Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

smartwebads.com/esurf.biz/StormAlerts.exe/itibiti.exe +others [Solved]

smartwebads.com esurf.biz itibiti.exe stormalerts.exe

  • This topic is locked This topic is locked

#1
LVAD

LVAD

    Member

  • Member
  • PipPip
  • 92 posts

Running Vista Business SP2

 

Idiotically installed some shareware and didn't pay attention to the installation processes and installed some malware.  I found 4 exe programs installed (itibiti.exe, stormalerts.exe, and 2 others I can't remember the names of but exe file began with "desktop" and the other was 4 uppercase letters).

 

Seemed to have gotten rid of most of them with a concoction of CCleaner, Revo Uninstaller and MBAM (sorry, no log).

 

Lastly, I ran HitmanPro but all it found was cookies and wanted me to renew my license so I just closed it out for now.

 

 

When I rebooted, found that all 3 of my browsers were hijacked by smartwebads.com and esurf.biz.

 

Hoping to get help to get rid of hijacks and do a general cleaning of the system as I am not sure I really did totally uninstall all the malware that was installed.

 

Here are my Farbar logs

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-02-2016
Ran by admin (administrator) on VOSTRO420 (11-02-2016 11:39:06)
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: admin)
Platform: Microsoft® Windows Vista™ Business  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(FreeDownloadManager.ORG) C:\Program Files\Free Download Manager\FdmBrowserHelper.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139768 2016-02-08] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKU\S-1-5-21-2996190037-1798685498-1166926685-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2996190037-1798685498-1166926685-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] False
HKU\S-1-5-21-2996190037-1798685498-1166926685-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\XPSSST~1.SCR [14336 2008-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-02-08] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{2D630E9B-02FB-48BF-90C8-98C8A08C211B}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{BF479046-5760-434C-AE5F-172A4139D35E}: [DhcpNameServer] 10.0.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2996190037-1798685498-1166926685-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2996190037-1798685498-1166926685-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2996190037-1798685498-1166926685-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-07] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-08] (AVAST Software)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Users\admin\AppData\Roaming\LastPass\LPToolbar.dll [2014-01-25] (LastPass)
BHO: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files\Free Download Manager\iefdm2.dll [2015-06-22] (FreeDownloadManager.ORG)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-07] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Users\admin\AppData\Roaming\LastPass\LPToolbar.dll [2014-01-25] (LastPass)
Toolbar: HKLM - ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGet Deluxe\IEBar.dll [2008-07-04] (ReGet Software)
Toolbar: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000 -> No Name - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
Toolbar: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000 -> ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGet Deluxe\IEBar.dll [2008-07-04] (ReGet Software)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\e798vnut.default
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchEngine.US: Google (avast)
FF DefaultSearchUrl: hxxps://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: hxxps://www.google.com/
FF Keyword.URL: hxxps://www.google.com/search/?trackid=sp-006
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-26] ()
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-07] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2996190037-1798685498-1166926685-1000: @citrixonline.com/appdetectorplugin -> C:\Users\admin\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-01-27] (Citrix Online)
FF Plugin HKU\S-1-5-21-2996190037-1798685498-1166926685-1000: LWAPlugin15.8 -> C:\Users\admin\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll [2013-09-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-10-01] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\admin\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll [2013-09-18] (Microsoft Corporation)
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\e798vnut.default\searchplugins\google-avast.xml [2014-12-08]
FF Extension: Google Similar Images - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\e798vnut.default\extensions\[email protected] [2015-05-31]
FF Extension: FlashGot - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\e798vnut.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2015-09-14]
FF Extension: LastPass - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\e798vnut.default\extensions\[email protected] [2016-01-05]
FF Extension: Tab Mix Plus - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\e798vnut.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-01-20]
FF Extension: RightToClick - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\e798vnut.default\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2016-01-26]
FF Extension: iMacros for Firefox - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\e798vnut.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2016-02-01]
FF Extension: Blender - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\e798vnut.default\Extensions\[email protected] [2016-01-10]
FF Extension: Awesome screenshot: Capture and Annotate - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\e798vnut.default\Extensions\[email protected] [2016-01-13]
FF Extension: Nimbus Screen Capture - editable screenshots. - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\e798vnut.default\Extensions\[email protected] [2016-02-08]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-01-23] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-01-23] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-10]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-10]
FF HKU\S-1-5-21-2996190037-1798685498-1166926685-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-2996190037-1798685498-1166926685-1000\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\Free Download Manager\Firefox\Extensions\2.1.1
FF Extension: Free Download Manager extension - C:\ProgramData\Free Download Manager\Firefox\Extensions\2.1.1 [2016-01-28]

