Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need some assistance with sons computer..


  • Please log in to reply

#1
Windber28

Windber28

    New Member

  • Member
  • Pip
  • 6 posts

Not sure what he did or clicked or what.  but this computer is so slow it's infuriating.. pop up windows that i can't close without rebooting saying the system is infected with a number to call to microsoft..  i've tried calling that number and couldn't understand a word of what the agent there said.  so i googled and found you guys..  i have followed the directions and here are the logfiles.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-11-2016
Ran by Justin (administrator) on JUSTIN-PC (11-11-2016 11:41:53)
Running from C:\Users\Justin\Desktop
Loaded Profiles: Justin (Available Profiles: Justin & Justin2)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
(ServiceEx) C:\Windows\SysWOW64\drivers\svchost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ServiceEx) C:\Windows\SysWOW64\drivers\svchost.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(BitTorrent Inc.) C:\Users\Justin\AppData\Roaming\uTorrent\uTorrent.exe
(BitTorrent Inc.) C:\Users\Justin\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe
(BitTorrent Inc.) C:\Users\Justin\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [InstaLAN] => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [2015136 2011-05-27] (Affinegy, Inc.)
HKU\S-1-5-21-2840602664-1174431460-2861059735-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2917456 2016-06-09] (Valve Corporation)
HKU\S-1-5-21-2840602664-1174431460-2861059735-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files (x86)\DAEMON Tools Lite\DTAgent.exe [4299968 2016-08-29] (Disc Soft Ltd)
HKU\S-1-5-21-2840602664-1174431460-2861059735-1000\...\Run: [uTorrent] => C:\Users\Justin\AppData\Roaming\uTorrent\uTorrent.exe [2375360 2016-11-10] (BitTorrent Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NextFlik Demo.lnk [2015-12-04]
ShortcutTarget: NextFlik Demo.lnk -> C:\Program Files (x86)\NextFlik\NextFlik.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{BA96E8D0-C855-43A0-9040-E321B3917C9A}: [DhcpNameServer] 75.75.76.76 75.75.75.75
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2840602664-1174431460-2861059735-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2840602664-1174431460-2861059735-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2840602664-1174431460-2861059735-1000: RSATom.name/FBVLC -> C:\Users\Justin\AppData\Roaming\RSATom\FBVLC\0.1.5\npFBVLC.dll [2014-06-24] (RSATom)
 
Chrome: 
=======
CHR Profile: C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default [2016-11-11]
CHR Extension: (Google Slides) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-17]
CHR Extension: (Google Docs) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-17]
CHR Extension: (Google Drive) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (YouTube) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Sheets) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-17]
CHR Extension: (Google Docs Offline) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-09]
CHR Extension: (Gmail) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-17]
CHR Extension: (Chrome Media Router) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-10]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [562592 2011-05-27] (Affinegy, Inc.)
R2 ApplicationLayerGateway32; C:\Windows\SysWOW64\drivers\svchost.exe [114688 2015-09-21] (ServiceEx) [File not signed]
R3 Disc Soft Lite Bus Service; C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-08-29] (Disc Soft Ltd)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [24576 2015-11-03] (Realtek Semiconductor.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WMIconfigPerformance; C:\Windows\SysWOW64\drivers\svchost.exe [114688 2015-09-21] (ServiceEx) [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 A3721F45; C:\Windows\System32\drivers\A3721F45.sys [478392 2015-09-17] (Kaspersky Lab ZAO)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-09-17] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-09-17] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [12464 2015-11-25] (Macrovision Europe Ltd) [File not signed]
S1 bsdriver; \??\C:\Windows\system32\drivers\bsdriver.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-11 11:41 - 2016-11-11 11:42 - 00010745 _____ C:\Users\Justin\Desktop\FRST.txt
2016-11-11 11:41 - 2016-11-11 11:41 - 02410496 _____ (Farbar) C:\Users\Justin\Desktop\FRST64.exe
2016-11-11 11:39 - 2016-11-11 11:39 - 02410496 _____ (Farbar) C:\Users\Justin\Downloads\FRST64.exe
2016-11-11 11:31 - 2016-11-11 11:31 - 00000000 ____D C:\Users\Justin\Downloads\Grand.Theft.Auto.V-RELOADED
2016-11-11 11:20 - 2016-11-11 11:29 - 00000000 ____D C:\Users\Justin\AppData\LocalLow\uTorrent
2016-11-11 10:52 - 2016-11-11 10:52 - 00000000 ____D C:\Users\Justin\AppData\Local\2K Games
2016-11-11 10:51 - 2016-11-11 10:51 - 13767776 _____ (Microsoft Corporation) C:\Users\Justin\Downloads\vc_redist.x86 (1).exe
2016-11-11 10:50 - 2015-06-06 18:13 - 00961192 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00062304 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00883712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00064352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-11-11 10:47 - 2016-11-11 10:47 - 14572000 _____ (Microsoft Corporation) C:\Users\Justin\Downloads\vc_redist.x64.exe
2016-11-11 10:45 - 2016-11-11 10:45 - 14456872 _____ (Microsoft Corporation) C:\Users\Justin\Downloads\vc_redist.x86.exe
2016-11-11 10:40 - 2016-11-11 11:03 - 267372759 _____ C:\Users\Justin\Downloads\Mafia3_patch_1.02.exe
2016-11-11 10:32 - 2016-11-11 10:32 - 00001571 _____ C:\Users\Justin\Desktop\Play Mafia III.lnk
2016-11-11 10:32 - 2016-11-11 10:32 - 00000814 _____ C:\Users\Justin\Desktop\visit www.nosteam.ro.lnk
2016-11-10 20:51 - 2016-11-10 20:51 - 00002645 _____ C:\Users\Justin\Desktop\µTorrent.lnk
2016-11-10 20:51 - 2016-11-10 20:51 - 00002645 _____ C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-11-10 20:50 - 2016-11-11 11:43 - 00000000 ____D C:\Users\Justin\AppData\Roaming\uTorrent
2016-10-30 18:37 - 2016-10-31 20:02 - 00000000 ____D C:\Users\Justin\AppData\Roaming\DVD Flick
2016-10-30 18:36 - 2016-10-30 18:36 - 00001918 _____ C:\Users\Justin\Desktop\DVD Flick.lnk
2016-10-30 18:36 - 2016-10-30 18:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick
2016-10-30 18:36 - 2016-10-30 18:36 - 00000000 ____D C:\Program Files (x86)\DVD Flick
2016-10-30 18:36 - 2016-10-30 08:58 - 12951423 _____ (Dennis Meuwissen ) C:\Users\Justin\Desktop\dvdflick_setup_1.3.0.7.exe
2016-10-30 18:36 - 2008-08-31 12:27 - 00028672 _____ (-) C:\Windows\SysWOW64\mousewheel.ocx
2016-10-30 18:36 - 2007-08-31 17:36 - 00036864 _____ (Robdogg Inc.) C:\Windows\SysWOW64\trayicon_handler.ocx
2016-10-30 18:36 - 2004-03-08 23:00 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomct2.ocx
2016-10-30 18:36 - 2003-01-26 12:41 - 00040960 _____ (vbAccelerator) C:\Windows\SysWOW64\ssubtmr6.dll
2016-10-30 18:36 - 1998-06-23 23:00 - 00164144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comct232.ocx
2016-10-28 11:19 - 2016-10-28 11:19 - 00000000 ____D C:\Users\Justin\AppData\LocalLow\Amistech
2016-10-28 10:21 - 2016-10-28 10:21 - 00006144 ___SH C:\Windows\SysWOW64\access.ctl
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-11 11:41 - 2015-05-02 19:38 - 00000000 ____D C:\FRST
2016-11-11 11:29 - 2009-07-14 00:13 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-11 11:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-11-11 11:26 - 2015-04-24 05:28 - 00000000 ____D C:\Program Files (x86)\Steam
2016-11-11 11:24 - 2009-07-13 23:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-11 11:24 - 2009-07-13 23:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-11 11:23 - 2015-09-17 22:18 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-11 11:23 - 2014-10-25 22:34 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-11 11:23 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-11 11:16 - 2014-11-07 20:19 - 00000000 ____D C:\Games
2016-11-11 11:06 - 2015-09-17 22:18 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-11 10:48 - 2015-09-24 19:58 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-11 09:32 - 2015-06-15 12:45 - 00000000 ____D C:\Program Files (x86)\Nancy Drew
2016-11-11 09:31 - 2015-01-25 12:01 - 00000000 ____D C:\Nancy Drew
2016-11-10 15:10 - 2015-09-17 22:18 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-10 15:10 - 2015-09-17 22:18 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-10 15:08 - 2015-09-17 22:42 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-11-10 15:08 - 2015-09-17 22:40 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
 
==================== Files in the root of some directories =======
 
2015-01-30 20:54 - 2015-02-12 19:57 - 0000000 _____ () C:\Users\Justin\AppData\Roaming\FileIn.cns
2015-01-30 20:54 - 2015-02-12 19:57 - 0000000 _____ () C:\Users\Justin\AppData\Roaming\FileOut.cns
2003-04-08 22:28 - 2003-04-08 22:28 - 0233472 ____R () C:\Users\Justin\AppData\Roaming\MafiaSetup.exe
2015-09-17 07:07 - 2015-09-17 07:07 - 0000187 _____ () C:\Users\Justin\AppData\Local\siliconcity.exe.config
2014-10-31 11:36 - 2014-10-31 11:36 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Some files in TEMP:
====================
C:\Users\Justin\AppData\Local\Temp\CmdLineExt03.dll
C:\Users\Justin\AppData\Local\Temp\launcher_vs2012_sp4_vcredist_x86.exe
C:\Users\Justin\AppData\Local\Temp\SIntf16.dll
C:\Users\Justin\AppData\Local\Temp\SIntf32.dll
C:\Users\Justin\AppData\Local\Temp\SIntfNT.dll
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-11-04 10:32
 
==================== End of FRST.txt ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
Ran by Justin (11-11-2016 11:44:12)
Running from C:\Users\Justin\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-10-26 03:30:08)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2840602664-1174431460-2861059735-500 - Administrator - Disabled)
Guest (S-1-5-21-2840602664-1174431460-2861059735-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2840602664-1174431460-2861059735-1005 - Limited - Enabled)
Justin (S-1-5-21-2840602664-1174431460-2861059735-1000 - Administrator - Enabled) => C:\Users\Justin
Justin2 (S-1-5-21-2840602664-1174431460-2861059735-1006 - Limited - Enabled) => C:\Users\Justin2
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2840602664-1174431460-2861059735-1000\...\uTorrent) (Version: 3.4.9.42606 - BitTorrent Inc.)
AceIt v1.3.1 (HKLM-x32\...\AceIt_is1) (Version:  - Scott M. Miller)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.4.4 - Atheros Communications Inc.)
Automation (HKLM-x32\...\Automation) (Version:  - )
Belkin Setup and Router Monitor (HKLM-x32\...\Belkin Setup and Router Monitor_is1) (Version:  - )
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
BLLW PRR K4 PACIFIC SERIES (HKLM-x32\...\BLLW PRR K4 PACIFIC SERIES) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Car Mechanic Simulator 2015 (HKLM-x32\...\Steam App 320300) (Version:  - PlayWay S.A.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0195 - Disc Soft Ltd)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
EAX Unified (HKLM-x32\...\EAX Unified) (Version:  - )
Farm Mechanic Simulator 2015 (HKLM-x32\...\Farm Mechanic Simulator 2015_is1) (Version:  - )
FBVLC (HKLM-x32\...\{FDFD2D0E-1CC4-446A-8E36-65298CE711D5}) (Version: 0.1.5 - RSATom)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Grand Theft Auto Vice City (HKLM-x32\...\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}) (Version: 1.00.000 - )
House, M.D. (HKLM-x32\...\House, M.D.) (Version:  - )
HP Deskjet 1010 series Basic Device Software (HKLM\...\{CFD917BE-F1F6-410E-ABEC-9EC819507D0D}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
Isoplex version 1.0.4 (HKLM-x32\...\{D7777196-0C77-4FA8-A02E-37A6E295657A}_is1) (Version: 1.0.4 - Isoplex, Inc.)
Mafia (HKLM-x32\...\Mafia) (Version:  - )
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation)
Microsoft Train Simulator (HKLM-x32\...\Train Simulator 1.0) (Version:  - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Nancy Drew 30 - The Shattered Medallion (HKLM-x32\...\Nancy Drew 30 - The Shattered MedallionFinal) (Version: Final - Game-Owl.com)
Nancy Drew 31 - Labyrinth of Lies BE (HKLM-x32\...\Nancy Drew 31 - Labyrinth of Lies BE1.1) (Version: 1.1 - Foxy Games)
Nancy Drew: Sea of Darkness (HKLM-x32\...\{241C6D36-570D-4616-B07F-E460AF6E59D2}) (Version: 8.0.0.30162 - Her Interactive, Inc.)
Nancy Drew: Secret of Shadow Ranch (HKLM-x32\...\{06874C62-EC70-4275-9F30-BD81969993A8}) (Version:  - )
Nancy Drew: Secrets Can Kill Remastered (HKLM-x32\...\BFG-Nancy Drew - Secrets Can Kill Remastered) (Version:  - )
Nancy Drew: The Curse of Blackmoor Manor (HKLM-x32\...\{9E38979C-FA65-476D-80C7-72F4EADE726C}) (Version:  - )
Nancy Drew: The Final Scene (HKLM-x32\...\{3B304631-1355-4A32-BEA0-494DEFB3506D}) (Version:  - )
Need for Speed Underground 2 (HKLM-x32\...\Need for Speed Underground 2) (Version:  - )
NextFlik Demo version 3.0.2 (HKLM-x32\...\{F55E249C-69C5-4237-BD6B-9239BCC16F6F}_is1) (Version: 3.0.2 - Garletts Studios)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.16.11.9107 - NVIDIA Corporation)
Open Rails version pre-v1.0 (HKLM-x32\...\{94E15E08-869D-4B69-B8D7-8C82075CB51C} ; Generat~67F3DAC8_is1) (Version: pre-v1.0 - Open Rails)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TGATool2A version 4.00.34 (HKLM-x32\...\TGATool2A_is1) (Version:  - Martin Wright)
The Game Of Life by Hasbro (HKLM-x32\...\The Game Of Life by Hasbro1.0) (Version: 1.0 - Adnan_Boy 2008)
thriXXX-Launcher (HKLM-x32\...\thriXXX-Launcher) (Version:  - thriXXX Software GmbH)
Truck Mechanic Simulator 2015 (HKLM-x32\...\Truck Mechanic Simulator 2015_is1) (Version:  - )
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.5.0 - Tweaking.com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Walking Dead (HKLM-x32\...\Walking Dead_is1) (Version:  - Audioslave)
Walking Dead 2 (HKLM-x32\...\Walking Dead 2_is1) (Version:  - Audioslave)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1EA8ED24-CD0E-4E0B-9E24-0F536A8491F7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {23B8E525-768E-4DD9-A2B2-997084F149E9} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {2A965A54-C575-4A51-8481-EE40456B648F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-17] (Google Inc.)
Task: {9B9DB96A-AC7B-465E-A40F-B768E9AE1A55} - System32\Tasks\propagationUtilityManager => C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\syscomplus80.exe [2015-09-17] ()
Task: {BA0EA0B5-99B6-4B63-9D72-995048600DD4} - System32\Tasks\{64D2B978-4421-4B22-AC6B-2761F9E38EC3} => pcalua.exe -a "C:\Program Files\Mafia\setup.exe" -d "C:\Program Files\Mafia"
Task: {CDB6D540-42E0-4696-B911-30349ECC5865} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-17] (Google Inc.)
Task: {E8359096-AE4F-41DB-A979-62BFE1532DFC} - System32\Tasks\procedure_quality_service => C:\Program Files (x86)\Common Files\microsoft shared\DW\syseventman32.exe [2015-09-16] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-11-14 18:31 - 2011-05-27 15:57 - 00022944 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
2014-11-14 18:31 - 2010-08-22 21:01 - 00325632 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
2014-11-14 18:31 - 2010-08-22 21:01 - 01954304 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
2014-11-14 18:31 - 2010-08-22 21:01 - 07187456 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
2014-11-14 18:31 - 2010-08-22 21:01 - 00847360 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
2014-11-14 18:31 - 2010-08-22 20:32 - 00119808 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
2014-11-14 18:31 - 2011-05-27 15:08 - 00660480 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
2016-11-10 15:10 - 2016-10-20 03:47 - 01819240 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libglesv2.dll
2016-11-10 15:10 - 2016-10-20 03:47 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libegl.dll
2016-11-10 19:40 - 2016-10-28 09:36 - 17772736 _____ () C:\Users\Justin\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.207\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2015-09-19 14:44 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2840602664-1174431460-2861059735-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 75.75.76.76 - 75.75.75.75
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 0) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^Users^Justin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Deskjet 1010 series.lnk => C:\Windows\pss\Monitor Ink Alerts - HP Deskjet 1010 series.lnk.Startup
MSCONFIG\startupreg: ospd_us_1121 => "C:\Program Files (x86)\ospd_us_1121\ospd_us_1121.exe"
MSCONFIG\startupreg: Rs => C:\Program Files (x86)\Rising\Rs.exe
MSCONFIG\startupreg: RSDTRAY => "C:\Program Files (x86)\Rising\RSD\popwndexe.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{592433A6-B5D5-4A8D-9143-D014D3F0A098}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{E4924E03-0B93-41A0-BF84-2F4A591AC26C}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [{B968BD3F-A19F-4F9A-B43F-B6DD6D739B94}] => (Allow) C:\Program Files\HP\HP Deskjet 1010 series\Bin\USBSetup.exe
FirewallRules: [{BECBB57E-52C5-409A-A8E7-9E769A4593E0}] => (Allow) C:\Program Files\HP\HP Deskjet 1010 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{B2EA9EE5-138B-457C-8D18-C59E93B63CF5}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{7B70B987-9A08-46F7-AB4B-063811C9BF63}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{98B88A6A-B23A-4AE8-BF87-759B520A1E51}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{0E81057A-358B-44B4-AEED-2481B0DB1157}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{8868EF6C-7058-419C-8345-0D044CCEF982}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{CDB05C47-1464-407C-9262-EA1DF2C9CFAE}] => (Allow) C:\Program Files (x86)\Isoplex\Isoplex.exe
FirewallRules: [{058D7982-12DB-4B13-A98E-A17B9A78D66F}] => (Allow) C:\Program Files (x86)\Isoplex\Isoplex.exe
FirewallRules: [{739853BE-C0BA-4D41-9F51-EF1126FA40E6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C1700498-35DC-45A4-A96B-B426D1800F89}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{10DE57DA-85F8-4B65-AC24-70683A6B43E6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{13ACAFCD-3744-40ED-AA31-7F987082CBA7}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{870ED69E-C530-4A30-8D88-AB333A2417FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Car Mechanic Simulator 2015\cms2015.exe
FirewallRules: [{BD8EF9B0-E26A-4755-89A5-9D9F8F7D632E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Car Mechanic Simulator 2015\cms2015.exe
FirewallRules: [TCP Query User{9C750E60-CEFE-41F7-B016-262DD302AF65}C:\users\justin\appdata\local\temp\rar$exa0.695\trainz a new era\tane.exe] => (Block) C:\users\justin\appdata\local\temp\rar$exa0.695\trainz a new era\tane.exe
FirewallRules: [UDP Query User{C98134F2-BCFF-4EC5-A23D-3F26E3ED397F}C:\users\justin\appdata\local\temp\rar$exa0.695\trainz a new era\tane.exe] => (Block) C:\users\justin\appdata\local\temp\rar$exa0.695\trainz a new era\tane.exe
FirewallRules: [TCP Query User{D723499C-122E-4149-9D47-CB92F668CA3D}C:\program files (x86)\trainz a new era\tane.exe] => (Block) C:\program files (x86)\trainz a new era\tane.exe
FirewallRules: [UDP Query User{62B74FEB-E1F5-4BE9-9F73-AD221A7609EB}C:\program files (x86)\trainz a new era\tane.exe] => (Block) C:\program files (x86)\trainz a new era\tane.exe
FirewallRules: [{F75FCE97-D2CD-4FC3-88D2-E1DAF67136E5}] => (Allow) C:\Users\Justin\AppData\Roaming\TWV\TWV.exe
FirewallRules: [{A0B59C54-10CD-46F3-9103-DC1621215521}] => (Allow) C:\Users\Justin\AppData\Roaming\TWV\upd.exe
FirewallRules: [{459745CD-CFA7-4628-A769-C032FA109F24}] => (Allow) C:\Program Files (x86)\Rising\RAV\ravmond.exe
FirewallRules: [{41416784-C576-4F3E-8233-501658DA5236}] => (Allow) C:\Program Files (x86)\Rising\RAV\ravmond.exe
FirewallRules: [{F6F6588B-1045-47A2-B74A-336E4FDA4490}] => (Allow) C:\Users\Justin\AppData\Local\BrowserAir\Application\BrowserAir.exe
FirewallRules: [{443DD8CB-F5B3-4C06-9890-03407975F0BA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AA16F713-237A-446D-BB3B-A1814672C8F2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0EFD209A-D008-4FAC-9103-44D577528418}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0405B956-C740-4221-8B62-74A0F9F904DC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{453B4F38-D13C-4EE9-8B70-88613B78E646}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [UDP Query User{D8897329-FA5A-40B8-879B-00FFBF59392C}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [{C40A2A74-9DC2-4628-8FAE-1AAEAFF01EB9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8CDDBB9B-9493-443D-92DA-7CFEE06D51AE}] => (Allow) C:\Users\Justin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6A51CF74-A145-4D95-8BF7-A47724A3D69C}] => (Allow) C:\Users\Justin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F5946DDA-E637-474D-8606-0EBB42427843}] => (Allow) C:\Users\Justin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D5F2A692-1BA7-41D8-8AF4-3FEEF6F7449C}] => (Allow) C:\Users\Justin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{035E3CA3-88BB-4202-B06A-7379A827FC22}] => (Allow) C:\Users\Justin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{43754618-8184-417E-AEBA-C17F3862871E}] => (Allow) C:\Users\Justin\AppData\Roaming\uTorrent\uTorrent.exe
 
==================== Restore Points =========================
 
11-11-2016 10:45:25 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
11-11-2016 10:48:19 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026
11-11-2016 10:49:23 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026
11-11-2016 10:49:50 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: bsdriver
Description: bsdriver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: bsdriver
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/11/2016 11:23:37 AM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
   at SetupAfterRebootService.SetupARService.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (11/11/2016 11:23:22 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (11/11/2016 11:20:07 AM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
   at SetupAfterRebootService.SetupARService.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (11/11/2016 11:19:46 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (11/11/2016 11:15:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mafia3.exe, version: 1.0.0.1, time stamp: 0x57eead5b
Faulting module name: mafia3.exe, version: 1.0.0.1, time stamp: 0x57eead5b
Exception code: 0xc0000005
Fault offset: 0x0000000002948790
Faulting process id: 0x1240
Faulting application start time: 0x01d23c36b94a094e
Faulting application path: C:\Games\Mafia III\mafia3.exe
Faulting module path: C:\Games\Mafia III\mafia3.exe
Report Id: fe599e08-a829-11e6-9aa9-50e549952de2
 
Error: (11/11/2016 11:08:37 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (11/11/2016 10:54:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mafia3.exe, version: 1.0.0.1, time stamp: 0x57eead5b
Faulting module name: mafia3.exe, version: 1.0.0.1, time stamp: 0x57eead5b
Exception code: 0xc0000005
Fault offset: 0x0000000002948790
Faulting process id: 0x67c
Faulting application start time: 0x01d23c33c9e4e294
Faulting application path: C:\Games\Mafia III\mafia3.exe
Faulting module path: C:\Games\Mafia III\mafia3.exe
Report Id: 1017ecf2-a827-11e6-9aa9-50e549952de2
 
Error: (11/11/2016 10:52:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mafia3.exe, version: 1.0.0.1, time stamp: 0x57eead5b
Faulting module name: mafia3.exe, version: 1.0.0.1, time stamp: 0x57eead5b
Exception code: 0xc0000005
Fault offset: 0x0000000002948790
Faulting process id: 0xf0
Faulting application start time: 0x01d23c339643ba9c
Faulting application path: C:\Games\Mafia III\mafia3.exe
Faulting module path: C:\Games\Mafia III\mafia3.exe
Report Id: e4ad3ee3-a826-11e6-9aa9-50e549952de2
 
Error: (11/11/2016 10:45:18 AM) (Source: ESENT) (EventID: 428) (User: )
Description: Windows (1060) Windows: The database engine is rejecting update operations due to low free disk space on the log disk.
 
Error: (11/11/2016 10:27:39 AM) (Source: ESENT) (EventID: 482) (User: )
Description: Windows (1060) Windows: An attempt to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log" at offset 0 (0x0000000000000000) for 1048576 (0x00100000) bytes failed after 0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ".  The write operation will fail with error -1808 (0xfffff8f0).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
 
System errors:
=============
Error: (11/11/2016 11:23:58 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
bsdriver
 
Error: (11/11/2016 11:23:05 AM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: Event-ID 14
 
Error: (11/11/2016 11:23:12 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:21:25 AM on ‎11/‎11/‎2016 was unexpected.
 
Error: (11/11/2016 11:19:30 AM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: Event-ID 14
 
Error: (11/11/2016 11:19:38 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:18:57 AM on ‎11/‎11/‎2016 was unexpected.
 
Error: (11/11/2016 10:49:16 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
 
Error: (11/11/2016 09:54:28 AM) (Source: volsnap) (EventID: 35) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
 
Error: (11/10/2016 12:07:50 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error:
"5"
Happened while starting this command:
C:\Windows\System32\slui.exe -Embedding
 
Error: (11/10/2016 11:52:39 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 116.26.0.0
 
Update Source: Microsoft Malware Protection Center
 
Update Stage: Search
 
 
Signature Type: Network Inspection System
 
Update Type: Full
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: 
 
Previous Engine Version: 2.1.12706.0
 
Error code: 0x80072ee7
 
Error description: The server name or address could not be resolved
 
Error: (11/10/2016 11:52:39 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.227.2901.0
 
Update Source: Microsoft Malware Protection Center
 
Update Stage: Search
 
 
Signature Type: AntiSpyware
 
Update Type: Full
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: 
 
Previous Engine Version: 1.1.13000.0
 
Error code: 0x80072ee7
 
Error description: The server name or address could not be resolved
 
 
CodeIntegrity:
===================================
  Date: 2015-09-18 21:02:53.612
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-09-18 21:02:53.581
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-09-17 08:09:23.210
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-17 08:09:23.179
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ II X3 450 Processor
Percentage of memory in use: 44%
Total physical RAM: 4093.55 MB
Available physical RAM: 2269.46 MB
Total Virtual: 8485.29 MB
Available Virtual: 6540.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.79 GB) (Free:83.49 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 30207C24)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
 
Download the attached fixlist.txt to the same location as FRST
 
Attached File  fixlist.txt   1.78KB   34 downloads
 
Run FRST and press Fix
A fix log will be generated please post that 
 

 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
    Run FRST again as before.  Check the box in front of Addition.txt before hitting Scan.  You will get two logs.  Post both.
     

    Get Process Explorer
     
    Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
     
    View, Select Column, check Verified Signer, OK
    Options, Verify Image Signatures
     
     
    Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
     
    Wait a full minute then:
     
    File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
     
     
    Are you still seeing the warning?
     

     


    • 0

    #3
    Windber28

    Windber28

      New Member

    • Topic Starter
    • Member
    • Pip
    • 6 posts

    ok, here is the fixlog:

     

    Fix result of Farbar Recovery Scan Tool (x64) Version: 12-11-2016
    Ran by Justin (14-11-2016 21:04:22) Run:4
    Running from C:\Users\Justin\Desktop
    Loaded Profiles: Justin (Available Profiles: Justin & Justin2)
    Boot Mode: Normal
    ==============================================
     
    fixlist content:
    *****************
    R2 ApplicationLayerGateway32; C:\Windows\SysWOW64\drivers\svchost.exe [114688 2015-09-21] (ServiceEx) [File not signed]
    R2 WMIconfigPerformance; C:\Windows\SysWOW64\drivers\svchost.exe [114688 2015-09-21] (ServiceEx) [File not signed]
    S1 bsdriver; \??\C:\Windows\system32\drivers\bsdriver.sys [X]
    S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
    CMD: type C:\Windows\inf
    C:\Program Files (x86)\ospd_us_1121
    C:\Program Files (x86)\Rising 
    Task: {9B9DB96A-AC7B-465E-A40F-B768E9AE1A55} - System32\Tasks\propagationUtilityManager => C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\syscomplus80.exe [2015-09-17] ()
    Task: {E8359096-AE4F-41DB-A979-62BFE1532DFC} - System32\Tasks\procedure_quality_service => C:\Program Files (x86)\Common Files\microsoft shared\DW\syseventman32.exe [2015-09-16] ()
    FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" 
    *****************
     
    ApplicationLayerGateway32 => service not found.
    WMIconfigPerformance => service not found.
    bsdriver => service not found.
    IntcAzAudAddService => service removed successfully
     
    ========= type C:\Windows\inf =========
     
    Access is denied.
     
    ========= End of CMD: =========
     
    "C:\Program Files (x86)\ospd_us_1121" => not found.
    "C:\Program Files (x86)\Rising" => not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9B9DB96A-AC7B-465E-A40F-B768E9AE1A55}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B9DB96A-AC7B-465E-A40F-B768E9AE1A55}" => key removed successfully
    C:\Windows\System32\Tasks\propagationUtilityManager => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\propagationUtilityManager" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E8359096-AE4F-41DB-A979-62BFE1532DFC}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8359096-AE4F-41DB-A979-62BFE1532DFC}" => key removed successfully
    C:\Windows\System32\Tasks\procedure_quality_service => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\procedure_quality_service" => key removed successfully
    FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" => Error: No automatic fix found for this entry.
     
    ==== End of Fixlog 21:04:24 ====

    • 0

    #4
    Windber28

    Windber28

      New Member

    • Topic Starter
    • Member
    • Pip
    • 6 posts

    AdWcleaner

     

    # AdwCleaner v6.030 - Logfile created 14/11/2016 at 21:07:54
    # Updated on 19/10/2016 by Malwarebytes
    # Database : 2016-11-14.1 [Server]
    # Operating System : Windows 7 Home Premium Service Pack 1 (X64)
    # Username : Justin - JUSTIN-PC
    # Running from : C:\Users\Justin\Desktop\AdwCleaner.exe
    # Mode: Scan
     
     
     
    ***** [ Services ] *****
     
    No malicious services found.
     
     
    ***** [ Folders ] *****
     
    No malicious folders found.
     
     
    ***** [ Files ] *****
     
    File Found:  C:\user.js
    File Found:  C:\Users\Justin2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.cmptch.com_0.localstorage
    File Found:  C:\Users\Justin2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.cmptch.com_0.localstorage-journal
     
     
    ***** [ DLL ] *****
     
    No malicious DLLs found.
     
     
    ***** [ WMI ] *****
     
    No malicious keys found.
     
     
    ***** [ Shortcuts ] *****
     
    No infected shortcut found.
     
     
    ***** [ Scheduled Tasks ] *****
     
    No malicious task found.
     
     
    ***** [ Registry ] *****
     
    Key Found:  HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SCService
    Key Found:  [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SCService
    Key Found:  HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
    Key Found:  HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
    Key Found:  HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
    Key Found:  HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
    Key Found:  HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
    Key Found:  [x64] HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
    Key Found:  [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
    Key Found:  [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
    Key Found:  [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
    Key Found:  [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
    Key Found:  HKCU\Software\Classes\CLSID\{17EF1FFB-0545-4C9A-BE64-78FF53338475}
    Key Found:  HKLM\SOFTWARE\Classes\CLSID\{08ACFB57-8187-47F0-AF93-56360D03634A}
    Key Found:  HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
    Key Found:  HKLM\SOFTWARE\Classes\CLSID\{D8F06F2A-FDCE-4F12-8D2A-7A97A752CF1A}
    Key Found:  HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
    Key Found:  HKU\S-1-5-21-2840602664-1174431460-2861059735-1000\Software\Microsoft\Tinstalls
    Key Found:  HKU\S-1-5-21-2840602664-1174431460-2861059735-1000\Software\tstamptoken
    Key Found:  HKU\S-1-5-21-2840602664-1174431460-2861059735-1000\Software\INSTALLPATH\STATUS
    Key Found:  HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
    Key Found:  HKCU\Software\Microsoft\Tinstalls
    Key Found:  HKCU\Software\tstamptoken
    Key Found:  HKCU\Software\INSTALLPATH\STATUS
    Key Found:  [x64] HKCU\Software\Microsoft\Tinstalls
    Key Found:  [x64] HKCU\Software\tstamptoken
    Key Found:  [x64] HKCU\Software\INSTALLPATH\STATUS
    Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
    Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
    Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\shoppingate.info
    Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www-searching.com
    Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
    Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
    Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\shoppingate.info
    Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www-searching.com
    Key Found:  HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
    Key Found:  HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}
    Value Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext [DisableAddonLoadTimePerformanceNotifications]
     
     
    ***** [ Web browsers ] *****
     
    No malicious Firefox based browser items found.
    Chrome pref Found:  [C:\Users\Justin2\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
    Chrome pref Found:  [C:\Users\Justin2\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
     
    *************************
     
    C:\AdwCleaner\AdwCleaner[C1].txt - [7971 Bytes] - [17/09/2015 14:31:24]
    C:\AdwCleaner\AdwCleaner[C2].txt - [9512 Bytes] - [18/09/2015 17:56:01]
    C:\AdwCleaner\AdwCleaner[C3].txt - [871 Bytes] - [18/09/2015 19:23:56]
    C:\AdwCleaner\AdwCleaner[S1].txt - [7349 Bytes] - [17/09/2015 14:30:42]
    C:\AdwCleaner\AdwCleaner[S2].txt - [8830 Bytes] - [18/09/2015 17:54:58]
    C:\AdwCleaner\AdwCleaner[S3].txt - [789 Bytes] - [18/09/2015 19:22:55]
    C:\AdwCleaner\AdwCleaner[S4].txt - [676 Bytes] - [21/09/2015 06:05:49]
    C:\AdwCleaner\AdwCleaner[S5].txt - [4858 Bytes] - [14/11/2016 21:07:54]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [4931 Bytes] ##########

    Edited by Windber28, 14 November 2016 - 08:15 PM.

    • 0

    #5
    Windber28

    Windber28

      New Member

    • Topic Starter
    • Member
    • Pip
    • 6 posts

    JRT

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.9 (09.30.2016)
    Operating System: Windows 7 Home Premium x64 
    Ran by Justin (Administrator) on Mon 11/14/2016 at 21:15:41.83
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    File System: 21 
     
    Successfully deleted: C:\Program Files (x86)\reference assemblies\microsoft\framework\v3.5\redistlist\syscomplus80.exe (File) 
    Successfully deleted: C:\Windows\SysWOW64\drivers\adip58209xxc.sys (File) 
    Successfully deleted: C:\Windows\SysWOW64\drivers\umdf\en-us\eventlogman32.exe (File) 
    Successfully deleted: C:\Windows\SysWOW64\drivers\umdf\profileconfig2.exe (File) 
    Successfully deleted: C:\Windows\verson_hawker.txt (File) 
    Successfully deleted: C:\Users\Justin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ANIRP6E (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Justin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6GTPO651 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Justin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E0Y5RE9A (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Justin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F5NYISV3 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Justin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GJA2DRA0 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Justin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JC2KMZDQ (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Justin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VON0C3C1 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Justin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WMFQ9ADW (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ANIRP6E (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6GTPO651 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E0Y5RE9A (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F5NYISV3 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GJA2DRA0 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JC2KMZDQ (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VON0C3C1 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WMFQ9ADW (Temporary Internet Files Folder) 
     
     
     
    Registry: 0 
     
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 11/14/2016 at 21:18:50.31
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    • 0

    #6
    Windber28

    Windber28

      New Member

    • Topic Starter
    • Member
    • Pip
    • 6 posts

    procexp

     

    Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
    AM_Delta_Patch_1.231.1766.0.exe 1,024 K 4,280 K 3392 AntiMalware Definition Update Microsoft Corporation
    armsvc.exe 1,184 K 4,072 K 1452 Adobe Acrobat Update Service Adobe Systems Incorporated
    audiodg.exe 15,844 K 15,712 K 444 Windows Audio Device Graph Isolation Microsoft Corporation
    BelkinService.exe 2,204 K 7,612 K 1492 BelkinService Affinegy, Inc.
    chrome.exe 1,336 K 4,456 K 3724 Google Chrome Google Inc.
    chrome.exe 56,604 K 52,052 K 4072 Google Chrome Google Inc.
    chrome.exe 54,504 K 77,800 K 3244 Google Chrome Google Inc.
    dllhost.exe 2,196 K 5,964 K 2664 COM Surrogate Microsoft Corporation
    HPSupportSolutionsFrameworkService.exe 17,804 K 17,852 K 1596 SolutionsFrameworkService Hewlett-Packard Company
    mDNSResponder.exe 2,196 K 5,668 K 1540 Bonjour Service Apple Inc.
    MpCmdRun.exe 2,104 K 4,720 K 2416 Microsoft Malware Protection Command Line Utility Microsoft Corporation
    MpCmdRun.exe 2,820 K 7,188 K 3192 Microsoft Malware Protection Command Line Utility Microsoft Corporation
    msseces.exe 6,144 K 14,148 K 2892 Microsoft Security Client User Interface Microsoft Corporation
    NisSrv.exe 17,636 K 11,996 K 2324 Microsoft Network Realtime Inspection Service Microsoft Corporation
    nvSCPAPISvr.exe 2,264 K 5,452 K 1560 Stereo Vision Control Panel API Server NVIDIA Corporation
    procexp.exe 2,684 K 7,196 K 188 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
    smss.exe 492 K 1,188 K 280 Windows Session Manager Microsoft Corporation
    spoolsv.exe 7,084 K 12,448 K 1316 Spooler SubSystem App Microsoft Corporation
    sppsvc.exe 5,584 K 11,232 K 3568 Microsoft Software Protection Platform Service Microsoft Corporation
    svchost.exe 3,952 K 7,240 K 1564 Host Process for Windows Services Microsoft Corporation
    svchost.exe 4,600 K 9,452 K 2300 Host Process for Windows Services Microsoft Corporation
    svchost.exe 2,036 K 5,676 K 1420 Host Process for Windows Services Microsoft Corporation
    svchost.exe 18,176 K 18,824 K 920 Host Process for Windows Services Microsoft Corporation
    svchost.exe 1,892 K 5,436 K 2980 Host Process for Windows Services Microsoft Corporation
    svchost.exe 4,012 K 7,644 K 752 Host Process for Windows Services Microsoft Corporation
    TrustedInstaller.exe 6,076 K 10,388 K 1980 Windows Modules Installer Microsoft Corporation
    wininit.exe 1,592 K 4,560 K 416 Windows Start-Up Application Microsoft Corporation
    winlogon.exe 3,084 K 7,444 K 512 Windows Logon Application Microsoft Corporation
    WmiPrvSE.exe 3,436 K 7,604 K 2732 WMI Provider Host Microsoft Corporation
    WmiPrvSE.exe 2,812 K 6,728 K 912 WMI Provider Host Microsoft Corporation
    wuauclt.exe 3,384 K 7,536 K 3292 Windows Update Microsoft Corporation
    svchost.exe < 0.01 12,636 K 13,356 K 1344 Host Process for Windows Services Microsoft Corporation
    svchost.exe < 0.01 4,428 K 9,344 K 644 Host Process for Windows Services Microsoft Corporation
    svchost.exe < 0.01 7,260 K 12,656 K 1004 Host Process for Windows Services Microsoft Corporation
    svchost.exe < 0.01 29,756 K 33,896 K 1104 Host Process for Windows Services Microsoft Corporation
    conhost.exe < 0.01 1,064 K 2,956 K 3704 Console Window Host Microsoft Corporation
    lsm.exe < 0.01 2,616 K 4,316 K 552 Local Session Manager Service Microsoft Corporation
    wmpnetwk.exe 0.01 11,280 K 5,480 K 4084 Windows Media Player Network Sharing Service Microsoft Corporation
    SearchIndexer.exe 0.01 23,844 K 19,640 K 3060 Microsoft Windows Search Indexer Microsoft Corporation
    taskeng.exe 0.01 2,204 K 5,984 K 1720 Task Scheduler Engine Microsoft Corporation
    csrss.exe 0.01 2,132 K 4,548 K 372 Client Server Runtime Process Microsoft Corporation
    DiscSoftBusServiceLite.exe 0.01 4,112 K 9,284 K 864 Disc Soft Bus Service Lite Disc Soft Ltd
    explorer.exe 0.02 34,468 K 53,208 K 1900 Windows Explorer Microsoft Corporation
    lsass.exe 0.03 4,744 K 11,556 K 540 Local Security Authority Process Microsoft Corporation
    chrome.exe 0.03 50,176 K 102,384 K 3676 Google Chrome Google Inc.
    MpSigStub.exe 0.03 3,284 K 6,380 K 1472 Microsoft Malware Protection Signature Update Stub Microsoft Corporation
    svchost.exe 0.04 317,984 K 190,136 K 116 Host Process for Windows Services Microsoft Corporation
    services.exe 0.05 4,604 K 8,416 K 500 Services and Controller app Microsoft Corporation
    csrss.exe 0.09 2,420 K 6,264 K 440 Client Server Runtime Process Microsoft Corporation
    dwm.exe 0.14 28,904 K 25,660 K 1860 Desktop Window Manager Microsoft Corporation
    System 0.36 164 K 1,960 K 4
    svchost.exe 0.41 109,972 K 115,788 K 960 Host Process for Windows Services Microsoft Corporation
    reader_sl.exe 0.51 1,220 K 4,316 K 432 Adobe Acrobat SpeedLauncher Adobe Systems Incorporated
    Interrupts 0.67 0 K 0 K n/a Hardware Interrupts and DPCs
    procexp64.exe 2.78 22,192 K 40,120 K 3396 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
    MsMpEng.exe 3.23 204,500 K 184,632 K 848 Antimalware Service Executable Microsoft Corporation
    AdobeARM.exe 4.04 2,376 K 9,024 K 1084 Adobe Reader and Acrobat Manager Adobe Systems Incorporated
    System Idle Process 91.54 0 K 24 K 0

    • 0

    #7
    Windber28

    Windber28

      New Member

    • Topic Starter
    • Member
    • Pip
    • 6 posts

    So far, no warning,  computer still very slow.


    • 0

    #8
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,028 posts
    • MVP
    Run FRSt again, check the Addition.txt box before hitting Scan.  You will get two logs.  Post both.
     
    Get the free version of Speccy:
     
    http://www.filehippo...download_speccy(Look in the upper right for the Download
    Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.) Attach the file to your next post. (More Reply Options, Choose File, Open, Attach This File.)
     
     
     
    Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
     
    Reboot. 
     
    Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
    sfc  /scannow
     
    (This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
     
    Copy the next two lines:
     
    findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
    notepad \windows\logs\cbs\junk.txt 
     
    Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
    Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
     
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
     

    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP