Jump to content

Change Mode

have a look please...


brownhornet
 Share

Recommended Posts

a friend dropped of his laptop that he said would freeze up...i ran the following : TFC,JRT,superantispyware,malwarebytes and adwcleaner as well as avast. MB found nothing but superanti found and removed a trojan. just want to see how the laptop is now...thanks.

 

 

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 1:50:21 PM, on 10/1/2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)

FIREFOX: 39.0 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
D:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lxda_device - - C:\Windows\system32\lxdacoms.exe
O23 - Service: lxdn_device - Unknown owner - C:\Windows\system32\lxdncoms.exe (file missing)
O23 - Service: lxdq_device - Unknown owner - C:\Windows\system32\lxdqcoms.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9379 bytes

Link to comment
Share on other sites

Hello brownhornet

HijackThis isn’t used any more because it hasn’t been updated to deal with current computer systems so it would be good to have a look with the current tool that we use to see if there’s anything left.

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called Frst.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

Thanks

Satchfan

 

Link to comment
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-09-2016

Ran by Holly Doering (administrator) on HOLLYDOERING-PC (01-10-2016 16:59:32)

Running from C:\Users\Holly Doering\Downloads

Loaded Profiles: Holly Doering (Available Profiles: Holly Doering)

Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal



==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe

(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe

() C:\Program Files\ATKGFNEX\GFNEXSrv.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe

() C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

( ) C:\Windows\System32\lxdacoms.exe

( ) C:\Windows\System32\lxdncoms.exe

( ) C:\Windows\System32\lxdqcoms.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe

(ASUS) C:\Windows\AsScrPro.exe

(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe



==================== Registry (Whitelisted) ====================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2244608 2009-09-11] (VIA)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107616 2016-10-01] (AVAST Software)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: D - D:\LaunchU3.exe -a

HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: F - F:\LaunchU3.exe -a

HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: {53b895d9-8eca-11df-b027-e0cb4e909b2d} - D:\VZAccess_Manager.exe /z detect

HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: {53b895e3-8eca-11df-b027-e0cb4e909b2d} - D:\VZAccess_Manager.exe /z detect

HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: {53b895e9-8eca-11df-b027-e0cb4e909b2d} - D:\VZAccess_Manager.exe /z detect

HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: {a015e85f-94d4-11df-9e11-e0cb4e909b2d} - D:\VZAccess_Manager.exe /z detect

HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: {a2b41c1d-2fca-11df-a968-e0cb4e909b2d} - D:\LaunchU3.exe -a

HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: {e45d45ba-9f53-11df-9c46-e0cb4e909b2d} - D:\VZAccess_Manager.exe /z detect

HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-10-01] (AVAST Software)

ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll [2007-06-15] ()

ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll [2007-06-02] ()

ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll [2007-06-15] ()

ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll [2007-06-02] ()

GroupPolicy: Restriction - Chrome <======= ATTENTION


==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{35D8B023-7169-4BD8-AE26-7E1209CEF209}: [DhcpNameServer] 192.168.1.254

Tcpip\..\Interfaces\{C32BCC3E-B9CE-4C38-BB16-EB3D389DBB54}: [DhcpNameServer] 192.168.1.1


Internet Explorer:

==================

HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aol.com/

HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox

SearchScopes: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-10-01] (AVAST Software)

BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)

BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14] (Microsoft Corporation)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-01] (AVAST Software)

BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-08-04] (Sun Microsystems, Inc.)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)


FireFox:

========

FF ProfilePath: C:\Users\Holly Doering\AppData\Roaming\Mozilla\Firefox\Profiles\ec897kdn.default

FF DefaultSearchEngine: Bing

FF DefaultSearchEngine.US: Bing

FF SearchEngineOrder.3: Bing

FF SelectedSearchEngine: Bing

FF Homepage: hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP&dt=072413

hxxp://www.facebook.com/?sk=messages&tid=1519092822313#!/?ref=home

hxxp://www.yahoo.com/

FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&dt=072413&q=

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-10-01] ()

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-10-01] ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)

FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-04] (Sun Microsystems, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-14] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-14] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=1.1.9 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-1681979680-1402208572-3299214080-1000: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Holly Doering\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll [2010-06-09] ( )

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011-05-04] (Sun Microsystems, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-27] (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)

FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-07-18] [not signed]

FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-07-18] [not signed]

FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-01]

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF


Chrome:

=======

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\ppGoogleNaClPluginChrome.dll => No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\pdf.dll => No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)

CHR Plugin: (Java Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)

CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll => No File

CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll => No File

CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll => No File

CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll => No File

CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll => No File

CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll => No File

CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Holly Doering\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll => No File

CHR Plugin: (Facebook Plugin) - C:\Users\Holly Doering\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll => No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

CHR Profile: C:\Users\Holly Doering\AppData\Local\Google\Chrome\User Data\Default [2016-10-01]

CHR Extension: (Adblock Plus) - C:\Users\Holly Doering\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-01]

CHR Extension: (Avast Online Security) - C:\Users\Holly Doering\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-10-01]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Holly Doering\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-14]

CHR Extension: (Chrome Media Router) - C:\Users\Holly Doering\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-01]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx


==================== Services (Whitelisted) ====================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)

R3 ADSMService; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.) [File not signed]

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)

R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-10-01] (AVAST Software)

R2 lxda_device; C:\Windows\system32\lxdacoms.exe [566192 2007-04-26] ( )

R2 lxda_device; C:\Windows\SysWOW64\lxdacoms.exe [537520 2007-04-26] ( )

R2 lxdn_device; C:\Windows\system32\lxdncoms.exe [1039872 2007-11-28] ( )

R2 lxdq_device; C:\Windows\system32\lxdqcoms.exe [1039872 2007-11-28] ( )

R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)


===================== Drivers (Whitelisted) ======================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-10-01] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-10-01] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-10-01] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-10-01] (AVAST Software)

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-10-01] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-10-01] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-10-01] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-10-01] (AVAST Software)

S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

R3 GUCI_AVS; C:\Windows\System32\DRIVERS\GUCI_AVS.sys [692736 2009-10-29] (PixArt Imaging Incorporation)

R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S3 SMSIVZAM5X64; C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\SMSIVZAM5X64.SYS [43032 2009-05-25] (Smith Micro Inc.)

U3 tmlwf; no ImagePath

U3 tmwfp; no ImagePath


==================== NetSvcs (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)



==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2016-10-01 16:59 - 2016-10-01 17:05 - 00018900 _____ C:\Users\Holly Doering\Downloads\FRST.txt

2016-10-01 16:58 - 2016-10-01 16:59 - 00000000 ____D C:\FRST

2016-10-01 16:58 - 2016-10-01 16:58 - 00001530 _____ C:\Users\Holly Doering\Desktop\FRST64 - Shortcut.lnk

2016-10-01 16:57 - 2016-10-01 16:57 - 02404352 _____ (Farbar) C:\Users\Holly Doering\Downloads\FRST64.exe

2016-10-01 13:51 - 2016-10-01 13:51 - 00009380 _____ C:\Users\Holly Doering\Desktop\hijackthis 2016.txt

2016-10-01 13:31 - 2016-10-01 13:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

2016-10-01 13:22 - 2016-10-01 13:22 - 00000000 ____D C:\Users\Holly Doering\Tracing

2016-10-01 13:21 - 2016-10-01 13:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2016-10-01 13:14 - 2016-10-01 13:14 - 00000000 ____D C:\Users\Holly Doering\AppData\Local\CEF

2016-10-01 13:13 - 2016-10-01 13:13 - 00000000 ____D C:\Users\Holly Doering\AppData\Roaming\AVAST Software

2016-10-01 13:12 - 2016-10-01 13:12 - 00969184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys

2016-10-01 13:12 - 2016-10-01 13:12 - 00513632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

2016-10-01 13:12 - 2016-10-01 13:12 - 00003922 _____ C:\Windows\System32\Tasks\avast! Emergency Update

2016-10-01 13:12 - 2016-10-01 13:12 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software