Chrome:
=======
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Free Download Manager Chrome extension) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2016-01-30]
CHR Extension: (Google Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-21]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-07]
CHR Extension: (RSS Subscription Extension) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmjffnfcokiodbeiamclanljnaheeoke [2014-12-04]
CHR Extension: (Alexa Traffic Rank) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel [2014-12-29]
CHR Extension: (Google Search) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-21]
CHR Extension: (Feedly Notifier) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\egikgfbhipinieabdmcpigejkaomgjgb [2015-12-27]
CHR Extension: (Video Downloader professional) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-11-21]
CHR Extension: (Google Docs Offline) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-30]
CHR Extension: (Avast Online Security) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-01-30]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-01-30]
CHR Extension: (Web Scraper) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnhgnonknehpejjnehehllkliplmbmhn [2016-01-31]
CHR Extension: (SaveFrom.net helper) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpljndcmbeikfnlflcggaipgnhiedbl [2016-01-26] [UpdateUrl: hxxp://download.sf-helper.com/chrome/updates.xml] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-10]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKLM\...\Chrome\Extension: [ahmpjcflkgiildlgicmcieglgoilbfdp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-08] (AVAST Software)
S4 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [154096 2014-10-15] (Coupons.com Inc.)
S4 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-02] (Dropbox, Inc.)
S4 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-02] (Dropbox, Inc.)
S3 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [803856 2016-01-28] (Garmin Ltd. or its subsidiaries)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed]
S4 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-02-08] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-02-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-02-08] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-02-08] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [812720 2016-02-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447848 2016-02-08] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [171608 2016-02-08] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [67088 2016-02-08] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221240 2016-02-10] (AVAST Software)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [83984 2012-02-23] (Advanced Micro Devices)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2010-02-22] (Avanquest Software) [File not signed]
R3 CXFALCON; C:\Windows\System32\drivers\cxfalcon.sys [111872 2006-11-03] (Conexant Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2007-12-11] (Windows ® Codename Longhorn DDK provider)
S3 vncmirror; C:\Windows\System32\DRIVERS\vncmirror.sys [4608 2013-12-06] (RealVNC Ltd.)
S3 catchme; \??\C:\Users\admin\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-11 11:39 - 2016-02-11 11:39 - 00019616 _____ C:\Users\admin\Desktop\FRST.txt
2016-02-11 11:17 - 2016-02-11 11:39 - 00000000 ____D C:\FRST
2016-02-11 11:16 - 2016-02-11 11:16 - 01721344 _____ (Farbar) C:\Users\admin\Desktop\FRST.exe
2016-02-11 10:50 - 2016-02-11 10:50 - 00000918 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-02-11 09:39 - 2016-02-11 10:06 - 00000000 ____D C:\ProgramData\HitmanPro
2016-02-11 09:28 - 2016-02-11 09:30 - 10459376 _____ (SurfRight B.V.) C:\Users\admin\Desktop\HitmanPro.exe
2016-02-11 09:00 - 2016-02-11 09:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DESKTOPPLAY
2016-02-11 07:25 - 2016-02-11 07:25 - 04544448 _____ C:\Users\admin\Desktop\Local Traffic Guide.pdf
2016-02-11 03:15 - 2016-02-11 03:15 - 00161961 _____ C:\Users\admin\Desktop\flipping.pdf
2016-02-11 03:14 - 2016-02-11 03:14 - 00201326 _____ C:\Users\admin\Desktop\WSO.pdf
2016-02-11 00:27 - 2016-02-11 00:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitnami
2016-02-11 00:22 - 2016-02-11 00:23 - 30145408 _____ (Bitnami) C:\Users\admin\Desktop\bitnami-wordpress-4.4.2-1-module-windows-installer.exe
2016-02-11 00:18 - 2016-02-11 00:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP
2016-02-11 00:14 - 2016-02-11 01:18 - 00000000 ____D C:\xampp
2016-02-11 00:04 - 2016-02-11 00:08 - 114109544 _____ (Bitnami) C:\Users\admin\Desktop\xampp-win32-5.6.15-1-VC11-installer.exe
2016-02-10 19:55 - 2016-01-29 22:09 - 00429056 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-10 19:55 - 2016-01-29 22:09 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\sdohlp.dll
2016-02-10 19:55 - 2016-01-29 22:09 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2016-02-10 19:55 - 2016-01-29 22:09 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2016-02-10 19:55 - 2016-01-29 22:09 - 00217600 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2016-02-10 19:55 - 2016-01-29 22:09 - 00153088 _____ (Microsoft Corporation) C:\Windows\system32\sbeio.dll
2016-02-10 19:55 - 2016-01-29 22:08 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\msorcl32.dll
2016-02-10 19:55 - 2016-01-29 22:08 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\iasrecst.dll
2016-02-10 19:55 - 2016-01-29 22:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-10 19:55 - 2016-01-29 22:08 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MSNP.ax
2016-02-10 19:55 - 2016-01-29 22:08 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\Mpeg2Data.ax
2016-02-10 19:55 - 2016-01-29 22:08 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\MSDvbNP.ax
2016-02-10 19:55 - 2016-01-29 22:08 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\iasads.dll
2016-02-10 19:55 - 2016-01-29 22:08 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\iasdatastore.dll
2016-02-10 19:55 - 2016-01-29 20:32 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\iashost.exe
2016-02-10 19:54 - 2016-02-01 12:21 - 01208776 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-10 19:54 - 2016-01-29 22:15 - 03609024 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-02-10 19:54 - 2016-01-29 22:15 - 03556800 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-10 19:54 - 2016-01-29 22:09 - 01316864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-10 19:54 - 2016-01-29 22:09 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-10 19:54 - 2016-01-29 22:08 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-10 19:54 - 2016-01-29 22:07 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-10 19:54 - 2016-01-29 22:07 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-10 19:54 - 2016-01-29 20:24 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-10 19:52 - 2016-01-07 10:21 - 02068480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-10 19:42 - 2016-01-07 10:18 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-10 19:40 - 2016-01-09 12:06 - 00501760 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-10 19:39 - 2016-01-24 23:59 - 01815552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-10 19:39 - 2016-01-24 23:57 - 12391424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-10 19:39 - 2016-01-24 23:55 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-02-10 19:39 - 2016-01-24 23:54 - 09753600 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-10 19:39 - 2016-01-24 23:54 - 01140224 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-10 19:39 - 2016-01-24 23:53 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-10 19:39 - 2016-01-24 23:52 - 01804800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-10 19:39 - 2016-01-24 23:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-10 19:39 - 2016-01-24 23:52 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-10 19:39 - 2016-01-24 23:52 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-10 19:39 - 2016-01-24 23:52 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-10 19:39 - 2016-01-24 23:52 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-02-10 19:39 - 2016-01-24 23:52 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-10 19:39 - 2016-01-24 23:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-02-10 19:39 - 2016-01-24 23:51 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-10 19:39 - 2016-01-24 23:51 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-02-10 19:39 - 2016-01-24 23:51 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-02-10 19:39 - 2016-01-24 23:51 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-10 19:39 - 2016-01-24 23:51 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-02-10 19:39 - 2016-01-24 23:51 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-02-10 19:39 - 2016-01-24 23:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-02-10 19:39 - 2016-01-24 23:51 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2016-02-08 23:33 - 2016-02-08 23:33 - 00334280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-02-08 23:33 - 2016-02-08 23:33 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-02-07 22:08 - 2016-02-07 22:08 - 00000000 ____D C:\Program Files\Common Files\Java
2016-02-07 04:52 - 2016-02-10 19:02 - 00000000 ____D C:\Users\admin\AppData\Local\FluxSoftware
2016-02-06 20:47 - 2016-02-06 20:47 - 00143164 ____H C:\Windows\system32\mlfcache.dat
2016-02-06 20:46 - 2016-02-06 20:46 - 00000868 _____ C:\Users\admin\Desktop\The Creator 7.lnk
2016-02-06 20:46 - 2016-02-06 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Logo Creator 7
2016-02-06 20:46 - 2016-02-06 20:46 - 00000000 ____D C:\Program Files\The Logo Creator 7
2016-02-06 20:42 - 2016-02-06 20:44 - 34685905 _____ C:\Users\admin\Desktop\The_Creator_7_Setup.zip
2016-02-06 16:58 - 2016-02-06 16:58 - 06326160 _____ (Tim Kosse) C:\Users\admin\Downloads\FileZilla_3.15.0.1_win32-setup.exe
2016-02-06 15:16 - 2016-02-06 15:18 - 00000000 ____D C:\Users\admin\Desktop\Dropship Ebooks PDFs
2016-02-05 01:29 - 2016-02-05 01:29 - 00024500 _____ C:\Users\admin\Desktop\age-verify.0.3.0.zip
2016-02-04 01:25 - 2016-02-04 01:26 - 00000000 ____D C:\Users\admin\Desktop\appthemespack
2016-02-04 01:20 - 2016-02-04 01:20 - 12375895 _____ C:\Users\admin\Desktop\appthemespack.rar
2016-02-02 22:53 - 2016-02-02 22:53 - 00000000 ____D C:\Users\admin\Desktop\pp89pack
2016-02-02 22:41 - 2016-02-02 22:43 - 35336946 _____ C:\Users\admin\Desktop\pp89pack.rar
2016-02-02 22:19 - 2016-02-02 22:19 - 00000000 ____D C:\Users\admin\Desktop\2015 Taxes
2016-02-01 17:28 - 2016-02-01 17:28 - 00001736 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2016-02-01 17:28 - 2016-02-01 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-02-01 14:20 - 2016-02-01 14:20 - 00000000 ____D C:\Users\admin\Documents\iMacros
2016-01-31 16:26 - 2016-01-31 16:26 - 02826700 _____ C:\Users\admin\Desktop\ProvenChinaSourcing-dot-com-FINAL-5-6.pdf
2016-01-31 16:24 - 2016-01-31 16:24 - 02845554 _____ C:\Users\admin\Desktop\Sourcing-from-China.pdf
2016-01-31 16:22 - 2016-01-31 16:22 - 00260936 _____ C:\Users\admin\Desktop\proven-wholesale-sourcing-00-intro.pdf
2016-01-31 16:07 - 2016-01-31 16:07 - 00000000 ____D C:\Users\admin\Downloads\outwit
2016-01-31 16:06 - 2016-01-31 16:07 - 00000000 ____D C:\Users\admin\AppData\Roaming\OutWit
2016-01-31 16:06 - 2016-01-31 16:06 - 00000000 ____D C:\Users\admin\AppData\Local\OutWit
2016-01-31 16:05 - 2016-01-31 16:05 - 00000932 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OutWit Docs.lnk
2016-01-31 16:05 - 2016-01-31 16:05 - 00000920 _____ C:\Users\Public\Desktop\OutWit Docs.lnk
2016-01-31 16:05 - 2016-01-31 16:05 - 00000000 ____D C:\Program Files\OutWit
2016-01-31 02:01 - 2016-01-31 02:01 - 00000000 ____D C:\Users\admin\AppData\Local\Ofi Labs
2016-01-31 01:31 - 2016-01-31 01:39 - 00000000 ____D C:\Users\admin\AppData\Roaming\Data Tool
2016-01-31 01:30 - 2016-01-31 03:27 - 00002461 _____ C:\Users\Public\Desktop\Data Toolbar for Chrome and Firefox.lnk
2016-01-31 01:30 - 2016-01-31 01:30 - 00000000 ____D C:\Users\admin\AppData\Local\Package Cache
2016-01-31 01:30 - 2016-01-31 01:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Data Toolbar for Chrome and Firefox
2016-01-31 01:30 - 2016-01-31 01:30 - 00000000 ____D C:\Program Files\DataTool Services
2016-01-31 01:27 - 2016-01-31 01:28 - 30374616 _____ (DataTool Services) C:\Users\admin\Desktop\DataTool.Setup.5741.exe
2016-01-30 22:45 - 2016-01-30 22:45 - 00000000 ___SD C:\Users\admin\Documents\My Data Sources
2016-01-27 16:10 - 2016-01-27 16:10 - 00000772 _____ C:\Users\admin\Desktop\aliecig categories.txt
2016-01-27 14:19 - 2016-01-27 14:19 - 00000218 _____ C:\Users\admin\AppData\Local\recently-used.xbel
2016-01-26 13:58 - 2016-01-26 13:58 - 03077638 _____ C:\Users\admin\Desktop\aliplugin.zip
2016-01-26 00:13 - 2016-01-26 00:13 - 00000106 _____ C:\Users\admin\Desktop\biz names.txt
2016-01-26 00:09 - 2016-01-26 00:09 - 00000809 _____ C:\Users\Public\Desktop\BlueGriffon.lnk
2016-01-26 00:09 - 2016-01-26 00:09 - 00000000 ____D C:\Users\admin\AppData\Roaming\Disruptive Innovations SARL
2016-01-26 00:09 - 2016-01-26 00:09 - 00000000 ____D C:\Users\admin\AppData\Local\Disruptive Innovations SARL
2016-01-26 00:09 - 2016-01-26 00:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueGriffon
2016-01-26 00:08 - 2016-01-26 00:09 - 00000000 ____D C:\Program Files\BlueGriffon
2016-01-24 11:09 - 2016-01-24 11:09 - 00672347 _____ C:\Users\admin\Desktop\SmokingReport_dvtmmfwzap.pdf
2016-01-24 10:37 - 2016-01-24 10:37 - 01452020 _____ C:\Users\admin\Desktop\FreeSneakPeeksCatalog_qsrg5l9mdz.pdf
2016-01-24 08:26 - 2016-01-24 08:26 - 02094451 _____ C:\Users\admin\Desktop\GeneratedList.csv
2016-01-24 08:18 - 2016-01-24 08:24 - 00682384 _____ C:\Users\admin\Desktop\cat_long_file.xls
2016-01-24 01:05 - 2016-01-24 01:05 - 00065412 _____ C:\Users\admin\Desktop\price calculator global marketing partners 2013.xlsx
2016-01-24 00:24 - 2016-01-25 18:02 - 00014336 _____ C:\Users\admin\Desktop\Margins and Markup.xlsx
2016-01-21 15:21 - 2016-01-21 15:21 - 00000000 ____D C:\Users\admin\AppData\Roaming\Brackets
2016-01-21 15:20 - 2016-01-21 15:19 - 00000589 _____ C:\Users\admin\Desktop\Brackets.lnk
2016-01-21 15:19 - 2016-01-21 15:19 - 00000589 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brackets.lnk
2016-01-21 15:18 - 2016-01-21 15:19 - 00000000 ____D C:\Program Files\Brackets
2016-01-21 15:07 - 2016-01-27 14:19 - 00000000 ____D C:\Users\admin\.bluefish
2016-01-21 15:07 - 2016-01-21 15:07 - 00000000 ____D C:\Users\admin\AppData\Local\enchant
2016-01-21 14:49 - 2007-10-04 12:14 - 00434688 _____ (RAD Game Tools, Inc.) C:\Windows\system32\mss32.dll
2016-01-21 13:55 - 2016-01-21 13:59 - 00000000 ____D C:\Users\admin\AppData\Local\SquirrelTemp
2016-01-21 07:35 - 2016-01-21 07:37 - 87094407 _____ C:\Users\admin\Desktop\Cs-Cart 4.3.4 Multi-Vendor.zip
2016-01-20 20:57 - 2016-01-20 20:57 - 00001149 _____ C:\Users\admin\Desktop\URLS.txt
2016-01-20 16:29 - 2016-02-04 15:03 - 00002544 _____ C:\Users\admin\Desktop\Amazon forum e-cig post.txt
2016-01-18 17:54 - 2015-12-05 12:03 - 02873344 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-18 17:54 - 2015-12-05 12:03 - 01567744 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-18 17:54 - 2015-12-05 12:03 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-18 17:54 - 2015-12-05 12:03 - 01377792 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-18 17:54 - 2015-12-05 12:03 - 01326080 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-18 17:54 - 2015-12-05 12:03 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-18 17:54 - 2015-12-05 12:03 - 01114624 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-18 17:54 - 2015-12-05 12:03 - 00867328 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-18 17:54 - 2015-12-05 12:03 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-18 17:54 - 2015-12-05 12:03 - 00759296 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-18 17:54 - 2015-12-05 12:03 - 00650240 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-18 17:54 - 2015-12-05 12:03 - 00605184 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-18 17:54 - 2015-12-05 12:03 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-18 17:54 - 2015-12-05 12:03 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-18 17:54 - 2015-12-05 12:03 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-18 17:54 - 2015-12-05 12:03 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-18 17:54 - 2015-12-05 12:03 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-18 17:54 - 2015-12-05 12:02 - 00606208 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-18 17:54 - 2015-12-05 12:02 - 00480256 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-18 17:54 - 2015-12-05 12:02 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-18 17:54 - 2015-12-05 12:02 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-18 17:54 - 2015-12-05 12:02 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-18 17:54 - 2015-12-05 12:02 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-18 17:54 - 2015-12-05 12:02 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-18 17:54 - 2015-12-05 12:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-18 17:54 - 2015-12-05 12:02 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-18 17:54 - 2015-12-05 12:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-18 17:54 - 2015-12-05 12:02 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-18 17:54 - 2015-12-05 11:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-18 17:54 - 2015-11-13 11:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-18 17:54 - 2015-11-13 11:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-18 17:54 - 2015-11-13 10:27 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-01-18 17:31 - 2015-12-05 12:02 - 00298496 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-16 18:17 - 2016-01-29 18:39 - 00012640 _____ C:\Users\admin\Desktop\Effective rates for CC Processing.xlsx
2016-01-15 17:28 - 2016-01-15 17:28 - 00936180 _____ C:\Users\admin\Desktop\dna40.pdf
2016-01-14 15:56 - 2016-01-14 15:57 - 06293872 _____ (Tim Kosse) C:\Users\admin\Downloads\FileZilla_3.14.1_win32-setup.exe
2016-01-14 15:51 - 2016-01-14 15:52 - 06258448 _____ (Tim Kosse) C:\Users\admin\Downloads\FileZilla_3.13.0_win32-setup.exe
2016-01-13 23:54 - 2016-01-13 23:54 - 00000000 ____D C:\Users\admin\Documents\Incomedia
2016-01-13 23:53 - 2016-01-13 23:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebSite X5 v12 - Professional Demo
2016-01-13 23:52 - 2016-01-13 23:53 - 00000000 ____D C:\Program Files\WebSite X5 v12 - Professional Demo
2016-01-13 23:46 - 2016-01-13 23:46 - 00000000 ____D C:\Users\admin\AppData\Local\Incomedia
2016-01-13 21:18 - 2016-01-14 13:51 - 00001304 _____ C:\Users\admin\Desktop\Pros and Cons of Vape sites.txt
2016-01-12 15:55 - 2016-01-12 15:55 - 00129708 _____ C:\Users\admin\Desktop\SecureNetSecureCheckACHServiceAgreement.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-11 11:19 - 2014-02-09 14:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-11 11:13 - 2014-01-23 15:56 - 00000000 ____D C:\Users\admin\AppData\LocalLow\LastPass
2016-02-11 11:11 - 2006-11-02 07:47 - 00004880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-11 11:11 - 2006-11-02 07:47 - 00004880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-11 11:07 - 2014-01-23 02:17 - 00080152 _____ C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2016-02-11 10:53 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\spool
2016-02-11 10:49 - 2014-01-23 02:16 - 00000924 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2016-02-11 10:49 - 2014-01-23 02:16 - 00000913 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-02-11 10:48 - 2014-02-04 14:53 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-02-11 10:48 - 2014-01-24 17:47 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-02-11 10:47 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-11 10:15 - 2006-11-02 08:01 - 00032634 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-02-11 09:24 - 2014-12-08 18:38 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-11 08:59 - 2014-01-28 13:53 - 00001017 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-02-11 08:59 - 2014-01-28 13:53 - 00001005 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-02-11 08:59 - 2014-01-23 03:04 - 00002142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-11 08:59 - 2014-01-23 03:04 - 00002130 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-10 20:50 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\rescache
2016-02-10 20:40 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\inf
2016-02-10 20:40 - 2006-11-02 05:33 - 00772942 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-10 20:34 - 2006-11-02 07:47 - 03705632 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-10 20:33 - 2016-01-02 11:53 - 00000894 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-02-10 20:33 - 2016-01-02 11:52 - 00000890 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-02-10 20:33 - 2014-01-28 18:55 - 00000260 _____ C:\Windows\Tasks\RtlNICDiagVistaStart.job
2016-02-10 20:33 - 2014-01-23 03:03 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-10 20:33 - 2014-01-23 03:03 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-10 20:30 - 2006-11-02 07:37 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-10 20:30 - 2006-11-02 07:37 - 00000000 ____D C:\Program Files\Windows Collaboration
2016-02-10 19:51 - 2014-01-23 02:48 - 00000000 ____D C:\Windows\system32\MRT
2016-02-10 19:44 - 2006-11-02 05:24 - 144254680 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-02-10 19:10 - 2014-01-23 22:42 - 00000000 ____D C:\Users\admin\AppData\Roaming\Free Download Manager
2016-02-10 18:54 - 2014-01-28 13:53 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-02-10 18:24 - 2015-05-26 22:53 - 00000000 ____D C:\Users\admin\AppData\Roaming\FileZilla
2016-02-10 13:52 - 2016-01-08 10:18 - 00000748 _____ C:\Users\admin\Desktop\vape domains.txt
2016-02-10 11:34 - 2014-01-23 03:07 - 00221240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-02-08 23:33 - 2015-07-21 07:47 - 00171608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2016-02-08 23:33 - 2014-04-29 16:47 - 00032792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-02-08 23:33 - 2014-01-23 03:07 - 00812720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-02-08 23:33 - 2014-01-23 03:07 - 00447848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-02-08 23:33 - 2014-01-23 03:07 - 00091168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-02-08 23:33 - 2014-01-23 03:07 - 00067088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2016-02-08 23:33 - 2014-01-23 03:07 - 00064272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2016-02-08 23:33 - 2014-01-23 03:07 - 00058776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-02-08 16:15 - 2014-01-28 13:53 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-02-07 22:09 - 2014-10-16 05:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-07 22:09 - 2014-10-16 05:33 - 00000000 ____D C:\Program Files\Java
2016-02-07 22:08 - 2015-09-02 12:12 - 00000000 ____D C:\Users\admin\.oracle_jre_usage
2016-02-07 22:07 - 2015-04-08 12:37 - 00095840 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-02-07 04:16 - 2015-03-20 22:06 - 00001456 _____ C:\Users\admin\AppData\Local\Adobe Save for Web 12.0 Prefs
2016-02-06 20:56 - 2015-01-05 02:38 - 00000000 ____D C:\Users\admin\Documents\Laughingbird Documents
2016-02-06 16:58 - 2015-05-26 22:51 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2016-02-06 16:58 - 2015-05-26 22:51 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2016-02-02 22:46 - 2014-12-08 18:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-02 22:46 - 2014-12-08 18:38 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-02-01 17:30 - 2015-09-24 13:15 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-01 17:29 - 2015-09-24 13:16 - 00000000 ____D C:\Program Files\Garmin
2016-02-01 13:43 - 2015-12-15 16:11 - 00001280 _____ C:\Users\admin\Desktop\China Vape Retailers.txt
2016-01-30 05:40 - 2014-03-31 08:15 - 00000000 ____D C:\Windows\Minidump
2016-01-30 05:31 - 2014-01-24 00:32 - 00000000 ____D C:\Program Files\NeoSmart Technologies
2016-01-30 05:20 - 2015-08-13 21:17 - 00000000 ____D C:\Users\admin\AppData\Roaming\WinFF
2016-01-30 05:18 - 2015-11-17 18:44 - 00000000 ____D C:\Users\admin\Desktop\Movies
2016-01-29 23:22 - 2015-01-08 23:56 - 00000132 _____ C:\Users\admin\AppData\Roaming\Adobe PNG Format CS5 Prefs
2016-01-26 00:31 - 2014-01-23 15:37 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-01-26 00:31 - 2014-01-23 15:37 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-01-26 00:22 - 2015-11-19 21:18 - 00000000 ____D C:\Users\admin\AppData\Roaming\MPC-HC
2016-01-25 16:53 - 2016-01-10 16:13 - 00002047 _____ C:\Users\admin\Desktop\Ecig friendly payment processors.txt
2016-01-21 15:07 - 2014-01-23 02:16 - 00000000 ____D C:\Users\admin
2016-01-19 01:47 - 2014-01-23 03:47 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-19 01:43 - 2016-01-10 21:16 - 00000000 ____D C:\Users\admin\AppData\Roaming\Skype
2016-01-18 17:56 - 2014-01-23 03:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

==================== Files in the root of some directories =======

2014-12-10 01:29 - 2015-05-04 18:31 - 0000132 _____ () C:\Users\admin\AppData\Roaming\Adobe BMP Format CS5 Prefs
2014-12-10 01:48 - 2016-01-08 03:00 - 0000132 _____ () C:\Users\admin\AppData\Roaming\Adobe GIF Format CS5 Prefs
2015-01-08 23:56 - 2016-01-29 23:22 - 0000132 _____ () C:\Users\admin\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-10-02 22:05 - 2015-10-17 13:53 - 0000118 _____ () C:\Users\admin\AppData\Roaming\Camdata.ini
2015-10-02 22:05 - 2015-10-17 13:53 - 0000408 _____ () C:\Users\admin\AppData\Roaming\CamLayout.ini
2015-10-02 22:05 - 2015-10-17 13:53 - 0000408 _____ () C:\Users\admin\AppData\Roaming\CamShapes.ini
2015-10-02 22:05 - 2015-10-17 13:53 - 0004571 _____ () C:\Users\admin\AppData\Roaming\CamStudio.cfg
2015-10-04 01:28 - 2015-10-04 01:28 - 0000098 _____ () C:\Users\admin\AppData\Roaming\CamStudio.Producer.command
2015-10-04 00:12 - 2015-10-04 01:28 - 0000000 _____ () C:\Users\admin\AppData\Roaming\CamStudio.Producer.Data.ini
2015-10-04 00:12 - 2015-10-04 01:28 - 0001206 _____ () C:\Users\admin\AppData\Roaming\CamStudio.Producer.ini
2014-01-23 17:47 - 2014-01-23 17:47 - 0001106 _____ () C:\Users\admin\AppData\Roaming\ConvAPIPlugin.log
2015-10-02 22:04 - 2015-10-17 13:52 - 0000096 _____ () C:\Users\admin\AppData\Roaming\version2.xml
2015-03-20 22:06 - 2016-02-07 04:16 - 0001456 _____ () C:\Users\admin\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-01-23 02:16 - 2015-10-18 02:37 - 0001356 _____ () C:\Users\admin\AppData\Local\d3d9caps.dat
2014-01-23 13:43 - 2015-08-17 02:10 - 0092160 _____ () C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-25 01:46 - 2014-01-25 01:46 - 0000093 _____ () C:\Users\admin\AppData\Local\fusioncache.dat
2016-01-27 14:19 - 2016-01-27 14:19 - 0000218 _____ () C:\Users\admin\AppData\Local\recently-used.xbel
2014-01-23 17:30 - 2014-01-23 17:51 - 0001728 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\admin\AppData\Local\Temp\HitmanPro.exe
C:\Users\admin\AppData\Local\Temp\PjtY8M32WA.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-11 10:52

==================== End of FRST.txt ============================

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:07-02-2016
Ran by admin (2016-02-11 11:39:31)
Running from C:\Users\admin\Desktop
Microsoft® Windows Vista™ Business  Service Pack 2 (X86) (2014-01-23 10:08:43)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

admin (S-1-5-21-2996190037-1798685498-1166926685-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-2996190037-1798685498-1166926685-500 - Administrator - Disabled)
Guest (S-1-5-21-2996190037-1798685498-1166926685-501 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 6.1.2 - Hewlett-Packard) Hidden
32 bit Windows Card Reader Driver (HKLM\...\{CE6DEE87-1C87-42ED-A108-7369BFE9076F}) (Version: 1.1.0.0 - TEAC)
6000E609_eDocs (Version: 1.00.0000 - Hewlett-Packard) Hidden
6000E609_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden
6000E609n (Version: 140.0.000.000 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{B448BC74-1CB7-7A57-3313-5E075AFB413E}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 11.1.2253 - AVAST Software)
AVS Video Editor 7.1 (HKLM\...\AVS Video Editor_is1) (Version: 7.1.3.263 - Online Media Technologies Ltd.)
Bitnami WordPress Module (HKLM\...\Bitnami WordPress Module 4.4.2-1) (Version: 4.4.2-1 - Bitnami)
BlueGriffon version 1.8 (HKLM\...\{A9015334-10BE-4D64-A776-203336EFE806}_is1) (Version: 1.8 - Disruptive Innovations SAS)
BPDSoftware (Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
Brackets (HKLM\...\{0DA290D2-0583-4967-9EC0-93C1F603DD13}) (Version: 1.6 - brackets.io)
BufferChm (Version: 140.0.213.000 - Hewlett-Packard) Hidden
Canon ScanGear Starter (HKLM\...\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}) (Version:  - )
CanoScan Toolbox Ver4.9 (HKLM\...\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
CleanUp! (HKLM\...\CleanUp!) (Version:  - )
CloudReading (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.1.47.1220 - Foxit Corporation)
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.1.3) (Version: 5.0.1.3 - Coupons.com Incorporated)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Data Toolbar for Chrome and Firefox (HKU\S-1-5-21-2996190037-1798685498-1166926685-1000\...\{f187c777-e31f-4b7e-9bb0-8281ea99d4ef}) (Version: 3.1.5779.0 - DataTool Services)
Data Toolbar for Chrome and Firefox (Version: 3.1.5779.0 - DataTool Services) Hidden
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
DeviceDiscovery (Version: 140.0.213.000 - Hewlett-Packard) Hidden
Dropbox (HKLM\...\Dropbox) (Version: 3.12.6 - Dropbox, Inc.)
Dropbox Update Helper (Version: 1.3.27.77 - Dropbox, Inc.) Hidden
eFax Messenger (HKLM\...\{DF6DA606-904D-4C18-823F-A4CFC3035E53}) (Version: 4.4.2.533 - j2 Global)
Elevated Installer (Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
Eraser 6.2.0.2969 (HKLM\...\{5140890B-8A88-4E81-A5C3-7B9F92F74FD2}) (Version: 6.2.2969 - The Eraser Project)
FileZilla Client 3.15.0.1 (HKU\S-1-5-21-2996190037-1798685498-1166926685-1000\...\FileZilla Client) (Version: 3.15.0.1 - Tim Kosse)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.1.2.1224 - Foxit Corporation)
Free Download Manager 3.9.6 (HKLM\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
Garmin Express (HKLM\...\{0733d53f-b41d-47cc-b336-d95751c4b2cb}) (Version: 4.1.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
GPBaseService2 (Version: 140.0.212.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 6000 E609 Series (HKLM\...\{7791308C-85FB-43B9-93F2-7DE9CB7D5C4A}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
HPProductAssistant (Version: 140.0.213.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Incomedia WebSite X5 v12 - Professional Demo (HKLM\...\{404C2E2F-395B-48B4-9B38-21DC1BB4A756}_is1) (Version: 12.0.4.21 - Incomedia s.r.l.)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Itibiti RTC (Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 73 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
jetAudio Basic (HKLM\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.1.0 - COWON)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 10.3.5 Standard (HKLM\...\KLiteCodecPack_is1) (Version: 10.3.5 - )
LastPass (uninstall only) (HKU\S-1-5-21-2996190037-1798685498-1166926685-1000\...\LastPass) (Version:  - LastPass)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MarketResearch (Version: 140.0.214.000 - Hewlett-Packard) Hidden
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Lync Web App Plug-in (HKLM\...\{E9C07DC0-2338-41BE-899F-C3E5F3E242BE}) (Version: 15.8.8653.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 44.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 44.0.1 (x86 en-US)) (Version: 44.0.1 - Mozilla)
Mozilla Thunderbird 38.5.1 (x86 en-US) (HKLM\...\Mozilla Thunderbird 38.5.1 (x86 en-US)) (Version: 38.5.1 - Mozilla)
Network (Version: 140.0.215.000 - Hewlett-Packard) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
OpenOffice 4.1.1 (HKLM\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
OutWit Docs 5.0.0.149 (x86 en-US) (HKLM\...\OutWit Docs 5.0.0.149 (x86 en-US)) (Version: 5.0.0.149 - OutWit)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
PIXresizer (HKLM\...\PIXresizer_is1) (Version: 2.0.5 - Bluefive software)
ProductContext (Version: 140.0.000.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek Ethernet Network Card Diagnostic tool for Windows Vista (HKLM\...\{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}) (Version: 1.00 - Realtek)
ReGet Deluxe (HKU\S-1-5-21-2996190037-1798685498-1166926685-1000\...\ReGetDx) (Version: 5.2 DevBuild - ReGet Software)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 7.17 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.106 - Skype Technologies S.A.)
SmartWebPrinting (Version: 140.0.213.000 - Hewlett-Packard) Hidden
Snagit 9.1.1 (HKLM\...\{F20A984B-9B30-4A9E-A3AC-918AF0D85A48}) (Version: 9.1.1.261 - TechSmith Corporation)
SnapStream Beyond TV 4.2.0 Express (HKLM\...\Beyond TV) (Version: 4.2.0.3118 - SnapStream Media)
SolutionCenter (Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (Version: 140.0.256.000 - Hewlett-Packard) Hidden
The Business Card Creator Add On set v4 (HKLM\...\The Business Card Creator Add On set) (Version: v4 - Laughingbird Software)
The Creator 7 (HKLM\...\{93F609F3-CAF5-4ACE-A054-78848912C548}) (Version: 7.0 - Laughingbird Software)
The Logo Creator v5 (HKLM\...\The Logo Creator v5) (Version:  - )
The Logo Creator v6.8 (HKLM\...\{A30C1462-DE8B-1814-4D94-938CEA53F4E4}) (Version: 6.8 - Laughingbird Software)
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (Version: 140.0.213.000 - Hewlett-Packard) Hidden
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebReg (Version: 140.0.213.017 - Hewlett-Packard) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM\...\x264vfw) (Version:  - )
XAMPP (HKLM\...\xampp) (Version: 5.6.15-1 - Bitnami)
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.4) (Version: 1.3.4 - Xvid Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{0BBFE402-CCA1-4f64-9322-13B66D841049}\InprocServer32 -> C:\Users\admin\AppData\Local\TechSmith\SnagIt\Accessories\{23102CBF-AC8D-4424-9364-A79738894850}\MSWord.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{25D005BF-FE63-4cce-AA25-CE952B1D9381}\InprocServer32 -> C:\Users\admin\AppData\Local\TechSmith\SnagIt\Accessories\{638B203F-8FB6-49ec-A139-AB8C530F0CAB}\MSPowerPoint.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{54050FBB-F2AE-404b-8BFD-7EE3EC784A52}\InprocServer32 -> C:\Users\admin\AppData\Local\TechSmith\SnagIt\Accessories\{18AA4E21-D540-4a3a-9F9F-E6DE33D6F253}\MSExcel.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{6B1948B3-9547-42F8-9B37-7AA9768134C4}\InprocServer32 -> C:\Users\admin\AppData\Local\TechSmith\SnagIt\Accessories\{23102CBF-AC8D-4424-9364-A79738894850}\MSWord.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1FE02019-6306-446C-A4E6-DCD14636BFF7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-08] (AVAST Software)
Task: {2B5F4F0A-F8F6-4EFA-B98F-8B09EB39D628} - System32\Tasks\RtlNICDiagVistaStart => C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe [2008-05-12] (Realtek)
Task: {309221A5-198B-468F-A980-B8C3270F6805} - System32\Tasks\{3C651ABE-5DB0-4B38-9F7F-E55846966CEE} => Chrome.exe hxxp://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?page=tsProgressBar
Task: {4C642C73-8ACA-466A-9531-F7E3DE41E0DB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
Task: {4ED7C6A2-2466-4B31-97D7-9EB03B35809F} - System32\Tasks\{F1C5EA40-D712-4633-AC21-FE6C7CDDE112} => pcalua.exe -a C:\Users\admin\Downloads\deldrvvst2120ej.exe -d C:\Users\admin\Downloads
Task: {53B8B67A-0E93-436B-B9D6-DFAE82705B8F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {5FED8C77-0946-4CAB-9C8D-2E8698EA3DA4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {6364BD16-3D07-4587-8B59-A28F468865D4} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-01-02] (Dropbox, Inc.)
Task: {6B5375C7-2A7C-4AF8-9529-D519D8643D68} - System32\Tasks\{6FFC066F-74D7-465C-852D-43668437F3DA} => pcalua.exe -a C:\Users\admin\Downloads\lide25wiavst1212en.exe -d C:\Users\admin\Downloads
Task: {6D8C36C7-55BD-4B74-86BE-40980171305E} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-01-02] (Dropbox, Inc.)
Task: {7F860171-01A9-4DBE-A2C3-CB069FE96626} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {AEB4B240-FAC1-4F2C-B1E3-103E70ADD153} - System32\Tasks\AdobeAAMUpdater-1.0-Vostro420-admin => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {E1F5063A-1127-4E46-AE9E-C729859849E4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-26] (Adobe Systems Incorporated)
Task: {E51218FA-DDEE-48BA-9895-D5BCE2E1FE01} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FB667645-1AF7-4838-A0CF-4EBE2383B3A1} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-01-28] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RtlNICDiagVistaStart.job => C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1455199104&a=1003897&src=sh&uuid=382d97e8-ca77-4e8a-9b51-c4208cfa5606"
ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1455199104&a=1003897&src=sh&uuid=382d97e8-ca77-4e8a-9b51-c4208cfa5606"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1455199104&a=1003897&src=sh&uuid=382d97e8-ca77-4e8a-9b51-c4208cfa5606"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1455199104&a=1003897&src=sh&uuid=382d97e8-ca77-4e8a-9b51-c4208cfa5606"
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1455199104&a=1003897&src=sh&uuid=382d97e8-ca77-4e8a-9b51-c4208cfa5606"
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1455199104&a=1003897&src=sh&uuid=382d97e8-ca77-4e8a-9b51-c4208cfa5606"

