Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-06-2016 02
Ran by Thi Tran (administrator) on Thi-Laptop (05-06-2016 21:01:53)
Running from C:\Users\Thi Tran\Downloads
Loaded Profiles: Thi Tran (Available Profiles: Thi Tran)
Platform: Windows 8.1 Single Language (Update) (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7391632 2016-06-03] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-06-03] (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6EE958FB-6FFC-497A-862C-7C4198CD23A4}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-06-03] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-06-03] (AVAST Software)
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-03] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-06-03]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://forum.avast.com/index.php?topic=186338.75
CHR Profile: C:\Users\Thi Tran\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Thi Tran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-03]
CHR Extension: (Google Docs) - C:\Users\Thi Tran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-03]
CHR Extension: (Google Drive) - C:\Users\Thi Tran\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-03]
CHR Extension: (YouTube) - C:\Users\Thi Tran\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-03]
CHR Extension: (Google Sheets) - C:\Users\Thi Tran\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-03]
CHR Extension: (Google Docs Offline) - C:\Users\Thi Tran\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Thi Tran\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-03]
CHR Extension: (Gmail) - C:\Users\Thi Tran\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-03]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-06-03] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [370656 2016-06-03] (AVAST Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-11-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-11-21] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-06-03] (AVAST Software)
S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-06-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-06-03] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [536312 2016-06-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-06-03] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-06-03] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-06-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-06-03] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-06-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-06-03] (AVAST Software)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [314816 2016-04-21] (NVIDIA Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35856 2014-11-21] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [257880 2014-11-21] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-11-21] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-06-05 21:01 - 2016-06-05 21:02 - 00006663 _____ C:\Users\Thi Tran\Downloads\FRST.txt
2016-06-05 21:01 - 2016-06-05 21:01 - 02384896 _____ (Farbar) C:\Users\Thi Tran\Downloads\FRST64.exe
2016-06-05 21:01 - 2016-06-05 21:01 - 00000000 ____D C:\FRST
2016-06-05 19:18 - 2016-06-05 19:18 - 00000000 _____ C:\Windows\SysWOW64\last.dump
2016-06-03 22:18 - 2016-06-03 21:28 - 00000000 ____D C:\Windows\Panther
2016-06-03 22:06 - 2016-06-03 22:06 - 00000000 ____D C:\Program Files (x86)\Intel
2016-06-03 22:06 - 2016-06-03 22:06 - 00000000 ____D C:\Intel
2016-06-03 22:06 - 2013-10-01 13:02 - 00064000 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2016-06-03 22:06 - 2013-10-01 13:02 - 00060416 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
2016-06-03 22:05 - 2016-06-03 22:05 - 00000000 ____D C:\Windows\LastGood
2016-06-03 22:05 - 2016-06-03 22:05 - 00000000 ____D C:\Program Files\Intel
2016-06-03 22:01 - 2016-06-03 22:01 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-06-03 22:01 - 2016-06-03 22:01 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-06-03 22:01 - 2016-06-03 22:01 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-06-03 21:30 - 2016-06-05 19:19 - 00003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F1350FB6-7D0C-4511-8A35-BD7B473DB763}
2016-06-03 21:30 - 2016-06-03 21:30 - 00000000 __SHD C:\Users\Thi Tran\AppData\Local\EmieUserList
2016-06-03 21:30 - 2016-06-03 21:30 - 00000000 __SHD C:\Users\Thi Tran\AppData\Local\EmieSiteList
2016-06-03 21:30 - 2016-06-03 21:30 - 00000000 __SHD C:\Users\Thi Tran\AppData\Local\EmieBrowserModeList
2016-06-03 21:30 - 2016-06-03 15:33 - 00000000 __SHD C:\Users\Thi Tran\AppData\LocalLow\EmieSiteList
2016-06-03 21:29 - 2016-06-03 21:29 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-06-03 21:28 - 2016-06-03 21:29 - 00000000 ____D C:\Users\Thi Tran\AppData\Local\Packages
2016-06-03 21:28 - 2016-06-03 21:28 - 00001442 _____ C:\Users\Thi Tran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-06-03 21:28 - 2016-06-03 21:28 - 00000020 ___SH C:\Users\Thi Tran\ntuser.ini
2016-06-03 21:28 - 2016-06-03 21:28 - 00000000 ____D C:\Users\Thi Tran\AppData\Roaming\Adobe
2016-06-03 21:28 - 2016-06-03 21:28 - 00000000 ____D C:\Users\Thi Tran\AppData\Local\VirtualStore
2016-06-03 21:28 - 2016-06-03 21:28 - 00000000 ____D C:\Users\Thi Tran
2016-06-03 21:28 - 2014-11-21 09:57 - 00000369 _____ C:\Users\Thi Tran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-06-03 21:28 - 2014-11-21 09:57 - 00000369 _____ C:\Users\Thi Tran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-06-03 16:06 - 2016-06-03 16:06 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2016-06-03 15:51 - 2016-06-03 15:51 - 00002287 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-03 15:51 - 2016-06-03 15:51 - 00002275 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-03 15:49 - 2016-06-03 15:56 - 00003910 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-06-03 15:49 - 2016-06-03 15:56 - 00003674 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-06-03 15:49 - 2016-06-03 15:56 - 00000938 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-03 15:49 - 2016-06-03 15:56 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-03 15:49 - 2016-06-03 15:49 - 00987728 _____ (Google Inc.) C:\Users\Thi Tran\Downloads\ChromeSetup.exe
2016-06-03 15:48 - 2016-06-03 15:48 - 00000000 ____D C:\Program Files\Common Files\Atheros
2016-06-03 15:43 - 2016-06-05 19:54 - 00000000 ____D C:\Users\Thi Tran\AppData\Local\Google
2016-06-03 15:43 - 2016-06-03 15:50 - 00000000 ____D C:\Program Files (x86)\Google
2016-06-03 15:43 - 2016-06-03 15:43 - 00003904 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1464943387
2016-06-03 15:43 - 2016-06-03 15:43 - 00001053 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-06-03 15:42 - 2016-06-03 15:42 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-06-03 15:35 - 2016-06-03 15:35 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-06-03 15:35 - 2016-06-03 15:35 - 00536312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2016-06-03 15:35 - 2016-06-03 15:35 - 00465792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-06-03 15:35 - 2016-06-03 15:35 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-06-03 15:35 - 2016-06-03 15:35 - 00287528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-06-03 15:35 - 2016-06-03 15:35 - 00166432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-06-03 15:35 - 2016-06-03 15:35 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-06-03 15:35 - 2016-06-03 15:35 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-06-03 15:35 - 2016-06-03 15:35 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-06-03 15:35 - 2016-06-03 15:35 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-06-03 15:35 - 2016-06-03 15:35 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-06-03 15:35 - 2016-06-03 15:35 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-06-03 15:35 - 2016-06-03 15:35 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-06-03 15:35 - 2016-06-03 15:35 - 00000000 ____D C:\Users\Thi Tran\AppData\Roaming\AVAST Software
2016-06-03 15:35 - 2016-06-03 15:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-06-03 15:35 - 2016-06-03 15:35 - 00000000 ____D C:\Program Files\Common Files\AV
2016-06-03 15:34 - 2016-06-03 22:11 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-128003330-4183474367-756348430-1001
2016-06-03 15:33 - 2016-06-03 15:42 - 00000000 ____D C:\ProgramData\AVAST Software
2016-06-03 15:33 - 2016-06-03 15:42 - 00000000 ____D C:\Program Files\AVAST Software
2016-06-03 15:33 - 2016-06-03 15:33 - 00000000 __SHD C:\Users\Thi Tran\AppData\LocalLow\EmieUserList
2016-06-03 15:33 - 2016-06-03 15:33 - 00000000 __SHD C:\Users\Thi Tran\AppData\LocalLow\EmieBrowserModeList
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-06-03 22:39 - 2013-08-22 22:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-03 22:16 - 2013-08-22 22:36 - 00262144 _____ C:\Windows\system32\config\BCD-Template
2016-06-03 22:06 - 2013-08-22 20:36 - 00000000 ____D C:\Windows\Inf
2016-06-03 21:29 - 2013-08-22 22:36 - 00000000 ____D C:\Windows\rescache
2016-06-03 21:25 - 2013-08-22 21:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-03 21:23 - 2013-08-22 20:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-06-03 16:13 - 2013-08-22 22:20 - 00000000 ____D C:\Windows\CbsTemp
2016-06-03 15:52 - 2014-11-21 09:49 - 00818732 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-03 15:40 - 2013-08-22 22:36 - 00000000 ____D C:\Windows\AppReadiness
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-06-03 21:19
==================== End of FRST.txt ============================