2016-10-01 13:12 - 2016-10-01 13:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software

2016-10-01 13:12 - 2016-10-01 13:12 - 00000000 ____D C:\Program Files\Common Files\AV

2016-10-01 13:12 - 2016-10-01 13:11 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys

2016-10-01 13:12 - 2016-10-01 13:11 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys

2016-10-01 13:12 - 2016-10-01 13:11 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2016-10-01 13:12 - 2016-10-01 13:11 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2016-10-01 13:12 - 2016-10-01 13:11 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys

2016-10-01 13:12 - 2016-10-01 13:11 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys

2016-10-01 13:11 - 2016-10-01 13:11 - 00992960 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll

2016-10-01 13:11 - 2016-10-01 13:11 - 00921280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll

2016-10-01 13:11 - 2016-10-01 13:11 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2016-10-01 13:11 - 2016-10-01 13:11 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr

2016-10-01 13:10 - 2016-10-01 13:10 - 00000000 ____D C:\Program Files\AVAST Software

2016-10-01 13:08 - 2016-10-01 13:08 - 06334848 _____ (AVAST Software) C:\Users\Holly Doering\Downloads\avast_free_antivirus_setup_online.exe

2016-10-01 13:08 - 2016-10-01 13:08 - 00000000 ____D C:\ProgramData\AVAST Software

2016-10-01 06:19 - 2014-05-14 17:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2016-10-01 06:19 - 2014-05-14 17:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2016-10-01 06:19 - 2014-05-14 17:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2016-10-01 06:19 - 2014-05-14 17:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2016-10-01 06:18 - 2014-05-14 17:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2016-10-01 06:18 - 2014-05-14 17:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2016-10-01 06:18 - 2014-05-14 17:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2016-10-01 06:18 - 2014-05-14 17:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2016-10-01 06:18 - 2014-05-14 17:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2016-10-01 06:18 - 2014-05-14 17:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2016-10-01 06:18 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2016-10-01 06:18 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2016-10-01 06:18 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2016-10-01 06:18 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2016-10-01 05:37 - 2016-10-01 05:37 - 00000207 _____ C:\Windows\tweaking.com-regbackup-HOLLYDOERING-PC-Windows-7-Home-Premium-(64-bit).dat

2016-10-01 05:34 - 2016-10-01 05:34 - 00000000 ____D C:\RegBackup

2016-10-01 05:31 - 2016-10-01 05:31 - 00003684 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon

2016-10-01 05:31 - 2016-10-01 05:31 - 00002165 _____ C:\Users\Holly Doering\Desktop\Tweaking.com - Windows Repair.lnk

2016-10-01 05:31 - 2016-10-01 05:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com

2016-10-01 05:30 - 2016-10-01 05:31 - 00188966 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt

2016-10-01 05:30 - 2016-10-01 05:30 - 00000000 ____D C:\Program Files (x86)\Tweaking.com

2016-10-01 05:28 - 2016-10-01 05:29 - 29164488 _____ (Tweaking.com) C:\Users\Holly Doering\Downloads\tweaking.com_windows_repair_aio_setup.exe

2016-10-01 02:37 - 2016-10-01 02:38 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2016-10-01 02:36 - 2016-10-01 02:36 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2016-10-01 02:35 - 2016-10-01 02:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2016-10-01 02:35 - 2016-10-01 02:35 - 00000000 ____D C:\ProgramData\Malwarebytes

2016-10-01 02:35 - 2016-10-01 02:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2016-10-01 02:35 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2016-10-01 02:35 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys

2016-10-01 02:35 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys

2016-10-01 02:31 - 2016-10-01 02:32 - 22851472 _____ (Malwarebytes ) C:\Users\Holly Doering\Downloads\mbam-setup-2.2.1.1043.exe

2016-10-01 02:27 - 2016-10-01 02:28 - 00000258 __RSH C:\ProgramData\ntuser.pol

2016-10-01 02:27 - 2016-10-01 02:28 - 00000000 ____D C:\ProgramData\TEMP

2016-10-01 02:27 - 2016-10-01 02:28 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster

2016-10-01 02:27 - 2016-10-01 02:27 - 00001085 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk

2016-10-01 02:27 - 2016-10-01 02:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster

2016-10-01 02:26 - 2016-10-01 02:26 - 04291320 _____ (BrightFort LLC ) C:\Users\Holly Doering\Downloads\spywareblastersetup55.exe

2016-10-01 01:24 - 2016-10-01 01:24 - 00000000 ____D C:\Users\Holly Doering\AppData\Roaming\SUPERAntiSpyware.com

2016-10-01 01:23 - 2016-10-01 01:24 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2016-10-01 01:23 - 2016-10-01 01:23 - 27777336 _____ (SUPERAntiSpyware) C:\Users\Holly Doering\Downloads\SUPERAntiSpyware.exe

2016-10-01 01:23 - 2016-10-01 01:23 - 00001810 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

2016-10-01 01:23 - 2016-10-01 01:23 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com

2016-10-01 01:23 - 2016-10-01 01:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

2016-10-01 01:16 - 2016-10-01 01:16 - 00001499 _____ C:\Users\Holly Doering\Desktop\TFC - Shortcut.lnk

2016-10-01 01:15 - 2016-10-01 01:15 - 00448512 _____ (OldTimer Tools) C:\Users\Holly Doering\Downloads\TFC.exe

2016-10-01 01:13 - 2016-10-01 01:13 - 00005187 _____ C:\Users\Holly Doering\Desktop\JRT.txt

2016-10-01 01:09 - 2016-10-01 01:09 - 00000000 ____D C:\Windows\pss

2016-10-01 01:07 - 2016-10-01 16:38 - 00003200 _____ C:\Windows\System32\Tasks\P4GIntlCtrl

2016-10-01 01:02 - 2016-10-01 01:02 - 01615456 _____ (Malwarebytes) C:\Users\Holly Doering\Downloads\JRT.exe

2016-10-01 01:02 - 2016-10-01 01:02 - 00001452 _____ C:\Users\Holly Doering\Desktop\JRT - Shortcut.lnk

2016-10-01 00:55 - 2016-10-01 01:03 - 00000000 ____D C:\AdwCleaner

2016-10-01 00:54 - 2016-10-01 00:54 - 03861056 _____ C:\Users\Holly Doering\Downloads\AdwCleaner.exe

2016-10-01 00:54 - 2016-10-01 00:54 - 00001521 _____ C:\Users\Holly Doering\Desktop\AdwCleaner - Shortcut.lnk

2016-10-01 00:52 - 2016-10-01 00:52 - 00000355 _____ C:\Users\Holly Doering\Desktop\Computer - Shortcut.lnk

2016-10-01 00:50 - 2016-10-01 13:05 - 00353792 _____ C:\Windows\ntbtlog.txt


==================== One Month Modified files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2016-10-01 16:50 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2016-10-01 16:49 - 2009-07-14 06:08 - 00032528 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2016-10-01 16:45 - 2009-07-14 05:45 - 00010240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2016-10-01 16:45 - 2009-07-14 05:45 - 00010240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2016-10-01 16:37 - 2012-04-30 13:55 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2016-10-01 16:24 - 2011-02-06 02:10 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2016-10-01 14:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache

2016-10-01 13:47 - 2010-03-15 10:58 - 00003136 _____ C:\Windows\System32\Tasks\P4G Sidebar

2016-10-01 13:47 - 2010-01-22 18:41 - 00002026 _____ C:\Windows\system32\AutoRunFilter.ini

2016-10-01 13:47 - 2010-01-22 18:41 - 00001443 _____ C:\Windows\system32\ServiceFilter.ini

2016-10-01 13:33 - 2010-03-15 01:31 - 00000000 ____D C:\Users\Holly Doering\AppData\Roaming\Skype

2016-10-01 13:31 - 2011-04-17 21:22 - 00001072 _____ C:\Users\Public\Desktop\VLC media player.lnk

2016-10-01 13:22 - 2010-03-15 01:09 - 00000000 ____D C:\Users\Holly Doering

2016-10-01 13:21 - 2010-03-15 01:30 - 00000000 ___RD C:\Program Files (x86)\Skype

2016-10-01 13:20 - 2014-06-23 01:03 - 00000000 ____D C:\Users\Holly Doering\AppData\Local\Skype

2016-10-01 13:19 - 2010-03-15 01:30 - 00000000 ____D C:\ProgramData\Skype

2016-10-01 12:04 - 2009-07-14 06:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI

2016-10-01 12:04 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf

2016-10-01 05:43 - 2010-08-05 03:26 - 00000000 ____D C:\Users\Holly Doering\AppData\Local\ElevatedDiagnostics

2016-10-01 02:40 - 2012-04-30 13:55 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2016-10-01 02:40 - 2012-04-30 13:55 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2016-10-01 02:40 - 2011-06-30 16:05 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2016-10-01 02:39 - 2012-04-14 20:57 - 00000000 ____D C:\Windows\system32\Macromed

2016-10-01 02:39 - 2010-01-22 18:33 - 00000000 ____D C:\Windows\SysWOW64\Macromed

2016-10-01 02:27 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy

2016-10-01 02:27 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy

2016-10-01 02:14 - 2010-06-15 03:33 - 00000000 ____D C:\Users\Holly Doering\AppData\Roaming\Facebook

2016-10-01 01:09 - 2015-09-23 00:42 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2016-10-01 01:09 - 2015-09-23 00:42 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk


==================== Files in the root of some directories =======


2007-06-12 18:34 - 2007-06-12 18:34 - 0035822 _____ () C:\Program Files (x86)\Common Files\ASPG_icon.ico

2008-05-22 17:35 - 2008-05-22 17:35 - 0051962 _____ () C:\Program Files (x86)\Common Files\banner.jpg

2009-04-08 19:31 - 2009-04-08 19:31 - 0106496 _____ () C:\Program Files (x86)\Common Files\CPInstallAction.dll

2008-08-12 06:45 - 2008-08-12 06:45 - 0155648 _____ (ASUS) C:\Program Files (x86)\Common Files\MSIactionall.dll

2010-03-15 03:43 - 2010-03-15 03:43 - 0000000 _____ () C:\Users\Holly Doering\AppData\Roaming\wklnhst.dat

2015-09-23 00:37 - 2015-09-23 00:37 - 0000057 _____ () C:\ProgramData\Ament.ini

2010-03-15 01:32 - 2010-03-15 01:32 - 0000056 ____H () C:\ProgramData\ezsidmv.dat


Some files in TEMP:

====================

C:\Users\Holly Doering\AppData\Local\Temp\bpuninstall.exe



==================== Bamital & volsnap ======================


(There is no automatic fix for files that do not pass verification.)


C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



LastRegBack: 2016-10-01 03:21


==================== End of FRST.txt ============================










Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-09-2016

Ran by Holly Doering (01-10-2016 17:07:10)

Running from C:\Users\Holly Doering\Downloads

Windows 7 Home Premium Service Pack 1 (X64) (2010-03-15 00:09:05)

Boot Mode: Normal

==========================================================



==================== Accounts: =============================


Administrator (S-1-5-21-1681979680-1402208572-3299214080-500 - Administrator - Disabled)

Guest (S-1-5-21-1681979680-1402208572-3299214080-501 - Limited - Disabled)

Holly Doering (S-1-5-21-1681979680-1402208572-3299214080-1000 - Administrator - Enabled) => C:\Users\Holly Doering

HomeGroupUser$ (S-1-5-21-1681979680-1402208572-3299214080-1003 - Limited - Enabled)


==================== Security Center ========================


(If an entry is included in the fixlist, it will be removed.)


AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}


==================== Installed Programs ======================


(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)

Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)

Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)

Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)

Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}) (Version: 1.5.17.25482 - Alcor Micro Corp.)

Alcor Micro USB Card Reader (x32 Version: 1.5.17.25482 - Alcor Micro Corp.) Hidden

Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)

ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.7 - ASUS)

ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)

ASUS CopyProtect (HKLM-x32\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0015 - ASUS)

ASUS Data Security Manager (HKLM-x32\...\{FA2092C5-7979-412D-A962-6485274AE1EE}) (Version: 1.00.0014 - ASUS)

ASUS FancyStart (HKLM-x32\...\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}) (Version: 1.0.6 - ASUSTeK Computer Inc.)

ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)

ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)

ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS)

ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.23 - ASUS)

ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0007 - ASUS)

ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)

ASUS USB2.0 UVC VGA WebCam (HKLM-x32\...\ASUSUSBDEVIC) (Version: - )

ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus)

ASUS_Screensaver (HKLM-x32\...\ASUS_Screensaver) (Version: - )

ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)

ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0052 - ASUS)

ATK Media (HKLM-x32\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0006 - ASUS)

ATKOSD2 (HKLM-x32\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0006 - ASUS)

Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

Brother MFL-Pro Suite MFC-J615W (HKLM-x32\...\{7FB6B1B7-075B-4B7F-BEB6-97584F73C7B5}) (Version: 1.0.4.0 - Brother Industries, Ltd.)

Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.4 - ASUS)

Documents To Go Desktop for iPhone (HKLM-x32\...\DTGDesktop) (Version: 2.0000.006 - DataViz, Inc.)

EasyBits GO (HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\Game Organizer) (Version: - EasyBits Media)

ETDWare PS/2-x64 7.0.5.9_WHQL (HKLM\...\Elantech) (Version: - )

Facebook Plug-In (HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\Facebook Plug-In) (Version: - Facebook, Inc.)

Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.4 - ASUS)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.)

Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden

HP ENVY 4500 series Basic Device Software (HKLM\...\{6915424E-704F-4F5D-9057-9C7B406B36DB}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)

HP ENVY 4500 series Help (HKLM-x32\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard)

HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)

HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

iCloud (HKLM\...\{724A887F-2B55-4306-B6F9-8F0E7A04B1B5}) (Version: 5.2.2.87 - Apple Inc.)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)

Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1995 - Intel Corporation)

Iomega Home Storage Manager (HKLM-x32\...\{C08E4323-261D-4B2F-8F24-CDB26E2AA081}) (Version: 2.0.1.6 - Iomega Corporation an EMC Company)

iTunes (HKLM\...\{E109B4A3-9883-4E6E-9A19-4D7E1A88AFE8}) (Version: 12.4.2.4 - Apple Inc.)

Java 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.260 - Sun Microsystems, Inc.)

Lexmark 640 Series (HKLM\...\Lexmark 640 Series) (Version: - Lexmark International, Inc.)

Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

MobileMe Control Panel (HKLM\...\{AF5020D9-116A-46AC-A922-087592F37EC9}) (Version: 3.1.8.0 - Apple Inc.)

Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)

PANTECH USB Modem V2 (HKLM\...\{1C336D20-A089-4818-9C56-96AD81BF5A11}) (Version: 1.2.4151.1109 - PANTECH CO.,LTD)

Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden

Product Improvement Study for HP ENVY 4500 series (HKLM\...\{58139103-BACF-4BDC-B71C-955F9164ADA6}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)

QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)

Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.2 - Roxio)

Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)

Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)

Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.)

SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)

SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1224 - SUPERAntiSpyware.com)

Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.11 - Tweaking.com)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)

VirtualDJ 8 (HKLM-x32\...\{68A952A1-F666-4A5F-98C9-03EE9625B2E2}) (Version: 8.1.2857.0 - Atomix Productions)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)

VZAccess Manager (HKLM-x32\...\{EBC8295F-BFB4-4DFB-9248-9A8804C1DC48}) (Version: 7.2.12.2 - Smith Micro Software Inc.)

Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)

WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.29.0 - ASUS)


==================== Custom CLSID (Whitelisted): ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)



==================== Scheduled Tasks (Whitelisted) =============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


Task: {0C1F47E5-2839-4ABA-929D-1ADD6B6A1AF0} - System32\Tasks\{46267D6E-1C04-49EF-B605-AC318F31C9FC} => pcalua.exe -a "C:\Program Files (x86)\Verizon Wireless\uninstall.exe" -d "C:\Program Files (x86)\Verizon Wireless"

Task: {1D250E38-8B2E-445E-BBD6-C0C24AC51DB6} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-09-24] ()

Task: {1E444076-AD4E-4AA3-A2A9-F5BFD395A121} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-10-01] (AVAST Software)

Task: {21FF3545-64D5-40E5-A93E-F55FE1752FF6} - System32\Tasks\ASPG => C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe [2009-06-29] (ASUS)

Task: {23E85DAC-7625-49BA-94E0-584A71F0367B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-01] (Adobe Systems Incorporated)

Task: {3E44452B-AA27-4BF2-9223-3AC7A6A86828} - System32\Tasks\{A5D9826F-EF60-4139-9031-44B6A538D7B5} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-09-12] (Skype Technologies S.A.)

Task: {49C29D73-ECF8-4937-961C-18AFA6E71671} - System32\Tasks\P4GIntlCtrl => C:\Program Files\P4G\IntlCtrl.exe [2009-08-11] (TODO: <Company name>)

Task: {5E21ACBA-1611-499E-8723-B8007E8A698C} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-05-19] (ASUS)

Task: {6079A32B-8279-439D-A77A-90EB7BA02939} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-10-01] (AVAST Software)

Task: {6907D586-6D50-49E9-8F9E-440412A792B6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-22] (Google Inc.)

Task: {6F18B495-D83D-4535-8DFA-F648D5249A38} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-12] (Tweaking.com)

Task: {AD089F81-D92E-4BED-A1F6-46028DA81331} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2009-09-08] (ATK)

Task: {B29DA9D5-F40F-4603-A455-87A2EF9C25A1} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)

Task: {B9E8F73F-3995-4DD9-934F-A0A21566F038} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)

Task: {BA987657-9406-4929-9ECF-1C60AF27367F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)

Task: {C344AB5A-EE76-4D8B-8008-B9CDF226E17A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-22] (Google Inc.)

Task: {DCC7E45D-8778-4DDF-8AC2-2EEB5200CC3F} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()

Task: {FA79D762-5730-4A57-98F6-F059226B8D91} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe


==================== Shortcuts =============================


(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Holly Doering\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki/

Shortcut: C:\Users\Holly Doering\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com/


==================== Loaded Modules (Whitelisted) ==============


2010-01-22 18:39 - 2007-08-08 09:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe

2007-06-15 19:28 - 2007-06-15 19:28 - 00104960 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll

2007-06-02 01:52 - 2007-06-02 01:52 - 00159744 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll

2008-08-14 05:59 - 2008-08-14 05:59 - 00301624 _____ () C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe

2010-10-29 20:07 - 2009-08-13 12:06 - 00177152 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdndrpp.dll

2010-08-05 03:26 - 2009-08-13 17:06 - 00177152 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdqdrpp.dll

2016-07-05 15:23 - 2016-07-05 15:23 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2010-01-22 18:39 - 2009-05-07 09:51 - 00071680 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll

2010-01-22 18:39 - 2009-05-07 09:53 - 00379392 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll

2010-01-22 18:39 - 2008-01-18 07:49 - 00098816 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll

2010-01-22 18:39 - 2009-07-06 07:37 - 47601664 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll

2016-10-01 13:11 - 2016-10-01 13:11 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

2016-10-01 13:13 - 2016-10-01 13:13 - 03118360 _____ () C:\Program Files\AVAST Software\Avast\defs\16100104\algo.dll

2016-10-01 13:11 - 2016-10-01 13:11 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll

2016-10-01 13:11 - 2016-10-01 13:11 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2007-06-15 19:28 - 2007-06-15 19:28 - 00147456 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll

2007-06-02 02:08 - 2007-06-02 02:08 - 00143360 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll

2016-10-01 01:09 - 2016-09-14 01:38 - 01806152 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libglesv2.dll

2016-10-01 01:09 - 2016-09-14 01:38 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libegl.dll


==================== Alternate Data Streams (Whitelisted) =========


(If an entry is included in the fixlist, only the ADS will be removed.)


AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]


==================== Safe Mode (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)



==================== Association (Whitelisted) ===============


(If an entry is included in the fixlist, the registry item will be restored to default or removed.)



==================== Internet Explorer trusted/restricted ===============


(If an entry is included in the fixlist, it will be removed from the registry.)


IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\008i.com -> 008i.com

IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\008k.com -> 008k.com

IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\00hq.com -> 00hq.com

IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\0190-dialers.com -> 0190-dialers.com

IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\01i.info -> 01i.info

IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com

IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\0411dd.com -> 0411dd.com

IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\0511zfhl.com -> 0511zfhl.com

IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\05p.com -> 05p.com

IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\0632qyw.com -> 0632qyw.com

IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com

IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com

IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com

IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\0calories.net -> 0calories.net

IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\0cj.net -> 0cj.net

IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\0scan.com -> 0scan.com

IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com

IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\1-domains-registrations.com -> 1-domains-registrations.com

IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\1-se.com -> 1-se.com

IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\1001movie.com -> 1001movie.com


There are 6091 more sites.



==================== Hosts content: ===============================


(If needed Hosts: directive could be included in the fixlist to reset Hosts.)


2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts



==================== Other Areas ============================


(Currently there is no automatic fix for this section.)


HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Holly Doering\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.1.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)

Windows Firewall is disabled.


==================== MSCONFIG/TASK MANAGER disabled items ==


MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk => C:\Windows\pss\FancyStart daemon.lnk.CommonStartup

MSCONFIG\startupfolder: C:^Users^Holly Doering^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP ENVY 4500 series.lnk => C:\Windows\pss\Monitor Ink Alerts - HP ENVY 4500 series.lnk.Startup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

MSCONFIG\startupreg: ADSMTray => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe

MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe

MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

MSCONFIG\startupreg: ATKOSD2 => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

MSCONFIG\startupreg: ETDWare => C:\Program Files\Elantech\ETDCtrl.exe

MSCONFIG\startupreg: GUCI_AVS => C:\Windows\PixArt\PAP7501\GUCI_AVS.exe

MSCONFIG\startupreg: HControlUser => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe

MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

MSCONFIG\startupreg: iCloudPhotos => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe

MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe

MSCONFIG\startupreg: Iomega Home Storage Manager => C:\Program Files (x86)\Iomega\Home Storage Manager\Iomega Discovery.exe

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe

MSCONFIG\startupreg: Setwallpaper => c:\programdata\SetWallpaper.cmd

MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe


==================== FirewallRules (Whitelisted) ===============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


FirewallRules: [{3C586BC3-5D36-499B-A0D4-FAA88B1922E0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{118CBC71-9ED3-4D25-A763-9A7176369A8C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{E69671FB-D387-4D01-84DB-8C837A9C25E2}] => (Allow) C:\Windows\System32\lxdqcoms.exe

FirewallRules: [{C0FE8CA2-091B-484B-94C2-651BCDB063FC}] => (Allow) C:\Windows\System32\lxdqcoms.exe

FirewallRules: [{BA6B0164-ECEA-4FB4-BACA-113611D4A8E6}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe

FirewallRules: [{910EC701-5413-4EE7-8DA9-0C332880581C}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe

FirewallRules: [{6850E3EB-0D46-42B9-B736-1E34D442C3B2}] => (Allow) LPort=26675

Link to comment
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-09-2016

Ran by Holly Doering (01-10-2016 17:07:10)

Running from C:\Users\Holly Doering\Downloads

Windows 7 Home Premium Service Pack 1 (X64) (2010-03-15 00:09:05)

Boot Mode: Normal

==========================================================



==================== Accounts: =============================


Administrator (S-1-5-21-1681979680-1402208572-3299214080-500 - Administrator - Disabled)

Guest (S-1-5-21-1681979680-1402208572-3299214080-501 - Limited - Disabled)

Holly Doering (S-1-5-21-1681979680-1402208572-3299214080-1000 - Administrator - Enabled) => C:\Users\Holly Doering

HomeGroupUser$ (S-1-5-21-1681979680-1402208572-3299214080-1003 - Limited - Enabled)


==================== Security Center ========================


(If an entry is included in the fixlist, it will be removed.)


AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}


==================== Installed Programs ======================


(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)

Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)

Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)

Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)

Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}) (Version: 1.5.17.25482 - Alcor Micro Corp.)

Alcor Micro USB Card Reader (x32 Version: 1.5.17.25482 - Alcor Micro Corp.) Hidden

Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)

ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.7 - ASUS)

ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)

ASUS CopyProtect (HKLM-x32\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0015 - ASUS)

ASUS Data Security Manager (HKLM-x32\...\{FA2092C5-7979-412D-A962-6485274AE1EE}) (Version: 1.00.0014 - ASUS)

ASUS FancyStart (HKLM-x32\...\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}) (Version: 1.0.6 - ASUSTeK Computer Inc.)

ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)

ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)

ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS)

ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.23 - ASUS)

ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0007 - ASUS)

ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)

ASUS USB2.0 UVC VGA WebCam (HKLM-x32\...\ASUSUSBDEVIC) (Version: - )

ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus)

ASUS_Screensaver (HKLM-x32\...\ASUS_Screensaver) (Version: - )

ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)

ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0052 - ASUS)

ATK Media (HKLM-x32\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0006 - ASUS)

ATKOSD2 (HKLM-x32\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0006 - ASUS)

Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

Brother MFL-Pro Suite MFC-J615W (HKLM-x32\...\{7FB6B1B7-075B-4B7F-BEB6-97584F73C7B5}) (Version: 1.0.4.0 - Brother Industries, Ltd.)

Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.4 - ASUS)

Documents To Go Desktop for iPhone (HKLM-x32\...\DTGDesktop) (Version: 2.0000.006 - DataViz, Inc.)

EasyBits GO (HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\Game Organizer) (Version: - EasyBits Media)

ETDWare PS/2-x64 7.0.5.9_WHQL (HKLM\...\Elantech) (Version: - )

Facebook Plug-In (HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\Facebook Plug-In) (Version: - Facebook, Inc.)

Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.4 - ASUS)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.)

Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden

HP ENVY 4500 series Basic Device Software (HKLM\...\{6915424E-704F-4F5D-9057-9C7B406B36DB}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)

HP ENVY 4500 series Help (HKLM-x32\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard)

HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)

HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

iCloud (HKLM\...\{724A887F-2B55-4306-B6F9-8F0E7A04B1B5}) (Version: 5.2.2.87 - Apple Inc.)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)

Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1995 - Intel Corporation)

Iomega Home Storage Manager (HKLM-x32\...\{C08E4323-261D-4B2F-8F24-CDB26E2AA081}) (Version: 2.0.1.6 - Iomega Corporation an EMC Company)

iTunes (HKLM\...\{E109B4A3-9883-4E6E-9A19-4D7E1A88AFE8}) (Version: 12.4.2.4 - Apple Inc.)

Java 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.260 - Sun Microsystems, Inc.)

Lexmark 640 Series (HKLM\...\Lexmark 640 Series) (Version: - Lexmark International, Inc.)

Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

MobileMe Control Panel (HKLM\...\{AF5020D9-116A-46AC-A922-087592F37EC9}) (Version: 3.1.8.0 - Apple Inc.)

Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)

PANTECH USB Modem V2 (HKLM\...\{1C336D20-A089-4818-9C56-96AD81BF5A11}) (Version: 1.2.4151.1109 - PANTECH CO.,LTD)

Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden

Product Improvement Study for HP ENVY 4500 series (HKLM\...\{58139103-BACF-4BDC-B71C-955F9164ADA6}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)

QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)

Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.2 - Roxio)

Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)

Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)

Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.)

SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)

SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1224 - SUPERAntiSpyware.com)

Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.11 - Tweaking.com)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)

VirtualDJ 8 (HKLM-x32\...\{68A952A1-F666-4A5F-98C9-03EE9625B2E2}) (Version: 8.1.2857.0 - Atomix Productions)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)

VZAccess Manager (HKLM-x32\...\{EBC8295F-BFB4-4DFB-9248-9A8804C1DC48}) (Version: 7.2.12.2 - Smith Micro Software Inc.)

Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)

WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.29.0 - ASUS)


==================== Custom CLSID (Whitelisted): ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)



==================== Scheduled Tasks (Whitelisted) =============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


Task: {0C1F47E5-2839-4ABA-929D-1ADD6B6A1AF0} - System32\Tasks\{46267D6E-1C04-49EF-B605-AC318F31C9FC} => pcalua.exe -a "C:\Program Files (x86)\Verizon Wireless\uninstall.exe" -d "C:\Program Files (x86)\Verizon Wireless"

Task: {1D250E38-8B2E-445E-BBD6-C0C24AC51DB6} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-09-24] ()

Task: {1E444076-AD4E-4AA3-A2A9-F5BFD395A121} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-10-01] (AVAST Software)

Task: {21FF3545-64D5-40E5-A93E-F55FE1752FF6} - System32\Tasks\ASPG => C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe [2009-06-29] (ASUS)

Task: {23E85DAC-7625-49BA-94E0-584A71F0367B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-01] (Adobe Systems Incorporated)

Task: {3E44452B-AA27-4BF2-9223-3AC7A6A86828} - System32\Tasks\{A5D9826F-EF60-4139-9031-44B6A538D7B5} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-09-12] (Skype Technologies S.A.)

Task: {49C29D73-ECF8-4937-961C-18AFA6E71671} - System32\Tasks\P4GIntlCtrl => C:\Program Files\P4G\IntlCtrl.exe [2009-08-11] (TODO: <Company name>)

Task: {5E21ACBA-1611-499E-8723-B8007E8A698C} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-05-19] (ASUS)

Task: {6079A32B-8279-439D-A77A-90EB7BA02939} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-10-01] (AVAST Software)

Task: {6907D586-6D50-49E9-8F9E-440412A792B6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-22] (Google Inc.)

Task: {6F18B495-D83D-4535-8DFA-F648D5249A38} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-12] (Tweaking.com)

Task: {AD089F81-D92E-4BED-A1F6-46028DA81331} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2009-09-08] (ATK)

Task: {B29DA9D5-F40F-4603-A455-87A2EF9C25A1} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)

Task: {B9E8F73F-3995-4DD9-934F-A0A21566F038} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)

Task: {BA987657-9406-4929-9ECF-1C60AF27367F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)

Task: {C344AB5A-EE76-4D8B-8008-B9CDF226E17A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-22] (Google Inc.)

Task: {DCC7E45D-8778-4DDF-8AC2-2EEB5200CC3F} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()

Task: {FA79D762-5730-4A57-98F6-F059226B8D91} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe


==================== Shortcuts =============================


(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Holly Doering\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki/

Shortcut: C:\Users\Holly Doering\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com/


==================== Loaded Modules (Whitelisted) ==============


2010-01-22 18:39 - 2007-08-08 09:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe

2007-06-15 19:28 - 2007-06-15 19:28 - 00104960 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll

2007-06-02 01:52 - 2007-06-02 01:52 - 00159744 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll

2008-08-14 05:59 - 2008-08-14 05:59 - 00301624 _____ () C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe

2010-10-29 20:07 - 2009-08-13 12:06 - 00177152 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdndrpp.dll

2010-08-05 03:26 - 2009-08-13 17:06 - 00177152 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdqdrpp.dll

2016-07-05 15:23 - 2016-07-05 15:23 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2010-01-22 18:39 - 2009-05-07 09:51 - 00071680 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll

2010-01-22 18:39 - 2009-05-07 09:53 - 00379392 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll

2010-01-22 18:39 - 2008-01-18 07:49 - 00098816 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll

2010-01-22 18:39 - 2009-07-06 07:37 - 47601664 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll

2016-10-01 13:11 - 2016-10-01 13:11 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

2016-10-01 13:13 - 2016-10-01 13:13 - 03118360 _____ () C:\Program Files\AVAST Software\Avast\defs\16100104\algo.dll

2016-10-01 13:11 - 2016-10-01 13:11 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll

2016-10-01 13:11 - 2016-10-01 13:11 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2007-06-15 19:28 - 2007-06-15 19:28 - 00147456 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll

2007-06-02 02:08 - 2007-06-02 02:08 - 00143360 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll

2016-10-01 01:09 - 2016-09-14 01:38 - 01806152 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libglesv2.dll

2016-10-01 01:09 - 2016-09-14 01:38 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libegl.dll


==================== Alternate Data Streams (Whitelisted) =========


(If an entry is included in the fixlist, only the ADS will be removed.)


AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]


==================== Safe Mode (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)



==================== Association (Whitelisted) ===============


(If an entry is included in the fixlist, the registry item will be restored to default or removed.)



==================== Internet Explorer trusted/restricted ===============


(If an entry is included in the fixlist, it will be removed from the registry.)


IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\008i.com -> 008i.com

IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\008k.com -> 008k.com

IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\00hq.com -> 00hq.com

IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\0190-dialers.com -> 0190-dialers.com

IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\01i.info -> 01i.info

IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com

IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\0411dd.com -> 0411dd.com

IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\0511zfhl.com -> 0511zfhl.com

IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\05p.com -> 05p.com

IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\0632qyw.com -> 0632qyw.com

IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com

IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com

IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com

IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\0calories.net -> 0calories.net

IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\0cj.net -> 0cj.net

IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\0scan.com -> 0scan.com

IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com

IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\1-domains-registrations.com -> 1-domains-registrations.com

IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\1-se.com -> 1-se.com

IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\1001movie.com -> 1001movie.com


There are 6091 more sites.



==================== Hosts content: ===============================


(If needed Hosts: directive could be included in the fixlist to reset Hosts.)


2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts



==================== Other Areas ============================


(Currently there is no automatic fix for this section.)


HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Holly Doering\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.1.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)

Windows Firewall is disabled.


==================== MSCONFIG/TASK MANAGER disabled items ==


MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk => C:\Windows\pss\FancyStart daemon.lnk.CommonStartup

MSCONFIG\startupfolder: C:^Users^Holly Doering^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP ENVY 4500 series.lnk => C:\Windows\pss\Monitor Ink Alerts - HP ENVY 4500 series.lnk.Startup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

MSCONFIG\startupreg: ADSMTray => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe

MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe

MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

MSCONFIG\startupreg: ATKOSD2 => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

MSCONFIG\startupreg: ETDWare => C:\Program Files\Elantech\ETDCtrl.exe

MSCONFIG\startupreg: GUCI_AVS => C:\Windows\PixArt\PAP7501\GUCI_AVS.exe

MSCONFIG\startupreg: HControlUser => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe

MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

MSCONFIG\startupreg: iCloudPhotos => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe

MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe

MSCONFIG\startupreg: Iomega Home Storage Manager => C:\Program Files (x86)\Iomega\Home Storage Manager\Iomega Discovery.exe

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe

MSCONFIG\startupreg: Setwallpaper => c:\programdata\SetWallpaper.cmd

MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe


==================== FirewallRules (Whitelisted) ===============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


FirewallRules: [{3C586BC3-5D36-499B-A0D4-FAA88B1922E0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{118CBC71-9ED3-4D25-A763-9A7176369A8C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{E69671FB-D387-4D01-84DB-8C837A9C25E2}] => (Allow) C:\Windows\System32\lxdqcoms.exe

FirewallRules: [{C0FE8CA2-091B-484B-94C2-651BCDB063FC}] => (Allow) C:\Windows\System32\lxdqcoms.exe

FirewallRules: [{BA6B0164-ECEA-4FB4-BACA-113611D4A8E6}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe

FirewallRules: [{910EC701-5413-4EE7-8DA9-0C332880581C}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe

FirewallRules: [{6850E3EB-0D46-42B9-B736-1E34D442C3B2}] => (Allow) LPort=26675

FirewallRules: [{EC5E1635-7609-4BB3-AB9B-15F99278FDEC}] => (Allow) C:\Windows\System32\lxdacoms.exe

FirewallRules: [{6BD803B6-725A-4947-9757-4D953470672C}] => (Allow) C:\Windows\System32\lxdacoms.exe

FirewallRules: [{A4ECF643-FA4B-4278-BFBF-7F0C0343AABA}] => (Allow) C:\Windows\SysWOW64\lxdacoms.exe

FirewallRules: [{149FFB81-1BC2-4DBB-BCDA-7A4D388C89FA}] => (Allow) C:\Windows\SysWOW64\lxdacoms.exe

FirewallRules: [TCP Query User{8B661054-2677-4750-9666-C8364207B4F6}C:\program files (x86)\verizon wireless\mp3_downloadmanager_service.exe] => (Allow) C:\program files (x86)\verizon wireless\mp3_downloadmanager_service.exe

FirewallRules: [uDP Query User{3E913499-2788-424A-A0B7-FB6A7151AC25}C:\program files (x86)\verizon wireless\mp3_downloadmanager_service.exe] => (Allow) C:\program files (x86)\verizon wireless\mp3_downloadmanager_service.exe

FirewallRules: [{42C55293-B701-4E2C-964B-9DF52A0B074F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{DB785307-E3CD-4C19-9B6D-93A76D1956A4}] => (Allow) C:\Windows\System32\lxdncoms.exe

FirewallRules: [{F371C27B-8924-45A0-A22F-834123EE67D8}] => (Allow) C:\Windows\System32\lxdncoms.exe

FirewallRules: [TCP Query User{7377A423-B6CA-4976-87D7-818A47D4673F}C:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe] => (Allow) C:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe

FirewallRules: [uDP Query User{E9CB1904-8F13-41D4-9F56-7A022533FD33}C:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe] => (Allow) C:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe

FirewallRules: [TCP Query User{B9C9F132-332A-443F-B0AA-012BF6073F5C}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe

FirewallRules: [uDP Query User{EC991A39-116B-4513-9DBC-765A76B91BB8}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe

FirewallRules: [TCP Query User{6D8A2C16-1B32-4DF7-A286-DB1457E68AEC}C:\program files (x86)\iomega\home storage manager\iomega discovery.exe] => (Allow) C:\program files (x86)\iomega\home storage manager\iomega discovery.exe

FirewallRules: [uDP Query User{9BC95A7F-F0CA-4C07-B12D-F30629997A00}C:\program files (x86)\iomega\home storage manager\iomega discovery.exe] => (Allow) C:\program files (x86)\iomega\home storage manager\iomega discovery.exe

FirewallRules: [TCP Query User{C27E1A81-20D8-4336-92B4-9B04EC459ADF}C:\program files (x86)\iomega\home storage manager\iomega discovery.exe] => (Allow) C:\program files (x86)\iomega\home storage manager\iomega discovery.exe

FirewallRules: [uDP Query User{902B8605-C082-42F6-ADD6-08E48376AA5E}C:\program files (x86)\iomega\home storage manager\iomega discovery.exe] => (Allow) C:\program files (x86)\iomega\home storage manager\iomega discovery.exe

FirewallRules: [TCP Query User{3BE7D740-AF06-467F-92D4-6EFF94F81FA6}C:\program files (x86)\iomega\home storage manager\iomega storage manager.exe] => (Allow) C:\program files (x86)\iomega\home storage manager\iomega storage manager.exe

FirewallRules: [uDP Query User{407E32E8-F9AF-4575-BEAB-8BE1266DA4E1}C:\program files (x86)\iomega\home storage manager\iomega storage manager.exe] => (Allow) C:\program files (x86)\iomega\home storage manager\iomega storage manager.exe

FirewallRules: [{4398C63B-B893-4F93-A97B-B2EB436084DF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{9F00832E-4028-4695-88B4-86674D4B7989}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{5D403EA2-8D9D-459A-BE1E-8E8EA75859CD}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe

FirewallRules: [{18195B15-C943-4866-B7AB-4D8BEFB3AE8B}] => (Allow) LPort=5357

FirewallRules: [{9A520B1B-1337-41CE-A50F-292D477B9900}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe

FirewallRules: [{DCAFE9ED-8D6D-4A1A-95F3-4E931B0D1D76}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{091E4F4D-094C-4E46-BCF6-0602A5F766A4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{3899DB2A-334A-4848-B35A-B651AE67D90B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{91A14927-5FE6-454B-8E18-778E317CF151}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{E5D0E6F6-575E-484E-8FCD-B7DA20E26E95}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [{EBB9D90A-0B17-450A-B53B-E739EFEFADC4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Restore Points =========================


13-05-2016 22:31:21 Scheduled Checkpoint

16-06-2016 20:30:02 Scheduled Checkpoint

03-07-2016 23:43:42 Installed VirtualDJ 8

01-10-2016 01:09:37 JRT Pre-Junkware Removal

01-10-2016 06:10:44 Windows Update

01-10-2016 13:15:56 ASU_MSI_TRAN


==================== Faulty Device Manager Devices =============



==================== Event log errors: =========================


Application errors:

==================

Error: (10/01/2016 01:12:55 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll".

Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.

Please use sxstrace.exe for detailed diagnosis.


Error: (10/01/2016 09:57:17 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.


Process ID: 9fc


Start Time: 01d21bbe9c205a43


Termination Time: 15069


Application Path: C:\Windows\Explorer.EXE


Report Id:


Error: (10/01/2016 05:16:24 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4

Faulting module name: SHLWAPI.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9ab

Exception code: 0xc0000005

Fault offset: 0x0000000000007306

Faulting process id: 0xf00

Faulting application start time: 0x01d21b9a0195a815

Faulting application path: C:\Windows\Explorer.EXE

Faulting module path: C:\Windows\system32\SHLWAPI.dll

Report Id: d02e4d43-878d-11e6-b3ff-e0cb4e909b2d


Error: (10/01/2016 05:12:13 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4

Faulting module name: wucltux.dll, version: 7.6.7600.256, time stamp: 0x4fca9081

Exception code: 0xc0000005

Fault offset: 0x0000000000098fec

Faulting process id: 0x784

Faulting application start time: 0x01d21b9022f976a5

Faulting application path: C:\Windows\Explorer.EXE

Faulting module path: C:\Windows\system32\wucltux.dll

Report Id: 3a927d6b-878d-11e6-b3ff-e0cb4e909b2d


Error: (10/01/2016 03:23:55 AM) (Source: SideBySide) (EventID: 63) (User: )

Description: Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.

The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.


Error: (08/15/2016 01:44:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 5507


Error: (08/15/2016 01:44:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 5507


Error: (08/15/2016 01:44:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second


Error: (08/14/2016 08:43:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 5195


Error: (08/14/2016 08:43:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 5195



System errors:

=============

Error: (10/01/2016 04:51:05 PM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error:

An instance of the service is already running.


Error: (10/01/2016 04:51:05 PM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:

An instance of the service is already running.


Error: (10/01/2016 04:51:04 PM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error:

An instance of the service is already running.


Error: (10/01/2016 04:51:04 PM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error:

An instance of the service is already running.


Error: (10/01/2016 04:50:04 PM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error:

An instance of the service is already running.


Error: (10/01/2016 04:49:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.


Error: (10/01/2016 04:49:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.


Error: (10/01/2016 04:49:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.


Error: (10/01/2016 04:49:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.


Error: (10/01/2016 04:49:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.



==================== Memory info ===========================


Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz

Percentage of memory in use: 73%

Total physical RAM: 3037.09 MB

Available physical RAM: 799.7 MB

Total Virtual: 6072.35 MB

Available Virtual: 3108.04 MB


==================== Drives ================================


Drive c: (OS) (Fixed) (Total:283.44 GB) (Free:190.38 GB) NTFS ==>[drive with boot components (obtained from BCD)]


==================== MBR & Partition Table ==================


========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 76692CA8)

Partition 1: (Not Active) - (Size=14.6 GB) - (Type=1C)

Partition 2: (Active) - (Size=283.4 GB) - (Type=07 NTFS)


==================== End of Addition.txt ============================

Link to comment
Share on other sites

There’s no sign of malware but some things need tidied up.

You need to move Farbar Recovery Scan Tool to your desktop otherwise fixes will not work.

  • go to your Downloads folder and locate Farbar Recovery Scan Tool
  • right click and select Cut
  • go to an empty spot on your desktop, right click and select Paste

Farbar Recovery Scan Tool should now be on your desktop.

================================================

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.

CloseProcesses:
HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: D - D:\LaunchU3.exe -a
HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: {53b895d9-8eca-11df-b027-e0cb4e909b2d} - D:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: {53b895e3-8eca-11df-b027-e0cb4e909b2d} - D:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: {53b895e9-8eca-11df-b027-e0cb4e909b2d} - D:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: {a015e85f-94d4-11df-9e11-e0cb4e909b2d} - D:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: {a2b41c1d-2fca-11df-a968-e0cb4e909b2d} - D:\LaunchU3.exe -a
HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: {e45d45ba-9f53-11df-9c46-e0cb4e909b2d} - D:\VZAccess_Manager.exe /z detect
(x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll [2007-06-02] ()
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll => No File
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Holly Doering\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll => No File
U3 tmlwf; no ImagePath
U3 tmwfp; no ImagePath
C:\Users\Holly Doering\AppData\Local\Temp\bpuninstall.exe
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

================================================

Run Security Check

Download Security Check by screen317 from here.

  • save it to your Desktop.
  • double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • a Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE: If you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED!, try rebooting the system and then run SecurityCheck again.

Logs to include with next post:

Fixlog.txt
checkup.txt


Thanks

Satchfan

 

Link to comment
Share on other sites

i dont understand this part of the instructions:

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work

 

i saved the files to notepad and named it fixlist.txt and its on the desktop..the FRST text file from initial scan is on the desktop too..please advise

Link to comment
Share on other sites

i ran security check while waiting for you to reply.

 

 

Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
Avast Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.5
Auslogics Registry Cleaner
Java 6 Update 26
Java version 32-bit out of Date!
Adobe Flash Player 23.0.0.162
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (39.0)
Google Chrome (52.0.2743.116)
Google Chrome (53.0.2785.116)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 8%
````````````````````End of Log``````````````````````
Link to comment
Share on other sites

i dont understand this part of the instructions:

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work

 

i saved the files to notepad and named it fixlist.txt and its on the desktop..the FRST text file from initial scan is on the desktop too.

 

It means that FRST, (the program), and fixlist.txt must both be located in the same place, (eg both on the desktop).

 

Link to comment
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-10-2016

Ran by Holly Doering (03-10-2016 03:31:47) Run:1

Running from C:\Users\Holly Doering\Downloads

Loaded Profiles: Holly Doering (Available Profiles: Holly Doering)

Boot Mode: Normal

==============================================


fixlist content:

*****************

CloseProcesses:

HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: D - D:\LaunchU3.exe -a

HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: F - F:\LaunchU3.exe -a

HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: {53b895d9-8eca-11df-b027-e0cb4e909b2d} - D:\VZAccess_Manager.exe /z detect

HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: {53b895e3-8eca-11df-b027-e0cb4e909b2d} - D:\VZAccess_Manager.exe /z detect

HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: {53b895e9-8eca-11df-b027-e0cb4e909b2d} - D:\VZAccess_Manager.exe /z detect

HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: {a015e85f-94d4-11df-9e11-e0cb4e909b2d} - D:\VZAccess_Manager.exe /z detect

HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: {a2b41c1d-2fca-11df-a968-e0cb4e909b2d} - D:\LaunchU3.exe -a

HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: {e45d45ba-9f53-11df-9c46-e0cb4e909b2d} - D:\VZAccess_Manager.exe /z detect

(x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll [2007-06-02] ()

GroupPolicy: Restriction - Chrome <======= ATTENTION

CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll => No File

CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll => No File

CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll => No File

CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll => No File

CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll => No File

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll => No File

CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Holly Doering\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll => No File

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll => No File

U3 tmlwf; no ImagePath

U3 tmwfp; no ImagePath

C:\Users\Holly Doering\AppData\Local\Temp\bpuninstall.exe

EmptyTemp:

*****************


Processes closed successfully.

"HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D" => key removed successfully

"HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F" => key removed successfully

"HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53b895d9-8eca-11df-b027-e0cb4e909b2d}" => key removed successfully

HKCR\CLSID\{53b895d9-8eca-11df-b027-e0cb4e909b2d} => key not found.

"HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53b895e3-8eca-11df-b027-e0cb4e909b2d}" => key removed successfully

HKCR\CLSID\{53b895e3-8eca-11df-b027-e0cb4e909b2d} => key not found.

"HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53b895e9-8eca-11df-b027-e0cb4e909b2d}" => key removed successfully

HKCR\CLSID\{53b895e9-8eca-11df-b027-e0cb4e909b2d} => key not found.

"HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a015e85f-94d4-11df-9e11-e0cb4e909b2d}" => key removed successfully

HKCR\CLSID\{a015e85f-94d4-11df-9e11-e0cb4e909b2d} => key not found.

"HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2b41c1d-2fca-11df-a968-e0cb4e909b2d}" => key removed successfully

HKCR\CLSID\{a2b41c1d-2fca-11df-a968-e0cb4e909b2d} => key not found.

"HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e45d45ba-9f53-11df-9c46-e0cb4e909b2d}" => key removed successfully

HKCR\CLSID\{e45d45ba-9f53-11df-9c46-e0cb4e909b2d} => key not found.

(x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll [2007-06-02] () => Error: No automatic fix found for this entry.

C:\Windows\system32\GroupPolicy\Machine => moved successfully

C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully

C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully

C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll => not found.

C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll => not found.

C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll => not found.

C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll => not found.

C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll => not found.

C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll => not found.

C:\Users\Holly Doering\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll => not found.

C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll => not found.

tmlwf => service removed successfully

tmwfp => service removed successfully

"C:\Users\Holly Doering\AppData\Local\Temp\bpuninstall.exe" => not found.


=========== EmptyTemp: ==========


BITS transfer queue => 0 B

DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 318355104 B

Java, Flash, Steam htmlcache => 0 B

Windows/system/drivers => 829439 B

Edge => 0 B

Chrome => 46727012 B

Firefox => 3448080 B

Opera => 0 B


Temp, IE cache, history, cookies, recent:

Default => 33058 B

Public => 0 B

ProgramData => 0 B

systemprofile => 33058 B

systemprofile32 => 49442 B

LocalService => 132486 B

NetworkService => 66228 B

Holly Doering => 4110021 B


RecycleBin => 145860 B

EmptyTemp: => 356.6 MB temporary data Removed.


================================



The system needed a reboot.


==== End of Fixlog 03:31:54 ====

Link to comment
Share on other sites

That cleared up some but I’d like a couple more scans.


Run Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.

Make sure the following options are checked:


Windows Firewall
System Restore
Security Center/Action Center
Windows Update

  • press "Scan".
  • it will create a log (FSS.txt) in the same directory the tool is run.
  • please copy and paste the log to your reply.

===================================================

Let’s run an online scan to be sure nothing is left and if that’s clear I’ll send instructions to tidy up.

Run ESET Online Scan

Note: This may take a long time so please be patient.

IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

Note: You can use Internet Explorer, FireFox or Chrome for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

  • click the Run Eset online Scanner button
  • for alternate browsers only: (Microsoft Internet Explorer users can skip these steps)


    o click on esetinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    o double click on the Eset installer icon on your desktop

  • check Yes, I accept the Terms of Use
  • click the Start button
  • accept any security warnings from your browser
  • check Enable detection of potentially unwanted applications
  • click Advanced settings and select the following:


    o scan archives
    o scan for potentially unsafe applications
    o enable Anti-Stealth technology

    Note: Do not check Remove found threats

  • ESET will then download updates, install itself, and begin scanning your computer, (lease be patient as this can take some time)
  • when the scan completes, push List of found threats
  • when the scan is done, click List threats (only available if ESET Online Scanner found something)
  • click Export, then save the file to your desktop
  • click Back, then Finish to exit ESET Online Scanner.

Don't forget to re-enable your antivirus when finished!

Logs to include in the next post:

FSS.txt
Eset results (if any)


Thanks

Satchfan

 

Link to comment
Share on other sites

im posting this here first because i know Eset takes a while to scan.log file:

 

 

Farbar Service Scanner Version: 27-01-2016
Ran by Holly Doering (administrator) on 03-10-2016 at 02:50:20
Running from "C:\Users\Holly Doering\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************



Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

Link to comment
Share on other sites

Good.

 

I’d just like one more scan please.

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.

Reg: reg query HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
Reg: reg query HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
Reg: reg query HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

Thanks

Edited by Satchfan
Link to comment
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-10-2016
Ran by Holly Doering (03-10-2016 06:29:05) Run:2
Running from C:\Users\Holly Doering\Downloads
Loaded Profiles: Holly Doering (Available Profiles: Holly Doering)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Reg: reg query HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
Reg: reg query HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
Reg: reg query HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
*****************


========= reg query HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile =========


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging


========= End of Reg: =========


========= reg query HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile =========


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging


========= End of Reg: =========


========= reg query HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile =========


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging


========= End of Reg: =========


==== End of Fixlog 06:29:05 ====

Link to comment
Share on other sites

Glad things are OK now and that we could help.

was there anything really bad

No.

the laptop hasnt had any updates in 2 years but i fixed all that

That’s not clever. The updates are there to perform many things but, one of the most important is that the operating system has the latest ‘fixes’, (the same as your antivirus needs to do - on a daily basis).

Windows and the antivirus programs can only protect your computer against the new daily threats with your co-operation.

================================================

As long as it seems to be running well, please follow these simple steps to tidy it up your computer and decrease the likelihood of getting infected again:

Uninstall AdwCleaner

  • double click on adwcleaner.exe to run the tool
  • click on Uninstall
  • confirm with Yes.

===================================================

Download & run Delfix

  • download Delfix from here to remove many of the tools we've used during the cleaning process.
  • ensure “Remove disinfection tools” is checked.

Also place a checkmark next to:


o Create registry backup
o Purge system restore

  • click the Run button.

You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

===================================================

Update installed programs

Your versions of Java and Adobe Reader are out-of-date and need to be removed and updated.

Having the latest updates and removing old versions ensures there are no security vulnerabilities in your system.

Uninstall[/b]:


Java™ 6 Update 26
Adobe Reader 9

If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

NEXT

Install the latest version of Java:

Java

NOTE – when you install Java, before clicking on Install, be sure to Uncheck “Install the Ask Toolbar and make Ask my default search provider”

Java.gif

Even though I just had you get the latest version of Java, there is a vulnerability with regards to Java and web browsers. Therefore, we recommend to disable java in web browsers.

More information can be found here.

NEXT

Visit Adobe and download the latest version of Acrobat Reader.

===================================================

Recommended programs

Update and run Malwarebytes. This really is an excellent program that you should also update and run on a regular basis, probably weekly.

======================

It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.

FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated.

======================

Download WOT

Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:


green if it's safe
yellow for caution
red for unsafe

You can download the WOT add-on for Firefox, Chrome, Internet Explorer, Opera, and Safari browsers. It does not slow down your browsing experience, it is easy to use and free. Just click “Download” and you are ready to go!

======================

Unchecky

Be careful when downloading free software. Many free programs come bundled with adware, many of which cause redirects/popups and verge on being malware. There is a program that automatically “unckecks” the boxes you may not notice when downloading programs.

Download and install Unchecky .

===================================================

I also recommend that you read the following:

Best Practices for Safe Computing - Prevention of Malware Infection by miekiemoes

Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams

I will keep this open for 24 hours in case you have any problems, after which I’ll close the topic.

Safe computing

Satchfan

 

Link to comment
Share on other sites

 Share

×
×
  • Create New...