brownhornet Posted October 1, 2016 Share Posted October 1, 2016 a friend dropped of his laptop that he said would freeze up...i ran the following : TFC,JRT,superantispyware,malwarebytes and adwcleaner as well as avast. MB found nothing but superanti found and removed a trojan. just want to see how the laptop is now...thanks. Logfile of Trend Micro HijackThis v2.0.5Scan saved at 1:50:21 PM, on 10/1/2016Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v11.0 (11.00.9600.17126)FIREFOX: 39.0 (x86 en-US)Boot mode: NormalRunning processes:C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exeC:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exeC:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exeC:\Program Files\AVAST Software\Avast\avastui.exeC:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exeC:\Windows\AsScrPro.exeC:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exeD:\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =F2 - REG:system.ini: UserInit=userinit.exeO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dllO2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllO2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllO4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -rO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /noguiO4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exeO9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exeO9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dllO9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dllO9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLLO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXEO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exeO23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exeO23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exeO23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: lxda_device - - C:\Windows\system32\lxdacoms.exeO23 - Service: lxdn_device - Unknown owner - C:\Windows\system32\lxdncoms.exe (file missing)O23 - Service: lxdq_device - Unknown owner - C:\Windows\system32\lxdqcoms.exe (file missing)O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exeO23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)--End of file - 9379 bytes Link to comment Share on other sites More sharing options...
Satchfan Posted October 1, 2016 Share Posted October 1, 2016 Hello brownhornetHijackThis isn’t used any more because it hasn’t been updated to deal with current computer systems so it would be good to have a look with the current tool that we use to see if there’s anything left.Run Farbar Recovery Scan ToolPlease download Farbar Recovery Scan Tool and save it to your Desktop.Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. press Scan button it will produce a log called Frst.txt in the same directory the tool is run from please copy and paste log back here. the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply. ThanksSatchfan Link to comment Share on other sites More sharing options...
brownhornet Posted October 2, 2016 Author Share Posted October 2, 2016 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-09-2016 Ran by Holly Doering (administrator) on HOLLYDOERING-PC (01-10-2016 16:59:32) Running from C:\Users\Holly Doering\Downloads Loaded Profiles: Holly Doering (Available Profiles: Holly Doering) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe () C:\Program Files\ATKGFNEX\GFNEXSrv.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe () C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe ( ) C:\Windows\System32\lxdacoms.exe ( ) C:\Windows\System32\lxdncoms.exe ( ) C:\Windows\System32\lxdqcoms.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUS) C:\Windows\AsScrPro.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2244608 2009-09-11] (VIA) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107616 2016-10-01] (AVAST Software) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: D - D:\LaunchU3.exe -a HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: F - F:\LaunchU3.exe -a HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: {53b895d9-8eca-11df-b027-e0cb4e909b2d} - D:\VZAccess_Manager.exe /z detect HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: {53b895e3-8eca-11df-b027-e0cb4e909b2d} - D:\VZAccess_Manager.exe /z detect HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: {53b895e9-8eca-11df-b027-e0cb4e909b2d} - D:\VZAccess_Manager.exe /z detect HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: {a015e85f-94d4-11df-9e11-e0cb4e909b2d} - D:\VZAccess_Manager.exe /z detect HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: {a2b41c1d-2fca-11df-a968-e0cb4e909b2d} - D:\LaunchU3.exe -a HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: {e45d45ba-9f53-11df-9c46-e0cb4e909b2d} - D:\VZAccess_Manager.exe /z detect HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-10-01] (AVAST Software) ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll [2007-06-15] () ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll [2007-06-02] () ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll [2007-06-15] () ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll [2007-06-02] () GroupPolicy: Restriction - Chrome <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{35D8B023-7169-4BD8-AE26-7E1209CEF209}: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{C32BCC3E-B9CE-4C38-BB16-EB3D389DBB54}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aol.com/ HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-10-01] (AVAST Software) BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated) BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14] (Microsoft Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-01] (AVAST Software) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-08-04] (Sun Microsystems, Inc.) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.) FireFox: ======== FF ProfilePath: C:\Users\Holly Doering\AppData\Roaming\Mozilla\Firefox\Profiles\ec897kdn.default FF DefaultSearchEngine: Bing FF DefaultSearchEngine.US: Bing FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Bing FF Homepage: hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP&dt=072413 hxxp://www.facebook.com/?sk=messages&tid=1519092822313#!/?ref=home hxxp://www.yahoo.com/ FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&dt=072413&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-10-01] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-10-01] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-04] (Sun Microsystems, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-14] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-14] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=1.1.9 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1681979680-1402208572-3299214080-1000: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Holly Doering\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll [2010-06-09] ( ) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011-05-04] (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-27] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-05-08] (Adobe Systems Inc.) FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-07-18] [not signed] FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-07-18] [not signed] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-01] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\PepperFlash\pepflashplayer.dll () CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\ppGoogleNaClPluginChrome.dll => No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\pdf.dll => No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Java Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation) CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll => No File CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll => No File CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll => No File CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll => No File CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll => No File CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll => No File CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Holly Doering\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll => No File CHR Plugin: (Facebook Plugin) - C:\Users\Holly Doering\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll => No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) CHR Profile: C:\Users\Holly