==================== Loaded Modules (Whitelisted) ==============

2015-03-17 10:23 - 2016-02-08 23:33 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-17 10:23 - 2016-02-08 23:33 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-02-11 04:36 - 2016-02-11 04:36 - 02820096 _____ () C:\Program Files\AVAST Software\Avast\defs\16021100\algo.dll
2015-11-27 12:49 - 2016-02-08 23:33 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2008-06-03 03:35 - 2008-06-03 03:35 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2010-07-04 16:32 - 2010-07-04 16:32 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2016-02-02 04:55 - 2016-02-02 04:55 - 00039376 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2015-03-13 11:56 - 2015-12-09 06:17 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-01-04 15:03 - 2016-01-04 15:03 - 01114648 _____ () C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\e798vnut.default\extensions\[email protected]\platform\WINNT_x86-msvc\components\lpxpcom.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\win.ini:s1
AlternateDataStreams: C:\Users\admin\Desktop\Professor Messer's A  Study Group After Show - January 2014.mp4:TOC.WMV
AlternateDataStreams: C:\Users\admin\Desktop\Vape list.xlsx:com.dropbox.attributes

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2014-11-21 14:31 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2996190037-1798685498-1166926685-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\Pictures\esmokaBandW1000x250.jpg
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AcrSch2Svc => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: afcdpsrv => 2
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AppMgmt => 3
MSCONFIG\Services: Ati External Event Utility => 2
MSCONFIG\Services: Browser => 2
MSCONFIG\Services: CouponPrinterService => 2
MSCONFIG\Services: CscService => 2
MSCONFIG\Services: dbupdate => 2
MSCONFIG\Services: dbupdatem => 3
MSCONFIG\Services: DFSR => 3
MSCONFIG\Services: fsssvc => 3
MSCONFIG\Services: Garmin Device Interaction Service => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: syncagentsrv => 2
MSCONFIG\Services: wlidsvc => 2
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\Services: WPFFontCache_v0400 => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: Dropbox => "C:\Program Files\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: eFax 4.4 => "C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" /R
MSCONFIG\startupreg: Eraser => "C:\Program Files\Eraser\Eraser.exe" -atRestart
MSCONFIG\startupreg: f.lux => "C:\Users\admin\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IAAnotif => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RoboForm => "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
MSCONFIG\startupreg: UnlockerAssistant => "C:\Program Files\Unlocker\UnlockerAssistant.exe"
MSCONFIG\startupreg: XMouseButtonControl => C:\Program Files\X-Mouse Button Control\XMouseButtonControl.exe /notportable
MSCONFIG\startupreg: Xvid => powershell.exe -nologo -WindowStyle hidden -Noninteractive -NoProfile -ExecutionPolicy Bypass -File "C:\Program Files\Xvid Codec\CheckUpdate.ps1"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [SLSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [SLSVC-In-TCP] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [{53AB147A-DD36-411E-A552-7CE3EE5697BD}] => (Allow) LPort=80
FirewallRules: [{A870A236-3759-414C-B326-7520453017B1}] => (Allow) LPort=80
FirewallRules: [{24F3C518-847F-4193-AC21-9BE6C8495D71}] => (Allow) LPort=80
FirewallRules: [{493A34DA-E080-4A00-A9AC-8D778BAB1946}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{A3EF3082-C480-4DEF-9E72-31EB4076F7D8}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{034FD078-65F4-4774-82EA-050356F27DCC}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{FCC23269-3838-4B68-A1AE-D2A297BC0E2C}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{65B304A4-0968-4D36-8FC6-0E1032C21933}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{2D89A813-534C-44FD-B5C8-F0044E9DCF13}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{F715910A-4CF2-406B-87D4-DEE15E82B6AB}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{656FF1F9-3D70-4ABD-9E09-7801683CF141}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{3FCCA465-9003-4C58-97C9-B5A54D7E4FB6}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{77D7ECEE-C1ED-4FD6-A7DA-21F4D2BEA81E}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{9B0FAC01-3799-44E7-A657-66744045A41A}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
FirewallRules: [{4D632ADB-9E2E-4775-9133-8CC51F8A595D}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{1E9FB6B8-AE3D-4933-80BF-2EC8204236CF}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{ABE93C08-FCC7-409D-9EF5-8FF5A761D384}] => (Allow) LPort=2869
FirewallRules: [{ED4D3321-B801-4B8F-BF6F-B5201B70EA56}] => (Allow) LPort=1900
FirewallRules: [{3E2D418A-C12C-4ED9-A360-0EA98DE65F5D}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5D1213BE-8B83-4BD4-8FD8-5EF29385CFD4}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [{E89E8A10-D207-4DF7-A58A-DE8B0A1D8A42}] => (Allow) C:\Program Files\Beyond TV\BTVRegistrationService.exe
FirewallRules: [{12FB1EFE-E68F-4535-B429-57039270C00D}] => (Allow) C:\Program Files\Beyond TV\BTVRegistrationService.exe
FirewallRules: [{1A2ACF84-2008-40F0-A103-0CEA353B7967}] => (Allow) C:\Program Files\Beyond TV\BTVWebServiceProxy.exe
FirewallRules: [{805245E1-F2FF-43B7-9FDE-8BC9A920774F}] => (Allow) C:\Program Files\Beyond TV\BTVWebServiceProxy.exe
FirewallRules: [{89116991-B125-4B51-B8BD-9CDC6C1F6DFF}] => (Allow) C:\Program Files\Beyond TV\BTVLibraryService.exe
FirewallRules: [{8F71943E-FCF6-4299-B327-34365F1A8952}] => (Allow) C:\Program Files\Beyond TV\BTVLibraryService.exe
FirewallRules: [{1DCDE38A-6834-420B-899E-B001BF068CB5}] => (Allow) C:\Program Files\Beyond TV\BTVNetworkService.exe
FirewallRules: [{315DFF84-F23C-4467-8472-E4D467A78E08}] => (Allow) C:\Program Files\Beyond TV\BTVNetworkService.exe
FirewallRules: [{C0E081FD-BCFF-4113-99CC-076B8603B91F}] => (Allow) C:\Program Files\Beyond TV\BTVRecordingEngine.exe
FirewallRules: [{182A4997-F1DB-424D-AB47-5041874E9502}] => (Allow) C:\Program Files\Beyond TV\BTVRecordingEngine.exe
FirewallRules: [{8E1629FA-EBD9-425A-9E94-F68C90891013}] => (Allow) C:\Program Files\Beyond TV\BTVGuideDataLoader.exe
FirewallRules: [{4D770789-8BFD-4F3A-B67E-ECB234F6AF34}] => (Allow) C:\Program Files\Beyond TV\BTVGuideDataLoader.exe
FirewallRules: [{D3A80250-8979-464E-947B-9FE16362A2EA}] => (Allow) C:\Program Files\Beyond TV\BTVSettingsService.exe
FirewallRules: [{AA7C9F2D-62D7-44BA-9EC9-E84500D86EEE}] => (Allow) C:\Program Files\Beyond TV\BTVSettingsService.exe
FirewallRules: [{E6401C58-D4C5-4ED1-98DB-782753D520F8}] => (Allow) C:\Program Files\Beyond TV\BTVTaskManagerService.exe
FirewallRules: [{7D2221F4-11E0-4D47-BD37-860B68065B44}] => (Allow) C:\Program Files\Beyond TV\BTVTaskManagerService.exe
FirewallRules: [{F80C783C-7365-4375-8CCF-0CE62D618F47}] => (Allow) C:\Program Files\Beyond TV\BTVD3DShell.exe
FirewallRules: [{787AEE64-7707-465D-80FE-E3515344B116}] => (Allow) C:\Program Files\Beyond TV\BTVD3DShell.exe
FirewallRules: [{8099BADD-33C1-4814-A553-4EA842C8EE72}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{EBBF450D-110F-4951-8E68-96EAB494B069}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C6096A4A-76B7-45E9-A9BE-C65AB17BEF1A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{14D37838-26E0-4B3F-97EA-28F1297A0D34}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{D8571704-A12F-4DE9-BF8E-F11DCDDC2AF3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{66D29D3F-C588-42F4-BF93-C66BA311A4B4}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe
FirewallRules: [{DB1BA85B-B267-4414-B67D-84E06917FE08}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{5C382305-376D-429D-95D2-0AEBD4002BE7}C:\program files\brackets\node.exe] => (Block) C:\program files\brackets\node.exe
FirewallRules: [UDP Query User{D24D5A05-222D-4747-A5DB-098CD06C115D}C:\program files\brackets\node.exe] => (Block) C:\program files\brackets\node.exe
FirewallRules: [TCP Query User{DAFBEF80-E6B4-4093-87B0-7D0816C1F158}C:\program files\datatool services\data toolbar for chrome and firefox\phantomjs.exe] => (Allow) C:\program files\datatool services\data toolbar for chrome and firefox\phantomjs.exe
FirewallRules: [UDP Query User{1E67E885-7E14-458C-BFC9-85E463665451}C:\program files\datatool services\data toolbar for chrome and firefox\phantomjs.exe] => (Allow) C:\program files\datatool services\data toolbar for chrome and firefox\phantomjs.exe
FirewallRules: [{BCC0DAE4-0E09-403F-855B-6B38E2D171FC}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{2E84EBA7-914D-4E19-89C8-597F6976FEE1}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{52AB7F25-A671-48DE-B0B2-DE09A421FFB1}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{B21BD839-26EC-459D-AFD9-CBAF5E39E12F}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{A014E089-299B-4CEE-A67E-A34F0903D9DE}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [TCP Query User{90139BA8-9AD8-47DE-915D-EB64DD3D90B9}C:\xampp\filezillaftp\filezillaserver.exe] => (Allow) C:\xampp\filezillaftp\filezillaserver.exe
FirewallRules: [UDP Query User{E5918F3F-DB53-4985-8E37-2BEEFF4111F2}C:\xampp\filezillaftp\filezillaserver.exe] => (Allow) C:\xampp\filezillaftp\filezillaserver.exe

