Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2017 Ran by Administrator (administrator) on KINGKONG (09-03-2017 19:29:49) Running from C:\Documents and Settings\Administrator\Desktop Loaded Profiles: Administrator (Available Profiles: Administrator) Platform: Microsoft Windows XP Service Pack 2 (X64) Language: English (United States) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) Failed to access process -> smss.exe Failed to access process -> csrss.exe Failed to access process -> winlogon.exe Failed to access process -> services.exe Failed to access process -> lsass.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> spoolsv.exe Failed to access process -> sched.exe Failed to access process -> svchost.exe Failed to access process -> avguard.exe Failed to access process -> svchost.exe Failed to access process -> explorer.exe Failed to access process -> GoogleCrashHandler.exe Failed to access process -> RTHDCPL.EXE Failed to access process -> ctfmon.exe Failed to access process -> Webshots.scr Failed to access process -> ctfmon.exe Failed to access process -> avgnt.exe Failed to access process -> BrStMonW.exe Failed to access process -> BrotherHelp.exe Failed to access process -> BrCtrlCntr.exe Failed to access process -> BrCcUxSys.exe Failed to access process -> jqs.exe Failed to access process -> sol.exe Failed to access process -> psia.exe Failed to access process -> svchost.exe Failed to access process -> wdfmgr.exe Failed to access process -> MOM.exe Failed to access process -> CCC.exe Failed to access process -> wmiprvse.exe Failed to access process -> avshadow.exe Failed to access process -> BrYNSvc.exe Failed to access process -> alg.exe Failed to access process -> firefox.exe Failed to access process -> sua.exe Failed to access process -> WINWORD.EXE Failed to access process -> splwow64.exe Failed to access process -> JavaJRE_8u121_32-bit_PSIonlySPS.exe Failed to access process -> wmiprvse.exe Failed to access process -> FRST64.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20145368 2013-10-04] (Realtek Semiconductor Corp.) HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [84584 2010-11-03] (Realtek Semiconductor Corp.) HKLM\...\Run: [AlcWzrd] => C:\WINDOWS\ALCWZRD.EXE [2815592 2010-11-03] (RealTek Semicoductor Corp.) HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [64104 2010-11-03] (Realtek Semiconductor Corp.) HKLM\...\Run: [SpyHunter Security Suite] => "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe" HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-03-17] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1046496 2016-12-22] (DivX, LLC) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [831576 2016-10-25] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2016-02-03] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) Winlogon\Notify\crypt32chain: C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation) Winlogon\Notify\cryptnet: C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation) Winlogon\Notify\cscdll: C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation) Winlogon\Notify\dimsntfy: C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) Winlogon\Notify\ScCertProp: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation) Winlogon\Notify\Schedule: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation) Winlogon\Notify\sclgntfy: C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation) Winlogon\Notify\SensLogn: C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation) Winlogon\Notify\termsrv: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation) Winlogon\Notify\wlballoon: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation) Winlogon\Notify\crypt32chain: C:\WINDOWS\system32\crypt32.dll [2013-10-07] (Microsoft Corporation) Winlogon\Notify\cryptnet: C:\WINDOWS\system32\cryptnet.dll [2007-02-18] (Microsoft Corporation) Winlogon\Notify\cscdll: C:\WINDOWS\system32\cscdll.dll [2007-02-18] (Microsoft Corporation) Winlogon\Notify\dimsntfy: C:\WINDOWS\system32\dimsntfy.dll [2007-02-18] (Microsoft Corporation) Winlogon\Notify\EFS: C:\WINDOWS\system32\sclgntfy.dll [2007-02-18] (Microsoft Corporation) Winlogon\Notify\ScCertProp: C:\WINDOWS\system32\wlnotify.dll [2007-02-18] (Microsoft Corporation) Winlogon\Notify\Schedule: C:\WINDOWS\system32\wlnotify.dll [2007-02-18] (Microsoft Corporation) Winlogon\Notify\sclgntfy: C:\WINDOWS\system32\sclgntfy.dll [2007-02-18] (Microsoft Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] Winlogon\Notify\SensLogn: C:\WINDOWS\system32\WlNotify.dll [2007-02-18] (Microsoft Corporation) Winlogon\Notify\wlballoon: C:\WINDOWS\system32\wlnotify.dll [2007-02-18] (Microsoft Corporation) HKLM\...\Command Processor: <======= ATTENTION HKLM-x32\...\Command Processor: <======= ATTENTION HKU\S-1-5-19\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [62464 2007-02-18] (Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [62464 2007-02-18] (Microsoft Corporation) HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\Run: [ctfmon.exe] => C:\WINDOWS\system32\ctfmon.exe [20992 2007-02-18] (Microsoft Corporation) HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [761064 2014-12-03] (Adobe Systems Incorporated) HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\Run: [Xvid] => C:\Program Files (x86)\Video Programs\Xvid\CheckUpdate.exe [8192 2011-01-17] () HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\SpyBotS&D\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.) HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\Run: [GridinSoft Anti-Malware (64-bit)] => "C:\Program Files\GridinSoft Anti-Malware\gsam.exe" -startupusbscan HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\RunOnce: [Adobe Speed Launcher] => 1489105410 HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-21-2049699319-3081317485-938346843-500\Control Panel\Desktop\\SCRNSAVE.EXE -> D:\Webshots\Webshots.scr [3343688 2008-08-15] (Webshots.com) HKU\S-1-5-18\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [62464 2007-02-18] (Microsoft Corporation) SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation) SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation) SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) SSODL-x32: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation) SSODL-x32: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation) SSODL-x32: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysWOW64\stobject.dll (Microsoft Corporation) ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [10510848 2012-06-08] (Microsoft Corporation) ShellExecuteHooks-x32: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [10510848 2012-06-08] (Microsoft Corporation) Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\StartUp\Webshots.lnk [2017-03-03] ShortcutTarget: Webshots.lnk -> D:\Webshots\Launcher.exe (Webshots.com) BootExecute: autocheck autochk * sdnclean64.exe GroupPolicyScripts: Restriction <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\mswsock.dll [233472 2011-03-03] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog9 01 C:\Program Files (x86)\Avira\Antivirus\avsda.dll [507984 2016-07-18] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 02 C:\Program Files (x86)\Avira\Antivirus\avsda.dll [507984 2016-07-18] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 08 C:\Program Files (x86)\Avira\Antivirus\avsda.dll [507984 2016-07-18] (Avira Operations GmbH & Co. KG) Winsock: Catalog5-x64 03 C:\Windows\System32\mswsock.dll [492544 2011-03-03] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog9-x64 01 C:\Program Files (x86)\Avira\Antivirus\avsda64.dll [523344 2016-07-18] (Avira Operations GmbH & Co. KG) Winsock: Catalog9-x64 02 C:\Program Files (x86)\Avira\Antivirus\avsda64.dll [523344 2016-07-18] (Avira Operations GmbH & Co. KG) Winsock: Catalog9-x64 08 C:\Program Files (x86)\Avira\Antivirus\avsda64.dll [523344 2016-07-18] (Avira Operations GmbH & Co. KG) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{08C743BC-9CA0-4CF9-ADF6-7F047B249B9F}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Internet Explorer: ================== HKU\S-1-5-21-2049699319-3081317485-938346843-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2049699319-3081317485-938346843-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2049699319-3081317485-938346843-500 -> {C9A47FAB-D6CE-4EDC-B074-C851DE64CDD6} URL = BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2017-01-29] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2017-01-29] (Oracle Corporation) Toolbar: HKU\S-1-5-21-2049699319-3081317485-938346843-500 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2007-02-18] (Microsoft Corporation) Toolbar: HKU\S-1-5-21-2049699319-3081317485-938346843-500 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll [2012-06-08] (Microsoft Corporation) DPF: HKLM-x32 {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxps://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1423973039265 Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation) Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation) Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation) Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation) Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation) Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation) Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation) Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SysWOW64\urlmon.dll [2014-03-06] (Microsoft Corporation) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll [2014-03-06] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll [2014-03-06] (Microsoft Corporation) Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation) Filter-x32: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll [2014-03-06] (Microsoft Corporation) Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\SHELL32.dll [2012-06-08] (Microsoft Corporation) Filter-x32: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\syswow64\SHELL32.dll [2012-06-08] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: plpchrbo.default FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default [2017-03-09] FF Homepage: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default -> www.Google.com FF Extension: (Blank Private Browsing Page) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\blankprivatebrowsingpage@ipotable.github.com.xpi [2016-05-01] FF Extension: (Favicon Restorer) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\faviconrestorer@masserog.it [2016-05-01] FF Extension: (YouTube™ Enhancer Plus) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\firefoxaddon@youtubeenhancer.com.xpi [2016-12-21] FF Extension: (Form History Control) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\formhistory@yahoo.com [2016-05-01] FF Extension: (Webmail Ad Blocker) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\gmailnoads@mywebber.com.xpi [2016-11-16] FF Extension: (NO Google Analytics) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\jid1-JcGokIiQyjoBAQ@jetpack.xpi [2016-05-01] FF Extension: (AdBlocker for YouTube™) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\jid1-q4sG8pYhq8KGHs@jetpack.xpi [2016-12-06] FF Extension: (JSONView) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\jsonview@brh.numbera.com.xpi [2017-01-26] FF Extension: (YouTube Plus) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\particle@particlecore.github.io.xpi [2017-02-06] FF Extension: (Private Tab) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\privateTab@infocatcher.xpi [2017-02-17] FF Extension: (Restart My Fox) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\Restart-My-Fox@8pecxstudios.com.xpi [2016-06-03] FF Extension: (SaveAll!) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\saveall@ns.ba [2016-05-01] FF Extension: (Saved Password Editor) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\savedpasswordeditor@daniel.dawson.xpi [2016-11-29] FF Extension: (Google Translator for Firefox) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\translator@zoli.bod.xpi [2017-02-02] FF Extension: (ReloadAll!) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\unitedronaldo@yahoo.com.xpi [2017-02-03] FF Extension: (Screengrab (fix version)) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2016-12-09] FF Extension: (Map With Google) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\{74591c01-3a7f-469e-ad4e-5d8d708dc4c5}.xpi [2016-05-01] FF Extension: (YouTube High Definition) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2017-02-14] FF Extension: (Yahoo Mail Hide Ad Panel) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\{c37bac34-849a-4d28-be41-549b2c76c64e}.xpi [2017-01-26] FF Extension: (YouTube Video Download and Convert) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\{e8deb9e5-5688-4655-838a-b7a121a9f16e}.xpi [2017-02-14] FF Extension: (RealDonaldContext) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\{e965eb3c-1419-4448-893c-d13aee5862f7}.xpi [2017-01-23] FF Extension: (YouTube Flash Video Player) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2017-03-09] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-16] () FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VLC Media Player x64 v2.1.5\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VLC Media Player x64 v2.1.5\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VLC Media Player x64 v2.1.5\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VLC Media Player x64 v2.1.5\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-21] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2016-12-23] (DivX, LLC) FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2017-01-29] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2017-01-29] (Oracle Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-30] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-30] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AeLookupSvc; C:\WINDOWS\SysWOW64\aelupsvc.dll [26624 2007-02-18] (Microsoft Corporation) S4 Alerter; C:\WINDOWS\system32\alrsvc.dll [29696 2007-02-18] (Microsoft Corporation) S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc.exe [970632 2016-10-25] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [470600 2016-10-25] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [470600 2016-10-25] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\AVWEBGRD.EXE [1253352 2016-10-25] (Avira Operations GmbH & Co. KG) S4 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [892928 2009-03-16] (ATI Technologies Inc.) R2 AudioSrv; C:\WINDOWS\SysWOW64\audiosrv.dll [41472 2007-02-18] (Microsoft Corporation) R2 Browser; C:\WINDOWS\SysWOW64\browser.dll [78336 2012-09-12] (Microsoft Corporation) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed] S3 ClipSrv; C:\WINDOWS\system32\clipsrv.exe [49664 2007-02-18] (Microsoft Corporation) S3 ClipSrv; C:\WINDOWS\SysWOW64\clipsrv.exe [32256 2007-02-18] (Microsoft Corporation) S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [399872 2007-02-18] (Microsoft Corporation) R2 dmserver; C:\WINDOWS\System32\dmserver.dll [37376 2007-02-18] (Microsoft Corporation) R2 Dnscache; C:\WINDOWS\SysWOW64\dnsrslvr.dll [45568 2011-03-03] (Microsoft Corporation) R2 ERSvc; C:\WINDOWS\System32\ersvc.dll [31744 2007-02-18] (Microsoft Corporation) R2 Eventlog; C:\WINDOWS\system32\services.exe [227840 2009-03-19] (Microsoft Corporation) R2 helpsvc; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [77312 2007-02-18] (Microsoft Corporation) S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company) R3 HTTPFilter; C:\WINDOWS\System32\w3ssl.dll [21504 2007-02-18] (Microsoft Corporation) R3 HTTPFilter; C:\WINDOWS\SysWOW64\w3ssl.dll [15360 2007-02-18] (Microsoft Corporation) S3 ImapiService; C:\WINDOWS\system32\imapi.exe [265728 2007-02-18] (Microsoft Corporation) R2 JavaQuickStarterService; C:\Program Files (x86)\Java\jre7\bin\jqs.exe [182696 2017-01-29] (Oracle Corporation) R2 LmHosts; C:\WINDOWS\SysWOW64\lmhsvc.dll [19968 2007-02-18] (Microsoft Corporation) S4 Messenger; C:\WINDOWS\System32\msgsvc.dll [57344 2007-02-18] (Microsoft Corporation) S3 mnmsrvc; C:\WINDOWS\SysWOW64\mnmsrvc.exe [32768 2007-02-18] (Microsoft Corporation) S3 NetDDE; C:\WINDOWS\system32\netdde.exe [160768 2007-02-18] (Microsoft Corporation) S3 NetDDE; C:\WINDOWS\SysWOW64\netdde.exe [110080 2007-02-18] (Microsoft Corporation) S3 NetDDEdsdm; C:\WINDOWS\system32\netdde.exe [160768 2007-02-18] (Microsoft Corporation) S3 NetDDEdsdm; C:\WINDOWS\SysWOW64\netdde.exe [110080 2007-02-18] (Microsoft Corporation) R3 Netman; C:\WINDOWS\SysWOW64\netman.dll [263680 2007-02-18] (Microsoft Corporation) R3 Nla; C:\WINDOWS\System32\mswsock.dll [492544 2011-03-03] (Microsoft Corporation) R3 Nla; C:\WINDOWS\SysWOW64\mswsock.dll [233472 2011-03-03] (Microsoft Corporation) S3 NtLmSsp; C:\WINDOWS\system32\lsass.exe [14336 2007-02-18] (Microsoft Corporation) S3 NtmsSvc; C:\WINDOWS\system32\ntmssvc.dll [794112 2007-02-18] (Microsoft Corporation) R2 PlugPlay; C:\WINDOWS\system32\services.exe [227840 2009-03-19] (Microsoft Corporation) R2 PolicyAgent; C:\WINDOWS\system32\lsass.exe [14336 2007-02-18] (Microsoft Corporation) S3 RasAuto; C:\WINDOWS\SysWOW64\rasauto.dll [91648 2007-02-18] (Microsoft Corporation) R3 RasMan; C:\WINDOWS\SysWOW64\rasmans.dll [181760 2007-02-18] (Microsoft Corporation) S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [212480 2007-02-18] (Microsoft Corporation) R2 RemoteRegistry; C:\WINDOWS\SysWOW64\regsvc.dll [69120 2007-02-18] (Microsoft Corporation) S3 SCardSvr; C:\WINDOWS\System32\SCardSvr.exe [166400 2007-02-18] (Microsoft Corporation) S3 SCardSvr; C:\WINDOWS\SysWOW64\SCardSvr.exe [90112 2007-02-18] (Microsoft Corporation) R2 Schedule; C:\WINDOWS\SysWOW64\schedsvc.dll [202240 2007-02-18] (Microsoft Corporation) S3 SDScannerService; C:\Program Files (x86)\SpyBotS&D\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) S3 SDUpdateService; C:\Program Files (x86)\SpyBotS&D\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) S4 SDWSCService; C:\Program Files (x86)\SpyBotS&D\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R2 seclogon; C:\WINDOWS\SysWOW64\seclogon.dll [18432 2007-02-18] (Microsoft Corporation) R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia) R3 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia) R2 srservice; C:\WINDOWS\system32\srsvc.dll [231424 2007-02-18] (Microsoft Corporation) R3 SSDPSRV; C:\WINDOWS\SysWOW64\ssdpsrv.dll [72192 2007-02-18] (Microsoft Corporation) R2 stisvc; C:\WINDOWS\SysWOW64\wiaservc.dll [348160 2007-02-18] (Microsoft Corporation) S2 SysmonLog; C:\WINDOWS\system32\smlogsvc.exe [133120 2007-02-18] (Microsoft Corporation) S2 SysmonLog; C:\WINDOWS\SysWOW64\smlogsvc.exe [96256 2007-02-18] (Microsoft Corporation) S4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [113152 2007-02-18] (Microsoft Corporation) R2 TrkWks; C:\WINDOWS\SysWOW64\trkwks.dll [86528 2007-02-18] (Microsoft Corporation) R2 UMWdf; C:\WINDOWS\system32\wdfmgr.exe [62976 2007-02-18] (Microsoft Corporation) R2 UMWdf; C:\WINDOWS\SysWOW64\wdfmgr.exe [39424 2007-02-18] (Microsoft Corporation) S3 UPS; C:\WINDOWS\System32\ups.exe [34816 2007-02-18] (Microsoft Corporation) S3 UPS; C:\WINDOWS\SysWOW64\ups.exe [16896 2007-02-18] (Microsoft Corporation) R2 W32Time; C:\WINDOWS\SysWOW64\w32time.dll [227328 2007-02-18] (Microsoft Corporation) S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [36352 2007-02-18] (Microsoft Corporation) S3 WmdmPmSN; C:\WINDOWS\SysWOW64\mspmsnsv.dll [25088 2007-02-18] (Microsoft Corporation) S3 Wmi; C:\WINDOWS\System32\advapi32.dll [1052160 2009-03-19] (Microsoft Corporation) S3 Wmi; C:\WINDOWS\SysWOW64\advapi32.dll [619008 2009-03-19] (Microsoft Corporation) R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [12288 2007-02-18] (Microsoft Corporation) R2 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [659968 2007-02-18] (Microsoft Corporation) R2 WZCSVC; C:\WINDOWS\SysWOW64\wzcsvc.dll [489472 2007-02-18] (Microsoft Corporation) S3 xmlprov; C:\WINDOWS\System32\xmlprov.dll [326144 2007-02-18] (Microsoft Corporation) S3 xmlprov; C:\WINDOWS\SysWOW64\xmlprov.dll [131584 2007-02-18] (Microsoft Corporation) R3 WinHttpAutoProxySvc; winhttp.dll [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 Abiosdsk; no ImagePath S4 ACPIEC; C:\Windows\System32\Drivers\ACPIEC.sys [18432 2007-02-18] (Microsoft Corporation) S4 adpu160m; no ImagePath S4 adpu320; no ImagePath S3 aec; C:\WINDOWS\System32\drivers\aec.sys [188928 2005-03-24] (Microsoft Corporation) S4 aic78u2; no ImagePath S4 aic78xx; no ImagePath S4 AliIde; no ImagePath S3 Ambfilt64; C:\WINDOWS\System32\drivers\Ambft64.sys [1801304 2009-11-18] (Creative) S4 AmdIde; no ImagePath S4 arc; no ImagePath S3 Arp1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [111104 2007-02-16] (Microsoft Corporation) S4 Atdisk; no ImagePath R3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [5020160 2009-03-16] (ATI Technologies Inc.) S3 Atmarpc; C:\WINDOWS\System32\DRIVERS\atmarpc.sys [106496 2007-02-18] (Microsoft Corporation) R3 audstub; C:\WINDOWS\System32\DRIVERS\audstub.sys [5632 2005-03-24] (Microsoft Corporation) R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [162992 2016-10-25] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [137224 2016-10-25] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [28600 2016-07-18] (Avira Operations GmbH & Co. KG) R2 CdaC15BA; C:\WINDOWS\System32\DRIVERS\CdaC15BA.sys [13312 2007-02-18] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) R2 CdaD10BA; C:\WINDOWS\System32\DRIVERS\CdaD10BA.sys [13312 2007-02-18] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) S1 Changer; no ImagePath S4 CmdIde; no ImagePath S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [415232 2007-02-18] (Microsoft Corporation) R0 dmio; C:\WINDOWS\System32\drivers\dmio.sys [244224 2007-02-18] (Microsoft Corporation) R0 dmload; C:\WINDOWS\System32\drivers\dmload.sys [9216 2007-02-18] (Microsoft Corporation) S4 dpti2o; no ImagePath R1 Fips; C:\Windows\System32\Drivers\Fips.sys [50176 2007-02-18] (Microsoft Corporation) R0 Ftdisk; C:\WINDOWS\System32\DRIVERS\ftdisk.sys [240128 2007-02-18] (Microsoft Corporation) R3 Gpc; C:\WINDOWS\System32\DRIVERS\msgpc.sys [71168 2007-02-18] (Microsoft Corporation) R3 HDAudBus; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [239616 2005-07-13] (Windows (R) Server 2003 DDK provider) S1 i2omgmt; no ImagePath S4 iirsp; no ImagePath R1 imapi; C:\WINDOWS\System32\DRIVERS\imapi.sys [72704 2007-02-18] (Microsoft Corporation) R3 IntcAzAudAddService; C:\WINDOWS\System32\drivers\RTKHDA64.SYS [7458520 2013-12-10] (Realtek Semiconductor Corp.) S4 IntelIde; no ImagePath S3 Ip6Fw; C:\WINDOWS\System32\drivers\ip6fw.sys [57856 2007-02-18] (Microsoft Corporation) R1 IPSec; C:\WINDOWS\System32\DRIVERS\ipsec.sys [156672 2007-02-18] (Microsoft Corporation) S3 kmixer; C:\WINDOWS\System32\drivers\kmixer.sys [204288 2005-03-24] (Microsoft Corporation) S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes) S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-03-07] (Malwarebytes) R1 mnmdd; C:\Windows\System32\Drivers\mnmdd.sys [8192 2007-02-18] (Microsoft Corporation) S3 Monfilt64; C:\WINDOWS\System32\drivers\Monft64.sys [1861720 2009-11-18] (Creative Technology Ltd.) S4 mraid35x; no ImagePath S3 NIC1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [92160 2005-03-24] (Microsoft Corporation) S3 PDCOMP; no ImagePath S3 PDFRAME; no ImagePath S3 PDRELI; no ImagePath S3 PDRFRAME; no ImagePath R3 PSched; C:\WINDOWS\System32\DRIVERS\psched.sys [106496 2007-02-18] (Microsoft Corporation) R3 Ptilink; C:\WINDOWS\System32\DRIVERS\ptilink.sys [31232 2007-02-18] (Parallel Technologies, Inc.) R3 Raspti; C:\WINDOWS\System32\DRIVERS\raspti.sys [31232 2007-02-18] (Microsoft Corporation) R1 redbook; C:\WINDOWS\System32\DRIVERS\redbook.sys [64000 2005-03-24] (Microsoft Corporation) R0 rr232x; C:\WINDOWS\System32\drivers\rr232x.sys [139552 2015-02-01] (HighPoint Technologies, Inc.) S3 RTHDMIAzAudService; C:\WINDOWS\System32\drivers\RtKHDMIX.sys [3023360 2009-05-20] (Realtek Semiconductor Corp.) R3 RTLE8023x64; C:\WINDOWS\System32\DRIVERS\Rtenic64.sys [549080 2014-12-04] (Realtek Semiconductor Corporation ) U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [171008 2007-02-18] (Microsoft Corporation) S4 Simbad; no ImagePath S3 splitter; C:\WINDOWS\System32\drivers\splitter.sys [10240 2007-02-17] (Microsoft Corporation) R0 sr; C:\WINDOWS\System32\DRIVERS\sr.sys [123904 2007-02-18] (Microsoft Corporation) S3 swmidi; C:\WINDOWS\System32\drivers\swmidi.sys [86528 2005-03-24] (Microsoft Corporation) S4 symc8xx; no ImagePath S4 symmpi; no ImagePath S4 sym_hi; no ImagePath S4 sym_u3; no ImagePath R3 sysaudio; C:\WINDOWS\System32\drivers\sysaudio.sys [147456 2007-02-17] (Microsoft Corporation) S4 TosIde; no ImagePath S4 ultra; no ImagePath U5 UnlockerDriver5; C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys [4096 2006-09-07] () [File not signed] R3 Update; C:\WINDOWS\System32\DRIVERS\update.sys [152576 2007-05-30] (Microsoft Corporation) S4 ViaIde; no ImagePath S3 WDICA; no ImagePath R3 wdmaud; C:\WINDOWS\System32\drivers\wdmaud.sys [187904 2007-02-17] (Microsoft Corporation) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] U1 WS2IFSL; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) NETSVCx32: Browser -> C:\Windows\SysWOW64\browser.dll (Microsoft Corporation) NETSVCx32: CryptSvc -> C:\Windows\SysWOW64\cryptsvc.dll (Microsoft Corporation) NETSVCx32: DMServer -> C:\Windows\SysWOW64\dmserver.dll ==> No File NETSVCx32: EventSystem -> C:\WINDOWS\SysWOW64\es.dll (Microsoft Corporation) NETSVCx32: HidServ -> C:\Windows\SysWOW64\hidserv.dll ==> No File NETSVCx32: Iprip -> no filepath. NETSVCx32: LanmanWorkstation -> C:\Windows\SysWOW64\wkssvc.dll ==> No File NETSVCx32: Messenger -> C:\Windows\SysWOW64\msgsvc.dll ==> No File NETSVCx32: Netman -> C:\Windows\SysWOW64\netman.dll (Microsoft Corporation) NETSVCx32: Seclogon -> C:\Windows\SysWOW64\seclogon.dll (Microsoft Corporation) NETSVCx32: TrkWks -> C:\Windows\SysWOW64\trkwks.dll (Microsoft Corporation) NETSVCx32: WZCSVC -> C:\Windows\SysWOW64\wzcsvc.dll (Microsoft Corporation) NETSVCx32: wscsvc -> C:\Windows\SysWOW64\wscsvc.dll ==> No File NETSVCx32: xmlprov -> C:\Windows\SysWOW64\xmlprov.dll (Microsoft Corporation) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-03-09 19:29 - 2017-03-09 19:30 - 00035921 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt 2017-03-09 19:28 - 2017-03-09 19:28 - 02423808 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST64.exe 2017-03-09 19:11 - 2017-03-09 19:12 - 00000000 ____D C:\Program Files (x86)\HijackThis 2017-03-07 22:46 - 2015-03-25 08:55 - 00450626 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170307-224616.backup 2017-02-21 20:48 - 2017-03-09 19:08 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2017-02-21 20:48 - 2017-02-21 20:48 - 00802904 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2017-02-21 20:48 - 2017-02-21 20:48 - 00144472 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-03-09 19:30 - 2015-02-01 19:12 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp 2017-03-09 19:29 - 2015-11-28 10:37 - 00000000 ____D C:\FRST 2017-03-09 19:23 - 2017-01-30 22:53 - 00000894 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2017-03-09 19:23 - 2015-12-07 13:51 - 00000338 _____ C:\WINDOWS\Tasks\ByteFence.job 2017-03-09 19:23 - 2015-03-12 09:01 - 00000522 _____ C:\WINDOWS\Tasks\NSManager_1426198789.job 2017-03-09 19:23 - 2015-02-01 19:12 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-03-09 19:23 - 2009-03-16 15:56 - 00173776 _____ C:\WINDOWS\system32\ativvaxx.cap 2017-03-09 19:21 - 2015-02-01 20:03 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt 2017-03-09 19:21 - 2015-02-01 19:12 - 00032404 _____ C:\WINDOWS\Tasks\SchedLgU.Txt 2017-03-09 19:21 - 2015-02-01 19:12 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2017-03-09 19:21 - 2015-02-01 19:12 - 00000000 ____D C:\Documents and Settings\Administrator 2017-03-09 19:13 - 2015-02-01 19:12 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents 2017-03-09 19:08 - 2015-02-01 20:44 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\- Purchases 010217 2017-03-09 19:04 - 2017-01-30 22:53 - 00000898 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2017-03-09 18:45 - 2017-01-16 05:45 - 00000320 _____ C:\WINDOWS\Tasks\DivXUpdate.job 2017-03-09 10:48 - 2015-04-13 13:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-03-09 02:09 - 2016-08-27 10:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-03-08 14:59 - 2007-02-18 07:00 - 00013074 _____ C:\WINDOWS\system32\wpa.dbl 2017-03-07 22:08 - 2015-04-01 15:10 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-03-07 16:20 - 2016-11-10 11:22 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\Calender 2017 2017-03-06 20:40 - 2015-07-27 15:59 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\- Twitter _JustTooMuch_ 2017-03-05 18:00 - 2016-11-02 11:51 - 00007891 _____ C:\WINDOWS\BRRBCOM.INI 2017-03-05 02:51 - 2015-12-07 13:51 - 00000344 _____ C:\WINDOWS\Tasks\ByteFence Scan.job 2017-03-02 11:06 - 2015-02-01 20:44 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\My Files 2017-03-01 17:49 - 2015-02-01 19:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB971737$ 2017-03-01 16:58 - 2015-06-29 11:20 - 00000000 ____D C:\Program Files (x86)\SpyBotS&D 2017-02-21 20:48 - 2015-02-01 19:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-02-16 21:13 - 2015-02-01 13:33 - 00000000 ____D C:\WINDOWS\Help 2017-02-07 18:50 - 2015-02-11 16:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2423089$ 2017-02-07 18:05 - 2017-02-01 06:37 - 00000000 ____D C:\Program Files\Enigma Software Group 2017-02-07 10:48 - 2017-02-01 08:10 - 00000410 _____ C:\WINDOWS\Tasks\SpyHunter4.job ==================== Files in the root of some directories ======= 2016-01-09 00:16 - 2016-01-09 00:16 - 0000548 _____ () C:\Documents and Settings\Administrator\Application Data\AutoGK.ini 2015-03-16 10:16 - 2015-03-16 10:16 - 0000618 _____ () C:\Documents and Settings\Administrator\Application Data\Update_HP_RedboxHprblog_HPSU.log 2015-03-31 12:31 - 2015-03-31 12:31 - 0000064 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\ab3acd04dfe0d0981345b5062bbe1323 Some files in TEMP: ==================== 2017-02-01 07:46 - 2017-02-01 07:46 - 0000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp\avgnt.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe IS MISSING <==== ATTENTION C:\WINDOWS\SysWOW64\wininit.exe IS MISSING <==== ATTENTION C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed C:\WINDOWS\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION ATTENTION: ==> Could not access BCD. ==================== End of FRST.txt ============================