BlazinGhost
Posts: 90 +1
Hello, my uncle has an unknown virus / malware, I'm not really sure what it is but its been a while since he has used this computer ever since. I was just wondering if I could still clean the computer to where it would work smoothly again. Any help would be greatly appreciated!
Thank you in advance!
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Long Ho (administrator) on LONGHO-PC (06-04-2016 18:37:51)
Running from C:\Users\Long Ho\Downloads
Loaded Profiles: Long Ho & fbwuser & (Available Profiles: Long Ho & fbwuser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Sendori) C:\Program Files (x86)\Sendori\sndappv2.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriSvc.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(sendori) C:\Program Files (x86)\Sendori\Sendori.Service.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriUp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Akamai Technologies, Inc.) C:\Users\Long Ho\AppData\Local\Akamai\netsession_win.exe
(ManyCam LLC) C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe
(Akamai Technologies, Inc.) C:\Users\Long Ho\AppData\Local\Akamai\netsession_win.exe
(AVM Software Inc.) C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriTray.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Bootstrap Development, LLC.) C:\Program Files (x86)\DriverHive\DriverHiveTray.exe
(APN LLC.) C:\Users\Long Ho\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe
(APN LLC.) C:\Users\Long Ho\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
() C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel(R) Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-17] (IDT, Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3179288 2010-01-06] (Dell Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2571288 2014-06-29] ()
HKLM-x32\...\Run: [Sendori Tray] => C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2013-07-01] (Sendori, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1719184 2015-09-14] (APN)
HKLM-x32\...\Run: [DriverHiveTray] => C:\Program Files (x86)\DriverHive\DriverHiveTray.exe [2401096 2013-04-04] (Bootstrap Development, LLC.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7390096 2016-04-06] (AVAST Software)
HKLM-x32\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIANgBGAEUAOQAtAEYARgBQADYANAAtAFQAOAA0AE0AUgAtAE8ARwBXAFQAVgAtADcARQBNAEIAUgA"&"inst=NwA2AC0AMQAzADIANgAzAD (the data entry has 146 more characters).
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3848370409-3741171536-3620649475-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Long Ho\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3848370409-3741171536-3620649475-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3848370409-3741171536-3620649475-1000\...\Run: [ManyCam] => C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe [5412688 2013-05-15] (ManyCam LLC)
HKU\S-1-5-21-3848370409-3741171536-3620649475-1000\...\Run: [Facebook Update] => C:\Users\Long Ho\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-07-14] (Facebook Inc.)
HKU\S-1-5-21-3848370409-3741171536-3620649475-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3848370409-3741171536-3620649475-1001\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe [1266712 2013-06-03] (AVG Secure Search)
HKU\S-1-5-21-3848370409-3741171536-3620649475-1001\...\Run: [AVG-Secure-Search-Update_JUNE2013_HP] => C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe [1266712 2013-06-07] (AVG Secure Search)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-04-06] (AVAST Software)
Startup: C:\Users\Long Ho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk [2013-05-02]
ShortcutTarget: PalTalk.lnk -> C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-3848370409-3741171536-3620649475-1001.bak] => Proxy is enabled.
ProxyServer: [S-1-5-21-3848370409-3741171536-3620649475-1001.bak] => http=127.0.0.1:8555
Winsock: Catalog9 01 C:\Windows\SysWOW64\Sendori.dll [325920 2013-07-01] (Sendori)
Winsock: Catalog9 02 C:\Windows\SysWOW64\Sendori.dll [325920 2013-07-01] (Sendori)
Winsock: Catalog9 03 C:\Windows\SysWOW64\Sendori.dll [325920 2013-07-01] (Sendori)
Winsock: Catalog9 04 C:\Windows\SysWOW64\Sendori.dll [325920 2013-07-01] (Sendori)
Winsock: Catalog9 15 C:\Windows\SysWOW64\Sendori.dll [325920 2013-07-01] (Sendori)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{060159F0-1D5A-4DEB-A152-C6F73A7FD099}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{55543BD6-3C3B-42FE-A810-086B7605A19C}: [NameServer] 0.0.0.0
Tcpip\..\Interfaces\{8126925C-8FAA-45A2-888C-1B173FCA7257}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-3848370409-3741171536-3620649475-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.search.ask.com/?l=dis&o=APN10278&gct=hp&apn_ptnrs=^AHN&apn_dtid=^YYYYYY^YY^US&p2=^AHN^YYYYYY^YY^US&tpid=PLTV5-SAT&apn_dbr=cr_26.0.1410.64
URLSearchHook: HKU\S-1-5-21-3848370409-3741171536-3620649475-1000 - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
SearchScopes: HKU\S-1-5-21-3848370409-3741171536-3620649475-1000 -> DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028
SearchScopes: HKU\S-1-5-21-3848370409-3741171536-3620649475-1000 -> {534988A9-2273-4A7C-B76C-72B93AF5D559} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=MYC2&o=APN10415&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AIS&apn_dtid=^zzz003^YY^US&apn_uid=a0c523d1-4c37-4141-a683-3098a7efc4fe&apn_sauid=0AB8FC1A-9617-4B68-B273-65D4A10AB19A
SearchScopes: HKU\S-1-5-21-3848370409-3741171536-3620649475-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={F7E255C4-D628-4693-9842-5AC2C5B3FEFF}&mid=61ce2aa8191747d0808475f39d2ca47c-1c6cb6d579c7b10557b9717f83c3207e7f91abd2&lang=en&ds=AVG&pr=pr&d=2012-11-04 22:52:40&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3848370409-3741171536-3620649475-1000 -> {C95F22AA-1961-4356-AC01-7619219EF0F8} URL = hxxp://search.avg.com/route/?d=50975346&v=6.103.18.1&I=26&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
SearchScopes: HKU\S-1-5-21-3848370409-3741171536-3620649475-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO: Ask Toolbar -> {4D594333-0076-A76A-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Passport_x64.dll [2015-09-14] (APN LLC.)
BHO: Ask Shopping Toolbar -> {504C5456-352D-5341-5400-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Passport_x64.dll [2015-04-27] (APN LLC.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-04-06] (AVAST Software)
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll => No File
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO-x32: Ask Toolbar -> {4D594333-0076-A76A-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Passport.dll [2015-09-14] (APN LLC.)
BHO-x32: Ask Shopping Toolbar -> {504C5456-352D-5341-5400-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Passport.dll [2015-04-27] (APN LLC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-11-21] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-06] (AVAST Software)
BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\18.1.7.644\AVG Secure Search_toolbar.dll [2014-06-29] (AVG Secure Search)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-11-21] (Oracle Corporation)
Toolbar: HKLM - Ask Toolbar - {4D594333-0076-A76A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Passport_x64.dll [2015-09-14] (APN LLC.)
Toolbar: HKLM - Ask Shopping Toolbar - {504C5456-352D-5341-5400-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Passport_x64.dll [2015-04-27] (APN LLC.)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.7.644\AVG Secure Search_toolbar.dll [2014-06-29] (AVG Secure Search)
Toolbar: HKLM-x32 - Ask Toolbar - {4D594333-0076-A76A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Passport.dll [2015-09-14] (APN LLC.)
Toolbar: HKLM-x32 - Ask Shopping Toolbar - {504C5456-352D-5341-5400-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Passport.dll [2015-04-27] (APN LLC.)
Toolbar: HKU\S-1-5-21-3848370409-3741171536-3620649475-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKU\S-1-5-21-3848370409-3741171536-3620649475-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll [2014-06-29] (AVG Secure Search)
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.7\\npsitesafety.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-11-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-11-21] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-3848370409-3741171536-3620649475-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Long Ho\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-04-06]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5 [2013-05-20] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
Chrome:
=======
CHR Profile: C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Ask Toolbar) - C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahilkiibpgjnonbhdfkkgjddddmapala [2014-07-06] [UpdateUrl: hxxp://autoupdate.chromewebtb.tbccint.com/sb/?productId=CT3201318&extensionData=\u003Cextension_data>] <==== ATTENTION
CHR Extension: (Google Drive) - C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-06]
CHR Extension: (Ask Toolbar) - C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2016-04-06]
CHR Extension: (YouTube) - C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-06]
CHR Extension: (Google Search) - C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-28]
CHR Extension: (Google) - C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Extensions\iofmibpjgjjfhliohjkfgndkjliadbje [2013-03-20] [UpdateUrl: hxxp://apps.shop-o-saur.us/couponfever/updates.xml] <==== ATTENTION
CHR Extension: (AVG Security Toolbar) - C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-05-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06]
CHR Extension: (Gmail) - C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-06]
CHR HKLM\...\Chrome\Extension: [aaaamlnbcjjkcgabjgbhdkjncianpaah] - C:\ProgramData\AskPartnerNetwork\Toolbar\MYC3\CRX\ToolbarCR.crx [2015-10-16]
CHR HKLM\...\Chrome\Extension: [aaaampchjhlgeekenmfaghmbmokendck] - C:\ProgramData\AskPartnerNetwork\Toolbar\PLTV5-SAT\CRX\ToolbarCR.crx [2015-06-08]
CHR HKU\S-1-5-21-3848370409-3741171536-3620649475-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ahilkiibpgjnonbhdfkkgjddddmapala] - C:\Users\Long Ho\AppData\Local\CRE\ahilkiibpgjnonbhdfkkgjddddmapala.crx [2013-01-20]
CHR HKLM-x32\...\Chrome\Extension: [aaaamlnbcjjkcgabjgbhdkjncianpaah] - C:\ProgramData\AskPartnerNetwork\Toolbar\MYC3\CRX\ToolbarCR.crx [2015-10-16]
CHR HKLM-x32\...\Chrome\Extension: [aaaampchjhlgeekenmfaghmbmokendck] - C:\ProgramData\AskPartnerNetwork\Toolbar\PLTV5-SAT\CRX\ToolbarCR.crx [2015-06-08]
CHR HKLM-x32\...\Chrome\Extension: [ahilkiibpgjnonbhdfkkgjddddmapala] - C:\Users\Long Ho\AppData\Local\CRE\ahilkiibpgjnonbhdfkkgjddddmapala.crx [2013-01-20]
CHR HKLM-x32\...\Chrome\Extension: [iofmibpjgjjfhliohjkfgndkjliadbje] - C:\Users\Long Ho\AppData\Roaming\OpenCandy\9BA9C01919CE488DADCFED3D004D6423\ZenDealsApp.crx [2012-11-18]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\15.2.0.5\avg.crx [2013-05-20]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [206224 2015-09-14] (APN LLC.)
R2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [119072 2013-07-01] (Sendori, Inc.) <==== ATTENTION
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-04-06] (AVAST Software)
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [919040 2014-05-16] (AnchorFree Inc.) [File not signed]
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-16] ()
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [430344 2014-05-16] ()
R3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
R2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2013-07-01] (sendori)
R2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2013-07-01] (Sendori) <==== ATTENTION
R2 vToolbarUpdater18.1.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe [1813528 2014-06-29] (AVG Secure Search)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-04-06] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-04-06] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-04-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-04-06] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-04-06] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-04-06] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-04-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-04-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-04-06] (AVAST Software)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-06-29] (AVG Technologies)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-16] (AnchorFree Inc.)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-10] (ManyCam LLC)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
U4 Avgfwfd; system32\DRIVERS\avgfwd6a.sys [X]
R4 AVGIDSDriver; system32\DRIVERS\avgidsdrivera.sys [X]
R4 AVGIDSHA; system32\DRIVERS\avgidsha.sys [X]
R4 Avgrkx64; system32\DRIVERS\avgrkx64.sys [X]
R4 Avgtdia; system32\DRIVERS\avgtdia.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-06 18:41 - 2016-04-06 18:41 - 02374144 _____ (Farbar) C:\Users\Long Ho\Downloads\FRST64.exe
2016-04-06 18:37 - 2016-04-06 18:38 - 00023016 _____ C:\Users\Long Ho\Downloads\FRST.txt
2016-04-06 18:37 - 2016-04-06 18:37 - 00987728 _____ (Google Inc.) C:\Users\Long Ho\Downloads\ChromeSetup.exe
2016-04-06 18:37 - 2016-04-06 18:37 - 00000000 ____D C:\FRST
2016-04-06 18:36 - 2016-04-06 18:36 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-04-06 18:36 - 2016-04-06 18:36 - 00000000 ____D C:\Users\Long Ho\AppData\Roaming\AVAST Software
2016-04-06 18:36 - 2016-04-06 18:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-04-06 18:35 - 2016-04-06 18:36 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-04-06 18:35 - 2016-04-06 18:35 - 00003044 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1459992931
2016-04-06 18:35 - 2016-04-06 18:35 - 00001037 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-04-06 18:35 - 2016-04-06 18:35 - 00001037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-04-06 18:35 - 2016-04-06 18:35 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-04-06 18:35 - 2016-04-06 18:35 - 00000000 ____D C:\Program Files\Common Files\AV
2016-04-06 18:34 - 2016-04-06 18:34 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-04-06 18:34 - 2016-04-06 18:34 - 00465792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-04-06 18:34 - 2016-04-06 18:34 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-04-06 18:34 - 2016-04-06 18:34 - 00287528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-04-06 18:34 - 2016-04-06 18:34 - 00166432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-04-06 18:34 - 2016-04-06 18:34 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-04-06 18:34 - 2016-04-06 18:34 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-04-06 18:34 - 2016-04-06 18:34 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-04-06 18:34 - 2016-04-06 18:34 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-04-06 18:34 - 2016-04-06 18:34 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-04-06 18:34 - 2016-04-06 18:34 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-04-06 18:34 - 2016-04-06 18:34 - 00000000 ____D C:\Program Files\AVAST Software
2016-04-06 18:32 - 2016-04-06 18:34 - 00000000 ____D C:\ProgramData\AVAST Software
2016-04-06 18:32 - 2016-04-06 18:32 - 00465792 _____ (AVAST Software) C:\Windows\system32\Drivers\vjnpobii.sys
2016-04-06 18:31 - 2016-04-06 18:32 - 00000000 ____D C:\Users\Long Ho\AppData\Local\Avg2013
2016-04-06 18:30 - 2016-04-06 18:31 - 212261760 _____ (AVAST Software) C:\Users\Long Ho\Downloads\avast_free_antivirus_setup.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-06 18:43 - 2012-11-18 09:25 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-06 18:39 - 2012-11-18 09:25 - 00002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-06 18:39 - 2012-11-18 09:25 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-06 18:38 - 2012-11-18 09:25 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-04-06 18:38 - 2012-11-18 09:25 - 00003644 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-06 18:38 - 2012-11-03 19:25 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{554E5B06-5468-4FF1-A3D6-838455DE614F}
2016-04-06 18:37 - 2009-07-13 19:34 - 00000466 _____ C:\Windows\win.ini
2016-04-06 18:35 - 2009-07-13 22:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-06 18:32 - 2012-11-04 23:51 - 00000000 ____D C:\ProgramData\AVG2013
2016-04-06 18:32 - 2012-11-04 23:46 - 00000000 ____D C:\ProgramData\MFAData
2016-04-06 18:30 - 2009-07-13 21:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-06 18:30 - 2009-07-13 21:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-06 18:29 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-04-06 18:28 - 2013-06-07 17:11 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2016-04-06 18:28 - 2013-06-03 19:45 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2016-04-06 18:28 - 2013-01-21 20:01 - 00000354 _____ C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2016-04-06 18:28 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
==================== Files in the root of some directories =======
2012-11-03 21:45 - 2012-11-03 21:45 - 0001263 _____ () C:\Users\Long Ho\AppData\Local\PDLSetup.20121103.214510.txt
2012-11-03 21:45 - 2012-11-03 21:45 - 0001263 _____ () C:\Users\Long Ho\AppData\Local\PDLSetup.20121103.214527.txt
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-02-22 00:49
==================== End of FRST.txt ============================
Thank you in advance!
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Long Ho (administrator) on LONGHO-PC (06-04-2016 18:37:51)
Running from C:\Users\Long Ho\Downloads
Loaded Profiles: Long Ho & fbwuser & (Available Profiles: Long Ho & fbwuser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Sendori) C:\Program Files (x86)\Sendori\sndappv2.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriSvc.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(sendori) C:\Program Files (x86)\Sendori\Sendori.Service.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriUp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Akamai Technologies, Inc.) C:\Users\Long Ho\AppData\Local\Akamai\netsession_win.exe
(ManyCam LLC) C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe
(Akamai Technologies, Inc.) C:\Users\Long Ho\AppData\Local\Akamai\netsession_win.exe
(AVM Software Inc.) C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriTray.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Bootstrap Development, LLC.) C:\Program Files (x86)\DriverHive\DriverHiveTray.exe
(APN LLC.) C:\Users\Long Ho\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe
(APN LLC.) C:\Users\Long Ho\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
() C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel(R) Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-17] (IDT, Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3179288 2010-01-06] (Dell Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2571288 2014-06-29] ()
HKLM-x32\...\Run: [Sendori Tray] => C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2013-07-01] (Sendori, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1719184 2015-09-14] (APN)
HKLM-x32\...\Run: [DriverHiveTray] => C:\Program Files (x86)\DriverHive\DriverHiveTray.exe [2401096 2013-04-04] (Bootstrap Development, LLC.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7390096 2016-04-06] (AVAST Software)
HKLM-x32\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIANgBGAEUAOQAtAEYARgBQADYANAAtAFQAOAA0AE0AUgAtAE8ARwBXAFQAVgAtADcARQBNAEIAUgA"&"inst=NwA2AC0AMQAzADIANgAzAD (the data entry has 146 more characters).
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3848370409-3741171536-3620649475-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Long Ho\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3848370409-3741171536-3620649475-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3848370409-3741171536-3620649475-1000\...\Run: [ManyCam] => C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe [5412688 2013-05-15] (ManyCam LLC)
HKU\S-1-5-21-3848370409-3741171536-3620649475-1000\...\Run: [Facebook Update] => C:\Users\Long Ho\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-07-14] (Facebook Inc.)
HKU\S-1-5-21-3848370409-3741171536-3620649475-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3848370409-3741171536-3620649475-1001\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe [1266712 2013-06-03] (AVG Secure Search)
HKU\S-1-5-21-3848370409-3741171536-3620649475-1001\...\Run: [AVG-Secure-Search-Update_JUNE2013_HP] => C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe [1266712 2013-06-07] (AVG Secure Search)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-04-06] (AVAST Software)
Startup: C:\Users\Long Ho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk [2013-05-02]
ShortcutTarget: PalTalk.lnk -> C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-3848370409-3741171536-3620649475-1001.bak] => Proxy is enabled.
ProxyServer: [S-1-5-21-3848370409-3741171536-3620649475-1001.bak] => http=127.0.0.1:8555
Winsock: Catalog9 01 C:\Windows\SysWOW64\Sendori.dll [325920 2013-07-01] (Sendori)
Winsock: Catalog9 02 C:\Windows\SysWOW64\Sendori.dll [325920 2013-07-01] (Sendori)
Winsock: Catalog9 03 C:\Windows\SysWOW64\Sendori.dll [325920 2013-07-01] (Sendori)
Winsock: Catalog9 04 C:\Windows\SysWOW64\Sendori.dll [325920 2013-07-01] (Sendori)
Winsock: Catalog9 15 C:\Windows\SysWOW64\Sendori.dll [325920 2013-07-01] (Sendori)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{060159F0-1D5A-4DEB-A152-C6F73A7FD099}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{55543BD6-3C3B-42FE-A810-086B7605A19C}: [NameServer] 0.0.0.0
Tcpip\..\Interfaces\{8126925C-8FAA-45A2-888C-1B173FCA7257}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-3848370409-3741171536-3620649475-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.search.ask.com/?l=dis&o=APN10278&gct=hp&apn_ptnrs=^AHN&apn_dtid=^YYYYYY^YY^US&p2=^AHN^YYYYYY^YY^US&tpid=PLTV5-SAT&apn_dbr=cr_26.0.1410.64
URLSearchHook: HKU\S-1-5-21-3848370409-3741171536-3620649475-1000 - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
SearchScopes: HKU\S-1-5-21-3848370409-3741171536-3620649475-1000 -> DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028
SearchScopes: HKU\S-1-5-21-3848370409-3741171536-3620649475-1000 -> {534988A9-2273-4A7C-B76C-72B93AF5D559} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=MYC2&o=APN10415&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AIS&apn_dtid=^zzz003^YY^US&apn_uid=a0c523d1-4c37-4141-a683-3098a7efc4fe&apn_sauid=0AB8FC1A-9617-4B68-B273-65D4A10AB19A
SearchScopes: HKU\S-1-5-21-3848370409-3741171536-3620649475-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={F7E255C4-D628-4693-9842-5AC2C5B3FEFF}&mid=61ce2aa8191747d0808475f39d2ca47c-1c6cb6d579c7b10557b9717f83c3207e7f91abd2&lang=en&ds=AVG&pr=pr&d=2012-11-04 22:52:40&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3848370409-3741171536-3620649475-1000 -> {C95F22AA-1961-4356-AC01-7619219EF0F8} URL = hxxp://search.avg.com/route/?d=50975346&v=6.103.18.1&I=26&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
SearchScopes: HKU\S-1-5-21-3848370409-3741171536-3620649475-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO: Ask Toolbar -> {4D594333-0076-A76A-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Passport_x64.dll [2015-09-14] (APN LLC.)
BHO: Ask Shopping Toolbar -> {504C5456-352D-5341-5400-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Passport_x64.dll [2015-04-27] (APN LLC.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-04-06] (AVAST Software)
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll => No File
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO-x32: Ask Toolbar -> {4D594333-0076-A76A-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Passport.dll [2015-09-14] (APN LLC.)
BHO-x32: Ask Shopping Toolbar -> {504C5456-352D-5341-5400-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Passport.dll [2015-04-27] (APN LLC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-11-21] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-06] (AVAST Software)
BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\18.1.7.644\AVG Secure Search_toolbar.dll [2014-06-29] (AVG Secure Search)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-11-21] (Oracle Corporation)
Toolbar: HKLM - Ask Toolbar - {4D594333-0076-A76A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Passport_x64.dll [2015-09-14] (APN LLC.)
Toolbar: HKLM - Ask Shopping Toolbar - {504C5456-352D-5341-5400-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Passport_x64.dll [2015-04-27] (APN LLC.)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.7.644\AVG Secure Search_toolbar.dll [2014-06-29] (AVG Secure Search)
Toolbar: HKLM-x32 - Ask Toolbar - {4D594333-0076-A76A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Passport.dll [2015-09-14] (APN LLC.)
Toolbar: HKLM-x32 - Ask Shopping Toolbar - {504C5456-352D-5341-5400-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Passport.dll [2015-04-27] (APN LLC.)
Toolbar: HKU\S-1-5-21-3848370409-3741171536-3620649475-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKU\S-1-5-21-3848370409-3741171536-3620649475-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll [2014-06-29] (AVG Secure Search)
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.7\\npsitesafety.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-11-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-11-21] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-3848370409-3741171536-3620649475-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Long Ho\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-04-06]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5 [2013-05-20] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
Chrome:
=======
CHR Profile: C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Ask Toolbar) - C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahilkiibpgjnonbhdfkkgjddddmapala [2014-07-06] [UpdateUrl: hxxp://autoupdate.chromewebtb.tbccint.com/sb/?productId=CT3201318&extensionData=\u003Cextension_data>] <==== ATTENTION
CHR Extension: (Google Drive) - C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-06]
CHR Extension: (Ask Toolbar) - C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2016-04-06]
CHR Extension: (YouTube) - C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-06]
CHR Extension: (Google Search) - C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-28]
CHR Extension: (Google) - C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Extensions\iofmibpjgjjfhliohjkfgndkjliadbje [2013-03-20] [UpdateUrl: hxxp://apps.shop-o-saur.us/couponfever/updates.xml] <==== ATTENTION
CHR Extension: (AVG Security Toolbar) - C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-05-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06]
CHR Extension: (Gmail) - C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-06]
CHR HKLM\...\Chrome\Extension: [aaaamlnbcjjkcgabjgbhdkjncianpaah] - C:\ProgramData\AskPartnerNetwork\Toolbar\MYC3\CRX\ToolbarCR.crx [2015-10-16]
CHR HKLM\...\Chrome\Extension: [aaaampchjhlgeekenmfaghmbmokendck] - C:\ProgramData\AskPartnerNetwork\Toolbar\PLTV5-SAT\CRX\ToolbarCR.crx [2015-06-08]
CHR HKU\S-1-5-21-3848370409-3741171536-3620649475-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ahilkiibpgjnonbhdfkkgjddddmapala] - C:\Users\Long Ho\AppData\Local\CRE\ahilkiibpgjnonbhdfkkgjddddmapala.crx [2013-01-20]
CHR HKLM-x32\...\Chrome\Extension: [aaaamlnbcjjkcgabjgbhdkjncianpaah] - C:\ProgramData\AskPartnerNetwork\Toolbar\MYC3\CRX\ToolbarCR.crx [2015-10-16]
CHR HKLM-x32\...\Chrome\Extension: [aaaampchjhlgeekenmfaghmbmokendck] - C:\ProgramData\AskPartnerNetwork\Toolbar\PLTV5-SAT\CRX\ToolbarCR.crx [2015-06-08]
CHR HKLM-x32\...\Chrome\Extension: [ahilkiibpgjnonbhdfkkgjddddmapala] - C:\Users\Long Ho\AppData\Local\CRE\ahilkiibpgjnonbhdfkkgjddddmapala.crx [2013-01-20]
CHR HKLM-x32\...\Chrome\Extension: [iofmibpjgjjfhliohjkfgndkjliadbje] - C:\Users\Long Ho\AppData\Roaming\OpenCandy\9BA9C01919CE488DADCFED3D004D6423\ZenDealsApp.crx [2012-11-18]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\15.2.0.5\avg.crx [2013-05-20]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [206224 2015-09-14] (APN LLC.)
R2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [119072 2013-07-01] (Sendori, Inc.) <==== ATTENTION
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-04-06] (AVAST Software)
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [919040 2014-05-16] (AnchorFree Inc.) [File not signed]
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-16] ()
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [430344 2014-05-16] ()
R3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
R2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2013-07-01] (sendori)
R2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2013-07-01] (Sendori) <==== ATTENTION
R2 vToolbarUpdater18.1.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe [1813528 2014-06-29] (AVG Secure Search)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-04-06] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-04-06] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-04-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-04-06] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-04-06] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-04-06] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-04-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-04-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-04-06] (AVAST Software)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-06-29] (AVG Technologies)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-16] (AnchorFree Inc.)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-10] (ManyCam LLC)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
U4 Avgfwfd; system32\DRIVERS\avgfwd6a.sys [X]
R4 AVGIDSDriver; system32\DRIVERS\avgidsdrivera.sys [X]
R4 AVGIDSHA; system32\DRIVERS\avgidsha.sys [X]
R4 Avgrkx64; system32\DRIVERS\avgrkx64.sys [X]
R4 Avgtdia; system32\DRIVERS\avgtdia.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-06 18:41 - 2016-04-06 18:41 - 02374144 _____ (Farbar) C:\Users\Long Ho\Downloads\FRST64.exe
2016-04-06 18:37 - 2016-04-06 18:38 - 00023016 _____ C:\Users\Long Ho\Downloads\FRST.txt
2016-04-06 18:37 - 2016-04-06 18:37 - 00987728 _____ (Google Inc.) C:\Users\Long Ho\Downloads\ChromeSetup.exe
2016-04-06 18:37 - 2016-04-06 18:37 - 00000000 ____D C:\FRST
2016-04-06 18:36 - 2016-04-06 18:36 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-04-06 18:36 - 2016-04-06 18:36 - 00000000 ____D C:\Users\Long Ho\AppData\Roaming\AVAST Software
2016-04-06 18:36 - 2016-04-06 18:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-04-06 18:35 - 2016-04-06 18:36 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-04-06 18:35 - 2016-04-06 18:35 - 00003044 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1459992931
2016-04-06 18:35 - 2016-04-06 18:35 - 00001037 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-04-06 18:35 - 2016-04-06 18:35 - 00001037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-04-06 18:35 - 2016-04-06 18:35 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-04-06 18:35 - 2016-04-06 18:35 - 00000000 ____D C:\Program Files\Common Files\AV
2016-04-06 18:34 - 2016-04-06 18:34 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-04-06 18:34 - 2016-04-06 18:34 - 00465792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-04-06 18:34 - 2016-04-06 18:34 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-04-06 18:34 - 2016-04-06 18:34 - 00287528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-04-06 18:34 - 2016-04-06 18:34 - 00166432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-04-06 18:34 - 2016-04-06 18:34 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-04-06 18:34 - 2016-04-06 18:34 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-04-06 18:34 - 2016-04-06 18:34 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-04-06 18:34 - 2016-04-06 18:34 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-04-06 18:34 - 2016-04-06 18:34 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-04-06 18:34 - 2016-04-06 18:34 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-04-06 18:34 - 2016-04-06 18:34 - 00000000 ____D C:\Program Files\AVAST Software
2016-04-06 18:32 - 2016-04-06 18:34 - 00000000 ____D C:\ProgramData\AVAST Software
2016-04-06 18:32 - 2016-04-06 18:32 - 00465792 _____ (AVAST Software) C:\Windows\system32\Drivers\vjnpobii.sys
2016-04-06 18:31 - 2016-04-06 18:32 - 00000000 ____D C:\Users\Long Ho\AppData\Local\Avg2013
2016-04-06 18:30 - 2016-04-06 18:31 - 212261760 _____ (AVAST Software) C:\Users\Long Ho\Downloads\avast_free_antivirus_setup.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-06 18:43 - 2012-11-18 09:25 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-06 18:39 - 2012-11-18 09:25 - 00002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-06 18:39 - 2012-11-18 09:25 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-06 18:38 - 2012-11-18 09:25 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-04-06 18:38 - 2012-11-18 09:25 - 00003644 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-06 18:38 - 2012-11-03 19:25 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{554E5B06-5468-4FF1-A3D6-838455DE614F}
2016-04-06 18:37 - 2009-07-13 19:34 - 00000466 _____ C:\Windows\win.ini
2016-04-06 18:35 - 2009-07-13 22:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-06 18:32 - 2012-11-04 23:51 - 00000000 ____D C:\ProgramData\AVG2013
2016-04-06 18:32 - 2012-11-04 23:46 - 00000000 ____D C:\ProgramData\MFAData
2016-04-06 18:30 - 2009-07-13 21:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-06 18:30 - 2009-07-13 21:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-06 18:29 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-04-06 18:28 - 2013-06-07 17:11 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2016-04-06 18:28 - 2013-06-03 19:45 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2016-04-06 18:28 - 2013-01-21 20:01 - 00000354 _____ C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2016-04-06 18:28 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
==================== Files in the root of some directories =======
2012-11-03 21:45 - 2012-11-03 21:45 - 0001263 _____ () C:\Users\Long Ho\AppData\Local\PDLSetup.20121103.214510.txt
2012-11-03 21:45 - 2012-11-03 21:45 - 0001263 _____ () C:\Users\Long Ho\AppData\Local\PDLSetup.20121103.214527.txt
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-02-22 00:49
==================== End of FRST.txt ============================