21-01-2015 04:17:56 Windows Update
    24-01-2015 21:02:57 Windows Update
    28-01-2015 14:57:19 Windows Update
    01-02-2015 09:03:37 Windows Update
    05-02-2015 15:46:33 Windows Update
    08-02-2015 18:29:51 Windows Update
    11-02-2015 16:23:32 avast! antivirus system restore point
    11-02-2015 16:27:56 Device Driver Package Install: Avast Network Service
    12-02-2015 17:42:53 Windows Update
    17-02-2015 19:56:02 Windows Backup
    22-02-2015 10:34:00 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {1DA33F4C-ECED-4706-A8F4-CA941A9C0E28} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-09] (Google Inc.)
    Task: {52362A42-44FD-4584-BD5E-62F03BE8C189} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-02-11] (AVAST Software)
    Task: {7C9EA6B7-37BB-4F36-AA2A-2788B72AD8F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-09] (Google Inc.)
    Task: {CE2F4755-6AC3-436C-89B2-068083C04741} - System32\Tasks\AdobeAAMUpdater-1.0-Harry-PC-Harry => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) ==============

    2014-10-31 15:27 - 2014-10-31 15:27 - 00183488 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
    2014-11-20 00:23 - 2014-11-20 00:23 - 00289792 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
    2015-02-22 08:36 - 2015-02-22 08:36 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15022201\algo.dll
    2015-02-11 16:26 - 2015-02-11 16:26 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-12-20 03:48 - 2014-01-03 16:20 - 34755072 _____ () C:\Users\Harry\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
    2014-11-19 22:02 - 2014-11-19 22:02 - 00193024 _____ () C:\ProgramData\Razer\Synapse\RzStats\RigWrapper.dll
    2014-12-20 03:48 - 2014-01-03 16:20 - 00970240 _____ () C:\Users\Harry\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\ffmpegsumo.dll
    2015-02-19 17:17 - 2015-02-17 14:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
    2015-02-19 17:17 - 2015-02-17 14:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
    2015-02-19 17:17 - 2015-02-17 14:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\Harry\Documents\cats.txt:AFP_Resource

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1685430807-3390097585-1825448142-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.254

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1685430807-3390097585-1825448142-500 - Administrator - Disabled)
    Guest (S-1-5-21-1685430807-3390097585-1825448142-501 - Limited - Enabled)
    Harry (S-1-5-21-1685430807-3390097585-1825448142-1000 - Administrator - Enabled) => C:\Users\Harry

    ==================== Faulty Device Manager Devices =============

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Built-in iSight
    Description: Built-in iSight
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/22/2015 10:58:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/22/2015 08:33:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/22/2015 02:08:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/19/2015 09:10:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/19/2015 04:29:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/19/2015 04:36:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/18/2015 03:53:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/18/2015 03:49:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/17/2015 11:31:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/17/2015 04:35:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    System errors:
    =============
    Error: (02/22/2015 10:56:11 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Razer Game Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

    Error: (02/22/2015 10:56:11 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (02/22/2015 10:56:11 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (02/22/2015 10:56:10 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (02/22/2015 10:56:10 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Adobe Active File Monitor V10 service terminated unexpectedly. It has done this 1 time(s).

    Error: (02/22/2015 10:56:10 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Error: (02/22/2015 10:56:10 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).

    Error: (02/19/2015 11:42:32 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
    Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

    Error: (02/19/2015 11:42:31 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.

    Error: (02/19/2015 09:10:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Razer Game Scanner service failed to start due to the following error:
    %%1053


    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 Duo CPU E8335 @ 2.66GHz
    Percentage of memory in use: 40%
    Total physical RAM: 4076.8 MB
    Available physical RAM: 2434.46 MB
    Total Pagefile: 8151.79 MB
    Available Pagefile: 6063.53 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.84 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:148.77 GB) (Free:8.15 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 00007EEA)

    Partition: GPT Partition Type.
    Partition 2: (Not Active) - (Size=149 GB) - (Type=AF)
    Partition 3: (Active) - (Size=148.8 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,342
    First Name:
    Derek
    nothing showing wrong there
     
  7. harry_mossman

    harry_mossman Thread Starter

    Joined:
    Oct 23, 2006
    Messages:
    8
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1143595

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice