Slow Computer and Pop ups

Started by marykatepenczkowski, June 17, 2017, 09:30:11 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

marykatepenczkowski

June 17, 2017, 09:30:11 PM
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by Joe (administrator) on JOE-PC on 17-06-2017 17:26:14
Running from C:\Users\Joe\Desktop
Loaded Profiles: Joe (Available Profiles: Joe)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(TOSHIBA Corporation) C:\windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Intel Corporation) C:\windows\System32\igfxtray.exe
(Intel Corporation) C:\windows\System32\hkcmd.exe
(Intel Corporation) C:\windows\System32\igfxsrvc.exe
(Intel Corporation) C:\windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
() C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TBatmgrTrayicon.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dropbox, Inc.) C:\Users\Joe\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dropbox, Inc.) C:\Users\Joe\AppData\Roaming\Dropbox\bin\Dropbox.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Dropbox, Inc.) C:\Users\Joe\AppData\Roaming\Dropbox\bin\Dropbox.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Toshiba) C:\Program Files (x86)\TOSHIBA\Toshiba App Place\ToshibaAppPlace.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(TOSHIBA) C:\Program Files\Toshiba\FlashCards\Hotkey\TDUNotify\TDUSrv64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Users\Joe\AppData\Roaming\Dropbox\bin\QtWebEngineProcess.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoHook.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Joe\Desktop\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3244360 2014-03-04] (ELAN Microelectronics Corp.)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2853968 2014-02-25] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [595840 2012-03-02] ()
HKLM\...\Run: [BatteryManager] => C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.exe [287104 2014-04-16] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1604168 2013-11-26] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [711040 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-09-17] (Intel Corporation)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [1957888 2014-03-18] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2011-03-10] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8900328 2016-08-08] (AVAST Software)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2016-06-23] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2453210972-4124027295-3102212268-1001\...\Run: [Dropbox Update] => C:\Users\Joe\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
HKU\S-1-5-18\...\Run: [ooVoo.exe] => C:\Program Files (x86)\ooVoo\oovoo.exe [36207136 2015-02-08] (ooVoo LLC)
Startup: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-04-26]
ShortcutTarget: Dropbox.lnk -> C:\Users\Joe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-07-11] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-2453210972-4124027295-3102212268-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2453210972-4124027295-3102212268-1001 -> {83376ADD-5F7C-4AC1-AFF7-ADB28025C843} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-07-11] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-07-11] (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F97807D8-17EA-4102-A1A7-C03CFA318212}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2453210972-4124027295-3102212268-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Joe\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-06-12] (Citrix Online)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-10]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-07-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

Chrome:
=======
CHR Profile: C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (DirectionsAce) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahehdmobmeekpkadlpcfdafoljkkdidk [2016-10-01]
CHR Extension: (FreeLocalWeather) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\akbmkokbdbkfgnciimgbpndidcookica [2017-02-26]
CHR Extension: (Go Maps) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apbfeadghclonbhmheohmhofheebhcpn [2017-02-12]
CHR Extension: (HowToSimplified) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aphhcpicekcjmihapodeldpbgpjjnlgb [2017-02-18]
CHR Extension: (Ask Web Search) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bonccgihhlgaimmpbjfciihkgkoaplkb [2017-02-18]
CHR Extension: (OnlineMapFinder) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd [2017-02-12]
CHR Extension: (DirectionsAce) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\flbinhdpldpcgfibejddnpngikllebop [2017-04-19]
CHR Extension: (Avast Online Security) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-05]
CHR Extension: (Directions and Maps V2.0) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijajbkohdibpdiocanmbnmejekaaembo [2017-03-26]
CHR Extension: (MapsGalaxy) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn [2017-05-20]
CHR Extension: (Yahoo Homepage) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccfgghhbihbhomnlnadpjhkhmmboanj [2016-07-28]
CHR Extension: (Directions and Maps V2.2) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\jikhomiapjkgcbfliajoibpdndhfhpaa [2017-03-26]
CHR Extension: (EasyDocMerge) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp [2017-01-04]
CHR Extension: (Directions and Maps V2.3) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\miocdidnaandmhoncmppenehgcaiachi [2017-03-26]
CHR Extension: (My News Wire) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nelgppggmehjdbmjlogdflbjfepolngi [2017-01-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR Extension: (Chrome Media Router) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-02]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-07-11] (AVAST Software)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-02-25] (WildTangent)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-07-11] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-07-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108304 2016-07-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-07-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-07-11] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-07-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [473592 2016-07-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162904 2016-07-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-05] (AVAST Software)
R3 ETDSMBus; C:\Windows\System32\DRIVERS\ETDSMBus.sys [24904 2014-02-06] (ELAN Microelectronic Corp.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-21] (Intel Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-12-23] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [291032 2013-11-22] (Realtek Semiconductor Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-17 17:26 - 2017-06-17 17:26 - 00018629 _____ C:\Users\Joe\Desktop\FRST.txt
2017-06-14 16:31 - 2017-06-14 16:31 - 00000000 ____D C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-17 17:26 - 2015-07-02 09:50 - 00000000 ____D C:\FRST
2017-06-17 17:20 - 2014-06-06 13:25 - 01162370 _____ C:\windows\WindowsUpdate.log
2017-06-17 17:15 - 2016-11-04 19:11 - 00000910 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2453210972-4124027295-3102212268-1001UA1d236f0b9e4dc76.job
2017-06-17 13:27 - 2016-11-04 19:11 - 00000858 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2453210972-4124027295-3102212268-1001Core1d236f0b90eda76.job
2017-06-17 13:10 - 2009-07-14 00:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-17 13:10 - 2009-07-14 00:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-17 12:59 - 2009-07-14 01:13 - 00781790 _____ C:\windows\system32\PerfStringBackup.INI
2017-06-17 12:54 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-06-17 12:54 - 2009-07-14 00:51 - 00208330 _____ C:\windows\setupact.log
2017-06-14 16:31 - 2015-06-16 07:42 - 00000000 ____D C:\Users\Joe\AppData\Local\Dropbox
2017-06-14 16:31 - 2014-10-05 19:53 - 00000000 ____D C:\Users\Joe\AppData\Roaming\Dropbox
2017-05-25 13:33 - 2014-10-05 19:42 - 00004180 _____ C:\windows\System32\Tasks\avast! Emergency Update

==================== Files in the root of some directories =======

2015-12-04 18:29 - 2015-12-04 18:29 - 6420480 _____ () C:\Program Files (x86)\GUT3CC2.tmp
2014-12-21 16:57 - 2014-12-21 16:57 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-06-06 13:29 - 2014-06-06 13:29 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Joe\AppData\Local\Temp\1vvxkxbk.dll
C:\Users\Joe\AppData\Local\Temp\7i39-bj7.dll
C:\Users\Joe\AppData\Local\Temp\8izh-lm9.dll
C:\Users\Joe\AppData\Local\Temp\dp1f83xr.dll
C:\Users\Joe\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0qsfk0.dll
C:\Users\Joe\AppData\Local\Temp\fiwnlqbq.dll
C:\Users\Joe\AppData\Local\Temp\GUR4EBC.exe
C:\Users\Joe\AppData\Local\Temp\GUR80C3.exe
C:\Users\Joe\AppData\Local\Temp\iuwc-a2s.dll
C:\Users\Joe\AppData\Local\Temp\kyh_iwap.dll
C:\Users\Joe\AppData\Local\Temp\lxlatlqv.dll
C:\Users\Joe\AppData\Local\Temp\nfuifeau.dll
C:\Users\Joe\AppData\Local\Temp\Quarantine.exe
C:\Users\Joe\AppData\Local\Temp\sqlite3.dll
C:\Users\Joe\AppData\Local\Temp\u7muhguu.dll
C:\Users\Joe\AppData\Local\Temp\u_7rna9g.dll
C:\Users\Joe\AppData\Local\Temp\vcakgivk.dll
C:\Users\Joe\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Joe\AppData\Local\Temp\x2u5i0jr.dll
C:\Users\Joe\AppData\Local\Temp\{12C64248-5A6B-4568-A6FD-9CD39AB828D2}-DropboxClient_20.4.19.exe
C:\Users\Joe\AppData\Local\Temp\{3FDDCD6B-13B5-4395-B685-D7A9FBCA2D20}-58.0.3029.110_chrome_installer.exe
C:\Users\Joe\AppData\Local\Temp\{CAFA7343-4E57-4EFE-9D11-E8CF9D5CB804}-45.0.2454.93_45.0.2454.85_chrome_updater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-18 15:30

==================== End of log ============================

Corrine

#1
June 17, 2017, 09:59:39 PM
Please go to your desktop and open the FRST folder.  Launch Addition.txt and copy/paste the results.

Thanks.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Corrine

#2
June 26, 2017, 10:30:28 PM
Did we lose you?  :)


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.
Print
Go Up Pages1
User actions