Doering\AppData\Local\Google\Chrome\User Data\Default [2016-10-01] CHR Extension: (Adblock Plus) - C:\Users\Holly Doering\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-01] CHR Extension: (Avast Online Security) - C:\Users\Holly Doering\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-10-01] CHR Extension: (Chrome Web Store Payments) - C:\Users\Holly Doering\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-14] CHR Extension: (Chrome Media Router) - C:\Users\Holly Doering\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-01] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com) R3 ADSMService; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.) [File not signed] R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.) R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-10-01] (AVAST Software) R2 lxda_device; C:\Windows\system32\lxdacoms.exe [566192 2007-04-26] ( ) R2 lxda_device; C:\Windows\SysWOW64\lxdacoms.exe [537520 2007-04-26] ( ) R2 lxdn_device; C:\Windows\system32\lxdncoms.exe [1039872 2007-11-28] ( ) R2 lxdq_device; C:\Windows\system32\lxdqcoms.exe [1039872 2007-11-28] ( ) R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] () S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-10-01] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-10-01] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-10-01] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-10-01] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-10-01] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-10-01] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-10-01] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-10-01] (AVAST Software) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R3 GUCI_AVS; C:\Windows\System32\DRIVERS\GUCI_AVS.sys [692736 2009-10-29] (PixArt Imaging Incorporation) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 SMSIVZAM5X64; C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\SMSIVZAM5X64.SYS [43032 2009-05-25] (Smith Micro Inc.) U3 tmlwf; no ImagePath U3 tmwfp; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-10-01 16:59 - 2016-10-01 17:05 - 00018900 _____ C:\Users\Holly Doering\Downloads\FRST.txt 2016-10-01 16:58 - 2016-10-01 16:59 - 00000000 ____D C:\FRST 2016-10-01 16:58 - 2016-10-01 16:58 - 00001530 _____ C:\Users\Holly Doering\Desktop\FRST64 - Shortcut.lnk 2016-10-01 16:57 - 2016-10-01 16:57 - 02404352 _____ (Farbar) C:\Users\Holly Doering\Downloads\FRST64.exe 2016-10-01 13:51 - 2016-10-01 13:51 - 00009380 _____ C:\Users\Holly Doering\Desktop\hijackthis 2016.txt 2016-10-01 13:31 - 2016-10-01 13:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2016-10-01 13:22 - 2016-10-01 13:22 - 00000000 ____D C:\Users\Holly Doering\Tracing 2016-10-01 13:21 - 2016-10-01 13:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2016-10-01 13:14 - 2016-10-01 13:14 - 00000000 ____D C:\Users\Holly Doering\AppData\Local\CEF 2016-10-01 13:13 - 2016-10-01 13:13 - 00000000 ____D C:\Users\Holly Doering\AppData\Roaming\AVAST Software 2016-10-01 13:12 - 2016-10-01 13:12 - 00969184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2016-10-01 13:12 - 2016-10-01 13:12 - 00513632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2016-10-01 13:12 - 2016-10-01 13:12 - 00003922 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2016-10-01 13:12 - 2016-10-01 13:12 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software 2016-10-01 13:12 - 2016-10-01 13:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2016-10-01 13:12 - 2016-10-01 13:12 - 00000000 ____D C:\Program Files\Common Files\AV 2016-10-01 13:12 - 2016-10-01 13:11 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2016-10-01 13:12 - 2016-10-01 13:11 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2016-10-01 13:12 - 2016-10-01 13:11 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2016-10-01 13:12 - 2016-10-01 13:11 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2016-10-01 13:12 - 2016-10-01 13:11 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2016-10-01 13:12 - 2016-10-01 13:11 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2016-10-01 13:11 - 2016-10-01 13:11 - 00992960 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2016-10-01 13:11 - 2016-10-01 13:11 - 00921280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll 2016-10-01 13:11 - 2016-10-01 13:11 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2016-10-01 13:11 - 2016-10-01 13:11 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr 2016-10-01 13:10 - 2016-10-01 13:10 - 00000000 ____D C:\Program Files\AVAST Software 2016-10-01 13:08 - 2016-10-01 13:08 - 06334848 _____ (AVAST Software) C:\Users\Holly Doering\Downloads\avast_free_antivirus_setup_online.exe 2016-10-01 13:08 - 2016-10-01 13:08 - 00000000 ____D C:\ProgramData\AVAST Software 2016-10-01 06:19 - 2014-05-14 17:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2016-10-01 06:19 - 2014-05-14 17:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2016-10-01 06:19 - 2014-05-14 17:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2016-10-01 06:19 - 2014-05-14 17:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2016-10-01 06:18 - 2014-05-14 17:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2016-10-01 06:18 - 2014-05-14 17:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2016-10-01 06:18 - 2014-05-14 17:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2016-10-01 06:18 - 2014-05-14 17:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2016-10-01 06:18 - 2014-05-14 17:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2016-10-01 06:18 - 2014-05-14 17:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2016-10-01 06:18 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2016-10-01 06:18 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2016-10-01 06:18 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2016-10-01 06:18 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2016-10-01 05:37 - 2016-10-01 05:37 - 00000207 _____ C:\Windows\tweaking.com-regbackup-HOLLYDOERING-PC-Windows-7-Home-Premium-(64-bit).dat 2016-10-01 05:34 - 2016-10-01 05:34 - 00000000 ____D C:\RegBackup 2016-10-01 05:31 - 2016-10-01 05:31 - 00003684 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon 2016-10-01 05:31 - 2016-10-01 05:31 - 00002165 _____ C:\Users\Holly Doering\Desktop\Tweaking.com - Windows Repair.lnk 2016-10-01 05:31 - 2016-10-01 05:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com 2016-10-01 05:30 - 2016-10-01 05:31 - 00188966 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt 2016-10-01 05:30 - 2016-10-01 05:30 - 00000000 ____D C:\Program Files (x86)\Tweaking.com 2016-10-01 05:28 - 2016-10-01 05:29 - 29164488 _____ (Tweaking.com) C:\Users\Holly Doering\Downloads\tweaking.com_windows_repair_aio_setup.exe 2016-10-01 02:37 - 2016-10-01 02:38 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-10-01 02:36 - 2016-10-01 02:36 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-10-01 02:35 - 2016-10-01 02:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-10-01 02:35 - 2016-10-01 02:35 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-10-01 02:35 - 2016-10-01 02:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-10-01 02:35 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-10-01 02:35 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-10-01 02:35 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-10-01 02:31 - 2016-10-01 02:32 - 22851472 _____ (Malwarebytes ) C:\Users\Holly Doering\Downloads\mbam-setup-2.2.1.1043.exe 2016-10-01 02:27 - 2016-10-01 02:28 - 00000258 __RSH C:\ProgramData\ntuser.pol 2016-10-01 02:27 - 2016-10-01 02:28 - 00000000 ____D C:\ProgramData\TEMP 2016-10-01 02:27 - 2016-10-01 02:28 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster 2016-10-01 02:27 - 2016-10-01 02:27 - 00001085 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk 2016-10-01 02:27 - 2016-10-01 02:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster 2016-10-01 02:26 - 2016-10-01 02:26 - 04291320 _____ (BrightFort LLC ) C:\Users\Holly Doering\Downloads\spywareblastersetup55.exe 2016-10-01 01:24 - 2016-10-01 01:24 - 00000000 ____D C:\Users\Holly Doering\AppData\Roaming\SUPERAntiSpyware.com 2016-10-01 01:23 - 2016-10-01 01:24 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2016-10-01 01:23 - 2016-10-01 01:23 - 27777336 _____ (SUPERAntiSpyware) C:\Users\Holly Doering\Downloads\SUPERAntiSpyware.exe 2016-10-01 01:23 - 2016-10-01 01:23 - 00001810 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2016-10-01 01:23 - 2016-10-01 01:23 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com 2016-10-01 01:23 - 2016-10-01 01:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2016-10-01 01:16 - 2016-10-01 01:16 - 00001499 _____ C:\Users\Holly Doering\Desktop\TFC - Shortcut.lnk 2016-10-01 01:15 - 2016-10-01 01:15 - 00448512 _____ (OldTimer Tools) C:\Users\Holly Doering\Downloads\TFC.exe 2016-10-01 01:13 - 2016-10-01 01:13 - 00005187 _____ C:\Users\Holly Doering\Desktop\JRT.txt 2016-10-01 01:09 - 2016-10-01 01:09 - 00000000 ____D C:\Windows\pss 2016-10-01 01:07 - 2016-10-01 16:38 - 00003200 _____ C:\Windows\System32\Tasks\P4GIntlCtrl 2016-10-01 01:02 - 2016-10-01 01:02 - 01615456 _____ (Malwarebytes) C:\Users\Holly Doering\Downloads\JRT.exe 2016-10-01 01:02 - 2016-10-01 01:02 - 00001452 _____ C:\Users\Holly Doering\Desktop\JRT - Shortcut.lnk 2016-10-01 00:55 - 2016-10-01 01:03 - 00000000 ____D C:\AdwCleaner 2016-10-01 00:54 - 2016-10-01 00:54 - 03861056 _____ C:\Users\Holly Doering\Downloads\AdwCleaner.exe 2016-10-01 00:54 - 2016-10-01 00:54 - 00001521 _____ C:\Users\Holly Doering\Desktop\AdwCleaner - Shortcut.lnk 2016-10-01 00:52 - 2016-10-01 00:52 - 00000355 _____ C:\Users\Holly Doering\Desktop\Computer - Shortcut.lnk 2016-10-01 00:50 - 2016-10-01 13:05 - 00353792 _____ C:\Windows\ntbtlog.txt ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-10-01 16:50 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-10-01 16:49 - 2009-07-14 06:08 - 00032528 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-10-01 16:45 - 2009-07-14 05:45 - 00010240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-10-01 16:45 - 2009-07-14 05:45 - 00010240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-10-01 16:37 - 2012-04-30 13:55 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-10-01 16:24 - 2011-02-06 02:10 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-10-01 14:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2016-10-01 13:47 - 2010-03-15 10:58 - 00003136 _____ C:\Windows\System32\Tasks\P4G Sidebar 2016-10-01 13:47 - 2010-01-22 18:41 - 00002026 _____ C:\Windows\system32\AutoRunFilter.ini 2016-10-01 13:47 - 2010-01-22 18:41 - 00001443 _____ C:\Windows\system32\ServiceFilter.ini 2016-10-01 13:33 - 2010-03-15 01:31 - 00000000 ____D C:\Users\Holly Doering\AppData\Roaming\Skype 2016-10-01 13:31 - 2011-04-17 21:22 - 00001072 _____ C:\Users\Public\Desktop\VLC media player.lnk 2016-10-01 13:22 - 2010-03-15 01:09 - 00000000 ____D C:\Users\Holly Doering 2016-10-01 13:21 - 2010-03-15 01:30 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-10-01 13:20 - 2014-06-23 01:03 - 00000000 ____D C:\Users\Holly Doering\AppData\Local\Skype 2016-10-01 13:19 - 2010-03-15 01:30 - 00000000 ____D C:\ProgramData\Skype 2016-10-01 12:04 - 2009-07-14 06:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI 2016-10-01 12:04 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2016-10-01 05:43 - 2010-08-05 03:26 - 00000000 ____D C:\Users\Holly Doering\AppData\Local\ElevatedDiagnostics 2016-10-01 02:40 - 2012-04-30 13:55 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-10-01 02:40 - 2012-04-30 13:55 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-10-01 02:40 - 2011-06-30 16:05 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-10-01 02:39 - 2012-04-14 20:57 - 00000000 ____D C:\Windows\system32\Macromed 2016-10-01 02:39 - 2010-01-22 18:33 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-10-01 02:27 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2016-10-01 02:27 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy 2016-10-01 02:14 - 2010-06-15 03:33 - 00000000 ____D C:\Users\Holly Doering\AppData\Roaming\Facebook 2016-10-01 01:09 - 2015-09-23 00:42 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-10-01 01:09 - 2015-09-23 00:42 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk ==================== Files in the root of some directories ======= 2007-06-12 18:34 - 2007-06-12 18:34 - 0035822 _____ () C:\Program Files (x86)\Common Files\ASPG_icon.ico 2008-05-22 17:35 - 2008-05-22 17:35 - 0051962 _____ () C:\Program Files (x86)\Common Files\banner.jpg 2009-04-08 19:31 - 2009-04-08 19:31 - 0106496 _____ () C:\Program Files (x86)\Common Files\CPInstallAction.dll 2008-08-12 06:45 - 2008-08-12 06:45 - 0155648 _____ (ASUS) C:\Program Files (x86)\Common Files\MSIactionall.dll 2010-03-15 03:43 - 2010-03-15 03:43 - 0000000 _____ () C:\Users\Holly Doering\AppData\Roaming\wklnhst.dat 2015-09-23 00:37 - 2015-09-23 00:37 - 0000057 _____ () C:\ProgramData\Ament.ini 2010-03-15 01:32 - 2010-03-15 01:32 - 0000056 ____H () C:\ProgramData\ezsidmv.dat Some files in TEMP: ==================== C:\Users\Holly Doering\AppData\Local\Temp\bpuninstall.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-10-01 03:21 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-09-2016 Ran by Holly Doering (01-10-2016 17:07:10) Running from C:\Users\Holly Doering\Downloads Windows 7 Home Premium Service Pack 1 (X64) (2010-03-15 00:09:05) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1681979680-1402208572-3299214080-500 - Administrator - Disabled) Guest (S-1-5-21-1681979680-1402208572-3299214080-501 - Limited - Disabled) Holly Doering (S-1-5-21-1681979680-1402208572-3299214080-1000 - Administrator - Enabled) => C:\Users\Holly Doering HomeGroupUser$ (S-1-5-21-1681979680-1402208572-3299214080-1003 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.) Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated) Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated) Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated) Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}) (Version: 1.5.17.25482 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 1.5.17.25482 - Alcor Micro Corp.) Hidden Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.7 - ASUS) ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK) ASUS CopyProtect (HKLM-x32\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0015 - ASUS) ASUS Data Security Manager (HKLM-x32\...\{FA2092C5-7979-412D-A962-6485274AE1EE}) (Version: 1.00.0014 - ASUS) ASUS FancyStart (HKLM-x32\...\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}) (Version: 1.0.6 - ASUSTeK Computer Inc.) ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS) ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS) ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS) ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.23 - ASUS) ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0007 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS) ASUS USB2.0 UVC VGA WebCam (HKLM-x32\...\ASUSUSBDEVIC) (Version: - ) ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus) ASUS_Screensaver (HKLM-x32\...\ASUS_Screensaver) (Version: - ) ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK) ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0052 - ASUS) ATK Media (HKLM-x32\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0006 - ASUS) ATKOSD2 (HKLM-x32\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0006 - ASUS) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Brother MFL-Pro Suite MFC-J615W (HKLM-x32\...\{7FB6B1B7-075B-4B7F-BEB6-97584F73C7B5}) (Version: 1.0.4.0 - Brother Industries, Ltd.) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.4 - ASUS) Documents To Go Desktop for iPhone (HKLM-x32\...\DTGDesktop) (Version: 2.0000.006 - DataViz, Inc.) EasyBits GO (HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\Game Organizer) (Version: - EasyBits Media) ETDWare PS/2-x64 7.0.5.9_WHQL (HKLM\...\Elantech) (Version: - ) Facebook Plug-In (HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\Facebook Plug-In) (Version: - Facebook, Inc.) Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.4 - ASUS) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden HP ENVY 4500 series Basic Device Software (HKLM\...\{6915424E-704F-4F5D-9057-9C7B406B36DB}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) HP ENVY 4500 series Help (HKLM-x32\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) iCloud (HKLM\...\{724A887F-2B55-4306-B6F9-8F0E7A04B1B5}) (Version: 5.2.2.87 - Apple Inc.) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation) Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1995 - Intel Corporation) Iomega Home Storage Manager (HKLM-x32\...\{C08E4323-261D-4B2F-8F24-CDB26E2AA081}) (Version: 2.0.1.6 - Iomega Corporation an EMC Company) iTunes (HKLM\...\{E109B4A3-9883-4E6E-9A19-4D7E1A88AFE8}) (Version: 12.4.2.4 - Apple Inc.) Java 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.260 - Sun Microsystems, Inc.) Lexmark 640 Series (HKLM\...\Lexmark 640 Series) (Version: - Lexmark International, Inc.) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) MobileMe Control Panel (HKLM\...\{AF5020D9-116A-46AC-A922-087592F37EC9}) (Version: 3.1.8.0 - Apple Inc.) Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla) PANTECH USB Modem V2 (HKLM\...\{1C336D20-A089-4818-9C56-96AD81BF5A11}) (Version: 1.2.4151.1109 - PANTECH CO.,LTD) Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden Product Improvement Study for HP ENVY 4500 series (HKLM\...\{58139103-BACF-4BDC-B71C-955F9164ADA6}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.2 - Roxio) Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.) Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.) Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.) SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1224 - SUPERAntiSpyware.com) Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.11 - Tweaking.com) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.) VirtualDJ 8 (HKLM-x32\...\{68A952A1-F666-4A5F-98C9-03EE9625B2E2}) (Version: 8.1.2857.0 - Atomix Productions) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) VZAccess Manager (HKLM-x32\...\{EBC8295F-BFB4-4DFB-9248-9A8804C1DC48}) (Version: 7.2.12.2 - Smith Micro Software Inc.) Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.29.0 - ASUS) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0C1F47E5-2839-4ABA-929D-1ADD6B6A1AF0} - System32\Tasks\{46267D6E-1C04-49EF-B605-AC318F31C9FC} => pcalua.exe -a "C:\Program Files (x86)\Verizon Wireless\uninstall.exe" -d "C:\Program Files (x86)\Verizon Wireless" Task: {1D250E38-8B2E-445E-BBD6-C0C24AC51DB6} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-09-24] () Task: {1E444076-AD4E-4AA3-A2A9-F5BFD395A121} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-10-01] (AVAST Software) Task: {21FF3545-64D5-40E5-A93E-F55FE1752FF6} - System32\Tasks\ASPG => C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe [2009-06-29] (ASUS) Task: {23E85DAC-7625-49BA-94E0-584A71F0367B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-01] (Adobe Systems Incorporated) Task: {3E44452B-AA27-4BF2-9223-3AC7A6A86828} - System32\Tasks\{A5D9826F-EF60-4139-9031-44B6A538D7B5} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-09-12] (Skype Technologies S.A.) Task: {49C29D73-ECF8-4937-961C-18AFA6E71671} - System32\Tasks\P4GIntlCtrl => C:\Program Files\P4G\IntlCtrl.exe [2009-08-11] (TODO: <Company name>) Task: {5E21ACBA-1611-499E-8723-B8007E8A698C} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-05-19] (ASUS) Task: {6079A32B-8279-439D-A77A-90EB7BA02939} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-10-01] (AVAST Software) Task: {6907D586-6D50-49E9-8F9E-440412A792B6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-22] (Google Inc.) Task: {6F18B495-D83D-4535-8DFA-F648D5249A38} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-12] (Tweaking.com) Task: {AD089F81-D92E-4BED-A1F6-46028DA81331} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2009-09-08] (ATK) Task: {B29DA9D5-F40F-4603-A455-87A2EF9C25A1} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK) Task: {B9E8F73F-3995-4DD9-934F-A0A21566F038} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP) Task: {BA987657-9406-4929-9ECF-1C60AF27367F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {C344AB5A-EE76-4D8B-8008-B9CDF226E17A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-22] (Google Inc.) Task: {DCC7E45D-8778-4DDF-8AC2-2EEB5200CC3F} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] () Task: {FA79D762-5730-4A57-98F6-F059226B8D91} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Holly Doering\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki/ Shortcut: C:\Users\Holly Doering\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com/ ==================== Loaded Modules (Whitelisted) ============== 2010-01-22 18:39 - 2007-08-08 09:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe 2007-06-15 19:28 - 2007-06-15 19:28 - 00104960 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll 2007-06-02 01:52 - 2007-06-02 01:52 - 00159744 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll 2008-08-14 05:59 - 2008-08-14 05:59 - 00301624 _____ () C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe 2010-10-29 20:07 - 2009-08-13 12:06 - 00177152 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdndrpp.dll 2010-08-05 03:26 - 2009-08-13 17:06 - 00177152 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdqdrpp.dll 2016-07-05 15:23 - 2016-07-05 15:23 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2010-01-22 18:39 - 2009-05-07 09:51 - 00071680 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll 2010-01-22 18:39 - 2009-05-07 09:53 - 00379392 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll 2010-01-22 18:39 - 2008-01-18 07:49 - 00098816 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll 2010-01-22 18:39 - 2009-07-06 07:37 - 47601664 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll 2016-10-01 13:11 - 2016-10-01 13:11 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-10-01 13:13 - 2016-10-01 13:13 - 03118360 _____ () C:\Program Files\AVAST Software\Avast\defs\16100104\algo.dll 2016-10-01 13:11 - 2016-10-01 13:11 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2016-10-01 13:11 - 2016-10-01 13:11 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2007-06-15 19:28 - 2007-06-15 19:28 - 00147456 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll 2007-06-02 02:08 - 2007-06-02 02:08 - 00143360 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll 2016-10-01 01:09 - 2016-09-14 01:38 - 01806152 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libglesv2.dll 2016-10-01 01:09 - 2016-09-14 01:38 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\0411dd.com -> 0411dd.com IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\0511zfhl.com -> 0511zfhl.com IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\0632qyw.com -> 0632qyw.com IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\1001movie.com -> 1001movie.com There are 6091 more sites. ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Holly Doering\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk => C:\Windows\pss\FancyStart daemon.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Holly Doering^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP ENVY 4500 series.lnk => C:\Windows\pss\Monitor Ink Alerts - HP ENVY 4500 series.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: ADSMTray => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe MSCONFIG\startupreg: ATKOSD2 => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" MSCONFIG\startupreg: ETDWare => C:\Program Files\Elantech\ETDCtrl.exe MSCONFIG\startupreg: GUCI_AVS => C:\Windows\PixArt\PAP7501\GUCI_AVS.exe MSCONFIG\startupreg: HControlUser => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: iCloudPhotos => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe MSCONFIG\startupreg: Iomega Home Storage Manager => C:\Program Files (x86)\Iomega\Home Storage Manager\Iomega Discovery.exe MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe MSCONFIG\startupreg: Setwallpaper => c:\programdata\SetWallpaper.cmd MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{3C586BC3-5D36-499B-A0D4-FAA88B1922E0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{118CBC71-9ED3-4D25-A763-9A7176369A8C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{E69671FB-D387-4D01-84DB-8C837A9C25E2}] => (Allow) C:\Windows\System32\lxdqcoms.exe FirewallRules: [{C0FE8CA2-091B-484B-94C2-651BCDB063FC}] => (Allow) C:\Windows\System32\lxdqcoms.exe FirewallRules: [{BA6B0164-ECEA-4FB4-BACA-113611D4A8E6}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe FirewallRules: [{910EC701-5413-4EE7-8DA9-0C332880581C}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe FirewallRules: [{6850E3EB-0D46-42B9-B736-1E34D442C3B2}] => (Allow) LPort=26675 Link to comment Share on other sites More sharing options...
Satchfan Posted October 2, 2016 Share Posted October 2, 2016 That last log is not complete. Please post the complete Addition.txt log while I look at what I have so far. Thanks Satchfan Link to comment Share on other sites More sharing options...
brownhornet Posted October 2, 2016 Author Share Posted October 2, 2016 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-09-2016 Ran by Holly Doering (01-10-2016 17:07:10) Running from C:\Users\Holly Doering\Downloads Windows 7 Home Premium Service Pack 1 (X64) (2010-03-15 00:09:05) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1681979680-1402208572-3299214080-500 - Administrator - Disabled) Guest (S-1-5-21-1681979680-1402208572-3299214080-501 - Limited - Disabled) Holly Doering (S-1-5-21-1681979680-1402208572-3299214080-1000 - Administrator - Enabled) => C:\Users\Holly Doering HomeGroupUser$ (S-1-5-21-1681979680-1402208572-3299214080-1003 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.) Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated) Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated) Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated) Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}) (Version: 1.5.17.25482 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 1.5.17.25482 - Alcor Micro Corp.) Hidden Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.7 - ASUS) ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK) ASUS CopyProtect (HKLM-x32\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0015 - ASUS) ASUS Data Security Manager (HKLM-x32\...\{FA2092C5-7979-412D-A962-6485274AE1EE}) (Version: 1.00.0014 - ASUS) ASUS FancyStart (HKLM-x32\...\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}) (Version: 1.0.6 - ASUSTeK Computer Inc.) ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS) ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS) ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS) ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.23 - ASUS) ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0007 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS) ASUS USB2.0 UVC VGA WebCam (HKLM-x32\...\ASUSUSBDEVIC) (Version: - ) ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus) ASUS_Screensaver (HKLM-x32\...\ASUS_Screensaver) (Version: - ) ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK) ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0052 - ASUS) ATK Media (HKLM-x32\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0006 - ASUS) ATKOSD2 (HKLM-x32\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0006 - ASUS) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Brother MFL-Pro Suite MFC-J615W (HKLM-x32\...\{7FB6B1B7-075B-4B7F-BEB6-97584F73C7B5}) (Version: 1.0.4.0 - Brother Industries, Ltd.) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.4 - ASUS) Documents To Go Desktop for iPhone (HKLM-x32\...\DTGDesktop) (Version: 2.0000.006 - DataViz, Inc.) EasyBits GO (HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\Game Organizer) (Version: - EasyBits Media) ETDWare PS/2-x64 7.0.5.9_WHQL (HKLM\...\Elantech) (Version: - ) Facebook Plug-In (HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\Facebook Plug-In) (Version: - Facebook, Inc.) Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.4 - ASUS) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden HP ENVY 4500 series Basic Device Software (HKLM\...\{6915424E-704F-4F5D-9057-9C7B406B36DB}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) HP ENVY 4500 series Help (HKLM-x32\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) iCloud (HKLM\...\{724A887F-2B55-4306-B6F9-8F0E7A04B1B5}) (Version: 5.2.2.87 - Apple Inc.) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation) Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1995 - Intel Corporation) Iomega Home Storage Manager (HKLM-x32\...\{C08E4323-261D-4B2F-8F24-CDB26E2AA081}) (Version: 2.0.1.6 - Iomega Corporation an EMC Company) iTunes (HKLM\...\{E109B4A3-9883-4E6E-9A19-4D7E1A88AFE8}) (Version: 12.4.2.4 - Apple Inc.) Java 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.260 - Sun Microsystems, Inc.) Lexmark 640 Series (HKLM\...\Lexmark 640 Series) (Version: - Lexmark International, Inc.) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) MobileMe Control Panel (HKLM\...\{AF5020D9-116A-46AC-A922-087592F37EC9}) (Version: 3.1.8.0 - Apple Inc.) Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla) PANTECH USB Modem V2 (HKLM\...\{1C336D20-A089-4818-9C56-96AD81BF5A11}) (Version: 1.2.4151.1109 - PANTECH CO.,LTD) Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden Product Improvement Study for HP ENVY 4500 series (HKLM\...\{58139103-BACF-4BDC-B71C-955F9164ADA6}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.2 - Roxio) Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.) Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.) Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.) SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1224 - SUPERAntiSpyware.com) Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.11 - Tweaking.com) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.) VirtualDJ 8 (HKLM-x32\...\{68A952A1-F666-4A5F-98C9-03EE9625B2E2}) (Version: 8.1.2857.0 - Atomix Productions) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) VZAccess Manager (HKLM-x32\...\{EBC8295F-BFB4-4DFB-9248-9A8804C1DC48}) (Version: 7.2.12.2 - Smith Micro Software Inc.) Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.29.0 - ASUS) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0C1F47E5-2839-4ABA-929D-1ADD6B6A1AF0} - System32\Tasks\{46267D6E-1C04-49EF-B605-AC318F31C9FC} => pcalua.exe -a "C:\Program Files (x86)\Verizon Wireless\uninstall.exe" -d "C:\Program Files (x86)\Verizon Wireless" Task: {1D250E38-8B2E-445E-BBD6-C0C24AC51DB6} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-09-24] () Task: {1E444076-AD4E-4AA3-A2A9-F5BFD395A121} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-10-01] (AVAST Software) Task: {21FF3545-64D5-40E5-A93E-F55FE1752FF6} - System32\Tasks\ASPG => C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe [2009-06-29] (ASUS) Task: {23E85DAC-7625-49BA-94E0-584A71F0367B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-01] (Adobe Systems Incorporated) Task: {3E44452B-AA27-4BF2-9223-3AC7A6A86828} - System32\Tasks\{A5D9826F-EF60-4139-9031-44B6A538D7B5} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-09-12] (Skype Technologies S.A.) Task: {49C29D73-ECF8-4937-961C-18AFA6E71671} - System32\Tasks\P4GIntlCtrl => C:\Program Files\P4G\IntlCtrl.exe [2009-08-11] (TODO: <Company name>) Task: {5E21ACBA-1611-499E-8723-B8007E8A698C} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-05-19] (ASUS) Task: {6079A32B-8279-439D-A77A-90EB7BA02939} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-10-01] (AVAST Software) Task: {6907D586-6D50-49E9-8F9E-440412A792B6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-22] (Google Inc.) Task: {6F18B495-D83D-4535-8DFA-F648D5249A38} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-12] (Tweaking.com) Task: {AD089F81-D92E-4BED-A1F6-46028DA81331} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2009-09-08] (ATK) Task: {B29DA9D5-F40F-4603-A455-87A2EF9C25A1} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK) Task: {B9E8F73F-3995-4DD9-934F-A0A21566F038} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP) Task: {BA987657-9406-4929-9ECF-1C60AF27367F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {C344AB5A-EE76-4D8B-8008-B9CDF226E17A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-22] (Google Inc.) Task: {DCC7E45D-8778-4DDF-8AC2-2EEB5200CC3F} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] () Task: {FA79D762-5730-4A57-98F6-F059226B8D91} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Holly Doering\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki/ Shortcut: C:\Users\Holly Doering\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com/ ==================== Loaded Modules (Whitelisted) ============== 2010-01-22 18:39 - 2007-08-08 09:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe 2007-06-15 19:28 - 2007-06-15 19:28 - 00104960 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll 2007-06-02 01:52 - 2007-06-02 01:52 - 00159744 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll 2008-08-14 05:59 - 2008-08-14 05:59 - 00301624 _____ () C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe 2010-10-29 20:07 - 2009-08-13 12:06 - 00177152 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdndrpp.dll 2010-08-05 03:26 - 2009-08-13 17:06 - 00177152 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdqdrpp.dll 2016-07-05 15:23 - 2016-07-05 15:23 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2010-01-22 18:39 - 2009-05-07 09:51 - 00071680 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll 2010-01-22 18:39 - 2009-05-07 09:53 - 00379392 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll 2010-01-22 18:39 - 2008-01-18 07:49 - 00098816 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll 2010-01-22 18:39 - 2009-07-06 07:37 - 47601664 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll 2016-10-01 13:11 - 2016-10-01 13:11 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-10-01 13:13 - 2016-10-01 13:13 - 03118360 _____ () C:\Program Files\AVAST Software\Avast\defs\16100104\algo.dll 2016-10-01 13:11 - 2016-10-01 13:11 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2016-10-01 13:11 - 2016-10-01 13:11 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2007-06-15 19:28 - 2007-06-15 19:28 - 00147456 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll 2007-06-02 02:08 - 2007-06-02 02:08 - 00143360 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll 2016-10-01 01:09 - 2016-09-14 01:38 - 01806152 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libglesv2.dll 2016-10-01 01:09 - 2016-09-14 01:38 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\0411dd.com -> 0411dd.com IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\0511zfhl.com -> 0511zfhl.com IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\0632qyw.com -> 0632qyw.com IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\1001movie.com -> 1001movie.com There are 6091 more sites. ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Holly Doering\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk => C:\Windows\pss\FancyStart daemon.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Holly Doering^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP ENVY 4500 series.lnk => C:\Windows\pss\Monitor Ink Alerts - HP ENVY 4500 series.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: ADSMTray => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe MSCONFIG\startupreg: ATKOSD2 => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" MSCONFIG\startupreg: ETDWare => C:\Program Files\Elantech\ETDCtrl.exe MSCONFIG\startupreg: GUCI_AVS => C:\Windows\PixArt\PAP7501\GUCI_AVS.exe MSCONFIG\startupreg: HControlUser => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: iCloudPhotos => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe MSCONFIG\startupreg: Iomega Home Storage Manager => C:\Program Files (x86)\Iomega\Home Storage Manager\Iomega Discovery.exe MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe MSCONFIG\startupreg: Setwallpaper => c:\programdata\SetWallpaper.cmd MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{3C586BC3-5D36-499B-A0D4-FAA88B1922E0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{118CBC71-9ED3-4D25-A763-9A7176369A8C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{E69671FB-D387-4D01-84DB-8C837A9C25E2}] => (Allow) C:\Windows\System32\lxdqcoms.exe FirewallRules: [{C0FE8CA2-091B-484B-94C2-651BCDB063FC}] => (Allow) C:\Windows\System32\lxdqcoms.exe FirewallRules: [{BA6B0164-ECEA-4FB4-BACA-113611D4A8E6}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe FirewallRules: [{910EC701-5413-4EE7-8DA9-0C332880581C}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe FirewallRules: [{6850E3EB-0D46-42B9-B736-1E34D442C3B2}] => (Allow) LPort=26675 FirewallRules: [{EC5E1635-7609-4BB3-AB9B-15F99278FDEC}] => (Allow) C:\Windows\System32\lxdacoms.exe FirewallRules: [{6BD803B6-725A-4947-9757-4D953470672C}] => (Allow) C:\Windows\System32\lxdacoms.exe FirewallRules: [{A4ECF643-FA4B-4278-BFBF-7F0C0343AABA}] => (Allow) C:\Windows\SysWOW64\lxdacoms.exe FirewallRules: [{149FFB81-1BC2-4DBB-BCDA-7A4D388C89FA}] => (Allow) C:\Windows\SysWOW64\lxdacoms.exe FirewallRules: [TCP Query User{8B661054-2677-4750-9666-C8364207B4F6}C:\program files (x86)\verizon wireless\mp3_downloadmanager_service.exe] => (Allow) C:\program files (x86)\verizon wireless\mp3_downloadmanager_service.exe FirewallRules: [uDP Query User{3E913499-2788-424A-A0B7-FB6A7151AC25}C:\program files (x86)\verizon wireless\mp3_downloadmanager_service.exe] => (Allow) C:\program files (x86)\verizon wireless\mp3_downloadmanager_service.exe FirewallRules: [{42C55293-B701-4E2C-964B-9DF52A0B074F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{DB785307-E3CD-4C19-9B6D-93A76D1956A4}] => (Allow) C:\Windows\System32\lxdncoms.exe FirewallRules: [{F371C27B-8924-45A0-A22F-834123EE67D8}] => (Allow) C:\Windows\System32\lxdncoms.exe FirewallRules: [TCP Query User{7377A423-B6CA-4976-87D7-818A47D4673F}C:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe] => (Allow) C:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe FirewallRules: [uDP Query User{E9CB1904-8F13-41D4-9F56-7A022533FD33}C:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe] => (Allow) C:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe FirewallRules: [TCP Query User{B9C9F132-332A-443F-B0AA-012BF6073F5C}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe FirewallRules: [uDP Query User{EC991A39-116B-4513-9DBC-765A76B91BB8}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe FirewallRules: [TCP Query User{6D8A2C16-1B32-4DF7-A286-DB1457E68AEC}C:\program files (x86)\iomega\home storage manager\iomega discovery.exe] => (Allow) C:\program files (x86)\iomega\home storage manager\iomega discovery.exe FirewallRules: [uDP Query User{9BC95A7F-F0CA-4C07-B12D-F30629997A00}C:\program files (x86)\iomega\home storage manager\iomega discovery.exe] => (Allow) C:\program files (x86)\iomega\home storage manager\iomega discovery.exe FirewallRules: [TCP Query User{C27E1A81-20D8-4336-92B4-9B04EC459ADF}C:\program files (x86)\iomega\home storage manager\iomega discovery.exe] => (Allow) C:\program files (x86)\iomega\home storage manager\iomega discovery.exe FirewallRules: [uDP Query User{902B8605-C082-42F6-ADD6-08E48376AA5E}C:\program files (x86)\iomega\home storage manager\iomega discovery.exe] => (Allow) C:\program files (x86)\iomega\home storage manager\iomega discovery.exe FirewallRules: [TCP Query User{3BE7D740-AF06-467F-92D4-6EFF94F81FA6}C:\program files (x86)\iomega\home storage manager\iomega storage manager.exe] => (Allow) C:\program files (x86)\iomega\home storage manager\iomega storage manager.exe FirewallRules: [uDP Query User{407E32E8-F9AF-4575-BEAB-8BE1266DA4E1}C:\program files (x86)\iomega\home storage manager\iomega storage manager.exe] => (Allow) C:\program files (x86)\iomega\home storage manager\iomega storage manager.exe FirewallRules: [{4398C63B-B893-4F93-A97B-B2EB436084DF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{9F00832E-4028-4695-88B4-86674D4B7989}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{5D403EA2-8D9D-459A-BE1E-8E8EA75859CD}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe FirewallRules: [{18195B15-C943-4866-B7AB-4D8BEFB3AE8B}] => (Allow) LPort=5357 FirewallRules: [{9A520B1B-1337-41CE-A50F-292D477B9900}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{DCAFE9ED-8D6D-4A1A-95F3-4E931B0D1D76}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{091E4F4D-094C-4E46-BCF6-0602A5F766A4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{3899DB2A-334A-4848-B35A-B651AE67D90B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{91A14927-5FE6-454B-8E18-778E317CF151}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{E5D0E6F6-575E-484E-8FCD-B7DA20E26E95}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{EBB9D90A-0B17-450A-B53B-E739EFEFADC4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 13-05-2016 22:31:21 Scheduled Checkpoint 16-06-2016 20:30:02 Scheduled Checkpoint 03-07-2016 23:43:42 Installed VirtualDJ 8 01-10-2016 01:09:37 JRT Pre-Junkware Removal 01-10-2016 06:10:44 Windows Update 01-10-2016 13:15:56 ASU_MSI_TRAN ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/01/2016 01:12:55 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll". Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (10/01/2016 09:57:17 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 9fc Start Time: 01d21bbe9c205a43 Termination Time: 15069 Application Path: C:\Windows\Explorer.EXE Report Id: Error: (10/01/2016 05:16:24 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: SHLWAPI.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9ab Exception code: 0xc0000005 Fault offset: 0x0000000000007306 Faulting process id: 0xf00 Faulting application start time: 0x01d21b9a0195a815 Faulting application path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\system32\SHLWAPI.dll Report Id: d02e4d43-878d-11e6-b3ff-e0cb4e909b2d Error: (10/01/2016 05:12:13 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: wucltux.dll, version: 7.6.7600.256, time stamp: 0x4fca9081 Exception code: 0xc0000005 Fault offset: 0x0000000000098fec Faulting process id: 0x784 Faulting application start time: 0x01d21b9022f976a5 Faulting application path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\system32\wucltux.dll Report Id: 3a927d6b-878d-11e6-b3ff-e0cb4e909b2d Error: (10/01/2016 03:23:55 AM) (Source: SideBySide) (EventID: 63) (User: ) Description: Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error: (08/15/2016 01:44:02 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5507 Error: (08/15/2016 01:44:02 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 5507 Error: (08/15/2016 01:44:02 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/14/2016 08:43:40 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5195 Error: (08/14/2016 08:43:40 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 5195 System errors: ============= Error: (10/01/2016 04:51:05 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running. Error: (10/01/2016 04:51:05 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. Error: (10/01/2016 04:51:04 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running. Error: (10/01/2016 04:51:04 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running. Error: (10/01/2016 04:50:04 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running. Error: (10/01/2016 04:49:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (10/01/2016 04:49:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (10/01/2016 04:49:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (10/01/2016 04:49:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (10/01/2016 04:49:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. ==================== Memory info =========================== Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz Percentage of memory in use: 73% Total physical RAM: 3037.09 MB Available physical RAM: 799.7 MB Total Virtual: 6072.35 MB Available Virtual: 3108.04 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:283.44 GB) (Free:190.38 GB) NTFS ==>[drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 76692CA8) Partition 1: (Not Active) - (Size=14.6 GB) - (Type=1C) Partition 2: (Active) - (Size=283.4 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ Link to comment Share on other sites More sharing options...
Satchfan Posted October 2, 2016 Share Posted October 2, 2016 There’s no sign of malware but some things need tidied up.You need to move Farbar Recovery Scan Tool to your desktop otherwise fixes will not work. go to your Downloads folder and locate Farbar Recovery Scan Tool right click and select Cut go to an empty spot on your desktop, right click and select Paste Farbar Recovery Scan Tool should now be on your desktop.================================================Run Farbar Recovery Scan ToolOpen notepad. Please copy the contents of the code box below and paste it into Notepad. CloseProcesses: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: D - D:\LaunchU3.exe -a HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: F - F:\LaunchU3.exe -a HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: {53b895d9-8eca-11df-b027-e0cb4e909b2d} - D:\VZAccess_Manager.exe /z detect HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: {53b895e3-8eca-11df-b027-e0cb4e909b2d} - D:\VZAccess_Manager.exe /z detect HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: {53b895e9-8eca-11df-b027-e0cb4e909b2d} - D:\VZAccess_Manager.exe /z detect HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: {a015e85f-94d4-11df-9e11-e0cb4e909b2d} - D:\VZAccess_Manager.exe /z detect HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: {a2b41c1d-2fca-11df-a968-e0cb4e909b2d} - D:\LaunchU3.exe -a HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: {e45d45ba-9f53-11df-9c46-e0cb4e909b2d} - D:\VZAccess_Manager.exe /z detect (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll [2007-06-02] () GroupPolicy: Restriction - Chrome <======= ATTENTION CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll => No File CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll => No File CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll => No File CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll => No File CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll => No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll => No File CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Holly Doering\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll => No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll => No File U3 tmlwf; no ImagePath U3 tmwfp; no ImagePath C:\Users\Holly Doering\AppData\Local\Temp\bpuninstall.exe EmptyTemp: NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work run FRST64 then click Fix just once and wait it will create a log on your desktop, (Fixlog.txt); please post it to your reply. ================================================Run Security CheckDownload Security Check by screen317 from here. save it to your Desktop. double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. a Notepad document should open automatically called checkup.txt; please post the contents of that document. NOTE: If you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED!, try rebooting the system and then run SecurityCheck again.Logs to include with next post:Fixlog.txtcheckup.txtThanksSatchfan Link to comment Share on other sites More sharing options...
brownhornet Posted October 2, 2016 Author Share Posted October 2, 2016 i dont understand this part of the instructions: save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work i saved the files to notepad and named it fixlist.txt and its on the desktop..the FRST text file from initial scan is on the desktop too..please advise Link to comment Share on other sites More sharing options...
brownhornet Posted October 2, 2016 Author Share Posted October 2, 2016 i ran security check while waiting for you to reply. Results of screen317's Security Check version 1.014 --- 12/23/15 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Firewall Disabled! Avast Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` SpywareBlaster 5.5 Auslogics Registry Cleaner Java 6 Update 26 Java version 32-bit out of Date! Adobe Flash Player 23.0.0.162 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (39.0) Google Chrome (52.0.2743.116) Google Chrome (53.0.2785.116) Google Chrome (SetupMetrics...) ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast avastui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 8% ````````````````````End of Log`````````````````````` Link to comment Share on other sites More sharing options...
Satchfan Posted October 2, 2016 Share Posted October 2, 2016 i dont understand this part of the instructions: save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work i saved the files to notepad and named it fixlist.txt and its on the desktop..the FRST text file from initial scan is on the desktop too. It means that FRST, (the program), and fixlist.txt must both be located in the same place, (eg both on the desktop). Link to comment Share on other sites More sharing options...
brownhornet Posted October 3, 2016 Author Share Posted October 3, 2016 Fix result of Farbar Recovery Scan Tool (x64) Version: 02-10-2016 Ran by Holly Doering (03-10-2016 03:31:47) Run:1 Running from C:\Users\Holly Doering\Downloads Loaded Profiles: Holly Doering (Available Profiles: Holly Doering) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: D - D:\LaunchU3.exe -a HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: F - F:\LaunchU3.exe -a HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: {53b895d9-8eca-11df-b027-e0cb4e909b2d} - D:\VZAccess_Manager.exe /z detect HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: {53b895e3-8eca-11df-b027-e0cb4e909b2d} - D:\VZAccess_Manager.exe /z detect HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: {53b895e9-8eca-11df-b027-e0cb4e909b2d} - D:\VZAccess_Manager.exe /z detect HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: {a015e85f-94d4-11df-9e11-e0cb4e909b2d} - D:\VZAccess_Manager.exe /z detect HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: {a2b41c1d-2fca-11df-a968-e0cb4e909b2d} - D:\LaunchU3.exe -a HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\...\MountPoints2: {e45d45ba-9f53-11df-9c46-e0cb4e909b2d} - D:\VZAccess_Manager.exe /z detect (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll [2007-06-02] () GroupPolicy: Restriction - Chrome <======= ATTENTION CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll => No File CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll => No File CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll => No File CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll => No File CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll => No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll => No File CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Holly Doering\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll => No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll => No File U3 tmlwf; no ImagePath U3 tmwfp; no ImagePath C:\Users\Holly Doering\AppData\Local\Temp\bpuninstall.exe EmptyTemp: ***************** Processes closed successfully. "HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D" => key removed successfully "HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F" => key removed successfully "HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53b895d9-8eca-11df-b027-e0cb4e909b2d}" => key removed successfully HKCR\CLSID\{53b895d9-8eca-11df-b027-e0cb4e909b2d} => key not found. "HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53b895e3-8eca-11df-b027-e0cb4e909b2d}" => key removed successfully HKCR\CLSID\{53b895e3-8eca-11df-b027-e0cb4e909b2d} => key not found. "HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53b895e9-8eca-11df-b027-e0cb4e909b2d}" => key removed successfully HKCR\CLSID\{53b895e9-8eca-11df-b027-e0cb4e909b2d} => key not found. "HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a015e85f-94d4-11df-9e11-e0cb4e909b2d}" => key removed successfully HKCR\CLSID\{a015e85f-94d4-11df-9e11-e0cb4e909b2d} => key not found. "HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2b41c1d-2fca-11df-a968-e0cb4e909b2d}" => key removed successfully HKCR\CLSID\{a2b41c1d-2fca-11df-a968-e0cb4e909b2d} => key not found. "HKU\S-1-5-21-1681979680-1402208572-3299214080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e45d45ba-9f53-11df-9c46-e0cb4e909b2d}" => key removed successfully HKCR\CLSID\{e45d45ba-9f53-11df-9c46-e0cb4e909b2d} => key not found. (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll [2007-06-02] () => Error: No automatic fix found for this entry. C:\Windows\system32\GroupPolicy\Machine => moved successfully C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll => not found. C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll => not found. C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll => not found. C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll => not found. C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll => not found. C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll => not found. C:\Users\Holly Doering\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll => not found. C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll => not found. tmlwf => service removed successfully tmwfp => service removed successfully "C:\Users\Holly Doering\AppData\Local\Temp\bpuninstall.exe" => not found. =========== EmptyTemp: ========== BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 318355104 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 829439 B Edge => 0 B Chrome => 46727012 B Firefox => 3448080 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 33058 B Public => 0 B ProgramData => 0 B systemprofile => 33058 B systemprofile32 => 49442 B LocalService => 132486 B NetworkService => 66228 B Holly Doering => 4110021 B RecycleBin => 145860 B EmptyTemp: => 356.6 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 03:31:54 ==== Link to comment Share on other sites More sharing options...
Satchfan Posted October 3, 2016 Share Posted October 3, 2016 That cleared up some but I’d like a couple more scans.Run Farbar Service ScannerPlease download Farbar Service Scanner and run it on the computer with the issue.Make sure the following options are checked: Windows FirewallSystem RestoreSecurity Center/Action CenterWindows Update press "Scan". it will create a log (FSS.txt) in the same directory the tool is run. please copy and paste the log to your reply. ===================================================Let’s run an online scan to be sure nothing is left and if that’s clear I’ll send instructions to tidy up.Run ESET Online ScanNote: This may take a long time so please be patient.IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.Note: You can use Internet Explorer, FireFox or Chrome for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.Hold down Control and click on the following link to open ESET OnlineScan in a new window.ESET OnlineScan click the Run Eset online Scanner button for alternate browsers only: (Microsoft Internet Explorer users can skip these steps)o click on esetinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.o double click on the Eset installer icon on your desktop check Yes, I accept the Terms of Use click the Start button accept any security warnings from your browser check Enable detection of potentially unwanted applications click Advanced settings and select the following:o scan archiveso scan for potentially unsafe applicationso enable Anti-Stealth technologyNote: Do not check Remove found threats ESET will then download updates, install itself, and begin scanning your computer, (lease be patient as this can take some time) when the scan completes, push List of found threats when the scan is done, click List threats (only available if ESET Online Scanner found something) click Export, then save the file to your desktop click Back, then Finish to exit ESET Online Scanner. Don't forget to re-enable your antivirus when finished! Logs to include in the next post:FSS.txtEset results (if any)ThanksSatchfan Link to comment Share on other sites More sharing options...
brownhornet Posted October 3, 2016 Author Share Posted October 3, 2016 im posting this here first because i know Eset takes a while to scan.log file: Farbar Service Scanner Version: 27-01-2016Ran by Holly Doering (administrator) on 03-10-2016 at 02:50:20Running from "C:\Users\Holly Doering\Downloads"Microsoft Windows 7 Home Premium Service Pack 1 (X64)Boot Mode: Normal****************************************************************Windows Firewall:=============Firewall Disabled Policy:==================System Restore:============System Restore Policy:========================Action Center:============Windows Update:============Windows Autoupdate Disabled Policy:============================Other Services:==============File Check:========C:\Windows\System32\mpssvc.dll => File is digitally signedC:\Windows\System32\bfe.dll => File is digitally signedC:\Windows\System32\drivers\mpsdrv.sys => File is digitally signedC:\Windows\System32\SDRSVC.dll => File is digitally signedC:\Windows\System32\vssvc.exe => File is digitally signedC:\Windows\System32\wscsvc.dll => File is digitally signedC:\Windows\System32\wbem\WMIsvc.dll => File is digitally signedC:\Windows\System32\wuaueng.dll => File is digitally signedC:\Windows\System32\qmgr.dll => File is digitally signedC:\Windows\System32\es.dll => File is digitally signedC:\Windows\System32\cryptsvc.dll => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signed**** End of log **** Link to comment Share on other sites More sharing options...
brownhornet Posted October 3, 2016 Author Share Posted October 3, 2016 no threats found from Eset scan. Link to comment Share on other sites More sharing options...
Satchfan Posted October 3, 2016 Share Posted October 3, 2016 (edited) Good. I’d just like one more scan please.Run Farbar Recovery Scan ToolOpen notepad. Please copy the contents of the code box below and paste it into Notepad. Reg: reg query HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile Reg: reg query HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile Reg: reg query HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work run FRST64 then click Fix just once and wait it will create a log on your desktop, (Fixlog.txt); please post it to your reply. Thanks Edited October 3, 2016 by Satchfan Link to comment Share on other sites More sharing options...
brownhornet Posted October 3, 2016 Author Share Posted October 3, 2016 Fix result of Farbar Recovery Scan Tool (x64) Version: 02-10-2016Ran by Holly Doering (03-10-2016 06:29:05) Run:2Running from C:\Users\Holly Doering\DownloadsLoaded Profiles: Holly Doering (Available Profiles: Holly Doering)Boot Mode: Normal==============================================fixlist content:*****************Reg: reg query HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfileReg: reg query HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfileReg: reg query HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile*****************========= reg query HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile =========HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile DisableNotifications REG_DWORD 0x0 EnableFirewall REG_DWORD 0x1HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging========= End of Reg: ================== reg query HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile =========HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile DisableNotifications REG_DWORD 0x0 EnableFirewall REG_DWORD 0x1HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging========= End of Reg: ================== reg query HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile =========HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile DisableNotifications REG_DWORD 0x0 EnableFirewall REG_DWORD 0x1HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging========= End of Reg: ============= End of Fixlog 06:29:05 ==== Link to comment Share on other sites More sharing options...
Satchfan Posted October 3, 2016 Share Posted October 3, 2016 That all looks fine. It appears that your computer is fine. Are you happy to tidy up? Link to comment Share on other sites More sharing options...
brownhornet Posted October 3, 2016 Author Share Posted October 3, 2016 yes..was there anything really bad. the laptop hasnt had any updates in 2 years but i fixed all that and it runs better now after all the scans that were done.. Link to comment Share on other sites More sharing options...
Satchfan Posted October 3, 2016 Share Posted October 3, 2016 Glad things are OK now and that we could help. was there anything really bad No. the laptop hasnt had any updates in 2 years but i fixed all that That’s not clever. The updates are there to perform many things but, one of the most important is that the operating system has the latest ‘fixes’, (the same as your antivirus needs to do - on a daily basis).Windows and the antivirus programs can only protect your computer against the new daily threats with your co-operation.================================================As long as it seems to be running well, please follow these simple steps to tidy it up your computer and decrease the likelihood of getting infected again:Uninstall AdwCleaner double click on adwcleaner.exe to run the tool click on Uninstall confirm with Yes. ===================================================Download & run Delfix download Delfix from here to remove many of the tools we've used during the cleaning process. ensure “Remove disinfection tools” is checked. Also place a checkmark next to: o Create registry backupo Purge system restore click the Run button.You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.===================================================Update installed programsYour versions of Java and Adobe Reader are out-of-date and need to be removed and updated.Having the latest updates and removing old versions ensures there are no security vulnerabilities in your system.Uninstall[/b]: Java™ 6 Update 26Adobe Reader 9 If you are prompted for an administrator password or confirmation, type the password or provide confirmation. NEXTInstall the latest version of Java:JavaNOTE – when you install Java, before clicking on Install, be sure to Uncheck “Install the Ask Toolbar and make Ask my default search provider”Even though I just had you get the latest version of Java, there is a vulnerability with regards to Java and web browsers. Therefore, we recommend to disable java in web browsers.More information can be found here.NEXTVisit Adobe and download the latest version of Acrobat Reader.===================================================Recommended programsUpdate and run Malwarebytes. This really is an excellent program that you should also update and run on a regular basis, probably weekly.======================It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated.======================Download WOTWeb of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites: green if it's safeyellow for cautionred for unsafe You can download the WOT add-on for Firefox, Chrome, Internet Explorer, Opera, and Safari browsers. It does not slow down your browsing experience, it is easy to use and free. Just click “Download” and you are ready to go!======================UncheckyBe careful when downloading free software. Many free programs come bundled with adware, many of which cause redirects/popups and verge on being malware. There is a program that automatically “unckecks” the boxes you may not notice when downloading programs.Download and install Unchecky .===================================================I also recommend that you read the following:Best Practices for Safe Computing - Prevention of Malware Infection by miekiemoesSimple and easy ways to keep your computer safe and secure on the Internet by Lawrence AbramsI will keep this open for 24 hours in case you have any problems, after which I’ll close the topic.Safe computingSatchfan Link to comment Share on other sites More sharing options...
brownhornet Posted October 3, 2016 Author Share Posted October 3, 2016 thanks for the help... Link to comment Share on other sites More sharing options...
Satchfan Posted October 4, 2016 Share Posted October 4, 2016 You're welcome. Link to comment Share on other sites More sharing options...
Recommended Posts