==================== Restore Points =========================

10-02-2016 19:01:42 Revo Uninstaller's restore point - f.lux
10-02-2016 19:40:03 Windows Update
11-02-2016 09:02:26 Revo Uninstaller's restore point - KNCTR
11-02-2016 09:10:01 Revo Uninstaller's restore point - StormAlerts
11-02-2016 09:12:34 Revo Uninstaller's restore point - Desktop-play 000.015020235
11-02-2016 09:49:04 Revo Uninstaller's restore point - MozBackup 1.5.1
11-02-2016 10:04:36 Checkpoint by HitmanPro
11-02-2016 10:06:28 Checkpoint by HitmanPro
11-02-2016 10:06:46 Checkpoint by HitmanPro
11-02-2016 10:07:17 Checkpoint by HitmanPro
11-02-2016 10:08:49 Checkpoint by HitmanPro
11-02-2016 10:10:35 Revo Uninstaller's restore point - HitmanPro 3.7

==================== Faulty Device Manager Devices =============

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Officejet 6000 E609n
Description: Officejet 6000 E609n
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/11/2016 11:33:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 48.0.2564.109 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1ea8
Start Time: 01d164e927489e2e
Termination Time: 15

Error: (02/11/2016 11:18:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 48.0.2564.109 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 11c8
Start Time: 01d164e490bb48de
Termination Time: 0

Error: (02/11/2016 10:49:44 AM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (960) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.

Error: (02/11/2016 10:49:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application spoolsv.exe, version 6.0.6002.18294, time stamp 0x4c6a9898, faulting module localspl.dll, version 6.0.6002.18631, time stamp 0x4fad36d7, exception code 0xc00000fd, fault offset 0x00003e72,
process id 0x6ec, application start time 0xspoolsv.exe0.

Error: (02/11/2016 10:48:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2016 10:12:02 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 44.0.1.5879 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 59dc
Start Time: 01d164ddeb339556
Termination Time: 56

Error: (02/11/2016 10:10:35 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {16efd6be-2a31-427b-8757-4a170f6ebd81}

Error: (02/11/2016 09:48:54 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {16efd6be-2a31-427b-8757-4a170f6ebd81}

Error: (02/11/2016 09:46:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 44.0.1.5879, time stamp 0x56b55a96, faulting module mozglue.dll, version 44.0.1.5879, time stamp 0x56b54c1b, exception code 0x80000003, fault offset 0x0000ef7b,
process id 0x3a90, application start time 0xplugin-container.exe0.

Error: (02/11/2016 09:46:36 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 44.0.1.5879 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 2f3c
Start Time: 01d164c7d8634e96
Termination Time: 3857


System errors:
=============
Error: (02/11/2016 10:49:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Print Spooler1600001Restart the service

Error: (02/11/2016 10:49:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (02/11/2016 10:48:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: MBAMService%%1053

Error: (02/11/2016 10:48:40 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000MBAMService

Error: (02/11/2016 10:48:12 AM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)
Description: The print spooler failed to share printer HP Officejet 6000 E609n Series with shared resource name HP Officejet 6000 E609n Series. Error 2114. The printer cannot be used by others on the network.

Error: (02/11/2016 10:46:56 AM) (Source: atikmdag) (EventID: 10267) (User: )
Description: EDID is not supported on this display

Error: (02/11/2016 09:40:46 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (02/10/2016 08:34:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Print Spooler1600001Restart the service

Error: (02/10/2016 08:32:28 PM) (Source: atikmdag) (EventID: 10267) (User: )
Description: EDID is not supported on this display

Error: (02/10/2016 07:54:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Search%%1053


CodeIntegrity:
===================================
  Date: 2016-02-11 11:39:13.304
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-11 11:39:13.070
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-11 11:39:12.852
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-11 11:39:12.633
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-11 11:21:11.522
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-11 11:21:11.303
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-11 11:21:11.054
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-11 11:21:10.820
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-11 11:17:56.471
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-11 11:17:56.234
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E7300 @ 2.66GHz
Percentage of memory in use: 49%
Total physical RAM: 3070.26 MB
Available physical RAM: 1544.82 MB
Total Virtual: 6363.5 MB
Available Virtual: 4837.48 MB

==================== Drives ================================

Drive c: (Vista Biz) (Fixed) (Total:161.13 GB) (Free:87.73 GB) NTFS
Drive d: (XP Professional) (Fixed) (Total:71.63 GB) (Free:9.79 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive i: () (Removable) (Total:3.69 GB) (Free:3.45 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.8 GB) (Disk ID: A42D04A3)
Partition 1: (Not Active) - (Size=71 MB) - (Type=DE)
Partition 2: (Active) - (Size=71.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=161.1 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 3.7 GB) (Disk ID: 007DEF08)
Partition 1: (Active) - (Size=3.7 GB) - (Type=0C)

==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, your Chrome installation has been subverted so we need to fix that first

Re-install Chrome

1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome.
Note: When asked about user data or settings you must remove this also so please check the box.
5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
6. Import your bookmarks back into Chrome
7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.

THEN

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2996190037-1798685498-1166926685-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000 -> No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File
Toolbar: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
2016-02-11 09:00 - 2016-02-11 09:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DESKTOPPLAY
CustomCLSID: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
Task: {4ED7C6A2-2466-4B31-97D7-9EB03B35809F} - System32\Tasks\{F1C5EA40-D712-4633-AC21-FE6C7CDDE112} => pcalua.exe -a C:\Users\admin\Downloads\deldrvvst2120ej.exe -d C:\Users\admin\Downloads
Task: {6B5375C7-2A7C-4AF8-9529-D519D8643D68} - System32\Tasks\{6FFC066F-74D7-465C-852D-43668437F3DA} => pcalua.exe -a C:\Users\admin\Downloads\lide25wiavst1212en.exe -d C:\Users\admin\Downloads
ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1455199104&a=1003897&src=sh&uuid=382d97e8-ca77-4e8a-9b51-c4208cfa5606"
ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1455199104&a=1003897&src=sh&uuid=382d97e8-ca77-4e8a-9b51-c4208cfa5606"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1455199104&a=1003897&src=sh&uuid=382d97e8-ca77-4e8a-9b51-c4208cfa5606"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1455199104&a=1003897&src=sh&uuid=382d97e8-ca77-4e8a-9b51-c4208cfa5606"
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1455199104&a=1003897&src=sh&uuid=382d97e8-ca77-4e8a-9b51-c4208cfa5606"
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1455199104&a=1003897&src=sh&uuid=382d97e8-ca77-4e8a-9b51-c4208cfa5606"
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

FINALLY

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#3
LVAD

LVAD

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts

My browsers don't seem to be hijacked anymore, however when my computer is rebooted my desktop background loads in like normal but right away (before the icons load in), the screen goes white for about a 1 or 2 seconds.  Then it goes away and the background comes back and the icons load in. 

 

It never did that before and only started after I got infected.

 

 

Here are my logs...

 

Fix result of Farbar Recovery Scan Tool (x86) Version:07-02-2016
Ran by admin (2016-02-11 14:19:25) Run:1
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: admin)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2996190037-1798685498-1166926685-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000 -> No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File
Toolbar: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
2016-02-11 09:00 - 2016-02-11 09:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DESKTOPPLAY
CustomCLSID: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
Task: {4ED7C6A2-2466-4B31-97D7-9EB03B35809F} - System32\Tasks\{F1C5EA40-D712-4633-AC21-FE6C7CDDE112} => pcalua.exe -a C:\Users\admin\Downloads\deldrvvst2120ej.exe -d C:\Users\admin\Downloads
Task: {6B5375C7-2A7C-4AF8-9529-D519D8643D68} - System32\Tasks\{6FFC066F-74D7-465C-852D-43668437F3DA} => pcalua.exe -a C:\Users\admin\Downloads\lide25wiavst1212en.exe -d C:\Users\admin\Downloads
ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1455199104&a=1003897&src=sh&uuid=382d97e8-ca77-4e8a-9b51-c4208cfa5606"
ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1455199104&a=1003897&src=sh&uuid=382d97e8-ca77-4e8a-9b51-c4208cfa5606"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1455199104&a=1003897&src=sh&uuid=382d97e8-ca77-4e8a-9b51-c4208cfa5606"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1455199104&a=1003897&src=sh&uuid=382d97e8-ca77-4e8a-9b51-c4208cfa5606"
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1455199104&a=1003897&src=sh&uuid=382d97e8-ca77-4e8a-9b51-c4208cfa5606"
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1455199104&a=1003897&src=sh&uuid=382d97e8-ca77-4e8a-9b51-c4208cfa5606"
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

Restore point was successfully created.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-2996190037-1798685498-1166926685-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKU\S-1-5-21-2996190037-1798685498-1166926685-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} => value removed successfully.
HKCR\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A} => key not found.
HKU\S-1-5-21-2996190037-1798685498-1166926685-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DESKTOPPLAY => moved successfully
"HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}" => key removed successfully.
"HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}" => key removed successfully.
"HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}" => key removed successfully.
"HKU\S-1-5-21-2996190037-1798685498-1166926685-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4ED7C6A2-2466-4B31-97D7-9EB03B35809F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4ED7C6A2-2466-4B31-97D7-9EB03B35809F}" => key removed successfully.
C:\Windows\System32\Tasks\{F1C5EA40-D712-4633-AC21-FE6C7CDDE112} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F1C5EA40-D712-4633-AC21-FE6C7CDDE112}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6B5375C7-2A7C-4AF8-9529-D519D8643D68}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B5375C7-2A7C-4AF8-9529-D519D8643D68}" => key removed successfully.
C:\Windows\System32\Tasks\{6FFC066F-74D7-465C-852D-43668437F3DA} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6FFC066F-74D7-465C-852D-43668437F3DA}" => key removed successfully.
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chrome.lnk => not found.
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk => Shortcut argument removed successfully..
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Shortcut argument removed successfully..
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Shortcut argument removed successfully..
C:\Users\Public\Desktop\Google Chrome.lnk => Shortcut argument removed successfully..
C:\Users\Public\Desktop\Mozilla Firefox.lnk => Shortcut argument removed successfully..

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.0.6001 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

0 out of 0 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 83.2 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 14:21:38 ====

 

 

 

# AdwCleaner v5.033 - Logfile created 11/02/2016 at 14:37:58
# Updated 07/02/2016 by Xplode
# Database : 2016-02-07.2 [Server]
# Operating system : Windows Vista ™ Business Service Pack 2 (x86)
# Username : admin - VOSTRO420
# Running from : C:\Users\admin\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0DC81A74-1FBD-4EF6-82B2-DE3FA05E8233}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B26E4A2-7F09-4365-9AB8-13E6891E42CB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{21402197-BB5B-476C-AA1D-3FFED8ED813A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{42E8D680-A18B-4CAA-ACE0-18EA05E4A056}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{454A4044-16EC-4D64-9069-C5B8832B7B55}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4FEB1BAD-35AD-4A08-B6EC-E6D832F1ED4D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8F2B3016-17D4-447A-B207-FFA8957A834A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E66B63B0-49F8-47E3-A9BA-799287B59E87}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F8FA5B48-B7A2-4BC6-8389-9587643A4660}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKCU\Software\Microsoft\Tinstalls
[-] Key Deleted : HKCU\Software\StormAlertsApp
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Coupon Printer for Windows5.0.1.3

***** [ Web browsers ] *****

[-] [C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2558 bytes] ##########
 


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

OK as a quick check could you change the desktop wallpaper and reboot. does the white flash still appear ?


  • 0

#5
LVAD

LVAD

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts

Changed the wallpaper to just a solid background and the flash went away.  Optimized the picture I had and reduced the file size to about 25% of original and now everything is fine as far as I can see.


  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Any further problems apparent ?
  • 0

#7
LVAD

LVAD

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts

Not that I can see.  Any special instructions on removing these programs?


  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
javara.JPG


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP