[Inactive] ZEUS VIRUS
Page 1 of 2 12 LastLast
Results 1 to 15 of 21

Thread: [Inactive] ZEUS VIRUS

  1. #1
    Join Date
    Dec 2001
    Posts
    1,737

    [Inactive] ZEUS VIRUS

    I cannot open the virus section so I am putting this here.
    I have a Lenovo 10.1 Laptop with Win 7. I was in Yahoo
    and suddenly with both audio and message said I have a Zeus
    Virus and unless I call the posted # 844 313-7499 within 5 minutes my hard drive will be deleted. I ignored the message and ran Avast virus scan and Malwarebytes. They found nothing
    wrong. I went back to Yahoo and resumed where I left off and
    the Zeus came back. Then I closed Yahoo and opened it new.
    No Zeus showed up. I also ran Rkill and that found nothing.
    Do I have an infection and how do I deleted it if so?

    Jerry

  2. #2
    Join Date
    Jul 1998
    Location
    Toronto
    Posts
    25,426
    I'll move this to the intensive care forum. See if you can get there with the permalink that will be where you made this original post. If you can then follow the instructions in the sticky at the top of that page. If you can't access this post then PM me or one of the other mods and we'll try to figure something else out. I will PM you in case you can't see this message.

    VirtualDr email notices are not working.
    Check back regularly for responses.

    _____________________
    cat lovers click here

  3. #3
    Join Date
    Mar 2009
    Location
    Arkham Asylum, Cell 13
    Posts
    11,686
    Moving to the ICU. Please follow the ICU instructions.

    http://discussions.virtualdr.com/sho...d-3-21-2015%29

    Ah, looks like fink got to it first.

  4. #4
    Join Date
    Dec 2001
    Posts
    1,737
    I cannot find the application in intensive care. Also If Avast, Malwarebytes, and rkill cannot find the virus do I still
    have it? It does not seem to do anything.

    Jerry

  5. #5
    Join Date
    Mar 2009
    Location
    Arkham Asylum, Cell 13
    Posts
    11,686
    Did you follow the instructions? The first step is to run Farbar and then post the logs.

  6. #6
    Join Date
    Dec 2001
    Posts
    1,737
    Ran farbar. Ran all 3 boxes and fix. No Zeus. Showed up. Fix. Said
    Nothing to repair. The logs are very long and I do not know how to
    Post them

  7. #7
    Join Date
    Apr 2000
    Location
    Sheboygan, WI
    Posts
    53,392
    Split across several posts.

  8. #8
    Join Date
    Mar 2009
    Location
    Arkham Asylum, Cell 13
    Posts
    11,686
    The logs are very long and I do not know how to Post them
    You need to cut and paste the text into a new reply on this thread. If the log is too long, copy and paste it in sections across multiple posts.

  9. #9
    Join Date
    Dec 2001
    Posts
    1,737
    Here is the log:

    OG (2)
    GERALD HILLMAN (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-05-
    Today at 7:48 PM
    GERALD HILLMAN <grh34@att.net>
    To
    JERRY Net GERALD HILLMAN
    Today at 7:51 PM
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-05-17] (AVAST Software)
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-05-17] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-05-17] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-05-17] (AVAST Software)
    R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-05-17] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [815792 2016-05-17] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449640 2016-05-17] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [124808 2016-05-17] (AVAST Software)
    R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224616 2016-08-06] (AVAST Software)
    R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [126336 2016-03-10] (Malwarebytes)
    R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [136432 2016-05-17] (AVAST Software)
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [262984 2016-05-17] (Avast Software)
    S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-08-11 15:54 - 2016-08-11 15:57 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2016-08-11 15:54 - 2016-08-11 15:54 - 00002017 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
    2016-08-11 15:53 - 2016-08-11 15:53 - 00000000 ____D C:\Program Files\Common Files\Adobe
    2016-08-08 10:35 - 2016-08-11 16:14 - 00000000 ____D C:\FRST
    2016-08-08 10:31 - 2016-08-11 16:08 - 00000000 ____D C:\ZEUS
    2016-08-06 17:29 - 2016-08-08 11:06 - 00000000 ___SD C:\Users\PAIGE\AppData\LocalLow\Temp
    2016-08-06 17:26 - 2016-08-06 17:25 - 07029472 _____ (Microsoft Corporation) C:\Users\PAIGE\Downloads\Silverlight 8-06-16.exe
    2016-08-06 17:10 - 2016-08-06 17:13 - 00002040 _____ C:\Users\PAIGE\Desktop\Rkill.txt
    2016-08-06 17:09 - 2016-08-06 17:08 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\PAIGE\Downloads\rkill 8-6-16.com
    2016-08-06 15:22 - 2016-08-06 15:23 - 00000000 ____D C:\f479cd128c9e77f9a17d7ad1ee
    2016-08-06 15:13 - 2016-08-06 15:14 - 00001105 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2016-08-06 15:13 - 2016-08-06 15:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2016-08-06 15:13 - 2016-08-06 15:13 - 00001117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2016-08-06 15:13 - 2016-08-06 15:13 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
    2016-08-06 15:09 - 2016-08-06 15:09 - 00242192 _____ C:\Users\PAIGE\Downloads\Firefox Setup Stub 48.0 8-6-16.exe
    2016-08-06 14:11 - 2016-08-06 14:11 - 00000000 ____D C:\Users\PAIGE\Documents\Working Files
    2016-08-06 13:53 - 2016-08-06 14:11 - 00000000 ____D C:\Users\PAIGE\AppData\Roaming\Corel
    2016-08-06 13:22 - 2016-08-06 13:21 - 00002336 _____ C:\Users\Public\Desktop\WordPerfect X7.lnk
    2016-08-06 13:21 - 2016-08-06 13:21 - 00000000 ____D C:\Program Files\Common Files\Protexis
    2016-08-06 13:20 - 2016-08-06 13:53 - 00000000 ____D C:\ProgramData\Corel
    2016-08-06 13:18 - 2016-08-06 13:18 - 00000000 ____D C:\Users\Public\Documents\WordPerfect Office
    2016-08-06 13:17 - 2016-08-06 14:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WordPerfect Office X7
    2016-08-06 13:17 - 2016-08-06 14:05 - 00000000 ____D C:\Program Files\Common Files\Corel
    2016-08-06 13:17 - 2016-08-06 13:17 - 00000000 ____D C:\ProgramData\Borland
    2016-08-06 12:56 - 2016-08-06 12:56 - 00001413 _____ C:\Users\PAIGE\Desktop\Internet Explorer (2).lnk
    2016-08-06 12:54 - 2016-08-06 12:54 - 00000000 ____D C:\Users\PAIGE\AppData\LocalLow\Adobe
    2016-08-06 12:54 - 2016-08-06 12:54 - 00000000 ____D C:\Users\PAIGE\AppData\Local\Adobe

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-08-11 16:12 - 2009-07-13 23:34 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-08-11 16:12 - 2009-07-13 23:34 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-08-11 16:05 - 2010-11-20 16:01 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-08-11 16:05 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\inf
    2016-08-11 16:00 - 2016-05-17 15:31 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-08-11 16:00 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-08-11 15:53 - 2016-02-25 13:53 - 00000000 ____D C:\Program Files\Adobe
    2016-08-11 15:52 - 2016-02-25 12:51 - 00000000 ____D C:\ProgramData\Adobe
    2016-08-06 18:22 - 2016-05-17 15:31 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-08-06 15:56 - 2016-02-25 12:41 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
    2016-08-06 15:30 - 2009-07-13 23:33 - 00447616 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-08-06 15:24 - 2016-04-08 11:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2016-08-06 15:23 - 2016-04-08 11:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2016-08-06 15:14 - 2016-04-08 10:46 - 00000000 ____D C:\Users\PAIGE\AppData\Roaming\Mozilla
    2016-08-06 15:14 - 2016-04-08 10:46 - 00000000 ____D C:\Users\PAIGE\AppData\Local\Mozilla
    2016-08-06 13:15 - 2016-02-24 21:33 - 00000000 ____D C:\Program Files\Corel
    2016-08-06 13:04 - 2016-04-08 11:07 - 00000000 ___RD C:\Users\PAIGE\Desktop\New Briefcase
    2016-08-06 12:54 - 2016-04-08 10:18 - 00000000 ____D C:\Users\PAIGE\AppData\Roaming\Adobe
    2016-08-06 12:40 - 2016-02-25 12:25 - 00224616 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
    2016-08-03 13:27 - 2016-05-17 15:42 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-08-03 13:27 - 2016-05-17 15:42 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk

    Some files in TEMP:
    ====================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-05-17] (AVAST Software)
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-05-17] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-05-17] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-05-17] (AVAST Software)
    R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-05-17] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [815792 2016-05-17] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449640 2016-05-17] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [124808 2016-05-17] (AVAST Software)
    R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224616 2016-08-06] (AVAST Software)
    R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [126336 2016-03-10] (Malwarebytes)
    R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [136432 2016-05-17] (AVAST Software)
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [262984 2016-05-17] (Avast Software)
    S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-08-11 15:54 - 2016-08-11 15:57 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2016-08-11 15:54 - 2016-08-11 15:54 - 00002017 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
    2016-08-11 15:53 - 2016-08-11 15:53 - 00000000 ____D C:\Program Files\Common Files\Adobe
    2016-08-08 10:35 - 2016-08-11 16:14 - 00000000 ____D C:\FRST
    2016-08-08 10:31 - 2016-08-11 16:08 - 00000000 ____D C:\ZEUS
    2016-08-06 17:29 - 2016-08-08 11:06 - 00000000 ___SD C:\Users\PAIGE\AppData\LocalLow\Temp
    2016-08-06 17:26 - 2016-08-06 17:25 - 07029472 _____ (Microsoft Corporation) C:\Users\PAIGE\Downloads\Silverlight 8-06-16.exe
    2016-08-06 17:10 - 2016-08-06 17:13 - 00002040 _____ C:\Users\PAIGE\Desktop\Rkill.txt
    2016-08-06 17:09 - 2016-08-06 17:08 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\PAIGE\Downloads\rkill 8-6-16.com
    2016-08-06 15:22 - 2016-08-06 15:23 - 00000000 ____D C:\f479cd128c9e77f9a17d7ad1ee
    2016-08-06 15:13 - 2016-08-06 15:14 - 00001105 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2016-08-06 15:13 - 2016-08-06 15:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2016-08-06 15:13 - 2016-08-06 15:13 - 00001117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2016-08-06 15:13 - 2016-08-06 15:13 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
    2016-08-06 15:09 - 2016-08-06 15:09 - 00242192 _____ C:\Users\PAIGE\Downloads\Firefox Setup Stub 48.0 8-6-16.exe
    2016-08-06 14:11 - 2016-08-06 14:11 - 00000000 ____D C:\Users\PAIGE\Documents\Working Files
    2016-08-06 13:53 - 2016-08-06 14:11 - 00000000 ____D C:\Users\PAIGE\AppData\Roaming\Corel
    2016-08-06 13:22 - 2016-08-06 13:21 - 00002336 _____ C:\Users\Public\Desktop\WordPerfect X7.lnk
    2016-08-06 13:21 - 2016-08-06 13:21 - 00000000 ____D C:\Program Files\Common Files\Protexis
    2016-08-06 13:20 - 2016-08-06 13:53 - 00000000 ____D C:\ProgramData\Corel
    2016-08-06 13:18 - 2016-08-06 13:18 - 00000000 ____D C:\Users\Public\Documents\WordPerfect Office
    2016-08-06 13:17 - 2016-08-06 14:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WordPerfect Office X7
    2016-08-06 13:17 - 2016-08-06 14:05 - 00000000 ____D C:\Program Files\Common Files\Corel
    2016-08-06 13:17 - 2016-08-06 13:17 - 00000000 ____D C:\ProgramData\Borland
    2016-08-06 12:56 - 2016-08-06 12:56 - 00001413 _____ C:\Users\PAIGE\Desktop\Internet Explorer (2).lnk
    2016-08-06 12:54 - 2016-08-06 12:54 - 00000000 ____D C:\Users\PAIGE\AppData\LocalLow\Adobe
    2016-08-06 12:54 - 2016-08-06 12:54 - 00000000 ____D C:\Users\PAIGE\AppData\Local\Adobe

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-08-11 16:12 - 2009-07-13 23:34 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-08-11 16:12 - 2009-07-13 23:34 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-08-11 16:05 - 2010-11-20 16:01 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-08-11 16:05 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\inf
    2016-08-11 16:00 - 2016-05-17 15:31 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-08-11 16:00 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-08-11 15:53 - 2016-02-25 13:53 - 00000000 ____D C:\Program Files\Adobe
    2016-08-11 15:52 - 2016-02-25 12:51 - 00000000 ____D C:\ProgramData\Adobe
    2016-08-06 18:22 - 2016-05-17 15:31 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-08-06 15:56 - 2016-02-25 12:41 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
    2016-08-06 15:30 - 2009-07-13 23:33 - 00447616 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-08-06 15:24 - 2016-04-08 11:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2016-08-06 15:23 - 2016-04-08 11:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2016-08-06 15:14 - 2016-04-08 10:46 - 00000000 ____D C:\Users\PAIGE\AppData\Roaming\Mozilla
    2016-08-06 15:14 - 2016-04-08 10:46 - 00000000 ____D C:\Users\PAIGE\AppData\Local\Mozilla
    2016-08-06 13:15 - 2016-02-24 21:33 - 00000000 ____D C:\Program Files\Corel
    2016-08-06 13:04 - 2016-04-08 11:07 - 00000000 ___RD C:\Users\PAIGE\Desktop\New Briefcase
    2016-08-06 12:54 - 2016-04-08 10:18 - 00000000 ____D C:\Users\PAIGE\AppData\Roaming\Adobe
    2016-08-06 12:40 - 2016-02-25 12:25 - 00224616 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
    2016-08-03 13:27 - 2016-05-17 15:42 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-08-03 13:27 - 2016-05-17 15:42 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk

    Some files in TEMP:
    ====================
    C:\Users\PAIGE\AppData\Local\Temp\DefaultPack.EXE


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-02-24 20:04

  10. #10
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Please, observe following rules:

    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.



    =================================

    The above log is incomplete.
    I also need second log from FRST.

  11. #11
    Join Date
    Dec 2001
    Posts
    1,737
    Where do I find second log

  12. #12
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Re-run FRST.
    Make sure you checkmark Addition.txt box so both logs will be produced.

  13. #13
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Still with me?

  14. #14
    Join Date
    Dec 2001
    Posts
    1,737
    Yes. Got busyi

  15. #15
    Join Date
    Dec 2001
    Posts
    1,737
    I hope this is what you need.

    ADITION (2)
    People
    GERALD HILLMAN (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {04D7ACFA-552A-45BE-BF15-52FF544FAF0B} - System32\Tasks\avast
    Today at 2:36 PM
    GERALD HILLMAN <grh34@att.net>
    To
    JERRY JERRY Net
    Today at 2:40 PM
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {04D7ACFA-552A-45BE-BF15-52FF544FAF0B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-17] (AVAST Software)
    Task: {09849067-DDAB-4553-A85F-2E751ABF434F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-05-17] (Google Inc.)
    Task: {3C63C038-F920-479F-9A36-ABDFCA333831} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-08-03] (AVAST Software)
    Task: {C88C2AD8-F254-4E81-BB49-772632C171D9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-05-17] (Google Inc.)
    Task: {CD9DA363-7E85-414E-9D9B-36E5874DDA23} - System32\Tasks\SafeZone scheduled Autoupdate 1456421735 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2016-05-17 15:20 - 2016-05-17 15:20 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2016-05-17 15:20 - 2016-05-17 15:20 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2016-08-06 12:39 - 2016-08-06 12:39 - 03012096 _____ () C:\Program Files\AVAST Software\Avast\defs\16080600\algo.dll
    2016-05-17 15:20 - 2016-05-17 15:20 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
    2016-08-08 10:31 - 2016-08-08 10:31 - 03012096 _____ () C:\Program Files\AVAST Software\Avast\defs\16080700\algo.dll
    2016-05-17 15:20 - 2016-05-17 15:20 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2016-02-25 18:42 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
    2016-02-25 12:31 - 2016-02-25 12:31 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3824901284-438093602-4152717216-1004\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: 192.168.1.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [{2751EFE2-B27E-48EE-93EE-912870F9050F}] => (Allow) C:\Program Files\Brother\Brmfl13b\FAXRX.EXE
    FirewallRules: [{98BB0E94-4044-40A6-98CB-ABBBBFFEDC04}] => (Allow) LPort=54925
    FirewallRules: [{F17BB1BB-240C-46B1-93AA-CDE47A92D8D8}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{4292CCCA-5BCC-40E6-839F-CCFF9AB88E9E}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{C139A09E-2D03-4366-8822-A29C6F44EB2A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
    FirewallRules: [{FABF187D-B3BA-4E06-A62A-155FC3E222E0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{033BE83F-3F26-4E26-92F8-8499A236EF61}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

    ==================== Restore Points =========================

    24-02-2016 18:53:05 Windows Update
    24-02-2016 20:27:05 Installed Microsoft Office Enterprise 2007
    25-02-2016 12:16:18 avast! Free Antivirus Setup
    25-02-2016 12:52:22 Installed Adobe Reader X.
    25-02-2016 13:49:46 Windows Modules Installer
    25-02-2016 14:18:35 ALL SOFTWARE INSTALLED 2-25-16
    25-02-2016 18:23:13 Installed MSXML 4.0 SP3 Parser
    25-02-2016 18:25:42 Installed Microsoft Visual C++ 2005 Redistributable
    25-02-2016 18:28:20 Installed Nuance PaperPort 12.
    25-02-2016 18:34:14 Installed Nuance PDF Viewer Plus.
    25-02-2016 18:37:23 Installed PaperPort Image Printer.
    25-02-2016 18:40:01 Installed Brother Software Suite
    25-02-2016 19:01:56 Device Driver Package Install: Brother Printers
    06-03-2016 14:30:25 Windows Modules Installer
    08-04-2016 13:01:55 Installed Microsoft Location Finder
    08-04-2016 13:03:14 Installed Microsoft Streets & Trips 2006
    08-04-2016 14:40:19 Installed Microsoft Streets & Trips 2010

    ==================== Faulty Device Manager Devices =============

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (08/08/2016 10:29:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/06/2016 06:21:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: b0

    Start Time: 01d1f03914f71e54

    Termination Time: 437

    Application Path: C:\Program Files\Internet Explorer\iexplore.exe

    Report Id: 6acece59-5c2c-11e6-a388-00234ef1b531

    Error: (08/06/2016 05:34:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 107c

    Start Time: 01d1f0323d7e823d

    Termination Time: 0

    Application Path: C:\Program Files\Internet Explorer\iexplore.exe

    Report Id:

    Error: (08/06/2016 05:30:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 958

    Start Time: 01d1f0320b0a9fc8

    Termination Time: 468

    Application Path: C:\Program Files\Internet Explorer\iexplore.exe

    Report Id:

    Error: (08/06/2016 05:05:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/06/2016 03:53:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program seamonkey.exe version 36.0.1.5545 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: cdc

    Start Time: 01d1f0219094d235

    Termination Time: 1334

    Application Path: C:\Program Files\SeaMonkey\seamonkey.exe

    Report Id: ba7ceae4-5c17-11e6-858c-00234ef1b531

    Error: (08/06/2016 03:31:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/06/2016 03:26:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/06/2016 12:58:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 12a8

    Start Time: 01d1f00beec1fb2e

    Termination Time: 62

    Application Path: C:\Program Files\Internet Explorer\iexplore.exe

    Report Id:

    Error: (08/06/2016 12:58:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 120c

    Start Time: 01d1f00bee4d57c1

    Termination Time: 46

    Application Path: C:\Program Files\Internet Explorer\iexplore.exe

    Report Id:


    System errors:
    =============
    Error: (08/08/2016 10:33:11 AM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk2\DR2.

    Error: (08/08/2016 10:33:10 AM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk2\DR2.

    Error: (08/08/2016 10:33:09 AM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk2\DR2.

    Error: (08/08/2016 10:29:05 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error: (08/06/2016 05:04:27 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error: (08/06/2016 05:04:10 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 5:02:32 PM on 8/ 6/ 2016 was unexpected.

    Error: (08/06/2016 03:31:18 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error: (08/06/2016 03:30:58 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 3:28:55 PM on 8/ 6/ 2016 was unexpected.

    Error: (08/06/2016 03:25:42 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error: (08/06/2016 12:52:20 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    cdrom


    ==================== Memory info ===========================

    Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz
    Percentage of memory in use: 72%
    Total physical RAM: 2038.43 MB
    Available physical RAM: 559.38 MB
    Total Virtual: 4076.86 MB
    Available Virtual: 2312.09 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:232.79 GB) (Free:207.44 GB) NTFS ==>[drive with boot components (obtained from BCD)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: F9052388)
    Partition 1: (Active) - (Size=232.8 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt =======
    Reply Reply to All Forward More

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •